November 18, 2020 Roberto Puzzanghera25 comments
SpamAssassin is a mature, widely-deployed open source project that serves as a mail filter to identify Spam. SpamAssassin uses a variety of mechanisms including header and text analysis, Bayesian filtering, DNS blocklists, and collaborative filtering databases. SpamAssassin runs on a server, and filters spam before it reaches your mailbox.
Razor2
, Pyzor
and Spamcop
configuration (thanks to Gabriel Torres for the hint).spamassassin
to version 3.4.3 and 3.4.4Here is how to update quickly:
qmailctl stop spamdctl stop perl -MCPAN -e shell cpan> o conf prerequisites_policy ask cpan> force notest install Mail::SpamAssassin Mail::SpamAssassin::Plugin::Razor2 cpan> force install BSD::Resource cpan> quit sa-update
I enabled all new plugins from /etc/mail/spamassassin/v343.pre.
Finally you have to apply this modification to the txrep
table, as the column count
was renamed (tx Tony Fung):
ALTER TABLE `txrep` CHANGE `count` `msgcount` INT(11) NOT NULL DEFAULT '0';
Then restart spamd
and qmail
spamdctl start qmailctl start
Create the spamd
user and group, prepare config and log dirs:
mkdir -p /etc/mail/spamassassin /home/spamd /var/log/spamassassin groupadd spamd useradd -g spamd -d /home/spamd spamd chown -R spamd:spamd /home/spamd chgrp apache /var/log/spamassassin chmod g+w /var/log/spamassassin
You have to assign +w
priviledges to apache
in the log dir because if you decide to store there your spam reports created with the Roundcube
's markasjunk
plugin, which is runned by apache
.
Vipul's Razor is a distributed, collaborative, spam detection and filtering network. Through user contribution, Razor establishes a distributed and constantly updating catalogue of spam in propagation that is consulted by email clients to filter out known spam. Detection is done with statistical and randomized signatures that efficiently spot mutating spam content. User input is validated through reputation assignments based on consensus on report and revoke assertions which in turn is used for computing confidence values associated with individual signatures.
Download and install razor-agent-sdk
and razor-agent
:
cd /usr/local/src wget https://downloads.sourceforge.net/project/razor/razor-agents-sdk/2.07/razor-agents-sdk-2.07.tar.bz2 wget https://downloads.sourceforge.net/project/razor/razor-agents/2.85/razor-agents-2.85.tar.bz2 tar xjf razor-agents-sdk-2.07.tar.bz2 cd razor-agents-sdk-2.07 chown -R root:root . perl Makefile.PL make make install cd .. tar xjf razor-agents-2.85.tar.bz2 cd razor-agents-2.85 chown -R root:root . perl Makefile.PL make make install
Razor2
requires reporters to be registered. This lets reporters build a reputation over time, so their reports and revocations are weighed according to their reputation value.
Register yourself and create the config directory:
mkdir -p /etc/mail/spamassassin/.razor razor-admin -home=/etc/mail/spamassassin/.razor -register razor-admin -home=/etc/mail/spamassassin/.razor -create razor-admin -home=/etc/mail/spamassassin/.razor -discover
Set up permissions
chgrp apache /etc/mail/spamassassin/.razor/identity-* chmod 640 /etc/mail/spamassassin/.razor/identity-* chmod 644 /etc/mail/spamassassin/.razor/razor-agent.log
Again, you have to assign +r
priviledges to apache
to let it call Razor
reports via RC's markasjunk
plugin.
Tell Razor2
where it lives adding this line to /etc/mail/spamassassin/.razor/razor-agent.conf and setup the log dir
razorhome = /etc/mail/spamassassin/.razor/ logfile = /var/log/spamassassin/razor-agent.log
We will enable Razor2
once spamassassin
has been installed.
Pyzor is a collaborative, networked system to detect and block spam using digests of messages. Using Pyzor client a short digest is generated that is likely to uniquely identify the email message.
