Bootstrap FreeKB - Postfix (Email) - Integrate SpamAssassin with Postfix
Postfix (Email) - Integrate SpamAssassin with Postfix

Updated:   |  Postfix (Email) articles

On a Debian distribution (Mint, Ubuntu), apt-get install can be used to install SpamAssassin and the SpamAssassin Milter. On a Red Hat distribution (CentOS, Fedora, Red Hat), dnf install or yum install can be used.

dnf install spamassassin spamass-milter

 

Add the following to /etc/sysconfig/spamass-milter so that the SpamAssassin Milter can be run by members of the "mail" group.

SOCKET_OPTIONS='-g mail'

 

Update the sa-milt user to be a member of the "mail" group.

usermod -a -G mail sa-milt

 

Add the following to /etc/postfix/main.cf to use the /run/spamass-milter/spamass-milter.sock file as the Unix socket.

milter_default_action = accept
milter_protocol = 6
smtpd_milters = unix:/run/spamass-milter/spamass-milter.sock <- unix socket
non_smtpd_milters = $smtpd_milters

 

Or add the following to configure the SpamAssassin Milter to listen on TCP port 783.

milter_default_action = accept
milter_protocol = 6
smtpd_milters = inet:127.0.0.1:783 <- TCP/IP
non_smtpd_milters = $smtpd_milters

 

Restart Postfix.

systemctl restart postfix

 

And ensure Postfix is up and running.

~]$ sudo systemctl status postfix
● postfix.service - Postfix Mail Transport Agent
   Loaded: loaded (/usr/lib/systemd/system/postfix.service; disabled; vendor preset: disabled)
   Active: active (running) since Sun 2023-02-19 22:07:36 UTC; 4s ago

 

Use the systemctl command to start and enable SpamAssassin and the SpamAssassin Milter.

systemctl enable spamassassin
systemctl enable spamass-milter
systemctl start spamassassin
systemctl start spamass-milter

 

Under the hood, this issues the following command.

/usr/sbin/spamass-milter $SOCKET_OPTIONS -p $SOCKET $EXTRA_FLAGS

 

Which with the prior config means this command is being run.

/usr/sbin/spamass-milter -g mail -p /run/spamass-milter/spamass-milter.sock

 

Which can be seen with the ps command.

~]$ ps -ef | grep -i spam
root      4826     1  0 Feb25 ?        00:00:00 /usr/sbin/spamass-milter -g mail -p /run/spamass-milter/spamass-milter.sock

 

It is also noteworthy that there is a spamass-milter-root service (e.g. systemctl start spamass-milter-root), which let's you start and enable the SpamAssassin milter as root. Running the SpamAssassin Milter as root is not ideal. It's much better to get the SpamAssassin Milter running as a non-root user.

Feb 25 02:31:26 ip-172-31-19-227 spamd[26200]: spamd: setuid to root succeeded
Feb 25 02:31:26 ip-172-31-19-227 spamd[26200]: spamd: creating default_prefs: /root/.spamassassin/user_prefs
Feb 25 02:31:26 ip-172-31-19-227 spamd[26200]: config: created user preferences file: /root/.spamassassin/user_prefs
Feb 25 02:31:26 ip-172-31-19-227 spamd[26200]: spamd: still running as root: user not specified with -u, not found, or set to root, falling back to nobody

 

Ensure SpamAssassin and the SpamAssassin Milter are running.

~]$ sudo systemctl status spamassassin
● spamassassin.service - Spamassassin daemon
   Loaded: loaded (/usr/lib/systemd/system/spamassassin.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2023-02-19 22:05:50 UTC; 7s ago

~]$ sudo systemctl status spamass-milter
● spamass-milter.service - Mail filter for SpamAssassin
   Loaded: loaded (/usr/lib/systemd/system/spamass-milter.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2023-02-19 22:05:54 UTC; 10s ago
 Main PID: 13563 (spamass-milter)
   CGroup: /system.slice/spamass-milter.service
           └─13563 /usr/sbin/spamass-milter -p /run/spamass-milter/spamass-milter.sock

 

/var/log/maillog should have something like this.

Feb 19 22:05:51 ip-172-31-19-227 spamd[25158]: spamd: server started on IO::Socket::IP [::1]:783, IO::Socket::IP [127.0.0.1]:783 (running version 3.4.4)
Feb 19 22:05:51 ip-172-31-19-227 spamd[25158]: spamd: server pid: 25158
Feb 19 22:05:51 ip-172-31-19-227 spamd[25158]: spamd: server successfully spawned child process, pid 25162
Feb 19 22:05:51 ip-172-31-19-227 spamd[25158]: spamd: server successfully spawned child process, pid 25163
Feb 19 22:05:51 ip-172-31-19-227 spamd[25158]: prefork: child states: IS
Feb 19 22:05:51 ip-172-31-19-227 spamd[25158]: prefork: child states: II
Feb 19 22:05:54 ip-172-31-19-227 spamass-milter[25174]: spamass-milter 0.4.0 starting

 

Send a test email into Postfix with no subject and /var/log/maillog should have something like this. In this example, SpamAssassin applied score 3 because the email had no subject. In this example, the email is not flagged as spam since the email score of 3.0 is below the threshold of 5.0.

Feb 27 09:58:56 ip-172-31-19-227 spamd[15755]: spamd: processing message <ff1df75678bf843e25968eeffa2d3da3653743d0@webmail> for sa-milt:992

Feb 27 09:58:56 ip-172-31-19-227 spamd[15755]: spamd: clean message (3.0/5.0) for sa-milt:992 in 0.3 seconds, 1955 bytes.

Feb 27 09:58:56 ip-172-31-19-227 spamd[15755]: spamd: result: . 3 - MISSING_SUBJECT scantime=0.3,size=1955,user=sa-milt,uid=992,required_score=5.0,rhost=::1,raddr=::1,rport=36204,mid=<ff1df75678bf843e25968eeffa2d3da3653743d0@webmail>,autolearn=ham autolearn_force=no

 

The 20_head_tests.cf file contains rule, including the role when an email is received with no subject.

~]$ cat /etc/mail/spamassassin/20_head_tests.cf
header __HAS_SUBJECT            exists:Subject
meta MISSING_SUBJECT            !__HAS_SUBJECT

 

By default, emails with no message will get a score of 2, meaning the emails will not be flagged as spam. To flag emails with no message as space, add the following to /etc/mail/spamassassin/local.cf.

score EMPTY_MESSAGE 5.0

 

Restart SpamAssassin and the SpamAssassin Milter for this change to take effect.

systemctl restart spamassassin
systemctl restart spamass-milter

 

Send an email with no message and /var/log/maillog should have a score of 5.0/5.0 and flag the email as ​identified spam.

Feb 27 10:57:30 ip-172-31-19-227 spamd[378]: spamd: identified spam (5.0/5.0) for sa-milt:992 in 0.1 seconds, 913 bytes.
Feb 27 10:57:30 ip-172-31-19-227 spamd[378]: spamd: result: Y 5 - EMPTY_MESSAGE scantime=0.1,size=913,user=sa-milt,uid=992,required_score=5.0,rhost=::1,raddr=::1,rport=36316,mid=<202302271057.31RAvUgY000392@ip-172-31-19-227.ec2.internal>,autolearn=no autolearn_force=no

 




Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee



Comments


Add a Comment


Please enter 2e088d in the box below so that we can be sure you are a human.