 |
Title: Easy spamAssassin with OpenSMTPD |
|
Author: Solène |
|
Date: 10 March 2021 |
|
Tags: openbsd mail |
|
Description: |
|
|
|
# Introduction |
|
|
|
Today I will explain how to setup very easily the anti-spam |
|
SpamAssassin and make it work with the OpenSMTPD mail server (OpenBSD |
|
default mail server). I will suppose you are already familiar with |
|
mail servers. |
|
|
|
# Installation |
|
|
|
We will need two packages to install: opensmtpd-filter-spamassassin and |
|
p5-Mail-SpamAssassin. The first one is a "filter" for OpenSMTPD, it's |
|
a special meaning in smtpd context, it will run spamassassin on |
|
incoming emails and the latter is the spamassassin daemon itself. |
|
|
|
## Filter |
|
|
|
As explained in the pkg-readme file from the filter package |
|
/usr/local/share/doc/pkg-readmes/opensmtpd-filter-spamassassin , a few |
|
changes must be done to the smtpd.conf file. Mostly a new line to |
|
define the filter and add "filter "spamassassin"" to lines starting by |
|
"listen". |
|
|
 |
Website of the filter author who made other filters |
|
|
|
## SpamAssassin |
|
|
|
SpamAssassin works perfectly fine out of the box, "rcctl enable |
|
spamassassin" and "rcctl start spamassassin" is enough to make it work. |
|
|
|
Official SpamAssassin project website |
|
|
|
# Usage |
|
|
|
It should really work out of the box, but you can train SpamAssassin |
|
what are good mails (called "ham") and what are spam by running the |
|
command "sa-learn --ham" or "sa-learn --spam" on directories containing |
|
that kind of mail, this will make spamassassin more efficient at |
|
filtering by content. Be careful, this command should be run as the |
|
same user as the daemon used by SpamAssassin. |
|
|
|
In /var/log/maillog, spamassassin will give information about scoring, |
|
up to 5.0 (default), a mail is rejected. For legitimate mails, headers |
|
are added by spamassassin. |
|
|
|
# Learning |
|
|
|
I use a crontab to run once a day sa-learn on my "Archives" directory |
|
holding all my good mails and "Junk" directory which has Spam. |
|
|
|
```code: crontab |
|
0 2 * * * find /home/solene/maildir/.Junk/cur/ -mtime -1 -type f -exec sa-l… |
|
5 2 * * * find /home/solene/maildir/.Archives/cur/ -mtime -1 -type f -exec sa-l… |
|
``` |
|
|
|
# Extra configuration |
|
|
|
SpamAssassin is quite slow but can be speeded up by using redis (a |
|
key/value database in memory) for storing tokens that help analyzing |
|
content of emails. With redis, you would not have to care anymore |
|
about which user is running sa-learn. |
|
|
|
You can install and run redis by using "pkg_add redis" and "rcctl |
|
enable redis" and "rcctl start redis", make sure that your port |
|
TCP/6379 is blocked from outside. You can add authentication to your |
|
redis server &if you feel it's necessary. I only have one user on my |
|
email server and it's me. |
|
|
|
You then have to add some content to /etc/mail/spamassassin/local.cf , |
|
you may want to adapt to your redis configuration if you changed |
|
something. |
|
|
|
```spamassassin configuration |
|
bayes_store_module Mail::SpamAssassin::BayesStore::Redis |
|
bayes_sql_dsn server=127.0.0.1:6379;database=4 |
|
bayes_token_ttl 300d |
|
bayes_seen_ttl 8d |
|
bayes_auto_expire 1 |
|
``` |
|
|
|
Configure a Bayes backend (like redis or SQL) |
|
|
|
# Conclusion |
|
|
|
Restart spamassassin after this change and enjoy. SpamAssassin has |
|
many options, I only shared the most simple way to setup it with |
|
opensmtpd. |