You can install Pyzor via pip
or pip3
pip3 install pyzor
or, as an alternative, you can download the source and install in the usual way
cd /usr/local/src
wget https://files.pythonhosted.org/packages/75/9d/e38a18d8c932f397537cda0d03a606314611fe1ebd8b24ed8fdd4df23191/pyzor-1.0.0.tar.gz
tar xzf pyzor-1.0.0.tar.gz
cd pyzor-1.0.0
chown -R root:root .
python setup.py build
python setup.py install
Create the pyzor
directory:
mkdir -p /etc/mail/spamassassin/.pyzor chown spamd:spamd /etc/mail/spamassassin/.pyzor
We will enable pyzor
later.
Spamcop is a known spam blocking list which works also as a reporting system sending warning information to the internet service provider responsible for hosting the services used by the spammer (web sites and email sending sites). SpamCop also uses the information to generate SpamCop's free blocking list.
Register an account here. Note: the captcha filter is not working here on my chromium browser; it works with firefox. At the end of the procedure you will get a unique e-mail address (something like submit.xxxxxxxxxxxxxxxxxxx@spam.spamcop.net) that you have to pass to spamassassin
in order to send the reports to spamcop
. We will see below how to set up SA accordingly.
Finally install spamassassin
via cpan
perl -MCPAN -e shell o conf commit prerequisites_policy ask install Mail::SpamAssassin quit
These modules are missing and must be installed from CPAN. Some of them have dependencies as well...
At the end this is how I have installed everything. Reply yes if dependencies are found, install in this order and force install when needed.
perl -MCPAN -e shell o conf prerequisites_policy ask force notest install Socket6 IO::Socket IO::Socket::INET6 LWP MD5 CPAN::DistnameInfo Mail::DKIM
Installed prerequisites of Net::DNS:
force notest install Test::More MIME::Base64 Digest::MD5 Digest::HMAC_MD5 Net::IP
Continue installing (always from CPAN):
force notest install Net::Ping Net::DNS Time::HiRes Digest::SHA1 Getopt::Long Digest::Nilsimsa URI::Escape HTML::Parser HTTP::Date IO::Zlib Archive::Tar Mail::SPF force notest install Mail::SPF::Query Net::Ident IO::Socket::SSL Mail::DomainKeys Mail::DKIM LWP::UserAgent HTTP::Date Encode::Detect BSD::Resource
Install these modules
force notest install Storable DB_File Net::SMTP BerkeleyDB force notest install Geo::IP IO::Socket::IP Net::Patricia
Finally, if everything is ok install spamassassin
and Razor
via CPAN
force notest install Mail::SpamAssassin Mail::SpamAssassin::Plugin::Razor2
I had to skip the tests because of many errors... anyway it works.
You can find the config files into /etc/mail/spamassassin
> cd /etc/mail/spamassassin > ls init.pre local.cf v310.pre v312.pre v320.pre v330.pre
# Add *****SPAM***** to the Subject header of spam e-mails # rewrite_header Subject *****SPAM***** # put here your subnet trusted_networks 10.0.0. # Set the threshold at which a message is considered spam (default: 5.0) required_score 5.0 use_bayes 1 bayes_auto_learn 1 use_txrep 1 txrep_factory Mail::SpamAssassin::SQLBasedAddrList
Tell spamassassin where Razor2 and Pyzor live
razor_config /etc/mail/spamassassin/.razor/razor-agent.conf pyzor_options --homedir /etc/mail/spamassassin/.pyzor pyzor_timeout 20
Finally configure Spamcop
. spamcop_to_address
is the address where to submit your reports, while spamcop_from_address
is an email where you want to receive a feedback from the reporting system each time a spam message has been reported.
spamcop_from_address postmaster@yourdomain.tld spamcop_to_address submit.xxxxxxxxxxxxxxx@spam.spamcop.net
# RelayCountry - add metadata for Bayes learning, marking the countries # a message was relayed through # # Note: This requires the IP::Country::Fast Perl module # loadplugin Mail::SpamAssassin::Plugin::RelayCountry # URIDNSBL - look up URLs found in the message against several DNS # blocklists. # loadplugin Mail::SpamAssassin::Plugin::URIDNSBL # Hashcash - perform hashcash verification. # loadplugin Mail::SpamAssassin::Plugin::Hashcash # SPF - perform SPF verification. # loadplugin Mail::SpamAssassin::Plugin::SPF
Enable Razor2
, Pyzor
and Spamcop
# Pyzor - perform Pyzor message checks. # loadplugin Mail::SpamAssassin::Plugin::Pyzor # Razor2 - perform Razor2 message checks. # loadplugin Mail::SpamAssassin::Plugin::Razor2 # SpamCop - perform SpamCop message reporting # loadplugin Mail::SpamAssassin::Plugin::SpamCop
Run this debug command. If you get no error you are ready to run the daemon.
