Table of content

Configuration
Usage
Integration
1. Postfix
  1. Content filter
  2. Milter

SpamAssassin can classify the mail and in particular detect if it is spam or viruses. For this, it relies on several strategies: message analysis, blacklists querying, use of SPF records, …

Requirement: Postfix
Reference: SpamAssassin, Postfix Milter

Build information

Ensure the following options:

mail/spamassassin

[x] AS_ROOT        Run spamd as root (recommended)
[x] SSL            SSL protocol support
[x] MYSQL          MySQL database support
[x] DKIM           Verify DKIM records (mail/p5-Mail-DKIM)
[x] SPF_QUERY      Verify SPF records (mail/p5-Mail-SPF)
(x) GNUPG2         GnuPG 2 (security/gnupg)

mail/spamass-milter

1	`# No required options`

Configuration

The SpamAssassin configuration is located in the /usr/local/etc/mail/spamassassin/ directory, the main configuration file is local.cf. In this example we keep the default configuration.

The spamd process is started under the spamd user identity and as it is to set up a server type usage, only the global configuration will be considered (ie: no user configuration).

rc.conf

1 2	`spamd_enable="YES" spamd_flags="-x -u spamd --socketpath=/var/run/spamd.sock"`

Usage

The spamc command will allow to ask the SpamAssassin daemon to decide on the status of the message. Below, messages weighting more than 100K or taking more than 10s to analyze will be considered as valid. This command is of course rarely invoked manually as it is integrated into the mail server operation.

Analysing message

1	`spamc -t 10 -s 102400 -U /var/run/spamd.sock < message`

Rules can be updated (and should) using:

Updating SpamAssassin rules

1 2	`sa-update sa-compile`

Integration

Postfix

It is possible to apply SpamAssassin using either a content filter or milter (mail filter)

Content filter

The master.cf defines how the client program connects to the service and what daemon is invoked when a service is requested. The original configuration is modified to allow e-mails analysis by SpamAssassin

The content_filter=spamassassin filter is applied to smtp:

master.cf

1 2	`smtp inet n - n - - smtpd -o content_filter=spamassassin`

An entry is added for spamassassin:

master.cf

spamassassin unix -     n       n       -       -       pipe
user=nobody argv=/usr/local/bin/spamc -t 10 -s 102400
  -U /var/run/spamd.sock
  -e /usr/local/sbin/sendmail -oi -f ${sender} ${recipient}

Milter

Milter socket is added to the postfix configuration (if multiple sockets are to be used, they are coma-separated):

postfix/main.cf

1
2
3

# Milter
smtpd_milters           = unix:/var/run/spamass-milter.sock  # From smtpd daemon
non_smtpd_milters       = unix:/var/run/spamass-milter.sock  # From submission

The spamass-milter daemon must be enabled at startup, it will allow communication between the postfix milter and SpamAssassin, in the example below processing will be limited to 10s and to message size below 10Mo:

rc.conf

# SpamAssassin milter interface
# Limiting processing to 10s and to message below 10Mb
spamass_milter_enable="YES"
spamass_milter_localflags="-- -t 10 -s 102400 -U /var/run/spamd.sock"
spamass_milter_socket_group="mail"
spamass_milter_socket_mode="660"