How to Configure SpamAssassin

Creating a Rule to Filter SpamAssassin Flagged Junk Mail

This tutorial has two parts - the first addresses how to setup Spam Asssassin on the server.  If this is already setup for you, read our articles on How to Filter SpamAssassin Mails in Outlook, or How to Filter SpamAssassin Mails in Outlook Express, respectively.

Part One : Setting Up SpamAssassin on Your Server

From within Cpanel, click on "Mail," followed by "SpamAssassin."  (If you don't see the SpamAssassin option, contact your hosting provider and ask them to enable SpamAssassin for you.)

Enabling SpamAssassin

Once inside  SpamAssassin, select "enable SpamAssassin" to turn on your spam filter.  Next, select "configure SpamAssassin."  From here, you'll want to enter a score in the "required_score" field.  The default is 5.  The lower the number the stronger the filter.  For my own use and client accounts we typically use 4.  If you are experiencing lots of spam you can lower the number even more, but this may also result in more legitimate mail being incorrectly flagged as spam.  Note: If you are an ISP, you typically do not want to enable the filter at all, as you do not want to prevent potentially legitimate mails from reaching your Internet users.  There are client-side spam filtering solutions out there that you should direct your clients to.

Rewriting Subjects

Note that Cpanel v. 11 and higher typically disable custom rewriting in favor of ACL rewrite handling, which improves performance greatly.  Typically in this case the subject is rewritten by and tagged with "***SPAM***" by default.

If you have rewriting enabled, on the configuration page you'll see a field that lets you rewrite the subjects of spam-flagged mails, using variables to indicate spam score and threshold.  As an example, we use:
*SPAM* (_HITS_ / _REQD_)
to flag spam mail, the first variable indicating the spam score, and the second variable indicating the threshold (in this case 4), we've set.  You can now filter your mail by subject in your mail clients (ie. Outlook, Outlook Express, etc.)  Note: Your hosting provider may have this option disabled, in which case you'll need to rely on the header rewrite method explained in part two below.

Spam Box or No Spam Box?

Now that you have SpamAssassin enabled and filtering mails, you need to decide how to handle these mails.  Typically, you can leave the spam box disabled and use the rules in part two below to filter your mails into a junk folder using your mail client.  However, if you're hosting provider has not enabled subject rewriting, you'll only be able to filter mails in clients that allow rules to examine headers.  Outlook Express, for one, only let you filter on subjects.  In this case you'll want to turn on Spam Box, which you can check by logging into webmail or appending "/spam" to your login email address.