TITLE postfix+spamassassin+razor LFS VERSION any AUTHOR Gerard Beekmans SYNOPSIS Spamassassing and Razor are great spam fighting tools. To make things even better, integrate it into your SMTP server to block spam at the incoming level rather than at the user level through procmail recipies. HINT Version 1.2 - January 15th, 2003 Changelog: 1.2 - Updated for latest software versions - Using perl daemon for increased performance rather than start the entire perl program for every incoming email. - Removed the spamassassin bug fix from version 1.1 1.1 - Added bugfix for the /usr/lib/perl5/site_perl/5.6.1/Mail/SpamAssassin/PerMsgStatus.pm file The main reason I've set it up at linuxfromscratch.org at the SMTP level is to do a spam check before spam hits the mailinglists. Spam is then delivered (I don't send spam by /dev/null by default myself) to Listar, but it's tagged with special headers. Listar checks for these headers and then forwards the spam to me for moderation. This is done just in case an email was marked as spam mistakenly. This hint does not deal with installing the Spamassassin or Razor programs. I'll tell you where to get the software from: Spamassassin: http://www.spamassassin.org Razor: http://razor.sourceforge.net Read the docs, install it. It's all very straightforward. I'll just deal with setting it up to work in Postfix. Let's continue with setting up postfix. The postfix distribution comes with the README_FILES/FILTER_README file you want to read through. It gives some background information on how the filtering works in Postfix that we're going to use. That FILTER_README file suggests you creating a dedicated filter user with no home directory or shell. This won't work for us, because spamassassin and razor need a home directory to work in. Perhaps this can be changed, I haven't really checked that out yet. There are probably command line options you can use to use alternate config files (I know Spamassasin's has it, but I'm not sure that it will invoke Razor properly with a different config file). I created a user 'postfixfilter' by running: groupadd -g 612 postfixfilter && useradd -u 612 -g 612 -m postfixfilter Create the filter script that postfix will be running for every email that comes in: cat /usr/bin/postfixfilter << "EOF" #!/bin/bash /usr/bin/spamc | /usr/sbin/sendmail -i "$@" exit $? EOF Chown and chmod that file if you didn't create it as user postfixfilter but as root or something. What does it do? Postfix dumps an email to /usr/bin/postfixfilter. We intercept it and dump to spamc. Spamc connects to the spamd daemon and will run the spam checking tests, then pipe the rewritten email (now including the spam result headers) to sendmail for continued delivery. It then exits with whatever sendmail's return value was. So, we need to have the spamd daemon running. I added it to the postfix bootscript, using the command "spamd -d -u postfixfilter". Next, configure postfix to do filtering. Edit the /etc/postfix/master.cf (or where ever you keep your postfix configuration files). Find the following line: smtp inet n - n - - smtpd It may look a bit different but this is the default. This is the line that tells Postfix to listen on the smtp port (25) for incoming email and have smtpd deal with it. This is the one we want to modify to filter that incoming email first before delivering it. Directly below that line, add this one: -o content_filter=postfixfilter: It would be advisable to indent it with a tab or some spaces just so you can easier see that it belongs to the previous line. Do not forget the colon at the end of the postfixfilter. I'm not quite sure what it does, but the FILTER_README file warns to include it, so just do it. Append the following lines to the end of the master.cf file: postfixfilter unix - n n - - pipe flags=Rq user=postfixfilter argv=/usr/bin/postfixfilter -f ${sender} -- ${recipient} Okay, if you did exactly what I told you to do and I didn't forget to tell you anything in this hint, then you are set to go. Reload postfix by running: postfix reload Incoming mail should now be filtered for spam by spamassassin. You can configure spamassassin and razor through the config files in /home/postfixfilter