====== SpamAssassin ======
[[http://spamassassin.apache.org/ | SpamAssassin]] is one of the best-known Open Source spam filters. It is now an Apache Foundation project. The main advantage of SpamAssassin is that it integrates many different types of tests -- each test adds to or subtracts from the message's "spaminess", and the message gets a final score that combines all the tests. The primary disadvantage of SpamAssassin is that it is relatively slow, because it is written in Perl and runs through a large number of tests. We believe that our boxes are plenty powerful enough to handle the load, especially with some of the Postfix spam-avoidance techniques (such as greylisting) that reduce the number of spam emails that make it into the system.
We're using MailScanner as an interface between Postfix and SpamAssassin. We chose it because it's quite easy to understand, as compared with configuring amavisd and others to interface with Postfix. It was also used on the old AIX systems, so we were able to re-use most of the existing configuration settings.
===== Installation =====
apt-get install -y spamassassin
apt-get install -y mailscanner
apt-get install -y razor pyzor dcc-client
===== Configuration =====
Run ''pyzor discover'' to update pyzor's server list:
pyzor discover
Create a location for MailScanner to put files for SpamAssassin to scan.
mkdir /var/spool/MailScanner/spamassassin
chown -R postfix:postfix /var/spool/MailScanner
chown -R postfix:postfix /var/lib/MailScanner
chown -R postfix:postfix /var/run/MailScanner
chown -R postfix:postfix /var/lock/subsys/MailScanner
Back up the original MailScanner config file.
cp -a /etc/MailScanner/MailScanner.conf /etc/MailScanner/MailScanner.conf.dist
Edit the file ''/etc/MailScanner/MailScanner.conf'' to change these lines:
%org-name% = SLUUG
%org-long-name% = St. Louis UNIX Users Group
%web-site% = www.sluug.org
Max Children = 2 # Upped it from 1, to hopefully improve throughput.
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
Sendmail2 = /usr/sbin/sendmail
Virus Scanning = no
Virus Scanners = none
Dangerous Content Scanning = no
Quarantine Infections = no
Information Header =
Always Include SpamAssassin Report = yes
Mark Unscanned Messages = no
Notify Senders = no # This is the default, but we want to be SURE on this setting!
Virus Modify Subject = no
Filename Modify Subject = no
Content Modify Subject = no
Size Modify Subject = no
Disarmed Modify Subject = no
Spam Modify Subject = no
High Scoring Spam Modify Subject = no
Send Notices = no
Use SpamAssassin = yes # This is the default.
Required SpamAssassin Score = 5
High SpamAssassin Score = 11
SpamAssassin Timeout = 120
High Scoring Spam Actions = delete
Log Spam = yes
Log Non Spam = yes
Edit ''/etc/MailScanner/spam.assassin.prefs.conf'' to add:
razor_config /etc/razor/razor-agent.conf
Edit ''/etc/razor/razor-agent.conf'' to add:
razorhome = /etc/razor/
logfile = sys-syslog
Create ''/etc/postfix/header_checks'' containing a single line, to have Postfix
send all incoming emails to the HOLD queue, where MailScanner will pick them up.
echo '/^Received:/ HOLD' > /etc/postfix/header_checks
Tell Postfix to put everything it receives into the HOLD queue.
postconf -e 'header_checks=regexp:/etc/postfix/header_checks'
Configure MailScanner to run when started.
echo 'run_mailscanner=1' >> /etc/default/mailscanner
===== Startup =====
Start the MailScanner daemon:
/etc/init.d/mailscanner start
Restart the Postfix daemon, to have it send incoming emails to the HOLD queue.
/etc/init.d/postfix restart
===== Testing =====
Check the logs for errors on startup, using ''tail -f /var/log/mail.log /var/log/syslog''.
MailScanner logs to ''/var/log/syslog'' under the name ''check''. (Not sure why it uses that name in the log files instead of its own.)
