Setup a Spam Filter with SpamAssasin with Postfix

If you receive a lot of spams here is a quick solution to filter spams using SpamAssasin and Postfix. Also spamd will be used (which is include within SpamAssasin). There are other implementations that we will cover in other tutorials.

Step 1. Install Postfix
-----------------------------
We will install Postfix from Ports:

cd /usr/ports/mail/postfix
make install

If you want to use Postfix with MySQL, you must check MySQL before compilation, also you may want to check Dovecot, to use Dovecot SASL authentication method. We recommend you dovecot over cyrus-imap.

After installation, configure postfix by editing: /usr/local/etc/postfix/master.cf and /usr/local/etc/postfix/main.cf

# -------------------- main.cf -----------------------------------------
queue_directory = /var/spool/postfix
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix
mail_owner = postfix
unknown_local_recipient_reject_code = 550
mynetworks_style = host

debug_peer_level = 2

debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         xxgdb $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/local/sbin/sendmail
mailq_path = /usr/local/bin/mailq
setgid_group = maildrop
html_directory = no
manpage_directory = /usr/local/man
sample_directory = /usr/local/etc/postfix
readme_directory = no
#smtpd_recipient_restrictions = check_relay_domains, permit

mydomain = example.com
myhostname = firewall.$mydomain
myorigin = $myhostname
mydestination = $myhostname, localhost,$mydomain

mynetworks = 10.0.0.5/32
mynetworks_style = subnet
# --------- end of file main.cf --------------------

Also add the following line to /etc/rc.conf
postfix_enable="YES"

Notes:
Note1
--------
Don't forget to setup in main.cf the variable: mydestination = $myhostname, localhost,$mydomain
If you forget to do that, you will get rely denied error, and emails that comes to your domain name will be rejected.
If you have many domains you can use transport_maps variable:

mydestination = $mydomain, $myhostname, $transport_maps, localhost

Transport maps can be also used from within mysql (for large mail servers with postfix compiled and configured with virtual users and MySQL support. If you are interested there is a tutorial on that topic on our website.

Note2
--------
Make sure you either add your IP in main.cf with your mynetworks variable or setup smtp server with authentication and allow your username to use SMTP with authentication.

mynetworks = 10.0.0.2/32


Step 2. Install SpamAssasin
---------------------------------------
cd /usr/ports/mail/p5-Mail-SpamAssassin
make install


Step 3. Configure SpamAssasin
--------------------------------------------
After compilation and installation of SpamAssasin (which is written in Perl) from ports, as described in Step 2, create a config file for spamassasin:

touch /usr/local/etc/mail/spamassasin/local.cf

with the following content:
# ---------- local.cf --------------
rewrite_header Subject *****SPAM*****

# trusted_networks 10.0.0.
# lock_method flock
# use_bayes 1
# bayes_auto_learn 1

required_score 5.0
report_safe     1

whitelist_from dan@example.com This email address is being protected from spam bots, you need Javascript enabled to view it
# --------- end of local.cf

If you want to catch more spams, but also you will have more false positive, lower required_score. Higher score will catch less spams.


Step 4. Start spamd
----------------------------
Edit /usr/local/etc/rc.d/sa-spamd and change spamd_enable to "YES".
Then, start spamd:

/usr/local/etc/rc.d/sa-spamd start


Step 5. Edit master.cf and add support for spamassasin
-------------------------------------------------------------------
Edit /usr/local/etc/postfix/master.cf, replace line:

smtp      inet  n       -       n       -       -       smtpd
with:
smtp      inet  n       -       -       -       -       smtpd
        -o content_filter=spamassassin

And then add the following lines to master.cf.

spamassassin unix -     n       n       -       -       pipe
        user=spamd argv=/usr/local/bin/spamc -f -e
        /usr/sbin/sendmail -oi -f ${sender} ${recipient}


Step 6. Restart postfix and test the setup
---------------------------------------------------------

/usr/local/etc/rc.d/postfix restart