We have already discussed how to install mail server with postfix+Devcot+SASL+Squirrel Mail in this article we will see how to add spam filter for postfix mail server.
Apache SpamAssassin is an extensible email filter that is used to identify spam. Once identified, the mail can then be optionally tagged as spam for later filtering. It provides a command line tool to perform filtering, a client-server system to filter large volumes of mail, and Mail::SpamAssassin, a set of Perl modules allowing Apache SpamAssassin to be used in a wide variety of email systems.
Install Spamassassin in Debian
#apt-get install spamassassin spamc
spamassassin package can also be integrated into a Mail Transport Agent such as postfix.
Preparation
By default Spamassassin will run as root users when you install from debian repository and is not started to avoid that, we are going to create a specific user and group for spamassassin.
#groupadd -g 5001 spamd
#useradd -u 5001 -g spamd -s /sbin/nologin -d /var/lib/spamassassin spamd
#mkdir /var/lib/spamassassin
#chown spamd:spamd /var/lib/spamassassin
we need to change some settings in /etc/default/spamassassin and make sure you get the following values
ENABLED=1
SAHOME=”/var/lib/spamassassin/”
OPTIONS="--create-prefs --max-children 5 --username spamd --helper-home-dir ${SAHOME} -s ${SAHOME}spamd.log"
PIDFILE=”${SAHOME}spamd.pid”
We are going to run spamd daemon as user spamd and make it use its own home dir (/var/lib/spamassassin/) and is going to output its logs in /var/lib/spamassassin/spamd.log
spamassassin Configuration
we need to give spamassassin some rules. The default settings are quite fine, but you might tweak them up a bit. So let’s edit /etc/spamassassin/local.cf and make it looks like that
#vi /etc/spamassassin/local.cf
Modify this file looks like below
rewrite_header Subject [***** SPAM _SCORE_ *****]
required_score 2.0
#to be able to use _SCORE_ we need report_safe set to 0
#If this option is set to 0, incoming spam is only modified by adding some “X-Spam-” headers and no changes will be made to the body.
report_safe 0
# Enable the Bayes system
use_bayes 1
use_bayes_rules 1
# Enable Bayes auto-learning
bayes_auto_learn 1
# Enable or disable network checks
skip_rbl_checks 0
use_razor2 0
use_dcc 0
use_pyzor 0
we set spamassassin’ spamd default settings to rewrite email subject to [***** SPAM _SCORE_ *****], where _SCORE_ is the score attributed to the email by spamassassin after running different tests, only if the actual score is greater or equal to 2.0. So email with a score lower than 2 won’t be modified.
To be able to use the _SCORE_ in the rewrite_header directive, we need to set report_safe to 0.
In the next section, we tell spamassassin to use bayes classifier and to improve itself by auto-learning from the messages it will analyse.
In the last section, we disable collaborative network such as pyzor, razor2 and dcc. Those collaborative network keep an up-to-date catalogue of know mail checksum to be recognized as spam. Those might be interresting to use, but I’m not going to use them here as I found it took long enough to spamassassin to deal with spams only using it rules.
Restart spamassassin using the following command
#/etc/init.d/spamassassin start
Configuring Postfix call Spamassassin
spamassassin will be invoked only once postfix has finished with the email.
To tell postfix to use spamassassin, we are going to edit /etc/postfix/master.cf
#vi /etc/postfix/master.cf
Change the following line
smtp inet n – – – – smtpd
to
smtp inet n – – – – smtpd
-o content_filter=spamassassin
and then, at the end of master.cf file add the following lines
spamassassin unix – n n – – pipe
user=spamd argv=/usr/bin/spamc -f -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}
Save and exit the file
That’s it our spam filter is setted up, we need to reload postfix settings and everything should be ready.
#/etc/init.d/postfix reload
I tried doing this twice, and both times when I reload postfix and start spamassassin, I start getting there errors in SquirrelMail,
Server replied: 111 Can’t open SMTP stream.
Any idea?
Server replied: 111 Can’t open SMTP stream.
