Fight Spam with SpamAssassin

Nobody likes spam, and SpamAssassin is probably the best free, open source spam fighting ninja that you could hope to have in your corner.

Installing it is as simple as doing this:

$ dnf -y install spamassassin

Then you just start the service and activate it at start-up:

$ systemctl start spamassassin

$ systemctl activate spamassassin

Once you’ve done that, you can see how it’s configured in the /etc/mail/spamassassin/ file.

SpamAssassin runs a number of scripts to test how spammy an email is. The higher the score that the scripts deliver, the more chances there are that it’s spam.

In the configuration file, if the parameter required_hits is 6, this tells you that SpamAssassin will consider an email to be spam if it scores 6 or more.

The report_safe command will have values of 0, 1, or 2. A 0 tells you that email marked as spam is sent without modification, and only the headers will label it as spam.

A 1 or a 2 means that a new report message will be created by SpamAssassin and delivered to the recipient.

A value of 1 indicates that the spam message is coded as content message/rfc822, and if it’s a 2, that means the message has been coded as text or plain content.

Text or plain is less dangerous because some mail clients execute message/rfc822, which is not good if they contain any kind of malware.

The next thing to do is integrate it into Postfix, and the easiest way to do that is with procmail.

We’ll make a file called/etc/procmailrc, and add this to it:

:0 hbfw | /usr/bin/spamc

Then we’ll edit the Postfix configuration file /etc/postfix/ and alter the mailbox_command, thus:

mailbox_command = /usr/bin/procmail

Last but not least, restart Postfix and SpamAssassin services:

$ systemctl restart postfix

$ systemctl restart spamassassin

Unfortunately, SpamAssassin can’t catch everything, and spam messages can still sneak through to fill up the mailboxes on your Linux email server.

But never fear because you can filter messages before they even get to the Postfix server with Realtime Blackhole Lists (RBLs).

Open the Postfix server configuration at /etc/postfix/ and change smtpd_recipient_restrictions option by adding the following options like this:

strict_rfc821_envelopes = yes

relay_domains_reject_code = 554

unknown_address_reject_code = 554

unknown_client_reject_code = 554

unknown_hostname_reject_code = 554

unknown_local_recipient_reject_code = 554

unknown_relay_recipient_reject_code = 554

unverified_recipient_reject_code = 554

smtpd_recipient_restrictions =














Now, restart your postfix Linux mail server:

$ systemctl restart postfix

The above RBLs are the most common ones found, but there are plenty more on the web for you to track down and try.

Similar Posts