Saturday, 9 June 2007

Postfix and Spamassassin:

Postfix is a widely used mail transport agent (MTA) used on many popular Unix/Linux systems. Nowadays, networks are overwhelmed by SPAM mail, fortunately, there is a way to filter them with software such as spamassassin.



1. Getting Started



If your SMTP server running with postfix. There is a couple of package we need to install: spamassassin and its client spamc



$sudo apt-get install spamassassin spamc



spamassassin package includes a daemon which can be called by user programs such as procmail... but can also be integrated into a Mail Transport Agent such as postfix.


2. Using spamassassin as a standalone daemon


In this part of the tutorial, we are going to make spamassassin run as its own user (default on debian sarge is root), configure some settings and make postfix use spamassassin as an after-queue content filter, which means that the content is going to be filters through spamassassin after postfix has dealt with the delivery.


2.1. Setting up spamassassin


Installed spamassassin from debian repository, on default settings, spamassassin runs as root user and is not started. To fixed the problem, to create a specific user and group for spamassassin. As root user, run the following commands:



#groupadd -g 5001 spamd
#useradd -u 5001 -g spamd -s /sbin/nologin -d /var/lib/spamassassin spamd
#mkdir /var/lib/spamassassin
#chown spamd:spamd /var/lib/spamassassin



Change some settings in /etc/default/spamassassin and make sure you get the following values:

ENABLED=1 SAHOME="/var/lib/spamassassin/"

OPTIONS="--create-prefs --max-children 5 --username spamd --helper-home-dir ${SAHOME} -s ${SAHOME}spamd.log"

PIDFILE="${SAHOME}spamd.pid



When run spamd daemon as user spamd and make it use its own home dir (/var/lib/spamassassin/) and is going to output its logs in /var/lib/spamassassin/spamd.log


2.2. Configuring spamassassin


Setspamassassin some rules. The default settings are quite fine, but you might tweak them up a bit. So let's edit /etc/spamassassin/local.cf and make it looks like that:




use_bayes 1
use_bayes_rules 1
# Enable Bayes auto-learning
bayes_auto_learn 1
# Enable or disable network checks
skip_rbl_checks 0
use_razor2 0
use_dcc 0
use_pyzor 0



Here, we set spamassassin' spamd default settings to rewrite email subject to [***** SPAM _SCORE_ *****], where _SCORE_ is the score attributed to the email by spamassassin after running different tests, only if the actual score is greater or equal to 2.0. So email with a score lower than 2 won't be modified.


To be able to use the _SCORE_ in the rewrite_header directive, we need to set report_safe to 0.


In the next section, we tell spamassassin to use bayes classifier and to improve itself by auto-learning from the messages it will analyse.


In the last section, we disable collaborative network such as pyzor, razor2 and dcc. Those collaborative network keep an up-to-date catalogue of know mail checksum to be recognized as spam. Those might be interresting to use, but I'm not going to use them here as I found it took long enough to spamassassin to deal with spams only using it rules.


Start spamd with this command:


#/etc/init.d/spamassassin start



We are almost done, we still need to configure postfix in such a way that it will pass all mails delivered to local mailboxes to spamassassin.


3. Make Postfix call Spamassassin


Now, we need to tell postfix to use spamassassin. In our case, spamassassin will be invoked only once postfix has finished with the email.


To tell postfix to use spamassassin, we are going to edit /etc/postfix/master.cf and change the line:


smtp inet n - - - - smtpd


to:



smtp inet n - - - - smtpd -o content_filter=spamassassin



and then, at the end of master.cf, let's add:


spamassassin unix - n n - - pipe user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}


and here we go, our spam filter is setted up, we need to reload postfix settings and everything should be ready.


#/etc/init.d/postfix reload


 


 

No comments:

Google