You’ve either configured SquirrelMail badly and specified an SMTP server which doesn’t exist, or the SMTP server is down.
Mis-configuration
Either run SquirrelMail-configuration again and specify an SMTP server that exists (option 2 on the main menu)
Edit the SquirrelMail config.php file, on linux this would be, from the terminal, sudo nano /etc/squirrelmail/config.php
SMTP Server down
Restart the SMTP server- with postfix this would be sudo postfix stop and sudo postfix start
check /etc/hosts file on the server local host should be as follows
127.0.0.1 localhost.localdomain localhost
We tried spamassassin some time ago but it was too resource hungry and not that accurate. After switching to dspam, we are very happy.
I’ve GOT this error
Apr 30 15:27:04 hardy postfix/master[4814]: fatal: /etc/postfix/master.cf: line 86: bad transport type: argv=/usr/bin/spamc
my /etc/postfix/master.cf
smtp inet n – – – – smtpd -o content_filter=spamassassin
spamassassin unix – n n – – pipe
user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
@Joe Chiang
Hi, you have to put spamassassin unix – n n – – pipe user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
on one line at the end of the master.cf file.
Cheers,
Gabriele
@kows
Hi, i’ve put this at the end of master.cf but the problem still exists in my cube too. 🙁
do you have any idea about this?
Hi fotofabrik,
I think you must put tab character before -o content_filter=spamassassin and before user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient} . Because they are belong to previous lines and you must have blank characters (space, tab) to indicate that.
In /etc/postfix/master.cf when you add:
user=spamd argv=/usr/bin/spamc -f -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}
Is that only for servers running sendmail, or will I have to do something else to get it to work with dovecot?
Also, I had the “Server replied: 111 Can’t open SMTP stream.” error with squirrel mail. I fixed it by hanging:
user=spamd argv=/usr/bin/spamc -f -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}
to
user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
(all on one line)
Hi, Thanks for this, very helpfull as all the books on spamassassin are so old.
Anyway my question.. Does this work for a ‘Site Wide’ configuration??
Thanks again
Jim
No need to reply got it working ‘Site-Wide’ on Ubuntu, Postfix, Spamassassin, Courier, Procmail.
After a bit of fidling about with the Username Settings.
Hi all,
First thanks to the tutorial ! I found very useful the idea to run SA not as root but with a different user.
I use a Debian stable with postfix and SA, but as following this tutorial iwasn’t able to use correctly withe the “/sbin/nologin” shell for spamd user the pyzor tests ..
cf:
with a valid shell it’s OK:
# su spamd -c ‘pyzor ping’
82.94.255.100:24441 (200, ‘OK’)
with the “/sbin/nologin” it’s not…
It’s why i’ve posted on SA mailing list, without any answer at the moment..
So if someone can help: How can we run pyzor test with the user spamd (with a nologin shell) as explained above ?
Thanks in advance !!
http://groups.google.fr/group/spamassassin/browse_thread/thread/ba6525c9de67a45d?hl=fr
it’s my post explaining the problem..
Hi, I want to add a disclaimer at end of each emails (altermime) but i have spamassassin working now and I don’t know how to use multiple filters with postfix. if someone can help me…
Thanks.
After having to make some of the changes suggested on certain errors in this last section I have been able to make it work on squirrelmail. However it only works on Squirrelmail. If I try to use an pop3 client I get a user and paswd prompt, it is ever occurring, if I type my user and passwd it just pops up again.
In /var/log/mail.log
I see
Oct 15 11:02:25 postfix/smtpd[9371]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Oct 15 11:02:25 postfix/smtpd[9371]: warning: unknown[217.144.253.82]: SASL LOGIN authentication failed: authentication failure
Any suggestions on how to make this work?
