Review of SpamAssassin

Alan Schwartz
O'Reilly & Associates

Reviewed by Nick Christenson,

September 23, 2004

These days few problems are as vexing to information technology professionals as the problem of spam. Developers are turning out tools to combat this scourge at a considerable rate, but in many cases good documentation often seems to lag the solutions and their development. On the Unix side, one of the most popular anti-spam packages is SpamAssassin. Alan Schwartz has recently compiled the first book about this software package.

SpamAssassin begins with introductory material and then jumps right in to discussing the basic use of SpamAssassin and its associated utilities. Readers are told how to use SpamAssassin on the command line, in conjunction with procmail, within Perl scripts, and in conjunction with the spamc/spamd daemons. Schwartz does a thorough job of providing the basics here, and anyone who has an immediate need to make SpamAssassin work in their environment should find enough ammunition in these pages to get things up and running in short order.

The next section covers writing new SpamAssassin rules. Basically, if someone wants to expand SpamAssassin's capabilities, everything they need to know is in Chapter 3. I expect most users of this package won't have a need for this as SpamAssassin already comes with more rules to test than I know what to do with, but this information is there and the book wouldn't be complete without it. Chapter 4 covers SpamAssassin's Bayesian filtering capabilities providing a good overview of the mechanism and a detailed explanation of the implementation.

The last five chapters cover integration of SpamAssassin with sendmail, Postfix, qmail, and Exim, as well as use of SpamAssassin with POP3 proxies. The sendmail chapter is the only one I'm qualified to judge (as well as the only one I'm personally interested at the moment), although it's certain that a significant segment of the book's audience will find each valuable. Schwartz mentions using SpamAssassin as a sendmail milter method in conjunction with MIMEDefang. This is a very reasonable way to integrate sendmail and SpamAssassin, but it is by no means the only way. Given the fact that the book in toto is on the short side, I don't think anything would have been lost by covering this topic more thoroughly. Similarly, there are a bunch of potential pitfalls that an implementor might face, such integration using non-root accounts and making sure socket file permissions are correct, where the author could have provided more detail. Notable in its absence is a chapter on troubleshooting a SpamAssassin installation.

I found little in SpamAssassin that isn't available on web sites, although it's better organized, and everything is conveniently contained in one place. Those people who are already running SpamAssassin and are happy with the Internet documentation probably won't gain much from reading this book. Those who have found the online docs confusing may be helped a great deal by what Schwartz has written. It covers the topic adequately, but doesn't provide any significant new insight into this popular software package.


People who are frustrated with the online documentation while trying to get SpamAssassin to work should definitely check out this book. It provides a cogent, comprehensive guide to making SpamAssassin work the way the reader wants in just about any environment. However, it goes no further than that. I really didn't find any new or especially interesting insights into the operation of this software package.

Click here to return to the index of reviews.