SpamAssassin and Amavisd: Go Ninja On Your UBE Woes

Published on: August 25, 2004
Last Updated: August 25, 2004

SpamAssassin and Amavisd: Go Ninja On Your UBE Woes

Published on: August 25, 2004
Last Updated: August 25, 2004

The bad news is, it’s SpamAssassin, not SpammerAssassin. The good news is it kills spam quite effectively, and fits nicely into an anti-spam, anti-virus gateway.

This article, which shows how to use SpamAssassin with Postfix, is the first in a series on building an anti-spam and anti-virus gateway. This gateway works equally well for a single PC, or for a large network, and it’s built of four components:

  • Postfix
  • SpamAssassin
  • Amavisd-new
  • ClamAV

Prerequisite: An existing Postfix server, that is running well and happily. The other bits are add-ons to Postfix.

They work just fine with other mail transfer agents (MTAs) (define) like qmail, Exim, and Sendmail, but this series will center around Postfix.

You should also save yourself a batch of spams for testing.

But I Don’t Run Windows

That’s all right, you will still benefit from this. You can probably omit Clam Anti-Virus, and just use SpamAssassin.

I Confess, I Run Windows

If you run any Windows hosts, then by gosh you absolutely need this, every bit of it. Before investing time and energy in building this anti-spam/anti-virus gateway, do take some elementary precautions:

Remove:

Replace them with any of the following fine free email clients and Web browsers:

  • Eudora Mail
  • Pegasus Mail
  • Mozilla/Netscape Mail
  • Opera Mail
  • Opera Web Browser
  • Mozilla/Netscape Web Browser

You have now closed off the major malware ports of entry, and can move on to the next steps.

Amavisd-new And SpamAssassin

Install Amavisd-new and SpamAssassin. Then all configuration will take place in /etc/amavis/amavisd.conf, you won’t use SpamAssassin’s configuration file at all.

Amavisd-new is a SMTP (define) proxy that will take over all the content filtering for Postfix.

If you already have some unsolicited bulk email (UBE) controls in place in Postfix, Amavisd-new will supersede them.

Amavisd-new mediates between SpamAssassin and Postfix. Postfix hands off incoming messages to Amavisd-new, which processes them via SpamAssassin, then hands over whatever remains to Postfix for delivery to users’ inboxes.

On a typical day, 90% of incoming mail may be rejected at the server. Isn’t that special?

You also have the option of simply tagging spam as ***SPAM***, and delivering it to users to dispose of in their own fashion.

After installing Amavisd-new, there is much configuring to do. Create /var/log/amavis.log, and assign ownership to the “amavis” user and group, which should have been created by the package manager. If they weren’t, create them now.

/etc/amavis/amavisd.conf is the master configuration file, and it is huge. Take the time to study it, as it is well-commented. Start in Section 1.

Find $mydomain and $myhostname and give them values appropriate for your system. Then find and uncomment these lines:

$forward_method = 'smtp:127.0.0.1:10025'; # where to forward checked mail

$notify_method = $forward_method; # where to submit notification

That tells Amavisd-new to forward messages back to Postfix for final delivery.

Now start the SpamAssassin configuration. SpamAssassin will be configured here, you will not use SpamAssassin’s configuration file. In Section 1 comment out

@bypass_spam_checks_acl  = qw( . );

Section IV tell Amavisd-new what to do with messages marked as spam. This setting delivers them to the recipients, who can easily filter them to a junk mail folder, because the subject line will says ***SPAM***:

$final_spam_destiny = D_PASS; # (defaults to D_REJECT)

This setting drops them at the server, with no notice to the sender:

$final_spam_destiny = D_DISCARD; # (defaults to D_REJECT)

Pick one. A third option is to reject the spam, and also send a 5xx non-delivery message:

$final_spam_destiny = D_REJECT

This is the correct behavior for a MTA. But I don’t see any point in wasting bandwidth on SMTP messages to fake addresses just to adhere to protocol.

Section VII configures SpamAssassin:

$sa_tag_level_deflt  = -999; # add spam info headers if at, or above that level

$sa_tag2_level_deflt = 5.0; # add 'spam detected' headers at that level

$sa_kill_level_deflt = -999; # triggers spam evasive actions

# string to prepend to Subject header field when message exceeds tag2 level

$sa_spam_subject_tag = '***SPAM*** ';

And finally, the “amavis” user must own SpamAssassin files:

# chown -R amavis:amavis /usr/share/spamassassin

Now make sure Amavisd-new is stopped, and check the configuration with the built-in debugger:

# /etc/init.d/amavis stop
# amavis debug

This spits out a configuration summary; all you need to worry about are error messages. If it reports any errors, they must be fixed before proceeding.

Next, start Amavisd-new back up and connect with telnet to confirm that Amavisd-new is running:

# /etc/init.d/amavis start
$ telnet 127.0.0.1 10024
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 [127.0.0.1] ESMTP amavisd-new service ready

Amvisd-new is running, so quit telnet:

^]
telnet> quit
Connection closed.

Configuring Postfix To Use Amavisd-new

Now it’s time to set up Postfix to use Amavisd-new. This is a fairly generic configuration, ace Postfix admins may futz and tweak to suit themselves.

If you’re not real experienced with this part of Postfix, the book “Postfix,” by Richard Blum, is a first-rate reference.

Add this to the end of /etc/postfix/master.cf:

smtp-amavis unix -   -     n   -    2  smtp
    -o smtp_data_done_timeout=1200
    -o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd
   -o content_filter=
   -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
   -o local_recipient_maps=
   -o relay_recipient_maps=
   -o smtpd_restriction_classes=
   -o smtpd_client_restrictions=
   -o smtpd_helo_restrictions=
   -o smtpd_sender_restrictions=
   -o smtpd_recipient_restrictions=permit_mynetworks,reject
   -o mynetworks=127.0.0.0/8
   -o smtpd_authorized_xforward_hosts=127.0.0.0/8
   -o strict_rfc821_envelopes=yes

Then add this line to /etc/postfix/main.cf:

content_filter = smtp-amavis:[127.0.0.1]:10024

Then do a complete stop-start cycle for Postfix:

# /etc/init.d/postfix stop
# /etc/init.d/postfix start

And you now have a nice spam filter on your mail server. Start sending yourself the saved spams for testing.

You can run SpamAssassin on Postfix without using Amavisd-new. See the SpamAssassin Wiki for howtos on different ways of installing and using SpamAssassin. ClamAV needs Amavisd-new, so it’s easy to let it manage SpamAssassin as well.

Come back next week for the exciting installment on installing and using Clam Anti-Virus.

Stay on top of the latest technology trends — delivered directly to your inbox, free!

Subscription Form Posts

Don't worry, we don't spam

Written by Bobby

Bobby Lawson is a seasoned technology writer with over a decade of experience in the industry. He has written extensively on topics such as cybersecurity, cloud computing, and data analytics. His articles have been featured in several prominent publications, and he is known for his ability to distill complex technical concepts into easily digestible content.