Installing and configuring Spamassassin

• Info: http://spamassassin.apache.org/
• Docs: http://spamassassin.apache.org/full/4.0.x/doc/
• Latest version: 4.0.0
• Download: http://spamassassin.apache.org/downloads.cgi

SpamAssassin is a mature, widely-deployed open source project that serves as a mail filter to identify Spam. SpamAssassin uses a variety of mechanisms including header and text analysis, Bayesian filtering, DNS blocklists, and collaborative filtering databases. SpamAssassin runs on a server, and filters spam before it reaches your mailbox.

Changelog

• Dec 27, 2022
  - SA upgraded to v. 4.0.0
• Jul 14, 2021
  - added DCC setup (next page)
  - moved the configuration of Razor, Pyzor and Spamcop to a separate page

Upgrading spamassassin to version 4.0.x

You have detailed info in a separated page here.

Install

Create the spamd user and group, prepare config and log dirs:

mkdir -p /etc/mail/spamassassin /home/spamd /var/log/spamassassin

groupadd spamd
useradd -g spamd -d /home/spamd spamd
chown -R spamd:spamd /home/spamd

Finally install spamassassin via cpan

perl -MCPAN -e shell
o conf commit prerequisites_policy ask
install Mail::SpamAssassin
quit

Installation notes for Slackware users

• REQUIRED module missing: HTML::Parser
• REQUIRED module missing: Net::DNS
• REQUIRED module missing: NetAddr::IP
• REQUIRED module missing: BSD::Resource
• optional module missing: Digest::SHA1
• optional module missing: Mail::SPF
• optional module missing: Razor2
• optional module missing: IO::Socket::INET6
• optional module missing: IO::Socket::SSL
• optional module missing: Mail::DKIM
• optional module missing: LWP::UserAgent
• optional module missing: HTTP::Date
• optional module missing: Encode::Detect
• optional module missing: Geo::IP
• optional module missing: IO::Socket::IP
• optional module missing: Net::Patricia

These modules are missing and must be installed from CPAN. Some of them have dependencies as well...

At the end this is how I have installed everything. Reply yes if dependencies are found, install in this order and force install when needed.

perl -MCPAN -e shell
o conf prerequisites_policy ask

force notest install Socket6 IO::Socket IO::Socket::INET6 LWP MD5 CPAN::DistnameInfo Mail::DKIM

Installed prerequisites of Net::DNS:

force notest install Test::More MIME::Base64 Digest::MD5 Digest::HMAC_MD5 Net::IP

Continue installing these modules (always from CPAN):

force notest install Net::Ping Net::DNS Time::HiRes Digest::SHA1 Getopt::Long Digest::Nilsimsa URI::Escape HTML::Parser HTTP::Date IO::Zlib Archive::Tar  Mail::SPF
force notest install Mail::SPF::Query Net::Ident IO::Socket::SSL Mail::DomainKeys Mail::DKIM LWP::UserAgent HTTP::Date Encode::Detect BSD::Resource
force notest install Storable DB_File Net::SMTP BerkeleyDB
force notest install Geo::IP IO::Socket::IP Net::Patricia
force notest install Mail::DMARC::PurePerl DBD::SQLite

Finally, if everything is ok install spamassassin and Razor  via CPAN

force notest install  Mail::SpamAssassin Mail::SpamAssassin::Plugin::Razor2

I had to skip the tests because of many errors... anyway it works.

We have installed the Razor2 perl package that we will see in the next page.

Configuring

You can find the config files into /etc/mail/spamassassin

> cd /etc/mail/spamassassin
> ls
init.pre  local.cf  v310.pre  v312.pre  v320.pre  v330.pre v340.pre  v341.pre  v342.pre  v343.pre  v400.pre

local.cf

# Add *****SPAM***** to the Subject header of spam e-mails
# rewrite_header Subject *****SPAM*****
# put here your subnet
trusted_networks 10.0.0.
# Set the threshold at which a message is considered spam (default: 5.0)
required_score 5.0

