Difference between revisions of "Spamassassin on CentOS 6"
Line 30: | Line 30: | ||
'''Integration to Postfix''' | '''Integration to Postfix''' | ||
− | First it might be a good idea to add some HELO restrictions into '''/etc/postfix/main.cf''': | + | First it might be a good idea to add some HELO and recipient restrictions into '''/etc/postfix/main.cf''': |
− | |||
# HELO restrictions: | # HELO restrictions: | ||
smtpd_delay_reject = yes | smtpd_delay_reject = yes | ||
Line 41: | Line 40: | ||
reject_invalid_helo_hostname, | reject_invalid_helo_hostname, | ||
permit | permit | ||
+ | |||
+ | # Recipient restrictions: | ||
+ | smtpd_recipient_restrictions = | ||
+ | permit_mynetworks, | ||
+ | permit_sasl_authenticated, | ||
+ | reject_unauth_pipelining, | ||
+ | reject_non_fqdn_recipient, | ||
+ | reject_unauth_destination, | ||
+ | reject_rbl_client zen.spamhaus.org, | ||
+ | reject_rbl_client bl.spamcannibal.org, | ||
+ | check_policy_service unix:postgrey/socket, | ||
+ | permit | ||
Open postfix master.cf file: | Open postfix master.cf file: |
Revision as of 12:25, 2 February 2017
Installation
Firstly you need to update your OS distribution to latest version:
yum update -y
Install Spamassassin:
yum install spamassassin
Configuration
Open spamassassin configuration file:
nano /etc/mail/spamassassin/local.cf
Uncomment or add the following lines:
required_hits 5.0 report_safe 0 required_score 5 rewrite_header Subject [SPAM]
Add user and group for spamassassin and change owner of log directory:
groupadd spamd useradd -g spamd -s /bin/false -d /var/log/spamassassin spamd chown spamd:spamd /var/log/spamassassin
Integration to Postfix
First it might be a good idea to add some HELO and recipient restrictions into /etc/postfix/main.cf:
# HELO restrictions: smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, permit
# Recipient restrictions: smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcannibal.org, check_policy_service unix:postgrey/socket, permit
Open postfix master.cf file:
nano /etc/postfix/master.cf
We should now change the master.cf file to look as follows:
# ==================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ==================================================================== smtp inet n - n - - smtpd -o content_filter=spamassassin
At the bottom of this file we should add the following line:
spamassassin unix - n n - - pipe flags=R user=spamd argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
Before starting the spamassassin service use this command:
sa-update && /etc/init.d/spamassassin reload
Now you can to start spamassassin:
/etc/init.d/postfix reload /etc/init.d/spamassassin reload
Testing
Create an email from any address and service outside of your domain, e.g. Yahoo or Gmail. Address the email to an email address on the newly-configured mail server, then within the subject line we can use the following test string:
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
If you will see [SPAM] in the subject line, Spamassassin work correctly.
Discard spam
If you see that only a real spam is being marked as spam, you can configure postfix to discard that mails and forget about spam.
Open the file /etc/postfix/main.cf and add this line (if it is not already present):
header_checks = regexp:/etc/postfix/header_checks
Open the file /etc/postfix/header_checks and add this line (if it is not already present):
/^X-Spam-Flag:.YES/ DISCARD spam
Restart postfix
service postfix restart
Example to add whitelisting rules. Simply add these lines to local.cf {usually located in /etc/mail/spamassassin}
Whitelist everyone at domain.com [all messages from this domain will be accepted]:
whitelist_from *@domain.com
Whitelist all emails sent from specified IP address:
header ALLOWN4H Received=~ /\[191.101.250.60\]/ score ALLOWN4H -9 describe ALLOWN4H Allows relays from 191.101.250.60
Example spamassasing config:
Config usually located : /etc/mail/spamassassin/local.cf
# These values can be overridden by editing ~/.spamassassin/user_prefs.cf # (see spamassassin(1) for details) # These should be safe assumptions and allow for simple visual sifting # without risking lost emails. required_hits 5.0 report_safe 0 required_score 5 rewrite_header Subject [SPAM] # whitelist everyone at domain1.com: whitelist_from *@domain1.com # whitelist everyone at domain2.com: whitelist_from *@domain2.com trusted_networks 11.11.250.60 header ALLOWN4H Received=~ /\[11.11.250.60\]/ score ALLOWN4H -9 describe ALLOWN4H Allows relays from 11.11.250.60 whitelist_from *@webhostingtalk.com whitelist_from *@www.webhostingtalk.com #useBayes 1 #auto_learn 0 #auto_learn 1 use_bayes 1 bayes_auto_learn 1 bayes_auto_learn_threshold_nonspam -0.001 bayes_auto_learn_threshold_spam 10.0 #bayes_path /var/spamassassin/bayes/ #bayes_file_mode 077