sudo -u spamd -H spamassassin -D --lint
Check if the headers are inserted:
echo -e "From: myself@mymailserver.net\nTo:myfriend@domain.net\nSubject: test\n\n" | spamc Received: from localhost by qmail.mymailserver.net with SpamAssassin (version 3.3.1); Tue, 30 Nov 2010 23:18:37 +0100 From: myself@mymailserver.net To: myfriend@domain.net Subject: test X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-04-18) on qmail.mymailserver.net X-Spam-Flag: YES X-Spam-Level: ***** X-Spam-Status: Yes, score=5.4 required=5.0 tests=BAYES_99,FREEMAIL_FROM, MISSING_DATE,MISSING_MID,NO_RECEIVED,NO_RELAYS,TVD_SPACE_RATIO, T_TO_NO_BRKTS_FREEMAIL autolearn=no version=3.3.1
In order to test the learning system save a raw spam message into spam.txt and run sa-learn
in this way (supposing that postmaster@yourdomain.tld is the email recipient)
sa-learn --debug --spam -upostmaster@yourdomain.tld spam.txt
This is how to test that the message is reported to Razor
, Pyzor
and Spamcop
you have to pass spamassassin
the --report
option:
spamassassin --debug --report --nocreate-prefs < spam.txt
sa-update
sa-update
updates the rules (it requires gpg 1.4
). Before running spamassassin
for the first time download the rules:
sa-update
Add to your crontab this line to update the rules once a day
# spamassassin update 30 3 * * * /usr/bin/sa-update --nogpg -v &
The -v
option will produce an email notification to postmaster.
Download the startup script from here. You have to replace the IP of your firewall and place it in /usr/local/bin/spamdctl
or /etc/rc.d/rc.spamd
and make it executable. Check that the path where you daemon has been installed (/usr/local/bin/spamd
or /usr/local/bin/spamd
) matches the one in the run script.
NB: in what follows <external-IP/firewall-IP> is the IP address of your mail server, as seen from the internet.
#!/bin/sh # Spamd init script for Slackware # August, 2th 2003 # Martin Ostlund, nomicon # Modified slightly by Troy Belding for Qmailrocks - February 23, 2004 # # Modified by Roberto Puzzanghera - September 02, 2014 # November 17, 2020: moved log file to /var/log/spamassassin/spamd.log DAEMON=/usr/local/bin/spamd NAME=spamd SNAME=spamdctl DESC="SpamAssassin Mail Filter Daemon" LOGFILE=/var/log/spamassassin/spamd.log PIDFILE="/var/run/$NAME.pid" PNAME="spamd" DOPTIONS="-x -u spamd -A 127.0.0.1,<external-IP/firewall-IP> -s $LOGFILE -H /home/spamd -d --pidfile=$PIDFILE" KILL="/bin/kill" KILLALL="/bin/killall" # Defaults - don''t touch, edit /etc/mail/spamassassin/local.cf ENABLED=0 OPTIONS="" set -e case "$1" in start) echo -n "Starting $DESC: " $DAEMON $OPTIONS $DOPTIONS echo "$NAME." ;; stop) echo -n "Stopping $DESC: " $KILL -9 `cat $PIDFILE` /bin/rm $PIDFILE echo "$NAME." ;; restart|force-reload) echo -n "Restarting $DESC: " $0 stop $0 start echo "$NAME." ;; *) ME=/usr/local/bin/$SNAME echo "Usage: $ME {start|stop|restart|force-reload}" >&2 exit 1 ;; esac exit 0
Now check that spamd
is running:
> spamdctl start > ps axfu root 1859 0.1 3.4 139360 61044 ? Ss 19:00 0:01 /usr/bin/spamd -x -u spamd -A 127.0.0.1,<external-IP> -H /home/spamd -d --pidfile=/var/run/spamd.pid spamd 1860 0.0 3.2 139360 58984 ? S 19:00 0:00 \_ spamd child spamd 1861 0.0 3.2 139360 58984 ? S 19:00 0:00 \_ spamd child
Type spamd -c
to learn how to use spamd
. See also http://spamassassin.apache.org/full/3.4.x/doc/spamd.html
To start spamassassin
at boot time put your startup script in your rc.local
:
/usr/local/bin/spamdctl start &
Create a file /etc/logrotate.d/spamd
like this (slackware) to rotate daily your spamd
logs:
