Spamassassin
spam with SpamAssassin on CentOS 7 & Postfix
On some cases you need to maintain your own mail server, for example for development purposes. This article is another quick technical walkthrough, on how to install SpamAssassin to accompany Postfix on CentOS 7 Linux platform.
The following assumptions are made:
CentOS 7.x
Postfix 3.1 (same configuration works on 2.10 also)
SpamAssassin 3.4.0 +
You can check the Postfix version with
postconf -d | grep mail_version
And the SpamAssassin version with
spamassassin -V
Install and configure SpamAssassin
Install SpamAssassin
yum update
yum -y install spamassassin*
Configure SpamAssassin by editing the configuration file
vi /etc/mail/spamassassin/local.cf
Uncomment, or insert the following:
required_hits 5.0
report_safe 0
required_score 5
rewrite_header Subject [**SPAM**]
Usage with Spamassasin
To utilize the DNSBL in SpamAssasin, add the following ruleset to your local configuration file /etc/mail/spamassassin/local.cf.
# spam.dnsbl.anonmails.de header RCVD_IN_ANONMAILS eval:check_rbl('anonmails-lastexternal', 'spam.dnsbl.anonmails.de.') describe RCVD_IN_ANONMAILS Relay is listed in spam.dnsbl.anonmails.de tflags RCVD_IN_ANONMAILS net score RCVD_IN_ANONMAILS 3.0
Add new user to run SpamAssassin. -g = add to group spamd, -s /bin/false = No shell (does not mean, cannot access via SSH!), -d = home dir
groupadd spamd
useradd -g spamd -s /bin/false -d /var/log/spamassassin spamd
chown spamd:spamd /var/log/spamassassin
Enable (if not automatically enabled) and start the service
systemctl enable spamassassin
systemctl start spamassassin
Update the spam rules by running
sa-update
Configure Postfix to use SpamAssassin
Configure the Postfix by editing the master.cf configuration file.
Open conf in editor
vi /etc/postfix/master.cf
On the top, replace
smtp inet n - n - - smtpd
with
smtp inet n - n - - smtpd -o content_filter=spamassassin
Add this as the last line:
spamassassin unix - n n - - pipe flags=R user=spamd argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
Restart Postfix
systemctl restart postfix
Test the spam detection
Test, by sending an email outside of this mail server.
Title does not matter, enter XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X as the message body.
If all went well, your inbox should now have an email with a title beginning with [SPAM].
You shoud check the logs, what just happened, by querying journal with:
journalctl | grep spam
Automate the spam definition updates
Automatic definition updates with cron (run every night at 01.00)
0 1 * * * root /bin/sa-update && /sbin/service spamassassin restart
Check, that it has been run:
grep "sa-update" /var/log/cron
There we go, most spam should now be marked as such.
spamassassin -D < /usr/share/doc/spamassassin-3.4.0/sample-spam.txt
sa-update --nogpg
sa-update
ss -tnlp | grep spamd
spamassassin --lint
spamassassin --lint -D
systemctl restart spamassassin
--
Header_check
/^X-Originating-IP:/ IGNORE
/^Received:/ IGNORE
/^Message-ID:/ IGNORE ---
/^X-Mailer:/ IGNORE
/^X-MimeOLE:/ IGNORE
/^X-MSMail-Priority:/ IGNORE
---------------------------------XXX------------------------------------
1. Let's install now spamassassin
# yum install spamassassin
systemctl enable spamassassin
2. Time for configuration
vi /etc/mail/spamassassin/local.cf
You have to add the following lines, if already there just uncoment #
:
rewrite_header Subject ***SPAM***
required_hits 5.0
report_safe 0
required_score 5
Required_hits 5 is for small mail serv. You can increase it more if you need
Report_safe is on 0 here, but you can change to 1 or 2 ( see spamassassin guides )
Rewrite_header we call it ***SPAM*** here, you can call it as you want
Required_score can set form 0 -> 5 depends what you need
3. Now let's create a unique user and group
groupadd spamd
useradd -g spamd -s /bin/false -d /var/log/spamassassin spamd
chown spamd:spamd /var/log/spamassassin
4. Configure the Postfix master.cf file to use the SpamAssassin
:
# vi /etc/postfix/master.cf
About line 11 in top add after smtpd
-o content_filter=spamassassin
Full line looks like that
:
smtp inet n - n - - smtpd -o content_filter=spamassassin
And the end - bottom add
spamassassin unix - n n - - pipe flags=R user=spamd argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
5. Update spamassassin rules
sa-update --nogpg
sa-update
6. Restart postfix - spamassassin
sa-update && /etc/init.d/spamassassin reload
systemctl restart spamassassin
systemctl restart postfix
7. Check if spamassassin is listening
ss -tnlp | grep spamd
<div id="inner-editor"><br class="Apple-interchange-newline">sa-update && /etc/init.d/spamassassin reload</div>
-
9. Test : create and send an email from external mail service with subject
Code:
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
On roundcube webmail it will be marked as spam.-
# spamassassin --lint
# spamassassin --lint -D
Usermin doesn't know that spamassassin is being called from Postfix.
FYI, you can turn off this warning by editing # vi /etc/webmin/spam/config and changing the warn_procmail line to warn_procmail=0
Adding Your Own Rules
You can add custom SpamAssassin rules in /etc/spamassassin/local.cf file.
sudo nano /etc/spamassassin/local.cf
Header Rules
For example, some spammers use the same email address in the From: and To: header, you can add the following lines at the end of the file to add scores to such emails.
header FROM_SAME_AS_TO ALL=~/\nFrom: ([^\n]+)\nTo: \1/sm describe FROM_SAME_AS_TO From address is the same as To address. score FROM_SAME_AS_TO 2.0
Some spammers use an empty address for the Envelope From address (aka the Return Path header). Although this is legitimate for sending bounce messages, I prefer to give this kind of email a score.
header EMPTY_RETURN_PATH ALL =~ /<>/i describe EMPTY_RETURN_PATH empty address in the Return Path header. score EMPTY_RETURN_PATH 3.0
---------------
----------------------------------