October 15, 2003

Spam filtering with GNU/Linux, Postfix, procmail, and SpamAssassin

Author: Jason Yost

With GNU/Linux and some new and old favorites you can reduce the amount of email spam your customers, employees, and personal mail readers receive. This step-by-step guide shows you how to install procmail and SpamAssassin and how to configure the Postfix mail transport agent to mark potential spam before it reaches your mail program.

Before we begin, be sure you have Postfix running properly and receiving mail for all of your domains. If you are running an ISP, are the systems administrator for a company, or are modifying the behavior of a mail server that many people depend on, make sure you let your users know in advance that changes are in the works and who to contact should something go wrong.

This process only marks messages as potential spam. Users will receive these messages with the subject line rewritten and a note specifying them as spam. They can then be filtered into a junk mail folder using filters in the mail client. It is possible to delete the potential spam without delivering it, but a computer cannot be relied on to make all the correct decisions for you and may inadvertently mark a message as spam that was not intended to be. If you set your spam filter to delete all mail it believes is spam, don't be surprised when important mail fails to reach you.

Before you start, be sure you have:

Root access to the machine you are configuringBasic knowledge of installing software for the GNU/Linux systemA working installation of Postfix version 2.0.1 (you can check your version by typing postconf mail_version)The procmail program. Many major distributions of GNU/Linux come with procmail already installed or some package (RPM, DEB, source file) containing the procmail program. You can test whether you have procmail already installed by typing which procmail at the prompt. If it returns something like /usr/bin/procmail, it is already installed. If you don't yet have it you can download the source or possibly find a binary package for your distributionPerl version 5.005_3 or higher (comes standard with most distributions of GNU/Linux)

Our first step is to install SpamAssassin. The easiest way to do this is with Perl's CPAN tool. Open a shell and at the prompt type:

# perl -MCPAN -e 'shell'
cpan> install Mail::SpamAssassin

CPAN will begin to download and install SpamAssassin. Pay attention to what CPAN is doing as it may ask you questions during the install process. When it finishes, install procmail if it is not installed already.

Next, we set some global options for SpamAssassin. Locate the spamassassin/local.cf file, which is usually at /etc/mail/spamassassin/local.cf. Open the file with your favorite text editor and add the following lines:

allow_user_rules 1
rewrite_subject 1

This is all you really need to add to get started. Of course there are more options you can set to customize the way mail is filtered. For instance, to specify what the subject line should say, add:

subject_tag *SPAM*

You can also specify a number of hits (the number of points an email message must have before being marked as spam) in order to loosely set how restrictive your spam filter will be:

required_hits 3.5

To set up spam filtering for every user on the system, we next modify the global procmailrc file (usually located at /etc/procmail; if you do not have a file already you should create one by opening a blank file in your text editor, entering the lines below, then saving it to this location). Add the following lines to the procmailrc file:

:0fw
|/usr/bin/spamassassin -f -u $1

The above configuration allows individuals to still use other personal procmail rules and still benefit from global spam filtering.

Alternatively you can create or edit a .procmailrc (it must have the dot) file in a user's home directory with the lines:

:0fw
|/usr/bin/spamassassin

This applies spam filtering only to the individual user.

Now open the /etc/postfix/main.cf file and locate and edit or add the following line:

mailbox_command = /usr/bin/procmail -f- -a "$USER"

then restart the Postfix program. Different distributions offer different ways to restart Postfix; one possibility is /etc/init.d/postfix restart.

That's all you have to do in the way of configuration. Now just sit back and wait for the spam to come in and be labeled.

You'll probably find some mail will be tagged as spam that shouldn't be. The only way to correct this is to look at the headers and see how SpamAssassin scored the email in question, then modify the rules base SpamAssassin uses to fit the majority of your incoming mail by editing the files located in the /usr/share/spamassassin directory with your favorite text editor. The rules system works by using regular expressions to search for text in all portions of an email message and assigns either points towards the email being spam or points against the email being spam. Even if you aren't comfortable creating regular expressions or editing the current ones, you can still get better performance by changing the score that a rule assigns to a particular expression (descriptions of each rule are included in the configuration files) to match email that regularly passes through your system. With some tweaking you should be able to get the system to run almost flawlessly.

Category:

  • Open Source
Click Here!