MTA: Exim

Spam check using SpamAssassin

by ross at 15:47:55 on May 4, 2018

Install SpamAssassin

# cd /usr/ports/mail/spamassassin
# make install clean
# cd /usr/ports/mail/sa-utils
# make install clean
# rehash

Add to /etc/rc.conf:

# Enable SpamAssassin
spamd_enable="YES"

Edit /usr/local/etc/mail/spamassassin/local.cf:

# These emails are not spam (optional):
whitelist_from *@daemon-notes.com

# Do not touch the original message even if it's spam:
report_safe 0

# Add a label [SPAM] to spam message subject (uncomment if you want it):
#rewrite_header Subject [SPAM]

# Sane report header of the spam checks:
clear_report_template
report _TESTSSCORES(,)_

# The message is spam when score is above this (default is 5.0):
required_score 4.0

Initialize and start SpamAssassin:

# sa-update
# service sa-spamd start

Enable spam checks

Set spamd_address:

spamd_address = 127.0.0.1 783

Enable spam headers by adding this before final accept line in acl_check_rcpt ACL:

# Always add spam status headers 
  warn    spam       = nobody:true                                                                                                                     
          add_header = X-Spam-Score: $spam_score\n\                                                                                                                       
                       X-Spam-Level: $spam_bar\n\                                                                                                                         
                       X-Spam-Report: $spam_report                                                                                                                        

# When spam check is positive add this header
  warn    spam       = nobody                                                                                                                                             
          add_header = X-Spam-Flag: Yes                                                                                                                                   

Enable blacklist (optional) by adding this also before final accept line:

# deny using spamhaus
  deny message = Email blocked by SPAMHAUS. To unblock write to postmaster@ or visit http://www.spamhaus.org/lookup.lasso
       # only for domains that do want to be tested against RBLs
       hosts = !+relay_from_hosts
       !authenticated = *
       dnslists = zen.spamhaus.org

  accept

Testing

Open test message and send it to your host from outside your network.

You can enable filtering by .forward files in Exim by uncommenting allow_filter in userforward router.

To save spam in its own folder create the following ~/.forward:

# Exim filter
if
  $h_X-Spam-Status: begins "Yes"
  or
  "${if def:h_X-Spam-Flag {def}{undef}}" is "def"
then
    save $home/Maildir/.Spam
    finish
endif

This way every message that has X-Spam-Flag header present (we are adding it in the Exim config above)  will be saved in Spam directory.

Comments