djangoproject.com | python.org | linux.com
demongin.org - Do This: Spamassassin (Debian, Postfix)

Do This: Spamassassin (Debian, Postfix)

Integrating spamassassin into your postfix stack in five minutes or fewer.


Sunday, 2010-03-28 | AlmostEffortless, Careerism

There's a great episode of MASH in which the over-zealous paranoid-schizophrenic Colonel Flagg, in an attempt to coerce the impossibly calm and notoriously imperturbable Dr Stanley Freedman into collusion with one or another of his hare-brained schemes, asks the psychiatrist: "You wanna do your self a favor?"

"Why Not?" replies the doc. "Who deserves one more?"

If you've got a Debian Lenny box out in the wild serving your email with postfix and you're not using spamassassin as a filter, you really ought to consider doing yourself a favor and throwing that spamassassin piece into the mix: it only takes a second, it will increase security for your users-- hardening up your network little bit--and make the world a slightly better place for everyone.

  1. If you're OK with letting aptitude resolve your dependencies and manage your packages, all you need to do is install a single package:
    # aptitude install spamassassin
  2. Once that's done, crack open /etc/default/spamassassin with your favorite editor and enable it to run as a daemon and update itself automatically:
    # Change to one to enable spamd
#ENABLED=0
ENABLED=1

# Cronjob
# Set to anything but 0 to enable the cron job to automatically update
# spamassassin's rules on a nightly basis
#CRON=0
CRON=1
    (spamd is an old name for spamassassin: you'll notice a lot of the RHEL/CentOS/Fedora boxes out there running spamd.)
  3. Take a look at /etc/spamassassin/local.cf: there are some fun options that you can uncomment and enable in there. My personal favorite one is:
    rewrite_header Subject *****SPAM*****
    This does what it sounds like it does and rewrites the headers of suspicious emails: you can then easily configure your email client to recognize these headers and filter accordingly. Pretty sweet.
  4. Start spamassassin:
    # /etc/init.d/spamassassin start
  5. At this point, we're going to edit some postfix conf files, but we need to check on something first. Make sure SA is running, spawning children and listening on the right port:
    # netstat -anp |grep spam
tcp        0      0 127.0.0.1:783           0.0.0.0:*               LISTEN      11724/spamd.pid 
unix  2      [ ACC ]     STREAM     LISTENING     9096119  1717/master         private/spamassassin
unix  3      [ ]         STREAM     CONNECTED     9757173  30093/spamd child   
unix  3      [ ]         STREAM     CONNECTED     9757172  11724/spamd.pid
  6. Noting that SA is listening on 783, tack the following on to the bottom of your /etc/postfix/master.cf: 
    spamassassin unix -     n       n       -       -       pipe
        user=nobody argv=/usr/bin/spamc -f -e
        /usr/sbin/sendmail -oi -f ${sender} ${recipient}
  7. Now find the SMTP/SMTPS lines in your /etc/postfix/master.cf and add the following option:
    -o content_filter=spamassassin
    Assuming you're doing SMTP and SMTPS, you'll have something like this at the top of your /etc/postfix/master.cf:
    smtp      inet  n       -       -       -       -       smtpd     -o content_filter=spamassassin
smtps     inet  n       -       -       -       -       smtpd     -o content_filter=spamassassin
  8. Reload Postfix:
    # postfix reload
And that's it: you're done.

If you can bear in mind that no spam-detection scheme is perfect, my guess is that you'll be pleased with your decision to set up SA: some spam will make it through, of course, but most of makes it through will come a.) as plaintext with escaped characters and b.) a lengthy disclaimer and an itemized spam "score":
Spam detection software, running on the system "molly", has
identified this incoming email as possible spam.  The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email.  If you have any questions, see
the administrator of that system for details.

Content preview:  Having trouble viewing this email? Click here! pharmacy medicine
   cabinet FSA home medical vitamins personal care diet & fitness men's SALE
   Get 80% Discount TODAY: This email was sent to you by drugstore.com. To ensure
   delivery to your inbox (not junk folders), please add drugstore@e.drugstore.com
   to your address book. [...] 

Content analysis details:   (13.5 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 2.0 URIBL_BLACK            Contains an URL listed in the URIBL blacklist
                            [URIs: lewdozed.cn]
 0.5 FH_HELO_EQ_D_D_D_D     Helo is d-d-d-d

...and so on.

So go ahead, do yourself a favor: after all, who deserves one more?