###################### extracttext 
ifplugin Mail::SpamAssassin::Plugin::ExtractText 
extracttext_use       pdftotext  .pdf application/pdf 
extracttext_use       docx2txt   .docx application/docx 
extracttext_use       antiword   .doc application/(?:vnd\.?)?ms-?word.* 
extracttext_use       unrtf      .doc .rtf application/rtf text/rtf 
extracttext_use       odt2txt    .odt .ott application/.*?opendocument.*text 
extracttext_use       odt2txt    .sdw .stw application/(?:x-)?soffice application/(?:x-)?starwriter 
extracttext_use       tesseract  .jpg .png .bmp .tif .tiff image/(?:jpeg|png|x-ms-bmp|tiff) 

add_header   all          ExtractText-Flags _EXTRACTTEXTFLAGS_ 
header       PDF_NO_TEXT  X-ExtractText-Flags =~ /\bpdftotext_NoText\b/ 
describe     PDF_NO_TEXT  PDF without text 
score        PDF_NO_TEXT  0.001 

header       DOC_NO_TEXT  X-ExtractText-Flags =~ /\b(?:antiword|openxml|unrtf|odt2txt)_NoText\b/ 
describe     DOC_NO_TEXT  Document without text 
score        DOC_NO_TEXT  0.001 

header       EXTRACTTEXT  exists:X-ExtractText-Flags 
describe     EXTRACTTEXT  Email processed by extracttext plugin 
score        EXTRACTTEXT  0.001 
endif

init.pre

# RelayCountry - add metadata for Bayes learning, marking the countries
# a message was relayed through
#
# Note: This requires the IP::Country::Fast Perl module
#
loadplugin Mail::SpamAssassin::Plugin::RelayCountry

# URIDNSBL - look up URLs found in the message against several DNS
# blocklists.
#
loadplugin Mail::SpamAssassin::Plugin::URIDNSBL

# Hashcash - perform hashcash verification.
#
loadplugin Mail::SpamAssassin::Plugin::Hashcash

# SPF - perform SPF verification.
#
loadplugin Mail::SpamAssassin::Plugin::SPF

v400.pre

Load all new plugin which come with SA v.4

loadplugin Mail::SpamAssassin::Plugin::ExtractText 
loadplugin Mail::SpamAssassin::Plugin::DecodeShortURLs 
loadplugin Mail::SpamAssassin::Plugin::DMARC

sa-update

sa-update updates the rules (it requires gpg 1.4). Before running spamassassin for the first time download the rules:

sa-update

Add to your crontab this line to update the rules once a day

# spamassassin update
30 3 * * * /usr/local/bin/sa-update --nogpg -v &

The -v option will produce an email notification to postmaster.

Testing

Run this debug command. If you get no error you are ready to run the daemon.

sudo -u spamd -H spamassassin -D --lint

Do not quit spamd with ctrl+C, because the next test with spamc will have to connect to it.

Open another terminal and check if the headers are inserted:

echo -e "From: myself@mymailserver.net\nTo:myfriend@domain.net\nSubject: test\n\n" | spamc

Received: from localhost by qmail.mymailserver.net
 with SpamAssassin (version 3.3.1);
 Tue, 30 Nov 2010 23:18:37 +0100
From: myself@mymailserver.net
To: myfriend@domain.net
Subject: test
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-04-18) on qmail.mymailserver.net
X-Spam-Flag: YES
X-Spam-Level: *****
X-Spam-Status: Yes, score=5.4 required=5.0 tests=BAYES_99,FREEMAIL_FROM,
 MISSING_DATE,MISSING_MID,NO_RECEIVED,NO_RELAYS,TVD_SPACE_RATIO,
 T_TO_NO_BRKTS_FREEMAIL autolearn=no version=3.3.1

Running spamassassin

Download the startup script

cd /usr/local/bin
wget https://notes.sagredo.eu/files/qmail/spamdctl
chmod +x spamdctl

You have to replace the IP of your firewall and check that the path where you daemon has been installed (/usr/local/bin/spamd or /usr/local/bin/spamd) matches the one in the run script.

NB: in what follows <external-IP/firewall-IP> is the IP address of your mail server, as seen from the internet.

