SpamAssassin is one of the best-known Open Source spam filters. It is now an Apache Foundation project. The main advantage of SpamAssassin is that it integrates many different types of tests – each test adds to or subtracts from the message's "spaminess", and the message gets a final score that combines all the tests. The primary disadvantage of SpamAssassin is that it is relatively slow, because it is written in Perl and runs through a large number of tests. We believe that our boxes are plenty powerful enough to handle the load, especially with some of the Postfix spam-avoidance techniques (such as greylisting) that reduce the number of spam emails that make it into the system.
We're using MailScanner as an interface between Postfix and SpamAssassin. We chose it because it's quite easy to understand, as compared with configuring amavisd and others to interface with Postfix. It was also used on the old AIX systems, so we were able to re-use most of the existing configuration settings.
apt-get install -y spamassassin apt-get install -y mailscanner apt-get install -y razor pyzor dcc-client
pyzor discover to update pyzor's server list:
Create a location for MailScanner to put files for SpamAssassin to scan.
mkdir /var/spool/MailScanner/spamassassin chown -R postfix:postfix /var/spool/MailScanner chown -R postfix:postfix /var/lib/MailScanner chown -R postfix:postfix /var/run/MailScanner chown -R postfix:postfix /var/lock/subsys/MailScanner
Back up the original MailScanner config file.
cp -a /etc/MailScanner/MailScanner.conf /etc/MailScanner/MailScanner.conf.dist
Edit the file
/etc/MailScanner/MailScanner.conf to change these lines:
%org-name% = SLUUG %org-long-name% = St. Louis UNIX Users Group %web-site% = www.sluug.org Max Children = 2 # Upped it from 1, to hopefully improve throughput. Run As User = postfix Run As Group = postfix Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = /var/spool/postfix/incoming MTA = postfix Sendmail2 = /usr/sbin/sendmail Virus Scanning = no Virus Scanners = none Dangerous Content Scanning = no Quarantine Infections = no Information Header = Always Include SpamAssassin Report = yes Mark Unscanned Messages = no Notify Senders = no # This is the default, but we want to be SURE on this setting! Virus Modify Subject = no Filename Modify Subject = no Content Modify Subject = no Size Modify Subject = no Disarmed Modify Subject = no Spam Modify Subject = no High Scoring Spam Modify Subject = no Send Notices = no Use SpamAssassin = yes # This is the default. Required SpamAssassin Score = 5 High SpamAssassin Score = 11 SpamAssassin Timeout = 120 High Scoring Spam Actions = delete Log Spam = yes Log Non Spam = yes
/etc/MailScanner/spam.assassin.prefs.conf to add:
/etc/razor/razor-agent.conf to add:
razorhome = /etc/razor/ logfile = sys-syslog
/etc/postfix/header_checks containing a single line, to have Postfix
send all incoming emails to the HOLD queue, where MailScanner will pick them up.
echo '/^Received:/ HOLD' > /etc/postfix/header_checks
Tell Postfix to put everything it receives into the HOLD queue.
postconf -e 'header_checks=regexp:/etc/postfix/header_checks'
Configure MailScanner to run when started.
echo 'run_mailscanner=1' >> /etc/default/mailscanner
Start the MailScanner daemon:
Restart the Postfix daemon, to have it send incoming emails to the HOLD queue.
Check the logs for errors on startup, using
tail -f /var/log/mail.log /var/log/syslog.
MailScanner logs to
/var/log/syslog under the name
check. (Not sure why it uses that name in the log files instead of its own.)
All SpamAssassin settings are global in nature and not settable on a per user basis. This is the reason that we set the delete threshold so high – some users may want a higher threshold than others. Those that want a lower threshold can do so using procmail filters (or whichever other delivery agent we choose). Those wanting special rules will also have to set them up as procmail filters.
We should really not use MailScanner's preferred method of picking up emails from the HOLD queue and injecting them back into the Postfix system via the INCOMING queue. Postfix documentation says that this method is not supported. Instead, there should be an SMTP-type listener added to
/etc/postfix/master.cf, which will submit the scanned messages back into Postfix via another SMTP listener (also listed in
master.cf) on another port. I believe amavisd supports this method. One main reason we went with MailScanner (at least at first) it that it's easier to configure than figuring out how to configure all the required services in
Configure SpamAssassin more like Michelob/Dark. Their
local.cf file looks like this:
# If this option is set to 0, incoming spam is only modified by adding # some `X-Spam-' headers and no changes will be made to the body. report_safe 0 ok_languages en # Trusted networks are assumed to not be originating spam. clear_trusted_networks trusted_networks 126.96.36.199 # michelob trusted_networks 188.8.131.52 # dark # Internal networks are other potential MXes for our domain. clear_internal_networks internal_networks 184.108.40.206 # michelob internal_networks 220.127.116.11 # dark internal_networks 18.104.22.168 # bud internal_networks 22.214.171.124 # budlight # Assume we always have DNS lookups available. dns_available yes # The score threshold below which a mail has to score, to be fed into # SpamAssassin's learning systems automatically as a non-spam message. bayes_auto_learn_threshold_nonspam -1.1 # The score threshold above which a mail has to score, to be fed into # SpamAssassin's learning systems automatically as a spam message. bayes_auto_learn_threshold_spam 11.0 # For feeding spam and and ham for saved messages, mailboxes # or directories: # Change X-YOURDOMAIN-COM to match your %org-name% as # set in MailScanner.conf bayes_ignore_header X-SLUUG-MailScanner bayes_ignore_header X-SLUUG-MailScanner-SpamCheck bayes_ignore_header X-SLUUG-MailScanner-SpamScore bayes_ignore_header X-SLUUG-MailScanner-Information # When using MailScanner, this is highly recommended. bayes_auto_expire 0 # What should be the maximum size of the Bayes tokens database? bayes_expiry_max_db_size 600000 lock_method flock use_auto_whitelist 0 # This should be explicitly set for MailScanner envelope_sender_header X-MailScanner-From # Reduce timeouts for RBSLs. rbl_timeout 20 razor_timeout 10 pyzor_timeout 10
apt-get install clamav unrar lha arj unzoo
Virus Scanning=yes Virus Scanners=clamav
and restart mailscanner.
For some reason, even though "Still Deliver Silent Viruses" is set to "no", the system is delivering messages stripped of infected attachments. This is contrary to the documentation in MailScanner.conf. Accordingly, virus scanning is now turned off.
Installed, configured, and documented by Craig Buchek.
Based on Mike Knight's MailScanner configuration on our AIX servers.
These articles helped me figure out how to configure Postfix and MailScanner to work together:
These articles helped me figure out why MailScanner was stopping without restarting,
due to razor putting its log file in