Thanks a lot for your reply > Run: sa-update -D 2>&1| grep DIR
> > That will output something like: > > Feb 9 12:08:49.609 [20855] dbg: generic: Perl 5.010001, PREFIX=/usr, > DEF_RULES_DIR=/usr/share/spamassassin, LOCAL_RULES_DIR=/etc/spamassassin, > LOCAL_STATE_DIR=/var/lib/spamassassin > > On this system, sa-update downloads rules to /var/lib/spamassassin, so I > guess you're looking for the LOCAL_STATE_DIR. OK, makes sense. Mine is the same as yours. > That directory will contain a directory related to your SA version, > something like 3.003001, which will contain updates_spamassassin_org, which > will contain the files defining all the rules. Hmm, in there I find TWO directories: 3.002005 3.003001 Strangely, both have dates of today, but the *contents* of 3.002005 are from Apr 3 2011. So I guess my system uses 3.003001 since it's files are dated currently Wonder if I can delete the older one > Although that doesn't necessarily tell you which are enabled by default. > Some require configuration changes. Hm, well is there a file or somewhere to look and see what rules are active? > I believe for SPF you *should* be doing the detecting at your MTA > (mail server software) and inserting a header for spamassassin to use: > Received-SPF. (Because SPF is supposed to use the "envelope from", > which is not necessarily included in a header.) I see. That makes sense. Is there a wiki page suggesting solutions for this? Anyone know of tips for doing this in postfix? Or during amavis processing? >> From that page, it seems that SPF checks are normal >> but DKIM is not. Is this right? >> >> Contrary to that, this page suggests that DKIM test are >> enabled by default in version 3.3: >> >> https://wiki.apache.org/spamassassin/Plugin/DKIM > > I don't have anything in my /etc/spamassassin/local.cf related to DKIM, and > I'm getting DKIM rule hits, so I agree that DKIM is enabled by default > (although I'm running trunk / v3.4.0 which is unreleased). Me too. I sent emails to myself from Yahoo and Gmail and got these in my X-Spam-Status: Gmail: DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU Yahoo: DKIM_ADSP_CUSTOM_MED,DKIM_SIGNED,T_DKIM_INVALID (that last one is interesting - not sure how the message gets altered to break the signature, especially if Gmail works fine (running SA from Maildrop)) > I believe SPF tests are also enabled by default, but won't do quite the > right thing unless you're inserting the Received-SPF header at your MTA. Well I guess so because I see no SPF hits and I think at least Gmail uses SPF. I'd appreciate any tips on getting those headers inserted. > None of the SPF or DKIM rules are particularly highly ranked in > spamassassin rule QA, so I wouldn't actually expect significant > improvements in accuracy from it: > http://ruleqa.spamassassin.org/?daterev=20120204 > They both have some substantial flaws. I'm OK with that (have been weary about their limitations and not always 100% sure about using either of them on my domains), and it's actually the reason I'm asking about SA support for them because I would never want to use either of them to outright block mail.Just some influence on SA scoring is good.