cat > /etc/logrotate.d/spamd << __EOF__ /var/log/spamassassin/spamd.log /var/log/spamassassin/razor-agent.log { rotate 5 daily missingok notifempty delaycompress postrotate [ -f '/var/run/spamd.pid' ] && (kill -HUP `cat /var/run/spamd.pid`) || exit 0 endscript } __EOF__
qmail-smtpd and OAUTH
March 2, 2021 10:29
problem with passwords containing special characters like %
March 2, 2021 10:24
qmail-smtpd and OAUTH
March 1, 2021 15:22
problem with passwords containing special characters like %
February 28, 2021 12:26
problem with passwords containing special characters like %
February 26, 2021 22:02
problem with passwords containing special characters like %
February 26, 2021 10:05
What about using --disable-many-domains on vpopmail configure ?
February 22, 2021 16:49
aliasdomain patch compilation issue
February 21, 2021 16:28
aliasdomain patch compilation issue
February 21, 2021 14:35
Lua backend
February 16, 2021 16:07
Tags
apache clamav dkim dovecot ezmlm fail2ban hacks lamp letsencrypt linux linux-vserver lxc mariadb mediawiki mozilla mysql openboard owncloud patches php proftpd qmail qmailadmin rbl roundcube rsync sieve simscan slackware spamassassin spf ssh ssl surbl tcprules tex ucspi-tcp vpopmail vqadmin
Comments
GEOIP Perl Module
kittonian June 16, 2020 20:47
For anyone still having issues with GEOIP or GEOIP2, I had to manually patch the file with the help of some freenode people.
Here's the link to the patch: https://github.com/neilgierman/awstats/compare/GeoIP2...Grinnz:patch-1
Reply | Permalink
Create .spamassassin/ dir
Gabriel Torres July 13, 2019 16:03
Here I had to manually create /etc/mail/spamassassin/.spamassassin/ and chown spamd:spamd otherwise I would see error messages in the log files saying that the tx-reputation file couldn't be created.
Reply | Permalink
SA scans only from external emails how to scan local emails?
munku January 12, 2018 02:49
Hi,
Spamassassin is installed correctly and is working fine for years and still is. While spamassassin scans incoming email from external sources, it does not scan emails that is being send locally, (from local to local or local to external domains). Is there a way to make it scan local emails as well? I tried modifying tcp rules to include simscan for local IP addresses but it still does not work.
thanks
Reply | Permalink
How to get SA scan local emails?
Roberto Puzzanghera munku January 12, 2018 19:04
Try to recompile simscan adding
to your configure. This should "turn on spam scanning for authenticated users (default no)."
Reply | Permalink
got error
kwa January 7, 2018 15:40
installed everithing, but got this error (slackware current)
anybody knows where to grab..
Reply | Permalink
got error
Roberto Puzzanghera kwa January 7, 2018 20:03
Let me understand... you upgraded perl and then your installed modules stopped to work?
Reply | Permalink
SSL and AUTH
Nicolas November 3, 2016 10:03
Hello,
Being a long time qmail user I recently wanted to switch to full SSL. Unfortunately I cannot succeed having both SSL and AUTH working at same time.
When using stunnel, it just creates an openrelay : any login/pass is considered as OK (all vars are the same as for normal smtp)
and stunnel_smtpd.conf
When using sslserver, I've no openrelay, but I don't get AUTH on prompt (I've well exported the SMTPAUTH var)
Has anybody succeeded having SSL and AUTH at same time ?
Reply | Permalink
I think I did manage to have
mizzio Nicolas November 11, 2016 12:59
I think I did manage to have SSL on 465 with AUTH. I had to play with the run file of the specific service (on my system, /var/qmail/service/smtpd-465/run). Can you post yours ?