===== Notes =====
All SpamAssassin settings are global in nature and not settable on a per user basis. This is the reason that
we set the delete threshold so high -- some users may want a higher threshold than others. Those that want a lower threshold can do so using procmail filters (or whichever other delivery agent we choose). Those wanting special rules will also have to set them up as procmail filters.
===== TODO =====
We should really not use MailScanner's preferred method of picking up emails from the HOLD queue and injecting them back into the Postfix system via the INCOMING queue. Postfix documentation says that this method is not supported. Instead, there should be an SMTP-type listener added to ''/etc/postfix/master.cf'', which will submit the scanned messages back into Postfix via another SMTP listener (also listed in ''master.cf'') on another port. I believe amavisd supports this method. One main reason we went with MailScanner (at least at first) it that it's easier to configure than figuring out how to configure all the required services in ''master.cf''.
Configure SpamAssassin more like Michelob/Dark. Their ''local.cf'' file looks like this:
# If this option is set to 0, incoming spam is only modified by adding
# some `X-Spam-' headers and no changes will be made to the body.
report_safe 0
ok_languages en
# Trusted networks are assumed to not be originating spam.
clear_trusted_networks
trusted_networks 128.252.19.8 # michelob
trusted_networks 128.252.19.9 # dark
# Internal networks are other potential MXes for our domain.
clear_internal_networks
internal_networks 128.252.19.8 # michelob
internal_networks 128.252.19.9 # dark
internal_networks 206.196.99.162 # bud
internal_networks 206.196.99.163 # budlight
# Assume we always have DNS lookups available.
dns_available yes
# The score threshold below which a mail has to score, to be fed into
# SpamAssassin's learning systems automatically as a non-spam message.
bayes_auto_learn_threshold_nonspam -1.1
# The score threshold above which a mail has to score, to be fed into
# SpamAssassin's learning systems automatically as a spam message.
bayes_auto_learn_threshold_spam 11.0
# For feeding spam and and ham for saved messages, mailboxes
# or directories:
# Change X-YOURDOMAIN-COM to match your %org-name% as
# set in MailScanner.conf
bayes_ignore_header X-SLUUG-MailScanner
bayes_ignore_header X-SLUUG-MailScanner-SpamCheck
bayes_ignore_header X-SLUUG-MailScanner-SpamScore
bayes_ignore_header X-SLUUG-MailScanner-Information
# When using MailScanner, this is highly recommended.
bayes_auto_expire 0
# What should be the maximum size of the Bayes tokens database?
bayes_expiry_max_db_size 600000
lock_method flock
use_auto_whitelist 0
# This should be explicitly set for MailScanner
envelope_sender_header X-MailScanner-From
# Reduce timeouts for RBSLs.
rbl_timeout 20
razor_timeout 10
pyzor_timeout 10
====Anti-virus====
apt-get install clamav unrar lha arj unzoo
Edit /etc/MailScanner/MailScanner.conf:
Virus Scanning=yes
Virus Scanners=clamav
and restart mailscanner.
For some reason, even though "Still Deliver Silent Viruses" is set to "no", the system is delivering messages stripped of infected attachments. This is contrary to the documentation in MailScanner.conf. Accordingly, virus scanning is now turned off.
===== Credits =====
Installed, configured, and documented by Craig Buchek.
Based on Mike Knight's MailScanner configuration on our AIX servers.
These articles helped me figure out how to configure Postfix and MailScanner to work together:
* [[http://www.mailscanner.info/postfix.html]]
* [[http://www.debian-administration.org/articles/172]]
These articles helped me figure out why MailScanner was stopping without restarting,
due to razor putting its log file in ''/var/spool/postfix/hold'':
* [[http://mail-archives.apache.org/mod_mbox/spamassassin-users/200502.mbox/%3C41FF8713.4050100@netcore.co.in%3E]]
* [[http://lists.mailscanner.info/pipermail/mailscanner/2006-July/062949.html]]
* [[http://www.howtoforge.com/postfix_antispam_mailscanner_clamav_ubuntu_p4?s=f2f2c647ba0cb4454f7cf14d491ed6cd]]
===== Comments =====