Question about Spam Assassin

[PA-Scott]

I read on the forum that when you turn SA on, your tagged messages would come across with ****SPAM**** in the subject line. However, that isn't happening for me. I would like to be able to filter this to a SPAM folder so I can view at a later time to make sure it's all invalid spam and it's not catching anything important.

I'm getting an email with the original email attached. The SA email comes and looks like this:


Spam detection software, running on the system "nitrogen.nocdirect.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or block
similar future email. If you have any questions, see
the administrator of that system for details.

Content preview: New Page 2 ELIMINATE All YOUR CREDIT CARD DEBT WITHOUT
FILING BANKRUPTCY! With The # 1 Debt Elimination Company In North
America! [...]

Content analysis details: (20.3 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.2 PLING_QUERY Subject has exclamation mark and question mark
4.3 RATWARE_EGROUPS Bulk email fingerprint (eGroups) found
0.2 EXCUSE_16 BODY: I wonder how many emails they sent in error
0.2 BAD_CREDIT BODY: Eliminate Bad Credit
4.3 CONSOLIDATE_DEBT BODY: Consolidate debt, credit, or bills
0.1 HTML_FONTCOLOR_UNKNOWN BODY: HTML font color is unknown to us
0.1 HTML_LINK_CLICK_HERE BODY: HTML link text says "click here"
0.1 HTML_FONTCOLOR_GREEN BODY: HTML font color is green
0.3 HTML_TAG_BALANCE_BODY BODY: HTML has unbalanced "body" tags
0.0 HTML_MESSAGE BODY: HTML included in message
0.1 HTML_FONT_BIG BODY: HTML has a big font
0.4 HTML_TAG_BALANCE_HTML BODY: HTML has unbalanced "html" tags
0.1 HTML_70_80 BODY: Message is 70% to 80% HTML
0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.4 HTML_FONT_INVISIBLE BODY: HTML font color is same as background
0.1 HTML_FONTCOLOR_RED BODY: HTML font color is red
1.6 FRONTPAGE BODY: Frontpage used to create the message
0.8 REMOVE_PAGE URI: URL of page called "remove"
1.1 RCVD_IN_SORBS_HTTP RBL: SORBS: sender is open HTTP proxy server
[210.107.132.186 listed in dnsbl.sorbs.net]
1.1 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org
[<http://dsbl.org/listing?ip=210.107.132.186>]
2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?210.107.132.186>]
1.1 RCVD_IN_NJABL_PROXY RBL: NJABL: sender is an open proxy
[210.107.132.186 listed in dnsbl.njabl.org]
0.1 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS
[210.107.132.186 listed in dnsbl.sorbs.net]
0.1 RCVD_IN_NJABL RBL: Received via a relay in dnsbl.njabl.org
[210.107.132.186 listed in dnsbl.njabl.org]
0.0 CLICK_BELOW Asks you to click below
1.1 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts

The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.

[Connie]

I don't use SA, but if you do a search on
the forum you will find a lot of post about
SA. A lot of users had problems.
Personally I use Mailwasher. It's a pain in
the but, but I don't want to download the
junk. Whatever spam program you use
you are eventually going to have to view
the messages to make sure a legitimate
e-mail was not marked as spam.
Personally I would rather do this before
downloading the crap. Back to SA. Some
useres have a good experience with SA,
others have had a disapointing experienc
with SA. Good Luck.

[PA-Scott]

Yeah, I did read alot of threads but most of them were problems in the past. I also noticed that they said the subject was changed, but in my case the subject line is not being changed... it's attaching the suspected email to a notice email. I'm just wondering if this is how it is suppose to work and if so, what filtering techniques are people using? I'd rather filter just the subject line for ****SPAM**** if possible.

[jason]

You can set up configuration options for SpamAssain in a file called user_prefs in a directory called .spamassassin in your account's home directory (That's /home/USERNAME/.spamassassin/user_prefs). You can see the full list of options available for this file by typing "man Mail::SpamAssassin::Conf" and an SSH prompt. A couple things you might want to set, though:

rewrite_subject 1
This will enable the ****SPAM**** thing in your message's subjects. I'm surprised its not on by default--the man page says it shouldn't be, but I thought it was in the CPanel config.

report_safe 0
This will keep the body of the message intact so that you can still read it.

You can also whitelist addresses or domains that tend to be falsely marked as spam or blacklist addresses or domains that you always want to trap as spam:

whitelist_from friendly_person@somedomain.com
whitelist_from *@friendlydomain.com

blacklist_from spammer@yahoo.com
blacklist_from *@spammer.com

Of course, its probably easier to use the spam filters in CPanel over setting up a blacklist here unless you want to review the messages before you trash them. I do use the whitelist, though, to stop a couple mailing lists that I receive from being marked as spam.

--Jason