Spamassassin Tweaks and Tuning Guide

Hey all.

Have spent the last couple of days pouring through Qmail and SA documentation. This thread is meant to be a community contrib whereby we help each other reduce amount of spam delivered to our respective clients.

On my end the server was a bit, let’s say, rusty. First things first, make sure your system is up-to-date. In my case I needed the EPEL and RpmForge repos added (rusty indeed) in order to get the latest packages for my Centos 5.x install.

Next up, see what’s missing functionality-wise in default SA install.

/usr/bin/spamassassin -D --lint

You’ll likely see entries like, “module not installed: …”. In my case I was missing Mail::SPF, Geo::IP and a few others. Yum search for applicable missing modules filled in the missing blanks (most are optional so don’t sweat it if yum searches come up empty in some cases). Can install a la

yum install 'perl(Module::Name)'

Ok, now run through


files and explore available plugins.

RelayCountry is a nice way to block our friends the enemy from sending any mail to our server (e.g. country code CN for starters in your With the Geo::IP module installed as per above you can enable/uncomment the RelayCountry plugin line in your


. I also enabled DKIM and Rule2XSBody plugins (after yum installing of course). The latter allows you to

rules to binary which should give a nice speed up on the rule processing front. Check out the Perl doc for other plugins that might be of interest in your setup.

Next, deal with the URIBL blocking your DNS lookups (if you’re affected you’ll see “URIBL_BLOCKED” in your X-Spam-Status line of mime headers). Since we get DJBDNS and nameserver caching for free with Interworx, can just add

to your Should point out that if I add to my /etc/resolve.conf all dns lookups become exceptionally slow. Personally I just roll with Google’s and in my /etc/resolve.conf. If everything works you’ll be seeing “URIBl_Black” and friends in X-Spam-Status line.

Have yet to tweak SA rules from default scores, some of them seem a bit too tolerant for my likeing. At any rate with above enhancements clients are already reporting spam symptom relief :wink: More work to do but at least some progress in place of powerlessness.

p.s. this may be the default, but if not and your users are all on western charset,

ok_locales en
in your to at least reduce the spam deluge to characters you and your users can read.

p.p.s. I turned off Bayes as none of my clients were training the filter and it seemed to be doing more harm than good (i.e. jacking up spam score for every inbound message, spam or not). I’ll enable it again once SA itself is fully tuned (another iworx user suggested server-wide Bayes with autolearn off).

Hi Newmind
Lovely post, kudos to you
Interestingly, our SA already has many features which it finds, such as SPF matching, but from memory, the SPF is shown as not installed… which is even more interesting unless I am wrong, and my memory is fading (quite possible)
To help users understand the header meanings, here they are (the list may not contain all headers, but should contain most)
Also, if anyone is interested in using pyzor/razor, you can use the following (but you need to understand what they do)
yum install pyzor perl-Razor-Agent
Lastly, as I have previously posted, I do not have experience with SA, and is only available to users on our shared platform, who have the ability to set their own rules etc as they see fit, but we do offer fully managed enterprise mail servers for those who wish to pay extra and not have to worry over spam.
Many thanks

SA score header meanings.pdf (763 KB)