Fight against spam part 4 – Postfix SpamAssassin

SpamAssasin is the last weapon from our arsenal that we will use to keep spam away from our mail server.

 

Install needed packages:

apt-get install spamassassin spamc

We ned to add user that will be running spamassasin on our server:

groupadd spamd
useradd -g spamd -s /bin/false spamd
chown spamd:spamd -R /etc/spamassassin/

User is ready now we need configure SA to use it:

#vim /etc/default/spamassassin

# If you're using systemd (default for jessie), the ENABLED setting is
# not used. Instead, enable spamd by issuing:
# systemctl enable spamassassin.service
# Change to "1" to enable spamd on systems using sysvinit:
ENABLED=1
SPAMD_HOME="/home/spamd/"
OPTIONS="--create-prefs --max-children 5 --username spamd --helper-home-dir /home/spamd/ -s /home/spamd/spamd.log"
PIDFILE="/home/spamd/spamd.pid"
CRON=1

Start SA:

service spamassassin start

Add SpamAssassin Support to postfix:

#vim /etc/postfix/master.cf

# on the bottom of file add:
spamassassin unix -     n       n       -       -       pipe
        user=spamd argv=/usr/bin/spamc -f -e  
        /usr/sbin/sendmail -oi -f ${sender} ${recipient}

# in every protocol we use (ex. smtps, submission) we should add this line below to forward mails to spamassasin:
-o content_filter=spamassassin

Restart postfix:

service postfix restart

We need to create rules for SA:

#/etc/spamassassin/local.cf

rewrite_header Subject ***** SPAM _SCORE_ *****
report_safe             0
required_score          5.0
use_bayes               1
use_bayes_rules         1
bayes_auto_learn        1
skip_rbl_checks         0
use_razor2              0
use_dcc                 0
use_pyzor               0

#Adjust scores for SPF FAIL
score SPF_FAIL 4.0
score SPF_HELO_FAIL 4.0
score SPF_HELO_SOFTFAIL 3.0
score SPF_SOFTFAIL 3.0

#adjust DKIM scores
score DKIM_ADSP_ALL 3.0
score DKIM_ADSP_DISCARD  10.0
score DKIM_ADSP_NXDOMAIN 3.0

Restart service to be sure we use newest rules:

service spamassassin restart

To test spamassasin we can send mail from external mail server to our server and check header to see if spamassasin added his header with scoring.

 

Update 05/11/2016:

I notice that spamassassin throw error in syslog

warn: config: failed to parse line, skipping, in "/etc/spamassassin/local.cf": use_dcc 0

This can be fix easily by commenting out use_dcc line or adding dcc and not use it (pointless)

 

Rest post related to this topic:

Postfix i Dovecot – perfect duo for mail server

Fight against spam part 1 – Postfix SPF

Fight against spam part 2 – Postfix DKIM

Fight against spam part 3 – Postfix DMARC

Fight against spam part 5 – Dovecot Sieve

 

Leave a Reply

Your email address will not be published. Required fields are marked *

*