Part 12. SpamAssassin Antispam
- Details
- Category: Mail Server
- Published: Monday, 05 August 2019 15:18
- Written by Super User
- Hits: 3021
The list of articles cycle
SpamAssassin installing
To install anti-spam, execute the command:
# apt install spamassassin
The program will not work after installation. It is disabled by default. To activate it, it is necessary to change the value enable to 1 in /etc/default/spamassassin file.
Connecting SpamAssassin to Postfix
Make changes to the file /etc/postfix/master.cf.
Immediately after the line
smtp inet n - - - - smtpd
Add
-o content_filter=spamassassin
Do not forget that this new line should deviate from the beginning of the line
This way we indicate that all the messages must be passed to the analysis to the spamassassin filter.
Now, at the end of this file, you must describe this filter. To do this, we will add lines:
spamassassin unix - n n - - pipe
user=virtual argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
SpamAssassin Configuration File
The main antispam configuration file is /etc/spamassassin/local.cf. Bring it to the form:
rewrite_header Subject *****SPAM*****
report_safe 0
trusted_networks 192.168.0.0/24
required_score 5.0
use_bayes 1
bayes_auto_learn 1
bayes_ignore_header X-Bogosity
bayes_ignore_header X-Spam-Flag
bayes_ignore_header X-Spam-Status
bayes_min_ham_num 1
bayes_min_spam_num 1
report_charset koi8-r
ok_locales ru en uk
bayes_path /var/spool/bayes/bayes
bayes_file_mode 0666
score SUBJ_FULL_OF_8BITS 0
score FROM_ILLEGAL_CHARS 0
score SUBJ_ILLEGAL_CHARS 0
score HEAD_ILLEGAL_CHARS 0
score HABEAS_SWE 0
score FORGED_IMS_TAGS 1
score BAYES_00 0.0001 0.0001 -2.312 -2.599
score BAYES_05 0.0001 0.0001 -1.110 -1.110
score BAYES_20 0.0001 0.0001 -0.740 -0.740
score BAYES_40 0.0001 0.0001 -0.185 -0.185
score BAYES_50 0.0001 0.0001 0.001 0.001
score BAYES_60 0.0001 0.0001 2.0 2.0
score BAYES_80 0.0001 0.0001 3.0 3.0
score BAYES_95 0.0001 0.0001 3.5 3.5
score BAYES_99 0.0001 0.0001 5.0 5.0
score ALL_TRUSTED -3.360 -3.440 -3.665 -3.800
Main parameters
rewrite_header show string that will be added to the subject
trusted_networks 192.168.0.0/24 trusted network where spam check is not performed
required_score 5.0 the threshold for spam operation, by default 5 points, if 5 points or more, then the letter is marked as spam
use_bayes 1 enable bayes-algorithm (self-learning)
ok_locales ru en uk the list of admissible languages
Parameters for rating emails for spam, as well as the number of points for each strike, are indicated after the keyword score. For more information on these options, see the documentation on the developer site at the link
https://spamassassin.apache.org/old/tests_3_3_x.html
There can be any number of rules and they are added to the column. For each rule a certain number of points is assigned. The rules are not described in this file will use a default score. That is, all the rules at the link are working, and in the file we only list the rules for which we change scores. To disable the rule, we needs to assign 0 scores to it.
Create addresses whitelist
The addresses whitelist is filled out with addresses that can not be spammer. In the /etc/spamassassin/local.cf file, write the whitelist_from parameter and then write the list of addresses. For example:
whitelist_from user@mail.ru *@gmai.com
All addresses are separated by a space. You can use regular expressions. For convenience you can break a long line into multiple lines.
Antispam training
The self-learning mechanism is an bayes-algorithm. This is not part of the spamassassin static rules, but a separate algorithm. It adds or removes additional points based on its own experience of learning from the messages and make it dynamically. You need to be careful when creating a learning message database, because the database can be easily corrupted by mistakenly added messages. The developer's opinion is that, messages already marked as spam(--spam) must never be included in the spam learning database and you must not include messages that are not marked as spam in false positives (--ham) training database.
Any anti-spam system can skip spam emails and generate false positives (that is, a normal email may be marked as spam). If you want to send unidentified spam mails to the training mechanism (the system did not marked them as spam), then use the command:
/usr/bin/sa-learn --spam
For training on messages with false positives use the command:
/usr/bin/sa-learn --ham
Anti-spam training automation
Manual antispam teaching is not productive, so we will automate the process.
We will create two folders in each mailbox,
- Spam - User manually move messages not detected by antispam to this folder.
- Nospam - User manually move messages wrongly marked as spam to this folder.
In the /root folder we create two subfolders - spam and nospam
It should be noted that in the file system, Spam and Nospam folders in the user's mailbox (/var/mail/domain/user) will be named .Spam and .Nospam. This is due to the nuances of dovecot's work
In addition, keep in mind that the messages are stored not in the directory itself (for example .Spam), but in the .Spam/cur (read messages) and .Spam/new (unread messages).
Next, we will write a script to automate the process.
In the directory /root create a script file spam.sh with the following contents:
#!/bin/bash
MAILDIR=/var/mail/study.local #define in the variable the folder of the mail storage
#Spam
for filename in $MAILDIR/* # Bypass all files in the folder.
do
if [ -d $filename ]; then
if [ -e $filename/.Spam ]; then
ssp=$filename'/.Spam/cur/';
ssp2=$filename'/.Spam/new/';
sp1=`ls $ssp`
if [ "$sp1" != "" ];
then
mv -f $ssp/* /root/spam && chmod 777 -R /root/spam;
mv -f $ssp2/* /root/spam && chmod 777 -R /root/spam;
fi;
fi;
fi;
done
date >>/var/log/spam-learn.log
/usr/bin/sa-learn --spam /root/spam >>/var/log/spam-learn.log
MDIR=/var/mail/peopleandlaw.ru
#NoSpam
for filename in $MDIR/* # Bypass all files in the folder.
do
if [ -d $filename ]; then
if [ -e $filename/.Nospam ]; then
ssp=$filename'/.Nospam/cur/';
ssp2=$filename'/.Nospam/new/';
sp1=`ls $ssp`
if [ "$sp1" != "" ];
then
mv -f $ssp/* /root/nospam && chmod 777 -R /home/root/nospam;
mv -f $ssp2/* /root/nospam && chmod 777 -R /home/root/nospam;
fi;
fi;
fi;
done
date >>/var/log/spam-learn.log
/usr/bin/sa-learn --ham /root/nospam >>/var/log/spam-learn.log
Now set permission to execute for this file
chmod +x /root/spam.sh
We add to the cron scheduler (file /etc/crontab) the rule for periodic launch of this script
10 1 * * * root /root/spam.sh
Now, this script will run daily at night at 1 hour 10 minutes
You can buy the book "Mail server based on Postfix, Dovecot and RoundCube" in electronic form in the store