Installing and configuring Spamassassin on CentOS

  Uncategorized

If you run your own mail server you’ll want it to run spam filtering software to reduce the number of unsolicited emails your users receive.  SpamAssassin is an effective spam filter that’s relatively easy to install and run.

This article was written for a CentOS 6.0 server running Postfix and Dovecot, but SpamAssassin can work with other operating systems and is compatible with most other common mail server software.

Without further ado let’s commence with the installation!

Installation

The first thing we will want to do is run an update on our CentOS distribution if we haven’t already.

sudo yum update

Once the distribution has been updated, we will want to install SpamAssassin using yum.

sudo yum install spamassassin

Now that we have installed SpamAssassin onto our mail server we will need to configure the SpamAssassin rules within the local.cf file to set filter preferences.

Each item of email sent to your domain is given a score by SpamAssassin.  This score depends on characteristics of the email like keywords and attachments. As with any anti-spam engine, SpamAssassin will need training to become a more accurate filter to cater to your needs.

Configuration

Let’s take a look at the default configuration for the local.cf file within SpamAssassin.  To do this we will need to open the file and make some changes.  Please use your favoured text editor; in this example we will use nano.

sudo nano /etc/mail/spamassassin/local.cf

We will need to uncomment the following lines and append the score:

required_hits 5.0
report_safe 0
required_score 5
rewrite_header Subject ***SPAM***

To explain what we are doing and why we are doing this, we will need a short run-down on the above lines.

Required_hits: This determines the filter balance; the lower the score the more aggressive the filter. A setting of 5.0 is generally effective for a small organisation or a single user. Adjust the strictness score to your organization’s needs – a large medical organisation might want  to let email items through that are trying to sell pharmaceuticals, so we might increase the level to a more modest 8.0.

Report_safe:  This line determines whether to delete the item or to move the item to the inbox whilst appending a spam notice to the subject line. The levels for this line are set to either a 1 or 0. A score of 1 will delete the spam item, whereas a score of 0 will send the item to the inbox and rewrite the subject line.  For this guide we shall use 0 as the score.

Required_score: This line sets the spam score for all email alllowed through to your domain, with levels of certainty set from 0 to 5. Zero would be classified as a legitimate email item, whereas 5 would be an definite ‘SPAM’ item.  If we set the score to 3 we would catch a lot of unsolicited emails but quite a few false positives would still get through. For our example email server we will use the score of 5, but you can of course set this value according to your preference.

Rewrite_header: This line does exactly what it implies, that is, any message caught as ‘SPAM’ will have the subject line rewritten to include this header. For this guide we will use the default subject header of ***SPAM***.

Now that we have the spam variables set up we will now move on to creating the spamd function.

Spamd Setup

Before we jump in and start configuring spamd, here is a brief understanding of spamd and why it is needed.

Spamd and spamc are two functions that are necessary for SpamAssassin to work correctly. Spamd is the more proactive of the two functions; it lays in wait for incoming requests, acting as a daemon to intercept and process emails.  Once spamd receives a connection it will spawn a spawnc child to read the email item from the network socket. This child will pass the message back to spamd when it reaches an end of file (EOF), which will rewrite the message (if you have SpamAssassin setting the subject header for spam).  This email message will then be passed back to the socket it originally arrived on using the child process it spawned at the start. The child process will then end and your regular mail server will process the message.

In briefer terms: The spamd process and its children intercept all incoming messages and process them before your regular mail server ever sees them.

Because of the nature of spamd we will need to create a unique user and group for it so we can integrate Postfix with SpamAssassin. This can be done using commands in BASH:

sudo groupadd spamd
sudo useradd -g spamd -s /bin/false -d /var/log/spamassassin spamd
sudo chown spamd:spamd /var/log/spamassassin

Right, so now that we have the SpamAssasin local.cf file configured along with spamd we will need to configure the Postfix master.cf file to use the SpamAssassin scripts and the set scores we have just applied.

Postfix

We now need to access the Postfix master.cf file with a text editor.

sudo nano /etc/postfix/master.cf

We should now change the master.cf file to look as follows:

# ====================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#                      (yes)   (yes)     (yes)    (never)   (100)
# ====================================================================
smtp        inet   n           -           n          -             -              smtpd -o content_filter=spamassassin

At the bottom of this file we should add the following line:

spamassassin unix - n n - - pipe flags=R user=spamd argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}

Before initially starting the SpamAssassin service run sa-update from a cronjob to update the spamd with the latest rules.

sa-update && /etc/init.d/spamassassin reload

We should now start the SpamAssassin service and reload the Postfix service, to do this we can run the following commands:

sudo /etc/init.d/postfix reload
sudo /etc/init.d/spamassassin reload

To check the spam service is operating correctly we can try running a test.

The Test

Create an email from an email address and service outside of your domain, e.g. Hotmail or Gmail.  Address the email to an email address on the newly-configured mail server, then within the subject line we can use the following test string:

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

Once this email has been fired off, and if all the settings have been entered correctly, we should be able to see the following message in our inbox:

****SPAM****XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

Views: 398

LEAVE A COMMENT

What is the capital of Egypt? ( Cairo )