Spamassassin 사용기

1. 먼저 mkdir /etc/mail/spamassassin/probably-spam과 mkdir /etc/mail/spamassassin/almost-certainly-spam 하여 디렉토리를 생성해 줍니다.

 

2. 시스템 전체적으로 사용하기 위해 vi /etc/procmailrc를 생성합니다.

-> 파일내용 :

# SpamAssassin sample procmailrc
#
# Pipe the mail through spamassassin (replace 'spamassassin' with 'spamc'
# if you use the spamc/spamd combination)
#
# The condition line ensures that only messages smaller than 250 kB
# (250 * 1024 = 256000 bytes) are processed by SpamAssassin. Most spam
# isn't bigger than a few k and working with big messages can bring
# SpamAssassin to its knees.
#
# The lock file ensures that only 1 spamassassin invocation happens
# at 1 time, to keep the load down.
#
:0fw: spamassassin.lock
* < 256000
| /usr/bin/spamc --prefs-file=/etc/mail/spamassassin/local.cf
 
# Mails with a score of 15 or higher are almost certainly spam (with 0.05%
# false positives according to rules/STATISTICS.txt). Let's put them in a
# different mbox. (This one is optional.)
:0:
* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
/etc/mail/spamassassin/almost-certainly-spam
 
# All mail tagged as spam (eg. with a score higher than the set threshold)
# is moved to "probably-spam".
:0:
* ^X-Spam-Status: Yes
#/etc/mail/spamassassin/probably-spam
 
# Work around procmail bug: any output on stderr will cause the "F" in "From"
# to be dropped.  This will re-add it.
:0
* ^^rom[ ]
{
  LOG="*** Dropped F off From_ header! Fixing up. "
 
  :0 fhw
  | sed -e '1s/^/F/'
}

 

3. 시스템 전체적으로 사용하기 위해 vi /etc/mail/spamassassin/local.cf를 생성합니다.

 

# This is the right place to customize your installation of SpamAssassin.
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
#

 

# Whitelist and blacklist addresses are now file-glob-style patterns, so
# "friend@somewhere.com", "*@isp.com", or "*.domain.net" will all work.
# whitelist_from someone@somewhere.com

 

#
# NOTE: this is DISABLED by default; you have to uncomment the 'rewrite_subject'
# and 'subject_tag' lines to enable this subject-line re-writing method.
# (uncommenting means, remove the '#' symbol from in front of the two lines.)
#
# Change the subject line of suspected spam emails? (0=no, 1=yes)
rewrite_subject         1
#
# Text to prepend to subject if rewrite_subject is set to '1':
subject_tag             *****SPAM*****

 

#report_safe 1
ok_locales en ko
ok_languages en ko
lang en ko
use_bayes 1
auto_learn 1
auto_learn_threshold_spam 6.0
auto_learn_threshold_nonspam -2.0
bayes_path /var/spool/spamassassin/bayes
bayes_file_mode 770

 

#Rules for all senders
score HEADER_8BITS 0
score HTML_COMMENT_8BITS 0
score SUBJ_FULL_OF_8BITS 0

 

score UPPERCASE_25_50 0.5
score UPPERCASE_50_75 0.5
score UPPERCASE_75_100 0.5

 

#General rules for html-based mail & html-based bulk mail
score HTML_MESSAGE 1.8
#General rules for html-based bulk messages
score MIME_HTML_ONLY 2.1

 

#Ordinary rules for spamers & internet via e-mail
#& bulk mail
score HTML_FONTCOLOR_RED 2.4
score HTML_FONTCOLOR_BLUE 1.1
score HTML_FONTCOLOR_GREEN 2.0
score HTML_FONTCOLOR_GRAY 1.4
score HTML_FONTCOLOR_UNSAFE 0.5
score HTML_FONTCOLOR_UNKNOWN 2.7
score HTML_FONT_BIG 0.6
score HTML_FONT_INVISIBLE 1.2
score LINES_OF_YELLING 0.5
score LINES_OF_YELLING_2 0.6

