SpamAssassin Basic Operation

SpamAssassin is mainly used to tag subject line of a message as [***SPAM***] with the required_hits set to 5 or so in order for your users to be able to filter tagged spam into a dedicated folder. THERE IS NO REJECTION of mail taking place at "required_hits" number. First, login as "siteadmin" and add all your domains to the database. For a sitewide rather than on a domain by domain basis, you should set up your rules as global. If you have just installed ecm2Admin you would see 3 basic global rules by default .

The following rules available from the dropdown menu as shown here can be added in addition to 3 default global rules. You can read info about what they are on this page.

Based on the above per domain rules Exim will place the SpamAssassin score and report into the incoming spamassassin-scanned mail's header. If it's just a normal e-mail, it will probably score 0 or less than 1, without tagging the subject line [***SPAM***]. As you can see that required_hits is set to 4 for this domain and until it reaches 4 it will not alter the subject line of any message by tagging.

X-Spam-Status: No (0.0/4.0) SpamAssassin 3.1.3 (2006-03-10)
()
---- Start of SpamAssassin Report
---- End of SpamAssassin Report

Let's take a look at a nasty spam where the score is higher than our required_hits of 4. As you can see, the subject line is tagged with "[***SPAM***]". You will more than likely have to "expand" the header to a full view before you could see these reports. If you forget to add preference value for required_hits when you were logged in as postmaster of your domain, the global default value of "5" will apply.

X-Spam-Status: Yes (16.1/4.0) SpamAssassin 3.1.3 (2006-03-10)
(++++++++++++++++)
---- Start of SpamAssassin Report
* 3.3 HELO_DYNAMIC_DHCP Relay HELO'd using suspicious hostname (DHCP)
* 0.8 EXTRA_MPART_TYPE Header has extraneous Content-type:...type= entry
* 3.3 HELO_DYNAMIC_HCC Relay HELO'd using suspicious hostname (HCC)
* 3.4 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP addr
* 1)
* 0.6 HTML_90_100 BODY: Message is 90% to 100% HTML
* 1.7 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 2.6 HTML_IMAGE_ONLY_08 BODY: HTML: images with 400-800 bytes of words
* 0.4 MPART_ALT_DIFF BODY: HTML and text parts are different
---- End of SpamAssassin Report
Subject: [***SPAM***] situation comedy gasket

In these headers we see a couple of things that can be used in deciding what to do with any particular incoming mail. For starters, Exim can detect if X-Spam-Status: Yes or No, and the achieved score/required_hits values in parenthesis. (16.1/4.0) Rejecting mail at a score identical to the required_hits to mark the subject line as ***SPAM*** would be too aggressive. I would probably start rejecting at a value of "10" and see if there are any falsely marked subject lines between 4 and 10 and make adjustments accordingly.

Now if you actually want to reject receiving mail at a certain score, you will have to designate so in exim configure file by uncommenting the following 3 lines:

# deny message = This message scored $spam_score points. Congratulations!
# spam = $acl_m0:true
# condition = ${if >{$spam_score_int}{80}{1}{0}}}

Rejection value is Number times 10, so if you want to reject at "8" you'll have to write "80" on the third line of that section. If you want to reject at "10", change it to "100". Again, start tagging at 4, but reject only at a much higher number like 10 or 15 because people don't like to loose mail that may have been classified as spam by mistake. For the few spam that goes trough marked [***SPAM***] in the subject line, it shouldn't be too difficult to set up a filter in your Mail App or other Mail clients to move them automatically to a spam folder.