Debian/Ubuntu Tips & Tricks
Debuntu.org: .deb packages, Unix/Linux Tutorials and Articles.
Navigation
sponsors
Books
User login
Poll
Syndicate
Search
Tips
Postfix and Spamassassin: How to filter spam -- page 2
3. Make Postfix call Spamassassin
Now, we need to tell postfix to use spamassassin. In our case, spamassassin will be invoked only once postfix has finished with the email.
To tell postfix to use spamassassin, we are going to edit /etc/postfix/master.cf and change the line:
smtp inet n - - - - smtpd
to:
smtp inet n - - - - smtpd
-o content_filter=spamassassin
and then, at the end of master.cf, let's add:
spamassassin unix - n n - - pipe
user=spamd argv=/usr/bin/spamc -f -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}
and here we go, our spam filter is setted up, we need to reload postfix settings and everything should be ready.
#/etc/init.d/postfix reload
4. Conclusion
This is an easy to set up alternative which will filter spams using spamassassin and postfix.
There is actually other way to do so (which I will cover later on), like using amavis for instance, which will use spamassassin without needing spamassassin daemon (spamd).
The presented alternative will still send all emails to their recipient (which is something I actually prefer to rejecting and dumping email spotted as spam). One can then make up rule using either its webmail or mail client, filtering all emails having subject like "[***** SPAM" to be moved to a specific place in the client so you can easily move them away from your precious emails, but still in the end, there will be there, so you won't have any emails discarded because they seemed to be spammed when there actually where real important mails.
In the end, this will behave a bit like famous mail providers such as yahoo, google, hotmail ... do, you will have "Bulk Mails" and "Mails".
Hope this helped,
- Printer-friendly version
- Login or register to post comments
Submitted by chantra on Mon, 2006-11-20 20:54.
Similar entries
- Postfix and Spamassassin: How to filter spam
- Postfix and Postgrey: A proactive approach to spam filtering
- How-To: Virtual emails accounts with Postfix and Dovecot -- page 3
- Postfix and Postgrey: A proactive approach to spam filtering -- page 2
- How-To: Virtual emails accounts with Postfix and Dovecot -- page 2
News.Debuntu.Org
- Virtualization With XenServer 5.5.0
- Set up OpenERP Server, OpenERP GTK Client and OpenERP Web Client on Ubuntu Server & Desktop
- Ubuntu Netbook Remix - User Interface Pro/Am Opinions
- Nvidia to Android: We're Just Not That Into You (TechNewsWorld)
- Character encoding issues when migrating from Joomla 1.0 to 1.5
needs sudo in ubuntu
By the way, most of the commands need to have "sudo" put before them in Ubuntu (unless you have enabled the root account).
Great tutorial, thanks for your help!
Works Great!
I use Group-Office Community as a webmail program. I just discovered one VERY nice feature: When you set up an email account, it is AUTOMATICALLY configured to move anything with "***SPAM***" in the subject line to the Spam folder! Now I don't have to configure the 30+ email accounts in use on my server to do that. I also don't have to change anything for new email accounts created.
Thanks for a great article. I had the whole thing up and running in 30 minutes.
Looking for messages marked as spam
Hello, and thanks for the great tutorial. I followed your instructions and went from receiving 100 spam messages per day to under 5. Can you tell me where to look for the messages that have been filtered as spam? I just want to look through them to make sure I am not missing any important messages.
Thanks,
Sam
[***** SPAM _SCORE_ *****]
You should still receive your SPAMs but they will be marked with [***** SPAM _SCORE_ *****].
Depending on your email client, either your email will be put in another folder or simply still in your inbox but with the SPAM header.
Debuntu
looking for spam messages
Thanks for the reply. I am using Mutt for my email client. The messages marked as spam are definitely not showing up in my inbox. The only folders I know about are the ones I created through my muttrc, and none of them contain messages marked as spam. Any ideas about where I should look?
Thanks,
Sam
Thanks for the manual. It
Thanks for the manual.
It works at the first time!
Great.
sendmail -o
Heya,
good tutorial! But you should mention that it is possible to pass the usual -o options to postfix' sendmail replacement. I'm feeding the emails into the antivirus after checking them for spam here:
spamassassin unix - n n - - pipe user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -o content_filter=scan:127.0.0.1:10025 -oi -f ${sender} ${recipient}Cheers,
Bernd
Nice one, thanks for sharing
Nice one,
thanks for sharing that tip ;)
Debuntu
Too bad that it just doesnt work...
I'm trying to use this together with kaspersky antivirus, and it just plain doesnt work.
in master.cf i have a working content_filter setup for kaspersky, which contains (among other options) a -o content_filter= line with an empty content filter entry.
as soon as i put the spamassassin entry in there, i get this in my logfiles:
Nov 24 11:16:02 maxneu postfix/lmtp[5617]: B881919C1B5: to=, relay=127.0.0.1[127.0.0.1], delay=0, status=bounced (host 127.0.0.1[127.0.0.1] said: 552
Error ! (in reply to end of DATA command))
together with the according bounce mails. but in my logs i see that spamassassin is scanning the mails... anyone who could gimme some hints?
Maybe you can try...
Well, it is quite difficult to solve this issue without all info, but you might try to chain the filterings with something like:
smtp inet n - - - - smtpd -o content_filter=kaspersky #antivirus kaspersky unix - n n - - pipe user=kaspersky argv=/path/to/kaspersky "localhost:10026" ${sender} ${recipient} # from antivirus localhost:10026 inet n - n - - smtpd -o content_filter=spamassassin #spamassassin spamassassin unix - n n - - pipe user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}Mind that this might not work, but it might as well :)
Hope this helps
Debuntu
To make this work even better
To make this work even better you should put a greylisting filter infront of your spamfilter.
http://isg.ee.ethz.ch/tools/postgrey/
postgrey works great with postfix and will kill most of your Spam before it even gets to your spamfilter. Here is a snippet of their description:
Postgrey is a Postfix policy server implementing greylisting developed by David Schweikert at the ISG.EE.
"When a request for delivery of a mail is received by Postfix via SMTP, the triplet CLIENT_IP / SENDER / RECIPIENT is built. If it is the first time that this triplet is seen, or if the triplet was first seen, less than 5 minutes ago, then the mail gets rejected with a temporary error. Hopefully spammers or viruses will not try again later, as it is however required per RFC."
Give it a try. It really helps.
Good point
Hi there,
Yep, I know about greylisting and this is actually a great conception. From what I can remember, it is based on the idea that spammers usually send an email only once, because as they send million or even more spams, it will take too much resource on machine to keep a queue with all those undeliverable email.
I remember, that was back in 2005, at my university, they set it up and obviously gave good results :) .
The point of the previous article was more about spamassassin itself, but anyway, you are right to mention greylisting.... saying so, I'm going to make an article on that ;).
Debuntu
Great article, thanks for
Great article, thanks for posting it.
To those about greylisting, unfortunately it adds a delay to the receipt of legitimate email since you are forcing the sender to come back later. In postgrey, that must be at least 5 minutes later.
The really bad drawback though is that its not your server that has to retry later, its theirs; therefore, you have no control over when the other server retries. It could be 3 hours later depending on how much mail that server has to go through. You just have no idea, and me personally, I like to be in control of a situation when I'm going to intentionally inject delay :P
And if you don't think that when you're hosting mail for someone that they can't tell when its delayed, you're incorrect :)