 

score MAILTO_WITH_SUBJ 1.0
score EXTRA_MPART_TYPE 0.9
score CLICK_BELOW 0.6
score HTML_LINK_CLICK_HERE 0.5
score NO_REAL_NAME 0.8
score HTML_COMMENT_RATIO 0.5

 

#Very strong rules for spamers
score DATE_IN_FUTURE_12_24 5.0
score DATE_IN_FUTURE_06_12 5.0
score DATE_IN_FUTURE_03_06 5.0
score MIME_HTML_NO_CHARSET 5.0
score DATE_IN_PAST_96_XX 5.0
score DATE_IN_PAST_03_06 5.0
score DATE_IN_PAST_12_24 5.0
score INVALID_DATE 5.0
score HTML_TITLE_UNTITLED 5.0
score MISSING_MIMEOLE 5.0
score FORGED_HOTMAIL_RCVD 5.0
score RCVD_FAKE_HELO_DOTCOM 5.0
score RCVD_FAKE_HELO_DOTCOM_2 5.0
score MIME_BOUND_NEXPART 5.0

 

#Use valid reference headers
score REFERENCES 0.0
score IN_REP_TO 0.0

 

#score UNDESIRED_LANGUAGE_BODY 5.5

 

#auto_whitelist_path /var/spool/spamassassin/auto-whitelist
#auto_whitelist_file_mode 770

 

score KOREAN_UCE_SUBJECT 2.4

 

#body MY_ADV_01 /(표기한 광고 메일|x6Wx4sfRILGksO0guN7Az|=C7=A5=B1=E2=C7=D1 =B1=A4=B0=ED =B8=DE=C0=CF)/
header MY_ADV_01 Subject =~ /\b표기한 광고 메일\b/i
describe MY_ADV_01 광고성 문구 포함
score MY_ADV_01 0.5

 

#body MY_ADV_02 /(법률 제 50조에 의거한|uf23\/CDBpiA1MMG2v6EgwMewxcfR|=B9=FD=B7=FC =C1=A6 50=C1=B6=BF=A1 =C0=C7=B0=C5=C7=D1)/
header MY_ADV_02 Subject =~ /\b법률 제 50조에 의거한\b/i
describe MY_ADV_02 광고성 문구 포함
score MY_ADV_02 0.3

 

#body MY_ADV_03 /(어떠한 개인 정보도|vu62sMfRILCzwM4gwaS6uLW1|=BE=EE=B6=B0=C7=D1 =B0=B3=C0=CE =C1=A4=BA=B8=B5=B5)/
header MY_ADV_03 Subject =~ /\b어떠한 개인 정보도\b/i
describe MY_ADV_03 광고성 문구 포함
score MY_ADV_03 0.3

 

#body MY_ADV_04 /(정보통신망 이용촉진|waS6uMXrvcW4wSDAzL\/rw8vB\+|=C1=A4=BA=B8=C5=EB=BD=C5=B8=C1 =C0=CC=BF=EB=C3=CB=C1=F/
header MY_ADV_04 Subject =~ /\b정보통신망 이용촉진\b/i
describe MY_ADV_04 광고성 문구 포함
score MY_ADV_04 0.2

 

#body MY_ADV_05 /(정보통신부 권고|waS6uMXrvcW6ziCxx7Dt|=C1=A4=BA=B8=C5=EB=BD=C5=BA=CE =B1=C7=B0=ED)/
header MY_ADV_05 Subject =~ /\b정보통신부 권고\b/i
describe MY_ADV_05 광고성 문구 포함
score MY_ADV_05 0.2

 