Reply | Permalink
I don't use SSL 465
roberto puzzanghera mizzio November 11, 2016 15:23
I don't use SSL 465
Reply | Permalink
spamdctl DOPTIONS for IPv6
John D Trolinger July 14, 2016 01:12
Spamassassin 3.4.1 was not working. I was getting spamd.log hits
warn: spamd: unauthorized connection from ::1 [::1]:52080 to port 783, fd 5 at /usr/local/bin/spamd line 1600.
and spamd was not working at all.
I added ::1 in the spamdctl file like so:
DOPTIONS="-x -u spamd -A 127.0.0.1,::1 -s /var/log/spamd.log -H /home/spamd -d -c --pidfile=$PIDFILE"
Reply | Permalink
I think you have to check
roberto puzzanghera John D Trolinger July 14, 2016 10:26
I think you have to check that spamd is listening on IPv6 as well and eventually add a "-i [::1]:783" option to your spamdctl. Look here for details http://spamassassin.apache.org/full/3.4.x/doc/spamd.html
Reply | Permalink
IPv6
John roberto puzzanghera July 15, 2016 00:06
Roberto,
We have a new email server for 300 people thanks to your guide. Being able to use Roundcube with PGP was the key piece. I had to keep the old qmail / sqmail with the PGP plugin up until today.
IPv6 is working great and spamassassin is doing the job.
I sent you a couple of coffee's and we thank you for keeping the awesome qmail alive.
John D. Trolinger
Reply | Permalink
spamassassin error
rudi durieux February 23, 2016 11:41
Hi,
I have this error on load :
Thanks
Reply | Permalink
spamassassin error
Ivelin Topalov rudi durieux February 8, 2018 16:25
the problem is missing geoip-perl-api - solve like this:
Reply | Permalink
spamassassin error
Roberto Puzzanghera Ivelin Topalov February 8, 2018 17:19
GEO:IP is already mentioned above among the packages that must be installed via CPAN...
Reply | Permalink
I would try to see which
roberto puzzanghera rudi durieux February 23, 2016 14:51
I would try to see which module is missing looking inside that file/line
Reply | Permalink
did you installed GEO:IP?
roberto puzzanghera rudi durieux February 23, 2016 13:01
did you installed GEO:IP?
Reply | Permalink
I have this in cpan
rudi durieux roberto puzzanghera February 23, 2016 13:14
I have this in cpan
install Geo::IP
Geo::IP is up to date (1.45).
Reply | Permalink
Geo::IP
John D Trolinger rudi durieux July 14, 2016 01:27
I had to disable loadplugin Mail::SpamAssassin::Plugin::URILocalBL in v341.pre to get rid of this error in the spamd.log
error: Can't locate loadable object for module Geo::IP in @INC
Reply | Permalink
Change DB Spamassassin
Arturo May 10, 2015 14:10
For update Spamassassin 3.4.1 is necesary update the db (in my case):
ALTER TABLE `awl` ADD signedby VARCHAR(255) NOT NULL DEFAULT '' AFTER totscore;
Regards
Reply | Permalink
Disable Spamassassin
Fabiano Heringer April 29, 2014 15:55
How can I disable the use of spamassassin? Just uninstalling it?
Thanks!
Reply | Permalink
no, just edit
roberto puzzanghera Fabiano Heringer April 29, 2014 15:59
no, just edit /var/qmail/control/simcontrol and put spam=no. update the simcontrol after that:
Reply | Permalink
Many thanks
3rensho June 27, 2011 10:07
Wow, just found this post yesterday when I wanted to install Spamassassin on my Slackware64-current box. I can't thank you enough for this superb post. Grazie mille!
Reply | Permalink
Geo::IP plug not working
catalin 3rensho March 31, 2014 00:20
Thank you for a great tutorial.
I was wondering did you manage to make the new Geo::IP plug in working. I have installed from cpan and updated (geoiplookup works) but spamassassin doesn't seems to take that in consideration when I block a country. I have enable it from init.pre. Any ideea what can be?
Thanks
Reply | Permalink
I don't use that plugin
roberto puzzanghera catalin March 31, 2014 14:44
Sorry, I don't use that plugin
Reply | Permalink