Spamassassin on CentOS 6

From vpsget wiki
Jump to: navigation, search

We'll show the example how to block spam on your mailserver. In short - this is config example of postfix with spamassasin . Surely we are using rbls in a postfix config.


Firstly you need to update your OS distribution to latest version:

yum update -y

Install Spamassassin:

yum install spamassassin


Open spamassassin configuration file:

nano /etc/mail/spamassassin/

Uncomment or add the following lines:

required_hits 5.0
report_safe 0
required_score 5
rewrite_header Subject [SPAM]

Add user and group for spamassassin and change owner of log directory:

groupadd spamd
useradd -g spamd -s /bin/false -d /var/log/spamassassin spamd
chown spamd:spamd /var/log/spamassassin

Integration to Postfix

First it might be a good idea to add some HELO and recipient restrictions into /etc/postfix/

# HELO restrictions:
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions =
# Recipient restrictions:
smtpd_recipient_restrictions =
  check_policy_service unix:postgrey/socket,

Note that "permit_sasl_authenticated" is optional and will only work if you have sasl auth installed and working.

Using blacklists is on your own choice. The email will be rejected in case listed in any of blacklists in postfix config

Now open postfix file:

nano /etc/postfix/

We should now change the file to look as follows:

# ====================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#                      (yes)   (yes)     (yes)    (never)   (100)
# ====================================================================
smtp        inet   n           -           n          -             -    smtpd -o content_filter=spamassassin

At the bottom of this file we should add the following line:

spamassassin unix - n n - - pipe flags=R user=spamd argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}

Before starting the spamassassin service use this command:

sa-update && /etc/init.d/spamassassin reload

Now you can to start spamassassin:

/etc/init.d/postfix reload
/etc/init.d/spamassassin reload


Create an email from any address and service outside of your domain, e.g. Yahoo or Gmail. Address the email to an email address on the newly-configured mail server, then within the subject line we can use the following test string:


If you will see [SPAM] in the subject line, Spamassassin work correctly.

Discard spam

If you see that only a real spam is being marked as spam, you can configure postfix to discard that mails and forget about spam.

Open the file /etc/postfix/ and add this line (if it is not already present):

header_checks = regexp:/etc/postfix/header_checks

Open the file /etc/postfix/header_checks and add this line (if it is not already present):

/^X-Spam-Flag:.YES/ DISCARD spam

Restart postfix

service postfix restart

Example to add whitelisting rules. Simply add these lines to {usually located in /etc/mail/spamassassin}

Whitelist everyone at [all messages from this domain will be accepted]:

whitelist_from  *

Whitelist all emails sent from specified IP address:

header ALLOWN4H Received=~ /\[\]/
score ALLOWN4H  -9
describe ALLOWN4H Allows relays from

Example spamassasing config:

Config usually located : /etc/mail/spamassassin/

# These values can be overridden by editing ~/.spamassassin/ 
# (see spamassassin(1) for details)
# These should be safe assumptions and allow for simple visual sifting
# without risking lost emails.
required_hits 5.0
report_safe 0
required_score 5
rewrite_header Subject [SPAM]
# whitelist everyone at
whitelist_from  *
# whitelist everyone at   
whitelist_from  *    
header ALLOWN4H Received=~ /\[\]/
score ALLOWN4H  -9
describe ALLOWN4H Allows relays from 
whitelist_from  *
whitelist_from  *
#useBayes 1
#auto_learn 0
#auto_learn 1
use_bayes 1
bayes_auto_learn 1
bayes_auto_learn_threshold_nonspam -0.001
bayes_auto_learn_threshold_spam 10.0
#bayes_path /var/spamassassin/bayes/
#bayes_file_mode     077