postfix+spamassassin+razor.txt

Gerard Beekmans gerard at linuxfromscratch.org
Wed Oct 15 17:03:06 PDT 2003


Hi there,

The 'cat' command was missing the > character for output redirection.
Attached fixed version.

-- 
Gerard Beekmans
http://linuxfromscratch.org

/* Linux Consultant --- OSDN / DevChannel *
 * Technical Writer --- CheapBytes        */

/* If Linux doesn't have the solution, you have the wrong problem */

-------------- next part --------------
AUTHOR: Gerard Beekmans <gerard at linuxfromscratch.org>

DATE: 2003-10-09

LICENSE: BSD

SYNOPSIS: Integrating SpamAssassin and Razor into Postfix

DESCRIPTION:
Spamassassing and Razor are great spam fighting tools. To make things even
better, integrate it into your SMTP server to block spam at the incoming
level rather than at the user level through procmail recipies.

PREREQUISITES:	Postfix		- http://www.postfix.org
		SpamAssassin	- http://www.spamassassin.org
		Razor		- http://razor.sourceforge.net

HINT:

The main reason for setting up SpamAssassin + Razor at linuxfromscratch.org
at the SMTP level is to do a spam check before spam hits the mailinglists.
If a message is determined to be spam, Postfix will reject the message.

Note:	this hint does not deal with installing the Spamassassin or Razor
	programs. Download the programs (URLs above) and read the
	documentation. They're not hard to setup.

The Postfix distribution comes with the README_FILES/FILTER_README file you
want to read through. It gives some background information on how filtering
works in Postfix (which is what we will be doing).

That FILTER_README file suggests you creating a dedicated filter user with
no home directory or shell. This won't work for us, because spamassassin
and razor need a directory to work in and write files to. I decided to call
the user and group "postfixfilter". It seemed appropriate enough. Create
this group and user the same way you would create any other user and group.

Create the filter script that Postfix will be running for every email that
comes in:

cat > /home/postfixfilter/postfixfilter << "EOF"
#!/bin/bash

/usr/bin/spamc | /usr/sbin/sendmail -i "$@"

exit $?
EOF

Chown and chmod that file if you didn't create it as user postfixfilter.

What does it do? Postfix dumps an email to the
/home/postfixfilter/postfixfilter script. We intercept it and dump it to
spamc. Spamc connects to the spamd daemon and will run the spam checking
tests, then pipe the rewritten email (now including the spam result
headers) to sendmail for continued delivery. It then exits with whatever
sendmail's return value was.

So, we need to have the spamd daemon running. I added it to the postfix
bootscript, using the command "spamd -d -u postfixfilter".

Next, configure Postfix to start filtering.

Edit the /etc/postfix/master.cf (or where ever you keep your postfix
configuration files). Find the following line:

	smtp      inet  n       -       n       -       -       smtpd

It may look a bit different but this is the default. This is the line that
tells Postfix to listen on the smtp port (25) for incoming email and have
smtpd deal with it. This is the line we want to modify in order for
incoming email to be filtered (checked for spam in our case) before
delivery. Directly below that line, add this one:

	-o content_filter=postfixfilter:

It would be advisable to indent it with a tab or some spaces just so it's
easier to see that it belongs to the previous line. Do not forget the
colon at the end of the postfixfilter. I'm not quite sure what it does, but
the FILTER_README file warns to include it, so just do it.

Append the following lines to the end of the master.cf file:

postfixfilter unix - n n - - pipe
        flags=Rq user=postfixfilter argv=/home/postfixfilter/postfixfilter -f ${sender} -- ${recipient}


Okay, if you did exactly what I told you to do and I didn't forget to tell
you anything, then you are set to go. Reload postfix by running:

	postfix reload

Incoming mail should now be filtered for spam by spamassassin. You can
configure spamassassin and razor through the config files in
/home/postfixfilter

If you want to get rid of spam right here at the SMTP level, you can
continue with configuring Postfix to reject or discard all spam after
SpamAssassin has tagged mail as such. This is accomplished by telling
Postfix to check for certain headers and take appropriate action.

Add the following option to the /etc/postfix/main.cf file:

	header_checks = regexp:/etc/postfix/regexp_header

Create the /etc/postfix/regexp_header file and add this line to it:

	/^X-Spam-Flag: YES/	REJECT I don't like spam. I prefer bison.

This will cause Postfix to reject all mail that contain the X-Spam-Flag:
header with the value of 'YES'. The reject message "I don't like spam. I
prefer bison" is optional. If not present the generic message "message
content rejected" will be sent back. Check the access(5) man page for
options other than REJECT. DISCARD is an often used one which pretends to
be a successful delivery and silently discards the message.

CHANGELOG:
[2003-10-15]
	* Fix bug in cat command (forgot the > character to redirect to the
	  output file)

[2003-10-11]
	* Completed pre-requisites section.

[2003-10-09]
	* Rewrite to comply with the new hint format guidelines.
	* Rewrite text to match the current setup on the LFS server.

[2003-01-15]
	* Updated for latest software versions
	* Using perl daemon for increased performance rather than start the
	  entire perl program for every incoming email.
	* Removed the spamassassin bug fix from version 1.1

[Unknown date]
	* Added bugfix for the
	  /usr/lib/perl5/site_perl/5.6.1/Mail/SpamAssassin/PerMsgStatus.pm file

[Unknown date]
	* Initial release.




More information about the hints mailing list