MTA: Exim

Spam check using SpamAssassin

by ross at 04:44:40 on March 12, 2014

Install SpamAssassin

# cd /usr/ports/mail/spamassassin
# make install clean
# cd /usr/ports/mail/sa-utils
# make install clean
# rehash

Add to /etc/rc.conf:

# Enable SpamAssassin
spamd_enable="YES"

Initialize and start SpamAssassin:

# razor-admin -d -create -home=/var/spool/mqueue/.razor
# razor-admin -d -register -home=/var/spool/mqueue/.razor
# chown -R mailnull /var/spool/mqueue/.razor
# cd /usr/local/etc
# ln -s /var/spool/mqueue/.razor/razor-agent.conf

Find razor-agent.conf in /var/spool/mqueue/razor and edit:

--- razor-agent.conf.orig       2011-08-17 13:22:06.000000000 +0300
+++ razor-agent.conf    2011-08-17 13:24:21.000000000 +0300
@@ -14,7 +14,7 @@
 listfile_catalogue     = servers.catalogue.lst
 listfile_discovery     = servers.discovery.lst
 listfile_nomination    = servers.nomination.lst
-logfile                = razor-agent.log
+logfile                = /var/spool/mqueue/.razor/razor-agent.log
 logic_method           = 4
 min_cf                 = ac
 razordiscovery         = discovery.razor.cloudmark.com

Start spamd:

# mkdir /var/spool/mqueue/.spamassassin
# chown mailnull /var/spool/mqueue/.spamassassin
# sa-update
# /usr/local/etc/sa-spamd start

Enable spam checks

First enable blacklist by adding this before final accept line in acl_check_rcpt ACL:

# deny using spamhaus
  deny message = Email blocked by SPAMHAUS. To unblock write to postmaster@ or visit http://www.spamhaus.org/lookup.lasso
       # only for domains that do want to be tested against RBLs
       hosts = !+relay_from_hosts
       !authenticated = *
       dnslists = zen.spamhaus.org

# deny using njabl
  deny message = Email blocked by NJABL. To unblock write to postmaster@ or visit http://www.njabl.org/remove.html
       hosts = !+relay_from_hosts
       !authenticated = *
       dnslists = dnsbl.njabl.org

  accept

Add this after dnslookup router:

spamcheck_router:
  driver = accept
  condition = "${if and { \
                        {!def:h_X-Spam-Flag:} \
                        {!eq {$received_protocol}{spam-scanned}} \
                        {!eq {$received_protocol}{local}} \
                        {!eq {$sender_host_address}{127.0.0.1}} \
                        {<{$message_size}{50k}} \
                } {1}{0}}"
  retry_use_local_part
  transport = spamcheck
  no_verify

Add this after begin transports:

spamcheck:
  driver = pipe
  batch_max = 100
  command = /usr/local/sbin/exim -oMr spam-scanned -bS
  current_directory = "/tmp"
  home_directory = "/tmp"
  group = mail
  user = mailnull
  log_output
  message_prefix = 
  message_suffix = 
  return_fail_output
  no_return_path_add
  transport_filter = /usr/local/bin/spamc -u mailnull
  use_bsmtp

Testing

Open test message and send it to your host from outside your network.

SpamAssassin wil create configuration files in /var/spool/mqueue/.spamassassin. Edit user_prefs to meet your requirements, for example, to add [SPAM] to header of spam messages add:

rewrite_header Subject [SPAM]

You can enable filtering by .forward files in Exim by uncommenting allow_filter in userforward router.

To save spam in its own folder create the following ~/.forward:

# Exim filter
if
  $h_X-Spam-Status: CONTAINS "Yes"
  or
  "${if def:h_X-Spam-Flag {def}{undef}}" is "def"
then
    save $home/Maildir/.Spam
    finish
endif

 

Comments