May 26, 2010

Stop SPAM on Your Postfix Server with Spamassassin

In my last article I introduced you to the installation and configuration of a Postfix mail server (see "Install and configure a Postfix mail server"). After following that article you should have a working, reliable mail server. That mail server will work so well it'll server up all the email and SPAM you want. But wait - who WANTS to serve up SPAM? No one (at least no one with good intentions). The problem is, if you have a mail server, you can almost guarantee that SPAM will find its way in (and out if your not careful). The last thing you need is to be serving all your users plate after plate of SPAM delight. But how do you stop it? The best way? Spamassassin.

Spamassassin uses numbers tests (both local and on line) to determine if a mail is SPAM or HAM (not SPAM). It's reliable, trustworthy, and simple to install and configure. And in this article I am going to show you how to add Spamassassin to your already working Postfix mail server.

Like the previous article, this installation will be done on a Ubuntu Server 10.04 release. This article will assume you already have Postfix up and running.

What is SPAM and How is it Scored?

Before we get into the dirty bits of the installation, I thought it would be wise to describe SPAM and how SPAM is scored with Spamassassin. You can think of SPAM as all of those useless flyers you get in the mail. The advertisements, the offers for credit cards...those wasted resources that always get tossed without reading. They are a nuisance and nothing more. That is what SPAM is - email you receive (for whatever reason) that you don't want. Often this email is advertising various enhancement drugs, porn, or someone from South Africa saying they are the benefactor of a bajillionaire and have picked YOU as their heir (just give them your bank account number).

Spamassassin let's this mail in and then compares it against various tests. After testing a header (X-Spam-Status:) is marked with a number ranging from 0-5. The setting 0 will pretty much let everything through and the setting 5 will pretty much let very little through. A setting of 3.5 is safe enough to reduce what is called a false-positive (this means a piece of HAM is marked as SPAM) as well as reduce the amount of SPAM that actually makes it through. Of course it's not as simple as thinking 0 means 0% SPAM. A SPAM score is actually calculated from multiple characteristics that together combine for a 0-5 score. It's a good system and has worked well for me (and many, many others) for years. 

With that said, let's start working.

Installing Spamassassin

The installation of Spamassassin I am going to show you will be done completely in command line. So the very first step is to open up that terminal window and get ready to do a bit of typing (or copy/pasting).

The first step is to install Spamassassin. This is done with the command:

sudo apt-get install spamassassin

You will have to give your sudo password for the installation to continue. There may be some dependencies (this will be determined by what you already have installed on your machine). Allow apt to install the dependencies.

After Spamassassin is installed you are ready to begin the configuration. You will have to do some configuration in both Spamassassin and Postfix.

Configuring Spamassassin

The main configuration file for Spamassassin is /etc/spamassassin/local.cf. The first option you want to look for is the SPAM score option. Look for the line:

# required_score 5.0

Uncomment that line (remove the "#" character) and then change the numerical score to what you would prefer. As I mentioned earlier, a score of 3.5 is pretty safe.

Another great configuration option is to set up whitelist and blacklists within the configuration file. You would only want to do this for addresses that are often tagged incorrectly as SPAM. You can do this to whitelist single addresses or entire domains. For example:

whitelist_from
This e-mail address is being protected from spambots. You need JavaScript enabled to view it

would ensure that email from the address above was not marked as SPAM. Also:

whitelist_from *@somedomain.com

would whitelist the entire domain somedomain.com. You can also have multiple entries per line separated by spaces like so:

whitelist_from
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
This e-mail address is being protected from spambots. You need JavaScript enabled to view it

The same thing holds true for blacklisting, only the parameter is blacklist_from.

You will want to use caution if trying to add your own domain to a whitelist, because a spammer could spoof a local address and Spamassassin will allow it through.

Another configuration option is the report_safe option. Somewhere around the required_score line (this will depend upon the release you install) you will find the line:

# report_safe

This line will define how Spamassassin will handle any message marked as SPAM. If you set this line to:

report_safe 0

all incoming SPAM is modified by altering the header to mark said email as SPAM.

If you set this line to:

report_safe 1

all incoming messages tagged as SPAM will create a new report message and attach the original message as a message/rfc822 MIME (preserving the original message, but not easily opened).

If you set this line to:

report_safe 2

all incoming messages tagged as SPAM will be attached to a new report as plain text.

A message marked as SPAM will not be deleted. Instead a message marked as SPAM will be labeled as such and allowed through. This further prevents false positives and allows the user to define what to do with SPAM in their email client.

If you set that line to...

report_safe 1

...all messages marked as SPAM will be deleted. I find it best to set this to 0, so to avoid the loss of false positive email. If you set report_safe to 0 you will need to define how the header is rewritten so the message is properly labeled as SPAM. Look for this line:

# rewrite_header Subject *****SPAM*****

Uncomment this line (remove the "#" character) and then change the *****SPAM***** section to whatever you prefer it to be. Just make sure your users are aware of what this line is so they can handle it with their mail clients.

After you make this last change, save and close this file and restart the Spamassassin daemon with the command:

sudo /etc/init.d/spamassassin restart

Now you are ready to configure Postfix.

Configure Postfix

The configuration file you need to make changes to is /etc/postfix/master.cf. There are a few changes to make. The first change is to look for this line:

smtp    inet    n   - - - - smtpd

You will need to change this line to:

smtp      inet   n   - - - -   smtpd -o content_filter=spamassassin

Now, take a look at the bottom of this configuration file and add the following:

spamassassin
unix - n n - - pipe
flags=R
user=spamd
argv=/usr/bin/spamc
-e /usr/sbin/sendmail
-oi -f ${sender} ${recipient}

That's it. Now all you need to do is save that file and restart Postfix with the command:

sudo /etc/init.d/postfix restart

Of course at this point you will want to send a few test emails through to make sure email is getting in and going out. But you should be good to go.

Final Thoughts

Anyone hosting a Linux email server would be remiss to not have SPAM protection on that server. It's not difficult and doesn't take up much in the way of processor overhead. And having your users receive fewer and fewer SPAM will reward you with fewer and fewer end-user calls. And that is payment enough.

Click Here!