You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by Apache Wiki <wi...@apache.org> on 2007/02/27 00:54:55 UTC

[Spamassassin Wiki] Update of "IntegratePostfixViaSpampd" by RodRoark

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Spamassassin Wiki" for change notification.

The following page has been changed by RodRoark:
http://wiki.apache.org/spamassassin/IntegratePostfixViaSpampd

------------------------------------------------------------------------------
  
  I found that with this setup on my sever, SpamAssassin couldn't determine the envelope sender as needed for certain rules (e.g. DNS_FROM_*, NO_DNS_FOR_FROM, SPF_*).  I fixed this by passing the --sef (--seh could work as well; but see documentation first) switch to spampd and then adding {{{ envelope_sender_header X-Envelope-From }}} to my SpamAssassin config. - JoshuaPettett
  
+ == Spampd as a Before-Queue Content Filter ==
+ 
+ Following the guidelines at http://www.postfix.org/SMTPD_PROXY_README.html I was able to install spampd as a before-queue filter on an Ubuntu server.  This allows rejection of spam before the connection with the offending SMTP client has been lost, thus eliminating the impossible choice of what to do about false positives in the case where you don't want users to be bothered with having to review their spam.
+ 
+ In a nutshell, it goes like this:
+ 
+ (1) Use Synaptic to install spampd, spamassassin, libnet-dns-perl and libmail-spf-query-perl.
+ 
+ (2) Make /root/.spamassassin writable for the spampd user.
+ 
+ (3) Edit /etc/default/spampd to set "STARTSPAMPD=1" and to make any other desired changes.
+ 
+ (4) Edit /etc/spamassassin/local.cf and make any desired changes. I set use_bayes to 0 to avoid the overhead and complexity of Bayesian filtering.
+ 
+ (5) Run sa-update to bring the filters up to date, and create a cron script /etc/cron.daily/spampd looking like this to perform these updates daily:
+ {{{
+ #!/bin/sh
+ sa-update
+ true
+ }}}
+ 
+ (6) Edit /etc/postfix/master.cf.  The following replaces the initial "smtp" entry:
+ {{{
+ #
+ # Before-filter SMTP server. Receive mail from the network and
+ # pass it to the content filter on localhost port 10025.
+ #
+ smtp      inet  n       -       -       -       20      smtpd
+         -o smtpd_proxy_filter=127.0.0.1:10025
+         -o smtpd_client_connection_count_limit=10
+ #
+ # After-filter SMTP server. Receive mail from the content filter
+ # on localhost port 10026.
+ #
+ 127.0.0.1:10026 inet n  -       n       -        -      smtpd
+         -o smtpd_authorized_xforward_hosts=127.0.0.0/8
+         -o smtpd_client_restrictions=
+         -o smtpd_helo_restrictions=
+         -o smtpd_sender_restrictions=
+         -o smtpd_recipient_restrictions=permit_mynetworks,reject
+         -o smtpd_data_restrictions=
+         -o mynetworks=127.0.0.0/8
+         -o receive_override_options=no_unknown_recipient_checks
+ }}}
+ 
+ (7) Create /etc/postfix/header_checks like this:
+ {{{
+ /X-Spam-Level: \*{7,}/ REJECT Looks like spam to me.
+ }}}
+ 
+ (8) Edit /etc/postfix/main.cf to include this:
+ {{{
+ header_checks = pcre:/etc/postfix/header_checks
+ }}}
+ 
+ (9) Run "/etc/init.d/spampd start" and "/etc/init.d/postfix restart".
+ 
+ Naturally, other distributions will require variations from this procedure.
+ 
+ - RodRoark
+