Hi,
When I start the spamassassin, I got an error:
Starting SpamAssassin Mail Filter Daemon: [23062] warn: config: created user preferences file: /root/.spamassassin/user_prefs
[23062] info: config: failed to parse line, skipping, in “/etc/spamassassin/local.cf”: use_dcc 0
Is there something I missed?
i am taking this error
Restarting SpamAssassin Mail Filter Daemon: No /usr/bin/perl found running; none killed. [2661] warn: server socket setup failed, retry 1: spamd: could not create INET socket on 127.0.0.1:783: Address already in use [2661] warn: server socket setup failed, retry 2: spamd: could not create INET socket on 127.0.0.1:783: Address already in use [2661] error: spamd: could not create INET socket on 127.0.0.1:783: Address already in use spamd: could not create INET socket on 127.0.0.1:783: Address already in use
Your error is because another instance of spamd is running you need to find it and it’s pid and whack it so you can restart the new one. If you ps ax | grep spam it should show up, with the parameters in it like pid, directory it’s running in, etc.. Then when you restart with your new pid it should be ok.
Hiya,
Great tut, only problem I have is in the spamd.log I get;
info: config: failed to parse line, skipping, in “/etc/spamassassin/local.cf”: use_dcc 0
Any idea how to fix this?
Thanks
It’s ok, I fixed it by adding:
loadplugin Mail::SpamAssassin::Plugin::DCC
to /etc/spamassassin/local.cf
Cheers
Working Perfectly!!! Thanks!
Connection refused
111 Can’t open SMTP stream.
i am taking this error.before spamassasins my mail server working perfectly after spamassasin i cannot send email . checked all comment can you help me
i added in master cf.
smtp inet n – – – – smtpd
-o content_filter=spamassassin
and
spamassassin unix – n n – – pipe
user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
this line
mail:~# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:imaps *:* LISTEN 2110/dovecot
tcp 0 0 *:imap2 *:* LISTEN 2110/dovecot
tcp 0 0 localhost:spamd *:* LISTEN 1993/spamd.pid
tcp 0 0 *:sunrpc *:* LISTEN 1737/portmap
tcp 0 0 *:ssh *:* LISTEN 1983/sshd
tcp 0 0 *:48059 *:* LISTEN 1755/rpc.statd
tcp 0 52 mail.linuxlike.net:ssh 192.168.3.5:2885 ESTABLISHED 2197/0
tcp6 0 0 [::]:www [::]:* LISTEN 2152/apache2
tcp6 0 0 [::]:ssh [::]:* LISTEN 1983/sshd
postfix doesnt work now .
i checked etc/hosts also squirrelmail was working before spam configuration.
On Debian 5, there’s no /sbin/nologin but there is /usr/sbin/nologin
I have doubled mail.
When i install spamassassin follow this instruction rule always_bbc doesn’t work correctly.
Log
May 29 10:24:31 debian-mail postfix/pickup[24361]: BBCC08014169: uid=5001 from=
May 29 10:24:31 debian-mail postfix/cleanup[24441]: BBCC08014169: message-id=
May 29 10:24:31 debian-mail postfix/qmgr[24362]: BBCC08014169: from=, size=2322, nrcpt=3 (queue active)
May 29 10:24:31 debian-mail postfix/local[24446]: BBCC08014169: to=, relay=local, delay=0.08, delays=0.04/0.02/0/0.02, dsn=2.0.0, status=sent (delivered to mailbox)
May 29 10:24:31 debian-mail postfix/local[24446]: BBCC08014169: to=, relay=local, delay=0.09, delays=0.04/0.04/0/0.02, dsn=2.0.0, status=sent (delivered to mailbox)
May 29 10:24:32 debian-mail postfix/local[24447]: BBCC08014169: to=, relay=local, delay=1, delays=0.04/0.05/0/0.96, dsn=2.0.0, status=sent (delivered to mailbox)
May 29 10:24:32 debian-mail postfix/qmgr[24362]: BBCC08014169: removed
In Debian v6 and v7 you dont have to create the user. You can use the preinstalled user that came with the spamassassin install (named debian-spamd). Also, it looks like you typo’d the master.cf and thats why postfix fails for some of you users. It should be
spamassassin unix – n n – – pipe
user=debian-spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}