#!/bin/bash
#
# Spamd init script
#
# August, 2th 2003
# Martin Ostlund, nomicon
# Modified slightly by Troy Belding for Qmailrocks - February 23, 2004
#
# Modified by Roberto Puzzanghera - September 02, 2014
# November 17, 2020: moved log file to /var/log/spamassassin/spamd.log

IP=<external-IP/firewall-IP>
DAEMON=/usr/local/bin/spamd
NAME=spamd
SNAME=spamdctl
DESC="SpamAssassin Mail Filter Daemon"
LOGFILE=/var/log/spamassassin/spamd.log
PIDFILE="/var/run/$NAME.pid"
PNAME="spamd"

DOPTIONS="-x -u spamd -A 127.0.0.1,::1,${IP} -s $LOGFILE -H /home/spamd -d --pidfile=$PIDFILE"

KILL="/bin/kill"
KILLALL="/bin/killall"
# Defaults - don''t touch, edit /etc/mail/spamassassin/local.cf
ENABLED=0
OPTIONS=""

set -e

case "$1" in
start)
echo -n "Starting $DESC: "
$DAEMON $OPTIONS $DOPTIONS

echo "$NAME."
;;
stop)
echo -n "Stopping $DESC: "
$KILL -9 `cat $PIDFILE`
/bin/rm $PIDFILE
echo "$NAME."
;;
restart|force-reload)
echo -n "Restarting $DESC: "
$0 stop
$0 start

echo "$NAME."
;;
*)
ME=/usr/local/bin/$SNAME
echo "Usage: $ME {start|stop|restart|force-reload}" >&2
exit 1
;;
esac

exit 0

Now check that spamd is running:

> spamdctl start
> ps axfu
root      1859  0.1  3.4 139360 61044 ?        Ss   19:00   0:01 /usr/bin/spamd -x -u spamd -A 127.0.0.1,<external-IP> -H /home/spamd -d --pidfile=/var/run/spamd.pid
spamd     1860  0.0  3.2 139360 58984 ?        S    19:00   0:00  \_ spamd child
spamd     1861  0.0  3.2 139360 58984 ?        S    19:00   0:00  \_ spamd child

Type spamd -c to learn how to use spamd. See also http://spamassassin.apache.org/full/3.4.x/doc/spamd.html

Starting spamassassin at boot time

To start spamassassin at boot time put your startup script in your rc.local:

/usr/local/bin/spamdctl start &

logrotate

Create a file /etc/logrotate.d/spamd like this (slackware) to rotate daily your spamd logs:

cat > /etc/logrotate.d/spamd << __EOF__
/var/log/spamassassin/spamd.log /var/log/spamassassin/razor-agent.log {
su root apache
rotate 5
daily
missingok
notifempty
delaycompress
postrotate
   [ -f '/var/run/spamd.pid' ] && (kill -HUP `cat /var/run/spamd.pid`) || exit 0
endscript
}
__EOF__

Be aware that we have already setup the logrotate for the log file or Razor, which we'll see in the next page.

Tue Aug 24 18:54:43 2021 [9957] warn: spamd: unauthorized connection from ::1 [::1]:59928 to port 783, fd 5 at /usr/local/bin/spamd line 1627.

IP=::1

--enable-spam-auth-user=y 

Util.c: loadable library and perl binaries are mismatched (got handshake key 0xdb00080, needed 0xde00080),

/usr/local/bin/tcpserver -v -R -l mail.watchmusic.com -x /etc/tcp.smtp.cdb -c 50 -u 1008 -g 1003 0 465 /usr/local/bin/stunnel /var/qmail/control/stunnel_smtpd.conf

foreground = yes
cert = /var/qmail/control/servercert.pem
exec = /var/qmail/bin/qmail-smtpd
execargs = /var/www/vpopmail/bin/vchkpw /bin/true

sslserver -e -vR -l myserverfqdn -c 30 -u 508 -g 503 -x /etc/tcp.ssmtp.cdb 0.0.0.0 465 qmail-smtpd myserverfqdn /var/www/vpopmail/bin/vchkpw /bin/true

error: Can't locate loadable object for module Geo::IP in @INC (@INC contains: /usr/local/share/perl5 /usr/local/lib64/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5) at /usr/local/share/perl5/Geo/IP.pm line 42.

cd /usr/local/src
wget https://github.com/maxmind/geoip-api-perl/archive/v1.45.tar.gz
tar zxvf https://github.com/maxmind/geoip-api-perl/archive/v1.45.tar.gz
cd geo-api-perl-1.45
perl Makefile.PL
make
make install
ldconfig

$ /var/qmail/bin/simscanmk