Difference between revisions of "Spamassassin on CentOS 6"

From vpsget wiki
Jump to: navigation, search
 
(11 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 +
We'll show the example how to block spam on your mailserver.
 +
In short -  this is config example of postfix with spamassasin .
 +
Surely we are using rbls in a postfix config.
 +
 
'''Installation'''
 
'''Installation'''
  
Line 15: Line 19:
 
  nano /etc/mail/spamassassin/local.cf
 
  nano /etc/mail/spamassassin/local.cf
  
Uncomment or add the following line:
+
Uncomment or add the following lines:
  
 
  required_hits 5.0
 
  required_hits 5.0
Line 30: Line 34:
 
'''Integration to Postfix'''
 
'''Integration to Postfix'''
  
Open postfix master.cf file:
+
First it might be a good idea to add some HELO and recipient restrictions into '''/etc/postfix/main.cf''':
 +
 
 +
# HELO restrictions:
 +
smtpd_delay_reject = yes
 +
smtpd_helo_required = yes
 +
smtpd_helo_restrictions =
 +
    permit_mynetworks,
 +
    reject_non_fqdn_helo_hostname,
 +
    reject_invalid_helo_hostname,
 +
    permit
 +
 
 +
# Recipient restrictions:
 +
smtpd_recipient_restrictions =
 +
  permit_mynetworks,
 +
  permit_sasl_authenticated,
 +
  reject_unauth_pipelining,
 +
  reject_non_fqdn_recipient,
 +
  reject_unauth_destination,
 +
  reject_rbl_client zen.spamhaus.org,
 +
  reject_rbl_client bl.spamcannibal.org,
 +
  check_policy_service unix:postgrey/socket,
 +
  permit
 +
 
 +
Note that "permit_sasl_authenticated" is optional and will only work if you have sasl auth installed and working.
 +
 
 +
Using blacklists is on your own choice. The email will be rejected in case listed in any of blacklists in postfix config
 +
 
 +
 
 +
Now open postfix master.cf file:
  
 
  nano /etc/postfix/master.cf
 
  nano /etc/postfix/master.cf
Line 63: Line 95:
 
If you will see [SPAM] in the subject line, Spamassassin work correctly.
 
If you will see [SPAM] in the subject line, Spamassassin work correctly.
  
Categore [[[Linux]]]
+
'''Discard spam'''
 +
 
 +
If you see that only a real spam is being marked as spam, you can configure postfix to discard that mails and forget about spam.
 +
 
 +
Open the file '''/etc/postfix/main.cf''' and add this line (if it is not already present):
 +
header_checks = regexp:/etc/postfix/header_checks
 +
 
 +
Open the file '''/etc/postfix/header_checks''' and add this line (if it is not already present):
 +
/^X-Spam-Flag:.YES/ DISCARD spam
 +
 
 +
Restart postfix
 +
service postfix restart
 +
 
 +
 
 +
'''Example to add whitelisting rules. Simply add these lines to local.cf {usually located in /etc/mail/spamassassin}
 +
 
 +
Whitelist everyone at domain.com [all messages from this domain will be accepted]:
 +
whitelist_from  *@domain.com
 +
 
 +
 
 +
Whitelist all emails sent from specified IP address:
 +
header ALLOWN4H Received=~ /\[191.101.250.60\]/
 +
score ALLOWN4H  -9
 +
describe ALLOWN4H Allows relays from 191.101.250.60
 +
 
 +
 
 +
Example spamassasing config:
 +
 
 +
Config usually located : /etc/mail/spamassassin/local.cf
 +
 
 +
# These values can be overridden by editing ~/.spamassassin/user_prefs.cf
 +
# (see spamassassin(1) for details)
 +
# These should be safe assumptions and allow for simple visual sifting
 +
# without risking lost emails.
 +
required_hits 5.0
 +
report_safe 0
 +
required_score 5
 +
rewrite_header Subject [SPAM]
 +
# whitelist everyone at domain1.com:
 +
whitelist_from  *@domain1.com
 +
# whitelist everyone at domain2.com: 
 +
whitelist_from  *@domain2.com   
 +
trusted_networks 11.11.250.60
 +
header ALLOWN4H Received=~ /\[11.11.250.60\]/
 +
score ALLOWN4H  -9
 +
describe ALLOWN4H Allows relays from 11.11.250.60
 +
whitelist_from  *@webhostingtalk.com
 +
whitelist_from  *@www.webhostingtalk.com
 +
#useBayes 1
 +
#auto_learn 0
 +
#auto_learn 1
 +
use_bayes 1
 +
bayes_auto_learn 1
 +
bayes_auto_learn_threshold_nonspam -0.001
 +
bayes_auto_learn_threshold_spam 10.0
 +
#bayes_path /var/spamassassin/bayes/
 +
#bayes_file_mode    077
 +
 
 +
[[Category:Linux]]

Latest revision as of 17:11, 2 February 2017

We'll show the example how to block spam on your mailserver. In short - this is config example of postfix with spamassasin . Surely we are using rbls in a postfix config.

