Advanced SpamAssassin techniques
- — 05 September, 2003 08:23
In my last column I introduced the SpamAssassin e-mail filtering tool. This intelligent spam detector employs a large number of techniques to accurately identify and tag unsolicited bulk e-mail (spam). This time around, we will examine some of the techniques you can use to fine tune SpamAssassin to the e-mail you receive to better improve its classification results.
If you have a collection of spam residing in a dedicated spam folder, you can use it to help SpamAssassin identify the spam you receive. The program employs an artificial intelligence classification technique called Naive Bayes to divide e-mail into spam and non-spam. Naive Bayes requires a training stage before it can be effective in filtering, and the wider the selection of data you use for training, the greater the algorithm’s accuracy.
The “sa-learn” command is used to train SpamAssassin. To use it you will need to know the path of your spam mailbox, which is likely stored somewhere in your home directory. For users of Ximian Evolution the path is ~/evolution/local/
$ sa-learn -spam --mbox
Note, it may take several minutes to execute this command if you have supplied sa-learn with a large mailbox. You can also train SpamAssassin to recognise non-spam (ham) e-mail by changing the “-spam” switch to “-ham”. Run the above command replacing the path to your spam mailbox with each of your other non-spam mailboxes to train SpamAssassin to recognise the e-mail you consider non-spam.
Adjusting the threshold
By default, SpamAssassin uses a threshold of 5.0 to decide if an e-mail is spam. This threshold is a good starting point, but if — like me — you get a lot of spam, you might find that some messages manage to slip through with a score marginally below 5.0. It is possible to adjust the SpamAssassin threshold to better classify the e-mail you receive. You probably will not need to adjust the threshold a lot in order to greatly improve the classification accuracy of SpamAssassin. The important thing to remember is to set a low threshold, as SpamAssassin could start to wrongly classify real e-mails as spam (otherwise known as false positives).
To adjust the SpamAssassin threshold, open the file ~/.spamassassin/user_prefs in your text editor. If this file does not exist, you can create it by copying the file /usr/share/spamassassin/user_prefs.template to the above path. This file contains the configuration information for SpamAssassin.
If it is not already uncommented, uncomment the line containing “required_hits” by removing the “#” from the beginning. The number after “required_hits” is used to set the threshold. Experiment with different scores here to improve SpamAssassin’s spam detection. If you find some e-mails are slipping through into your inbox, scan them again with SpamAssassin by saving a copy of the e-mail to disk and typing the following command in a shell:
$ spamassassin < email
In this command, email is the filename of the saved e-mail. At the top of the output produced by SpamAssassin will be the score the e-mail received. Use this score to calculate the amount by which to lower the threshold to catch this e-mail. I currently use a score of 3.9 on my system, but you may find a different score works better for you.
More configuration options
Along with adjusting the threshold at which SpamAssassin classifies spam, the user_prefs configuration file offers a way to tweak many settings.
One of the most useful configuration options is the “whitelist_from
You can also adjust the scores given for various SpamAssassin tests using the “score
Many other configuration settings are available and you’ll find a complete list at http://spamassassin.org/doc/Mail_SpamAssassin_Conf.html.
SpamAssassin is a powerful tool, but because the e-mails we each receive differ greatly, you should customise the program to filter your spam effectively using some or all of the above techniques.