Eradicating spam with SpamAssassin

Dan Kohn
Sun, 14 Apr 2002 22:49:12 -0700

I have gotten SpamAssassin [1] set up as a mail proxy so that all likely
spam are tagged as such and automatically filtered to a separate
mailbox, where I can check for false positives at my convenience.  You
can see exactly how I did this below.

Am I nuts in thinking that nearly everyone on the Internet would like a
similar service, and many of them are willing to pay for it?

All that seems necessary is a regular x86 Linux box running
SpamAssassin, qmail, procmail, and Apache and a web interface to make
configuring all this trivial.  As I have done below, you could set this
up with a well-known public email address and a private one only used by
this server.

One could even avoid the step of having public vs. private email
addresses by creating a filter on your mail user agent (e.g., Outlook)
to send all mail to this server that does not have a X-Spam-Status
header.  The server would run SpamAssassin on the mail and forward the
mail back to the user.  All of this could and should be configured with
a single forms web page that also has you enter your credit card.  How
does $50 a year sound for the service, with a money back guarantee, of

Well, does anyone want to put this together?  I'm happy to pay the
upfront costs for the business.

Here are the details of my SpamAssassin configuration:

The spam headers added look like this:

Subject: *****SPAM***** FW:  dan , Your first targeted e-mailing is FREE
X-Spam-Status: Yes, hits=3D15.0 required=3D5.0
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 2.11 (devel $Id:,v
1.68 2002/03/04 01:22:24 hughescr Exp $)
X-Spam-Prev-Content-Type: multipart/alternative;
X-Spam-Report: Detailed Report
SPAM: -------------------- Start SpamAssassin results
  SPAM: This mail is probably spam.  The original message has been
  SPAM: so you can recognise or block similar unwanted mail in future.
  SPAM: See for more details.
  SPAM: Content analysis details:   (15 hits, 5 required)
  SPAM: Hit! (0.9 points)  BODY: Asks you to click below
  SPAM: Hit! (2.0 points)  BODY: Talks about opting in
  SPAM: Hit! (2.0 points)  BODY: Talks about email marketing
  SPAM: Hit! (0.8 points)  BODY: Talks about bulk email
  SPAM: Hit! (1.7 points)  BODY: Includes a link to send a mail with a
  SPAM: Hit! (-0.2 points) BODY: Includes a URL link to send an email
  SPAM: Hit! (3.5 points)  BODY: Link to a URL containing "remove"
  SPAM: Hit! (1.6 points)  BODY: Tells you to click on a URL
  SPAM: -------------------- End of SpamAssassin results

To set this up, I found a kind soul willing to install procmail and
SpamAssassin and give me a user account on his Unix box.  I then set up
a .forward with:

     "|IFS=3D' ' && exec /usr/bin/procmail -f- || exit 75 #dan"

I created .procmailrc with:

     | /usr/bin/spamassassin -P

     :0      # All messages
     ! dan@myprivateaddress.example    # A private address

I then made a .spamassassin/user_prefs with:

     rewrite_subject       1
     report_header         1

I then forwarded to the account on the Unix box, which
then forwards to dan@myprivateaddress.example.

Which brings me to my question

          - dan
Dan Kohn <>
<>  <tel:+1-650-327-2600>
Essays announced on <>