UKUUG home


(the UK's Unix & Open Systems User Group)






Book Discounts

Other Discounts

Mailing lists






SpamAssassin Alan Schwartz
Published by O'Reilly Media
207 pages
£ 17.50
Published: 3rd August 2004
reviewed by Mike Smith
   in the December 2004 issue (pdf), (html)

I hate spam, you hate spam, we all hate spam. But did you see the recent /. story about Jeremy Jaynes. He sent 10m spams a day, usually made over $400k/month, and in his best month made $750k. Incredible - there's no wonder there's so much of it.

SpamAssassin analyses mails to determine whether they are spam or ham. There are many rules, based on content, headers and consulting external blacklists. Version 3 was released recently, and the book also covers this version.

The book is quite short, at 190 pages of content, so I wasn't expecting much. However, as we'll see, I think most of the important points are covered. In my usual style, I give you a rundown.

The initial chapters provide an overview of what it does and how it does it, installation instructions, testing and how to quickly integrate it into your mail flow using procmail. If you're setting up a busy mail gateway you'll want to use spamd (the daemon) rather than invoking a new instance of SpamAssassin for each message. This is covered too.

There's a chapter on the Rules, which is the core of how SpamAssassin identifies what is spam, and change the default rules, add new ones etc, saving them in a database if you want to (MySQL, PostgreSQL and others) or even LDAP. There are some good examples of writing your own rules, together with an explanation of the various types of tests.

However, although the Rules are a great heuristic tool there are two other advanced mechanisms - Autowhitelisting and Bayesian Filtering. These are covered in chapter 4 - again with examples and recommendations on how to setup the system to learn.

Then we have a few chapters on setting up SpamAssassin with various MTAs - sendmail, using Milter (and MIMEDefang) rather than a basic procmail, Postfix, qmail, Exim. In each case the chapter shows how to setup a spam-checking gateway. One advantage of these integration methods is that you can refuse spam during the SMTP session rather than having to accept it then decide later.

The final, brief, chapter covers using SpamAssassin as a proxy in a POP3 environment. I used to use saproxy, but that went commercial (SAproxy Pro) a year or two ago and the old free version doesn't seem to keep up with today's anti-spam requirements. The only other free alternative I know of is Pop3proxy (its probably one of the original ones too), which is okay but again doesn't stop 100% (out of the box, anyway). So in recent times I'm afraid I resorted to using my ISP's facilities to avoid the burden of updating and managing my anti-spam environment.

At work we've developed an integrated anti-spam and anti-virus solution we call MailGuardian. It uses SpamAssassin for the core anti-spam engine, and has a pluggable framework to support various commercial and non-commercial anti-virus solutions. Perhaps not really useful for you (we use it in big outsource contracts), but I thought I'd mention it as it is relevant. We use some tweaked rules to improve the hit rates but other than that its fairly vanilla.

So despite this book being quite short, I think it is useful for the uninitiated to gain a quick understanding of what SpamAssassin is all about and how to set it up. I found it very readable, and often got sidetracked exploring the content rather than writing this review. A good sign!

Back to reviews list

Tel: 01763 273 475
Fax: 01763 273 255
Web: Webmaster
Queries: Ask Here
Join UKUUG Today!

UKUUG Secretariat
More information

Page last modified 02 Apr 2007
Copyright © 1995-2011 UKUUG Ltd.