Stop SPAM in Postfix with Spamassassin

Jack Wallen
Oct 26, 2009
Updated • Nov 28, 2012
Network
|
1

So you have your Ubuntu server up and running with a Postfix mail server (see "Install Postfix for reliable email delivery"). You have also set up Postfix for antivirus with the help of ClamAV (see "Add antivirus to Post fix with ClamAV"). Finally you have Postfix set up to relay (see "Mail relaying made simple with Postfix"). The last trick in this bag is to add SPAM prevention to Postfix.

Fortunately there is a tool for that. The tool? Spamassassin. Spamassassin is a very versatile SPAM tool that is part of the Apache Foundation. Spamassassin uses numerous means to detect SPAM including: DNS and Checksum based SPAM detection as well as Bayesian filtering, external programs, black lists, and online databases. These tools together make for a fairly powerful detection system.

In this article you are going to see how to install and configure Spamassassin to work in conjunction with Postfix to further enhance your email server.

Installing Spamassassin

Obviously the first thing you need to do is install Spamassassin. You will find Spamassassin in the Ubuntu repositories. And since this entire series has been laid on top of a Ubuntu Server installation, that is quite convenient. So, to install Spamassassin, open up your terminal window and issue the following command:

sudo apt-get install spamassassin

There may or may not be some dependencies to install in order for the Spamassassin  installation to complete. Go ahead and OK those. Once this installation is complete you are ready to start configuring.

Configuration

Before we actually get to the configuration it is important to understand the SPAM scoring system. With Spamassassin, messages are tagged as SPAM only when they have enough SPAM-matching characteristics (according to a scoring level). The scoring level is 0-5, however it's not as simple as saying a 0 means it is 0% SPAM. The system is set up so that every characteristic can add to the overall score. For example a message tested to find a base64 attachment does not have a file name filtered with both bayes+net will add 0.224 to the over all score of the message. When all of the characteristic scores are added up, if they exceed the default score you have set in the configuration file, that message is considered SPAM.

Now that you have a basic understand of how the scoring system works. Let's start configuring Spamassassin.

The main configuration file is /etc/spamassassin/local.cf. The first option you want to configure is the default score. Look for the line:

# required_score 5.0

The first thing you want to do is uncomment that line (by removing the "#" character) and then changing the score. A score of 5 is pretty high and sure to be SPAM. Understand the more you lower that score the likely you are of missing message messages that are tagged false-positives. A score of 3.5 is a fairly reliable score that will catch a lot of SPAM but not a lot of false positives.

Above this line are a couple of other options that are important. The first is the option to set the option:

report_safe

To 0. This option can be set to either 0 or 1. A zero means that if a message is found to be SPAM the message will not be deleted, but instead the subject line will be rewritten to include a message marking it as SPAM.  This is handy to prevent users from losing important messages to false positives. This also allows you to set a lower score threshold.

To do this first look for the line:

# report_safe 1

Uncomment this line by removing the "#" character and then change the "1" to "0" (no quotes).

The next step is to uncomment the line:

# rewrite_header Subject *****SPAM*****

Now you can alter the "*****SPAM*****" section of this line to reflect what you'd prefer it to say. Just make sure it is clear to your users that a message with this rewritten subject line is most likely SPAM.

Now restart the Spamassassin daemon with the command:

sudo /etc/init.d/spamassassin restart

Configure Postfix

The last step is to set up Postfix to use Spamassassin. To do this open up the file /etc/postfix/master.cf and look for the line:

smtp     inet    n   -   -   -   -   smtpd

You need to alter this line to look like:

smtp      inet   n   -   -   -   -   smtpd -o content_filter=spamassassin

Finally, at the end of this file add the following:

spamassassin
unix - n n - - pipe
flags=R
user=spamd
argv=/usr/bin/spamc
-e /usr/sbin/sendmail
-oi -f ${sender} ${recipient}

Now all you need to do is restart Postfix with the command:

sudo /etc/init.d/postfix restart

Your mail server should now be scoring incoming message as SPAM or HAM.

Final thoughts

The mail server is a tricky beast. You have to ensure that users are getting their mail, but you have to make sure they aren't receive SPAM or viruses. After completing this series of articles, you should have a pretty solid server running that will send out mail that is safe for users eyes.

Advertisement

Previous Post: «
Next Post: «

Comments

  1. Mark Houldridge said on October 28, 2009 at 4:28 pm
    Reply

    Please also consider Messagestream, http://www.messagestream.com – An awarding-winning spam and virus filtering service for mail servers, certified by Virusbtn.com and which filters up to 99% of spam email.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.