Bits and thoughts

#!/bin/bash is not rude

Filtering spam emails with Spamassassin

Written by ⓘⓓⓔⓝⓣⓛⓤⓓ - -

Last time I explained how I setup my own email server . One of the possible improvement was to be able to filter spam on the server-side rather than relying on the client-side configuration. I configured this using spamassassin.The technical background is Debian Wheezy (testing version as it is not yet stable as for now).You will see in another article that we can go further by adding some filtering rules on the server as well ...But for now let's see how to set this up.

Installing spamassassin

Where talking about Debian here ... :
apt-get install spamassassin
One configuration step is to enable spamassassin in its configuration file /etc/default/spamassassin
# sed -i "s/ENABLED=0/ENABLED=1/g" /etc/default/spamassassin
And then the spamd service that must be launched with :
# service spamassassin start
You can check that the spamd daemon is listening to inputs on loopback address :
# netstat -ntpl | grep spamdtcp  
0  0 127.0.0.1:783  0.0.0.0:*       LISTEN      20892/spamd.pid
The version installed is :
# spamassassin --version
SpamAssassin version 3.3.2  running on Perl version 5.14.2

Filtering SMTP content through spamassassin

I'll have to configure a service for smtp in /etc/postfix/master.cf by adding a -o option :
smtp inet  n       -       -       -       -            smtpd
  -o content_filter=spamassassin
submission inet n       -       -       -       -       smtpd
   -o smtpd_tls_security_level=encrypt
   -o smtpd_sasl_auth_enable=yes
   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
   -o content_filter=spamassassin
smtps     inet  n       -       -       -       -       smtpd
   -o smtpd_tls_wrappermode=yes
   -o smtpd_sasl_auth_enable=yes
   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
   -o content_filter=spamassassin
And configure what spamassassin stands for in /etc/postfix/master.cf by adding it at the end of the file :
##  SPAMASSASSIN
spamassassin unix -     n       n       -       -       pipe  user=debian-spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail \
                                                                                                  -oi -f ${sender} ${recipient}
NB : I edited the line to have it fit in the <pre> section but I guess that it is better if the line starting with "user=" and ending with "${recipient}" is a one-liner.debian-spamd is the user created by the apt-get install.
# getent passwd | grep debian-spamd
debian-spamd:x:112:116::/var/lib/spamassassin:/bin/sh

Result

You may find some interesting logs in /var/log/mail.log
Nov 17 19:30:44  postfix/pipe[32112]: 596F361DA4: to=<xxx@lebegue.org>, relay=spamassassin, delay=1.1, delays=0.76/0.02/0/0.29, dsn=2.0.0, status=sent (delivered via spamassassin service)
Nov 17 19:35:14  postfix/pipe[5098]: C8A6761D6F: to=<xxx@lebegue.org>, relay=spamassassin, delay=519, delays=518/0.01/0/0.63, dsn=2.0.0, status=sent (delivered via spamassassin service)

Updating filters

Once in a while, or through a cron entry, you can update filters with this command  (man pages are well written) :
sa-update && service spamassassin reload

Learning behaviour

Look at man pages for sa-learn to improve spamassassin bayesian filters efficiency.

Comments are closed.