Installation

Firstly you need to update your OS distribution to latest version:

yum update -y

Install Spamassassin:

yum install spamassassin

Configuration

Open spamassassin configuration file:

nano /etc/mail/spamassassin/local.cf

Uncomment or add the following lines:

required_hits 5.0
report_safe 0
required_score 5
rewrite_header Subject [SPAM]

Add user and group for spamassassin and change owner of log directory:

groupadd spamd
useradd -g spamd -s /bin/false -d /var/log/spamassassin spamd
chown spamd:spamd /var/log/spamassassin

Integration to Postfix

First it might be a good idea to add some HELO and recipient restrictions into /etc/postfix/main.cf:

# HELO restrictions:
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions =
   permit_mynetworks,
   reject_non_fqdn_helo_hostname,
   reject_invalid_helo_hostname,
   permit
# Recipient restrictions:
smtpd_recipient_restrictions =
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_unauth_pipelining,
  reject_non_fqdn_recipient,
  reject_unauth_destination,
  reject_rbl_client zen.spamhaus.org,
  reject_rbl_client bl.spamcannibal.org,
  check_policy_service unix:postgrey/socket,
  permit

Note that "permit_sasl_authenticated" is optional and will only work if you have sasl auth installed and working.

Using blacklists is on your own choice. The email will be rejected in case listed in any of blacklists in postfix config


Now open postfix master.cf file:

nano /etc/postfix/master.cf

We should now change the master.cf file to look as follows:

# ====================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#                      (yes)   (yes)     (yes)    (never)   (100)
# ====================================================================
smtp        inet   n           -           n          -             -    smtpd -o content_filter=spamassassin

At the bottom of this file we should add the following line:

spamassassin unix - n n - - pipe flags=R user=spamd argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}

Before starting the spamassassin service use this command:

sa-update && /etc/init.d/spamassassin reload

Now you can to start spamassassin:

/etc/init.d/postfix reload
/etc/init.d/spamassassin reload

Testing

Create an email from any address and service outside of your domain, e.g. Yahoo or Gmail. Address the email to an email address on the newly-configured mail server, then within the subject line we can use the following test string:

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

If you will see [SPAM] in the subject line, Spamassassin work correctly.

Discard spam

If you see that only a real spam is being marked as spam, you can configure postfix to discard that mails and forget about spam.

Open the file /etc/postfix/main.cf and add this line (if it is not already present):

header_checks = regexp:/etc/postfix/header_checks

Open the file /etc/postfix/header_checks and add this line (if it is not already present):

/^X-Spam-Flag:.YES/ DISCARD spam

Restart postfix

service postfix restart


Example to add whitelisting rules. Simply add these lines to local.cf {usually located in /etc/mail/spamassassin}

Whitelist everyone at domain.com [all messages from this domain will be accepted]:

whitelist_from  *@domain.com


Whitelist all emails sent from specified IP address:

header ALLOWN4H Received=~ /\[191.101.250.60\]/
score ALLOWN4H  -9
describe ALLOWN4H Allows relays from 191.101.250.60


Example spamassasing config:

Config usually located : /etc/mail/spamassassin/local.cf

# These values can be overridden by editing ~/.spamassassin/user_prefs.cf 
# (see spamassassin(1) for details)
# These should be safe assumptions and allow for simple visual sifting
# without risking lost emails.
required_hits 5.0
report_safe 0
required_score 5
rewrite_header Subject [SPAM]
# whitelist everyone at domain1.com:
whitelist_from  *@domain1.com
# whitelist everyone at domain2.com:   
whitelist_from  *@domain2.com    
trusted_networks 11.11.250.60 
header ALLOWN4H Received=~ /\[11.11.250.60\]/
score ALLOWN4H  -9
describe ALLOWN4H Allows relays from 11.11.250.60 
whitelist_from  *@webhostingtalk.com
whitelist_from  *@www.webhostingtalk.com
#useBayes 1
#auto_learn 0
#auto_learn 1
use_bayes 1
bayes_auto_learn 1
bayes_auto_learn_threshold_nonspam -0.001
bayes_auto_learn_threshold_spam 10.0
#bayes_path /var/spamassassin/bayes/
#bayes_file_mode     077