Tackle spam with SpamAssassin on CentOS 7 & Postfix

Posted on Sun, 26 February 2017 in development, ops

On some cases you need to maintain your own mail server, for example for development purposes. This article is another quick technical walkthrough, on how to install SpamAssassin to accompany Postfix on CentOS 7 Linux platform.

Prerequisites

The following assumptions are made:

  • CentOS 7.2
  • Postfix 3.1 (same configuration works on 2.10 also)
  • SpamAssassin 3.4.0

You can check the Postfix version with

postconf -d | grep mail_version

And the SpamAssassin version with

spamassassin -V

Install and configure SpamAssassin

Install SpamAssassin

yum update
yum install spamassassin

Configure SpamAssassin by editing the configuration file

vi /etc/mail/spamassassin/local.cf

Uncomment, or insert the following:

required_hits 5.0
report_safe 0
required_score 5
rewrite_header Subject [SPAM]

Add new user to run SpamAssassin. -g = add to group spamd, -s /bin/false = No shell (does not mean, cannot access via SSH!), -d = home dir

groupadd spamd
useradd -g spamd -s /bin/false -d /var/log/spamassassin spamd
chown spamd:spamd /var/log/spamassassin

Enable (if not automatically enabled) and start the service

systemctl enable spamassassin
systemctl start spamassassin

Update the spam rules by running

sa-update

Configure Postfix to use SpamAssassin

Configure the Postfix by editing the master.cf configuration file.

Open conf in editor

vi /etc/postfix/master.cf

On the top, replace

smtp      inet  n       -       n       -       -       smtpd

with

smtp      inet  n       -       n       -       -       smtpd -o content_filter=spamassassin

Add this as the last line:

spamassassin unix - n n - - pipe flags=R user=spamd argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}

Restart Postfix

systemctl restart postfix

Test the spam detection

Test, by sending an email outside of this mail server.

Title does not matter, enter XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34Xas the message body.

If all went well, your inbox should now have an email with a title beginning with [SPAM].

You shoud check the logs, what just happened, by querying journal with:

journalctl | grep spam

Automate the spam definition updates

Automatic definition updates with cron (run every night at 01.00)

00 01 * * * root /bin/sa-update && /sbin/service spamassassin restart

Check, that it has been run:

grep "sa-update" /var/log/cron

There we go, most spam should now be marked as such.

Further reading

SpamAssassin docs.