thorko.deLinux / Unix systems administrator

Better SPAM detection

Probably a thousand people complain about SPAM. This article will help administrators to configure a strong anti-SPAM mail system and also be able to let users decide which email is SPAM and which is HAM.

First of all spammers don't want to waste time when delivering emails. They try to send as much emails as they can within a short time. So if you slow down your mail servers they will give up. But how can we do this without harm non-spammers. A good option is the postgrey technique. This technique rejects the first deliver attempt and tells the other part "come back later, I'm busy.". Almost every mail system does this but spammers don't. If there is still a mail system which doesn't try it a second time you still have the option to whitelist this system.

It is fairly easy to setup postgrey-filter so I'm not going to explain this.

Secondly install spamassassin and route the mails through it. This can be done by using procmail.
A proper configuration would look like this.

This assumes your are using cyrus as your postbox system.

Spamassassin isn't very good when running with default configuration. So the following adjustments will make it stronger.

Next create "" in the spamassassin configuration directory

and also create

Reload your spamassassin configuration.

Each user will have to create a folder called "Learn" and 2 subfolders "Ham" and "Spam" in it.
These folder will be used to teach spamassassin.
Download "sa-learn-cyrus" and "" and set it up regarding to your configuration. Create a cron job to run this script frequently

0 */1  * * *   root    /opt/scripts/spam/sa-learn-cyrus -c /opt/scripts/spam/ > /dev/null

(c) 2014 by