#body MY_ADV_06 /(수신을 원치 않으시면|vPa9xcC7IL\/4xKEgvsrAuL3DuO|=BC=F6=BD=C5=C0=BB =BF=F8=C4=A1 =BE=CA=C0=B8=BD=C3=B8=E9)/
header MY_ADV_06 Subject =~ /\b수신을 원치 않으시면\b/i
describe MY_ADV_06 광고성 문구 포함
score MY_ADV_06 0.3

 

#body MY_ADV_07 /(귀하의 이메일 주소는|sc3Hz8DHIMDMuN7AzyDB1rzStMI|=B1=CD=C7=CF=C0=C7 =C0=CC=B8=DE=C0=CF =C1=D6=BC=D2=B4=C2)/
header MY_ADV_07 Subject =~ /\b귀하의 이메일 주소는\b/i
describe MY_ADV_07 광고성 문구 포함
score MY_ADV_07 0.8

 

#body MY_ADV_08 /(귀하의 메일 주소는|sc3Hz8DHILjewM8gwda80rTC|=B1=CD=C7=CF=C0=C7 =B8=DE=C0=CF =C1=D6=BC=D2=B4=C2)/
header MY_ADV_08 Subject =~ /\b귀하의 메일 주소는\b/i
describe MY_ADV_08 광고성 문구 포함
score MY_ADV_08 0.8

 

#body MY_ADV_09 /(메일을 원하지 않을 경우|uN7Az8C7IL\/4x8\/B9iC\+ysC7ILDmv\+|=B8=DE=C0=CF=C0=BB =BF=F8=C7=CF=C1=F6 =BE=CA=C0=BB =B0=E6=BF=EC)/
header MY_ADV_09 Subject =~ /\b메일을 원하지 않을 경우\b/i
describe MY_ADV_09 광고성 문구 포함
score MY_ADV_09 0.2

 

#body MY_ADV_10 /(메일은 발송전용이므로|uN7Az8C6ILnfvNvA\/L\/rwMy5x7fO|=B8=DE=C0=CF=C0=BA =B9=DF=BC=DB=C0=FC=BF=EB=C0=CC=B9=C7=B7=CE)/
header MY_ADV_10 Subject =~ /\b메일은 발송전용이므로\b/i
describe MY_ADV_10 광고성 문구 포함
score MY_ADV_10 0.7

 

#body MY_ADV_11 /(수신거부|vPa9xbDFus4|=BC=F6=BD=C5=B0=C5=BA=CE)/
header MY_ADV_11 Subject =~ /\b수신거부\b/i
describe MY_ADV_11 광고성 문구 포함
score MY_ADV_11 0.3

 

#body MY_ADV_12 /(허락없이 메일을|x\+O29L74wMwguN7Az8C7|=C7=E3=B6=F4=BE=F8=C0=CC =B8=DE=C0=CF=C0=BB)/
header MY_ADV_12 Subject =~ /\b허락없이 메일을\b/i
describe MY_ADV_12 광고성 문구 포함
score MY_ADV_12 5.5

 

#body MY_ADV_13 /(메일 주소 이외의 어떠한 자료도|=B8=DE=C0=CF =C1=D6=BC=D2 =C0=CC=BF=DC=C0=C7 =BE=EE=B6=B0=C7=D1 =C0=DA=B7= =E1=B5=B5|uN7AzyDB1rzSIMDMv9zAxyC+7rawx9EgwNq34bW)/
header MY_ADV_13 Subject =~ /\b메일 주소 이외의 어떠한 자료도\b/i
describe MY_ADV_13 광고성 문구 포함
score MY_ADV_13 0.8

 

#body MY_ADV_14 /(귀하의 메일주소|=B1=CD=C7=CF=C0=C7 =B8=DE=C0=CF=C1=D6=BC=D2|sc3Hz8DHILjewM\/B1rz)/
header MY_ADV_01 Subject =~ /\b귀하의 메일주소\b/i
describe MY_ADV_14 성인광고문구
score MY_ADV_14 0.8

 

