Updated postfix+spamassassin+razor hint

Gerard Beekmans gerard at linuxfromscratch.org
Wed Jan 15 19:50:39 PST 2003

Version 1.2 attached.

Gerard Beekmans

-*- If Linux doesn't have the solution, you have the wrong problem -*-
-------------- next part --------------
TITLE		postfix+spamassassin+razor
AUTHOR		Gerard Beekmans <gerard at linuxfromscratch.org>

	Spamassassing and Razor are great spam fighting tools. To make
things even better, integrate it into your SMTP server to block spam at the
incoming level rather than at the user level through procmail recipies.


Version 1.2 - January 15th, 2003


1.2	- Updated for latest software versions
	- Using perl daemon for increased performance rather than start the
	  entire perl program for every incoming email.
	- Removed the spamassassin bug fix from version 1.1

1.1	- Added bugfix for the
	  /usr/lib/perl5/site_perl/5.6.1/Mail/SpamAssassin/PerMsgStatus.pm file

The main reason I've set it up at linuxfromscratch.org at the SMTP level is
to do a spam check before spam hits the mailinglists. Spam is then delivered
(I don't send spam by /dev/null by default myself) to Listar, but it's
tagged with special headers. Listar checks for these headers and then
forwards the spam to me for moderation. This is done just in case an email
was marked as spam mistakenly.

This hint does not deal with installing the Spamassassin or Razor programs.
I'll tell you where to get the software from:

Spamassassin:	http://www.spamassassin.org
Razor:		http://razor.sourceforge.net

Read the docs, install it. It's all very straightforward. I'll just deal
with setting it up to work in Postfix.

Let's continue with setting up postfix. The postfix distribution comes
with the README_FILES/FILTER_README file you want to read through. It
gives some background information on how the filtering works in Postfix
that we're going to use.

That FILTER_README file suggests you creating a dedicated filter user with
no home directory or shell. This won't work for us, because spamassassin
and razor need a home directory to work in. Perhaps this can be changed, I
haven't really checked that out yet. There are probably command line
options you can use to use alternate config files (I know Spamassasin's
has it, but I'm not sure that it will invoke Razor properly with a
different config file).

I created a user 'postfixfilter' by running:

	groupadd -g 612 postfixfilter &&
	useradd -u 612 -g 612 -m postfixfilter

Create the filter script that postfix will be running for every email that
comes in:

cat /usr/bin/postfixfilter << "EOF"

/usr/bin/spamc | /usr/sbin/sendmail -i "$@"

exit $?

Chown and chmod that file if you didn't create it as user postfixfilter but
as root or something.

What does it do? Postfix dumps an email to /usr/bin/postfixfilter. We
intercept it and dump to spamc. Spamc connects to the spamd daemon and will
run the spam checking tests, then pipe the rewritten email (now including
the spam result headers) to sendmail for continued delivery. It then exits
with whatever sendmail's return value was.

So, we need to have the spamd daemon running. I added it to the postfix
bootscript, using the command "spamd -d -u postfixfilter".

Next, configure postfix to do filtering.

Edit the /etc/postfix/master.cf (or where ever you keep your postfix
configuration files). Find the following line:

	smtp      inet  n       -       n       -       -       smtpd

It may look a bit different but this is the default. This is the line that
tells Postfix to listen on the smtp port (25) for incoming email and have
smtpd deal with it. This is the one we want to modify to filter that
incoming email first before delivering it. Directly below that line, add
this one:

	-o content_filter=postfixfilter:

It would be advisable to indent it with a tab or some spaces just so you
can easier see that it belongs to the previous line. Do not forget the
colon at the end of the postfixfilter. I'm not quite sure what it does, but
the FILTER_README file warns to include it, so just do it.

Append the following lines to the end of the master.cf file:

postfixfilter unix - n n - - pipe
        flags=Rq user=postfixfilter argv=/usr/bin/postfixfilter -f ${sender} -- ${recipient}

Okay, if you did exactly what I told you to do and I didn't forget to tell
you anything in this hint, then you are set to go. Reload postfix by

	postfix reload

Incoming mail should now be filtered for spam by spamassassin. You can
configure spamassassin and razor through the config files in

More information about the hints mailing list