Title: Easy spamAssassin with OpenSMTPD | |
Author: Solène | |
Date: 10 March 2021 | |
Tags: openbsd mail | |
Description: | |
# Introduction | |
Today I will explain how to setup very easily the anti-spam | |
SpamAssassin and make it work with the OpenSMTPD mail server (OpenBSD | |
default mail server). I will suppose you are already familiar with | |
mail servers. | |
# Installation | |
We will need two packages to install: opensmtpd-filter-spamassassin and | |
p5-Mail-SpamAssassin. The first one is a "filter" for OpenSMTPD, it's | |
a special meaning in smtpd context, it will run spamassassin on | |
incoming emails and the latter is the spamassassin daemon itself. | |
## Filter | |
As explained in the pkg-readme file from the filter package | |
/usr/local/share/doc/pkg-readmes/opensmtpd-filter-spamassassin , a few | |
changes must be done to the smtpd.conf file. Mostly a new line to | |
define the filter and add "filter "spamassassin"" to lines starting by | |
"listen". | |
Website of the filter author who made other filters | |
## SpamAssassin | |
SpamAssassin works perfectly fine out of the box, "rcctl enable | |
spamassassin" and "rcctl start spamassassin" is enough to make it work. | |
Official SpamAssassin project website | |
# Usage | |
It should really work out of the box, but you can train SpamAssassin | |
what are good mails (called "ham") and what are spam by running the | |
command "sa-learn --ham" or "sa-learn --spam" on directories containing | |
that kind of mail, this will make spamassassin more efficient at | |
filtering by content. Be careful, this command should be run as the | |
same user as the daemon used by SpamAssassin. | |
In /var/log/maillog, spamassassin will give information about scoring, | |
up to 5.0 (default), a mail is rejected. For legitimate mails, headers | |
are added by spamassassin. | |
# Learning | |
I use a crontab to run once a day sa-learn on my "Archives" directory | |
holding all my good mails and "Junk" directory which has Spam. | |
```code: crontab | |
0 2 * * * find /home/solene/maildir/.Junk/cur/ -mtime -1 -type f -exec sa-l… | |
5 2 * * * find /home/solene/maildir/.Archives/cur/ -mtime -1 -type f -exec sa-l… | |
``` | |
# Extra configuration | |
SpamAssassin is quite slow but can be speeded up by using redis (a | |
key/value database in memory) for storing tokens that help analyzing | |
content of emails. With redis, you would not have to care anymore | |
about which user is running sa-learn. | |
You can install and run redis by using "pkg_add redis" and "rcctl | |
enable redis" and "rcctl start redis", make sure that your port | |
TCP/6379 is blocked from outside. You can add authentication to your | |
redis server &if you feel it's necessary. I only have one user on my | |
email server and it's me. | |
You then have to add some content to /etc/mail/spamassassin/local.cf , | |
you may want to adapt to your redis configuration if you changed | |
something. | |
```spamassassin configuration | |
bayes_store_module Mail::SpamAssassin::BayesStore::Redis | |
bayes_sql_dsn server=127.0.0.1:6379;database=4 | |
bayes_token_ttl 300d | |
bayes_seen_ttl 8d | |
bayes_auto_expire 1 | |
``` | |
Configure a Bayes backend (like redis or SQL) | |
# Conclusion | |
Restart spamassassin after this change and enjoy. SpamAssassin has | |
many options, I only shared the most simple way to setup it with | |
opensmtpd. |