Postfix and Spamassassin: How to filter spam

3 minute read

Postfix is a widely used mail transport agent (MTA) used on many popular Unix/Linux systems. Nowadays, networks are overwhelmed by SPAM mail, fortunately, there is a way to filter them with software such as spamassassin.

This articles is not going to go through postfix installation. Instead, you might refer to a previous article on How-to run postfix with virtual domains.

1. Getting Started

By now, you should have a running SMTP server running postfix. There is a couple of package we need to install: spamassassin and its client spamc

$ sudo apt-get install spamassassin spamc

spamassassin package includes a daemon which can be called by user programs such as procmail… but can also be integrated into a Mail Transport Agent such as postfix.

2. Using spamassassin as a standalone daemon

In this part of the tutorial, we are going to make spamassassin run as its own user (default on debian sarge is root), configure some settings and make postfix use spamassassin as an after-queue content filter, which means that the content is going to be filters through spamassassin after postfix has dealt with the delivery.

2.1. Setting up spamassassin

Okie, so you installed spamassassin from debian repository, on default settings, spamassassin runs as root user and is not started. To avoid that, we are going to create a specific user and group for spamassassin. As root user, run the following commands:

# groupadd -g 5001 spamd
# useradd -u 5001 -g spamd -s /sbin/nologin -d /var/lib/spamassassin spamd
# mkdir /var/lib/spamassassin
# chown spamd:spamd /var/lib/spamassassin

Now, we need to change some settings in /etc/default/spamassassin and make sure you get the following values:

ENABLED=1
SAHOME="/var/lib/spamassassin/"
OPTIONS="--create-prefs --max-children 5 --username spamd --helper-home-dir ${SAHOME} -s ${SAHOME}spamd.log"
PIDFILE="${SAHOME}spamd.pid"

What happen here, is that we are going to run spamd daemon as user spamd and make it use its own home dir (/var/lib/spamassassin/) and is going to output its logs in /var/lib/spamassassin/spamd.log

2.2. Configuring spamassassin

Now, we need to give spamassassin some rules. The default settings are quite fine, but you might tweak them up a bit. So let’s edit /etc/spamassassin/local.cf and make it looks like that:

rewrite_header Subject [***** SPAM _SCORE_ *****]
required_score           2.0
#to be able to use _SCORE_ we need report_safe set to 0
#If this option is set to 0, incoming spam is only modified by adding some "X-Spam-" headers and no changes will be made to the body.
report_safe     0

# Enable the Bayes system
use_bayes               1
use_bayes_rules         1
# Enable Bayes auto-learning
bayes_auto_learn        1

# Enable or disable network checks
skip_rbl_checks         0
use_razor2              0
use_dcc                 0
use_pyzor               0

Here, we set spamassassin’ spamd default settings to rewrite email subject to [***** SPAM _SCORE_ *****], where _SCORE_ is the score attributed to the email by spamassassin after running different tests, only if the actual score is greater or equal to 2.0. So email with a score lower than 2 won’t be modified.

To be able to use the _SCORE_ in the rewrite_header directive, we need to set report_safe to 0.

In the next section, we tell spamassassin to use bayes classifier and to improve itself by auto-learning from the messages it will analyse.

In the last section, we disable collaborative network such as pyzor, razor2 and dcc. Those collaborative network keep an up-to-date catalogue of know mail checksum to be recognized as spam. Those might be interresting to use, but I’m not going to use them here as I found it took long enough to spamassassin to deal with spams only using it rules.

Now, start spamd with the following command line:

# /etc/init.d/spamassassin start

We are almost done, we still need to configure postfix in such a way that it will pass all mails delivered to local mailboxes to spamassassin.