Tip: Apache SpamAssassin Config Files


Dec 9, 2006
Just as a reference for those who have been trying to mess with SpamAssassin and were confused:

SpamAssassin uses a variety of configuration files, just like Apache and many other bits of software. There are several levels of configuration, from server, to domain, to account.

This tidbit of information is to help you understand how you can use this:

Important: I am on a FreeBSD system. Depending on your system the locations of your files may vary slightly but the concept is the same.

Default Files:
Location: /usr/local/share/spamassassin/
Description: Contains the "default", basic configuration files that your system uses. This file is generally overwritten when you upgrade SpamAssassin, so you do NOT want to modify these files. If you modify these files, there is no guarantee the changes will stick around!
Usefulness: Gives you a template to work off of when creating your own fies...you should definately take a look at the contents of these files, especially 10_misc.cf.

System File:
Location: /etc/mail/spamassassin/local.cf
Description: Once the system starts up and reads the defaults from Default Files, SpamAssassin THEN reads this file. Any settings placed in here override the default.

User/Domain File:
Location: /home/username/.spamassassin/user_prefs
Description: Contains the SpamAssassin settings for any sites owned by username. This allows you to customize your settings on a user basis. These override the system file above.

POP User File:
Location: /home/username/mail/domainname.com/popusername/user_prefs
Description: Finally, the SpamAssassin settings for a particular POP user. Anything you put in here will override anything above.

Now, I'm not an expert by any means (in fact, I've only been playing with SA for a couple of days now) so I can't guarantee I'm 100% accurate here, but this should get you going if you need to change some settings.

Good Luck!


Apr 22, 2007
Great document!

Your document is excellent - it addresses all of the different audiences (and accesses)

One thing to note... the user_prefs file only works if the allow_user_rules is set to allow it's use. By default their recommendation is to not do that - s it is likely that any change to this file will not work.

It does make sense to lock up that file, but it leaves you with no alternative - unless you can add the requested entries to their local.cf file. WHICH is owned by the Server folks - most likely your hosting company.

-- If I am incorrect, please correct me... I've been trying to get a rewrite_header ***SPAM*** to reappear on all of the domains I host thru another company and just can't seem to get a complete answer as everyone only looks at what they are responsible for. They tell you you can do it, and have no idea they have to do something to allow you to do it. This seems to be the new wave of IT careers... people who give you a correct answer without the full information that it is meaningless unless they do something else. But that makes it 2 support calls instead of resolving it in one.