#body MY_ADV_15 /(섹스쇼|vL29urzu|=BC=BD=BD=BA=BC=EE)/
header MY_ADV_15 Subject =~ /\b섹스쇼\b/i
describe MY_ADV_15 성인광고문구
score MY_ADV_15 2.5

 

#body MY_ADV_16 /(자위쇼|wNrAp7zu|=C0=DA=C0=A7=BC=EE)/
header MY_ADV_16 Subject =~ /\b자위쇼\b/i
describe MY_ADV_16 성인광고문구
score MY_ADV_16 2.5

 

#body MY_ADV_17 /(보지쇼|urjB9rzu|=BA=B8=C1=F6=BC=EE)/
header MY_ADV_17 Subject =~ /\b보지쇼\b/i
describe MY_ADV_17 성인광고문구
score MY_ADV_17 2.5

 

#body MY_ADV_18 /(포르노|=C6=F7=B8=A3=B3=EB|xve4o7Pr)/
header MY_ADV_18 Subject =~ /\b포르노\b/i
describe MY_ADV_18 성인광고문구
score MY_ADV_18 0.5

 

#body MY_ADV_20 /(야설|=BE=DF=BC=B3|vt+8s)/
header MY_ADV_20 Subject =~ /\b야설\b/i
describe MY_ADV_20 성인광고문구
score MY_ADV_20 0.4

 

#body MY_ADV_21 /(성인만화|=BC=BA=C0=CE=B8=B8=C8=AD|vLrAzri4yK)/
header MY_ADV_21 Subject =~ /\b성인만화\b/i
describe MY_ADV_21 성인광고문구
score MY_ADV_21 0.3

 

#body MY_ADV_22 /(몰카|=B8=F4=C4=AB|uPTEq)/
header MY_ADV_22 Subject =~ /\b몰카\b/i
describe MY_ADV_22 성인광고문구
score MY_ADV_22 0.7

 

#body MY_ADV_23 /(자위동영상|=C0=DA=C0=A7=B5=BF=BF=B5=BB=F3|wNrAp7W\/v7W78)/
header MY_ADV_23 Subject =~ /\b자위동영상\b/i
describe MY_ADV_23 성인광고문구
score MY_ADV_23 0.9

 

#body MY_ADV_24 /(몰래카메라|=B8=F4=B7=A1=C4=AB=B8=DE=B6=F3|uPS3ocSruN628)/
header MY_ADV_24 Subject =~ /\b몰래카메라\b/i
describe MY_ADV_24 성인광고문구
score MY_ADV_24 0.7

 

header MY_ADV_25 Subject =~ /\b야동\b/i
describe MY_ADV_25 성인광고문구
score MY_ADV_25 0.7

 

header MY_ADV_26 Subject =~ /porno/i
describe MY_ADV_26 성인광고문구 
score MY_ADV_26 0.5
 
header MY_ADV_27 Subject =~ /\b카-드연체 대납\/대출\b/i
describe MY_ADV_27 성인광고문구 
score MY_ADV_27 0.6
 
header MY_ADV_28 Subject =~ /\b카드연체 대납\/대출\b/i
describe MY_ADV_28 성인광고문구 
score MY_ADV_28 0.6
 
header MY_ADV_29 Subject =~ /\b출장대기 미남 미녀\b/i
describe MY_ADV_29 성인광고문구 
score MY_ADV_29 0.7

 

4. 테스트해보세요

 

설치가 완료되면 스팸어쌔신에 포함된 테스트용 메일과 스팸메일 등을 시험적으로 점검할 수 있다.

$ /usr/bin/spamassassin -t < sample-spam.txt $ /usr/bin/spamassassin -t < sample-nonspam.txt

스팸어쌔신는 각각의 메시지가 스팸인지 아닌지를 판단한 리포트를 보여준다. 스팸으로 판정된 메시지라면 어떤 테스트를 했는지도 함께 출력한다.