Stop SPAM in Postfix with Spamassassin
So you have your Ubuntu server up and running with a Postfix mail server (see "Install Postfix for reliable email delivery"). You have also set up Postfix for antivirus with the help of ClamAV (see "Add antivirus to Post fix with ClamAV"). Finally you have Postfix set up to relay (see "Mail relaying made simple with Postfix"). The last trick in this bag is to add SPAM prevention to Postfix.
Fortunately there is a tool for that. The tool? Spamassassin. Spamassassin is a very versatile SPAM tool that is part of the Apache Foundation. Spamassassin uses numerous means to detect SPAM including: DNS and Checksum based SPAM detection as well as Bayesian filtering, external programs, black lists, and online databases. These tools together make for a fairly powerful detection system.
In this article you are going to see how to install and configure Spamassassin to work in conjunction with Postfix to further enhance your email server.
Installing Spamassassin
Obviously the first thing you need to do is install Spamassassin. You will find Spamassassin in the Ubuntu repositories. And since this entire series has been laid on top of a Ubuntu Server installation, that is quite convenient. So, to install Spamassassin, open up your terminal window and issue the following command:
sudo apt-get install spamassassin
There may or may not be some dependencies to install in order for the Spamassassin  installation to complete. Go ahead and OK those. Once this installation is complete you are ready to start configuring.
Configuration
Before we actually get to the configuration it is important to understand the SPAM scoring system. With Spamassassin, messages are tagged as SPAM only when they have enough SPAM-matching characteristics (according to a scoring level). The scoring level is 0-5, however it's not as simple as saying a 0 means it is 0% SPAM. The system is set up so that every characteristic can add to the overall score. For example a message tested to find a base64 attachment does not have a file name filtered with both bayes+net will add 0.224 to the over all score of the message. When all of the characteristic scores are added up, if they exceed the default score you have set in the configuration file, that message is considered SPAM.
Now that you have a basic understand of how the scoring system works. Let's start configuring Spamassassin.
The main configuration file is /etc/spamassassin/local.cf. The first option you want to configure is the default score. Look for the line:
# required_score 5.0
The first thing you want to do is uncomment that line (by removing the "#" character) and then changing the score. A score of 5 is pretty high and sure to be SPAM. Understand the more you lower that score the likely you are of missing message messages that are tagged false-positives. A score of 3.5 is a fairly reliable score that will catch a lot of SPAM but not a lot of false positives.
Above this line are a couple of other options that are important. The first is the option to set the option:
report_safe
To 0. This option can be set to either 0 or 1. A zero means that if a message is found to be SPAM the message will not be deleted, but instead the subject line will be rewritten to include a message marking it as SPAM. Â This is handy to prevent users from losing important messages to false positives. This also allows you to set a lower score threshold.
To do this first look for the line:
# report_safe 1
Uncomment this line by removing the "#" character and then change the "1" to "0" (no quotes).
The next step is to uncomment the line:
# rewrite_header Subject *****SPAM*****
Now you can alter the "*****SPAM*****" section of this line to reflect what you'd prefer it to say. Just make sure it is clear to your users that a message with this rewritten subject line is most likely SPAM.
Now restart the Spamassassin daemon with the command:
sudo /etc/init.d/spamassassin restart
Configure Postfix
The last step is to set up Postfix to use Spamassassin. To do this open up the file /etc/postfix/master.cf and look for the line:
smtp   inet   n  -  -  -  -  smtpd
You need to alter this line to look like:
smtp    inet  n  -  -  -  -  smtpd -o content_filter=spamassassin
Finally, at the end of this file add the following:
spamassassin
unix - n n - - pipe
flags=R
user=spamd
argv=/usr/bin/spamc
-e /usr/sbin/sendmail
-oi -f ${sender} ${recipient}
Now all you need to do is restart Postfix with the command:
sudo /etc/init.d/postfix restart
Your mail server should now be scoring incoming message as SPAM or HAM.
Final thoughts
The mail server is a tricky beast. You have to ensure that users are getting their mail, but you have to make sure they aren't receive SPAM or viruses. After completing this series of articles, you should have a pretty solid server running that will send out mail that is safe for users eyes.
Advertisement
Please also consider Messagestream, http://www.messagestream.com – An awarding-winning spam and virus filtering service for mail servers, certified by Virusbtn.com and which filters up to 99% of spam email.