Fight Spam with SpamAssassin
Nobody likes spam, and SpamAssassin is probably the best free, open source spam fighting ninja that you could hope to have in your corner.
Installing it is as simple as doing this:
$ dnf -y install spamassassin
Then you just start the service and activate it at start-up:
$ systemctl start spamassassin
$ systemctl activate spamassassin
Once you’ve done that, you can see how it’s configured in the /etc/mail/spamassassin/local.cf file.
SpamAssassin runs a number of scripts to test how spammy an email is. The higher the score that the scripts deliver, the more chances there are that it’s spam.
In the configuration file, if the parameter required_hits is 6, this tells you that SpamAssassin will consider an email to be spam if it scores 6 or more.
The report_safe command will have values of 0, 1, or 2. A 0 tells you that email marked as spam is sent without modification, and only the headers will label it as spam.
A 1 or a 2 means that a new report message will be created by SpamAssassin and delivered to the recipient.
A value of 1 indicates that the spam message is coded as content message/rfc822, and if it’s a 2, that means the message has been coded as text or plain content.
Text or plain is less dangerous because some mail clients execute message/rfc822, which is not good if they contain any kind of malware.
The next thing to do is integrate it into Postfix, and the easiest way to do that is with procmail.
We’ll make a file called/etc/procmailrc, and add this to it:
:0 hbfw | /usr/bin/spamc
Then we’ll edit the Postfix configuration file /etc/postfix/main.cf and alter the mailbox_command, thus:
mailbox_command = /usr/bin/procmail
Last but not least, restart Postfix and SpamAssassin services:
$ systemctl restart postfix
$ systemctl restart spamassassin
Unfortunately, SpamAssassin can’t catch everything, and spam messages can still sneak through to fill up the mailboxes on your Linux email server.
But never fear because you can filter messages before they even get to the Postfix server with Realtime Blackhole Lists (RBLs).
Open the Postfix server configuration at /etc/postfix/main.cf and change smtpd_recipient_restrictions option by adding the following options like this:
strict_rfc821_envelopes = yes
relay_domains_reject_code = 554
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 554
unknown_relay_recipient_reject_code = 554
unverified_recipient_reject_code = 554
smtpd_recipient_restrictions =
reject_invalid_hostname,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_rbl_client dsn.rfc-ignorant.org,
reject_rbl_client dul.dnsbl.sorbs.net,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client dnsbl.sorbs.net,
permit
Now, restart your postfix Linux mail server:
$ systemctl restart postfix
The above RBLs are the most common ones found, but there are plenty more on the web for you to track down and try.
