I'm not sure about you, but the amounts of spam mail that I have been receiving lately have definitely been on the rise. I'm not exactly sure what the reason for this increase is, but it has led me to take the next step in spam prevention. After reading about spamassassin on slashdot a while back, I decided it was time to take the plunge and get this all working.
Just to make things interesting, my home server configuration includes the use of the courier mail server suite of applications, which are not standard RedHat packages like sendmail and postfix. I chose and installed courier a long time ago for several reasons, all of which I believe are still valid:
And so for the last several years I have been running courier as my mail server. Enough said on that issue.
- I wanted something that would be more secure than sendmail. Sendmail is the last of the large monolithic SMTP servers, and has had more than it's fair share of security holes. After readion about the courier design philosophy, I thought it had a good chance at being more secure.
- I wanted a mail system that was comprehensive. The Courier mail server suite comes with inbound and outbound SMTP, POP3, IMAP, webmail and a web-based administration tool. And it also supports SSL/TLS for most if not all of those protocols.
- I like Maildirs. Although the holy wars of mail storage formats may never be settled, I liked the idea of storing each mail item in a separate file. It just seems safer that way. Courier's native mail storage format is Maildirs.
To start my spamassassin project, I went ahead to the spamassassin home page and started my downloads. I downloaded the latest stable release, version 2.41. After unpacking the download (tar zxf Mail*), I took a look at the INSTALL document.
At the top of the INSTALL file, it will tell you that the best way to download spamassassin is to use the perl CPAN archives. However, when I tried this, only version 2.20 of spamassassin was available..so I went ahead with the tar.gz file that I had already downloaded.
However, reading further in the INSTALL file I came across some of the listed dependencies and optional packages. One of those optional packages that I know I wanted to use was Razor, the distributed collaborative spam detection system. So I went ahead and downloaded the latest Razor release, and poked around inside it's INSTALL file. From these two INSTALL files, I put together a list of dependent perl modules that weould need to be installed in order for this to work. To install these, I did the following (as root):
> perl -MCPAN -e shell
...CPAN startup output deleted...
cpan> install Net::DNS Net::Ping Time::HiRes Digest::SHA1 Getopt::Long File::CopyLuckily, this entire installation went off without a hitch! Next, I needed to install Razor (this has to come before spamassassin so that the spamassassin install scripts will detect razor and configure it for use automagically). To install razor, I did the following:
> tar zxf razor-agents-2.14.tar.gz
> cd razor-agents
> perl Makefile.PL
> make ; make test; make installThen, it was time to install spamassassin itself (which I had already untarred, but in case you haven't done that yet, here is the command to do it):
This install procedure should automatically detect razor and configure it for use. I went ahead and tested out spamassassin as per the instructions in the INSTALL document, just to make sure all was well (from inside the Mail-SpamAssassin directory):> tar zxf Mail-SpamAssassin-2.41.tar.gz
> cd Mail-SpamAssassin-2.41
> perl Makefile.PL
> make ; make test ; make install
I then looked at each of the .out file to make sure that they had the proper spamassassin messages appeneded to the bottom of the message. Seeing as everything turned out fine, it was now time to figure out how to make sure that spamassassin was invoked each time a piece of mail was received by my mail server.> spamassassin -t < spam.txt > spam.out
> spamassassin -t < nospam.txt > nospam.out
As with all things linux, there are about a half-dozen ways to do this. After much rumination and googling, I decided that the right way to do this with Couier was to use it's included Maildrop feature. Maildrop, it turns out, is one of the components that comes with Courier but which is not enabled by default. Maildrop is a Mail Delivery Agent with filtering capabilities. It is a Mail Delivery Agent becuase it is a program that can be used to place mail messages into a user's Inbox.
After even more googling and poking around, I ended up creating this maildrop configuration file located at /usr/lib/courier/etc/maildroprc:
Let's walk through this file line-by-line so that you know what's going on...# Jason's first attempt at a maildroprc file...
if ( $SIZE < 26144 )
{
exception {
xfilter "/usr/bin/spamassassin"
}
}
if (/^X-Spam-Flag: *YES/)
{
exception {
to "/home/jason/Maildir/"
}
}
else
{
exception {
to "$HOME/Maildir/"
}
}This first section tests to see if the message is larger than 26144 bytes. I got this from another maildroprc example, so I'm not sure if it's really necessary...it may be required because spamassassin has problems with really large mailfiles...I'm not sure.if ( $SIZE < 26144 )
{
exception {
xfilter "/usr/bin/spamassassin"
}
}This next section actually invokes spamassassin on the mail message, allowing spamassassin it's chance to process the mail message, and determine whether or not is is spam.if ( $SIZE < 26144 )
{
exception {
xfilter "/usr/bin/spamassassin"
}
}In the next section, I check to see if spamassassin tagged the mail message as spam by checking for the presence of the 'X-Spam-Flag: YES' mail header in the resulting mail message (which is modified by spamassassin during processing).if (/^X-Spam-Flag: *YES/)
{
exception {
to "/home/jason/Maildir/.spam/"
}
}In the above snippet, I then put the spam-flagged mail message into a special 'spam' maildir in my home directory.if (/^X-Spam-Flag: *YES/)
{
exception {
to "/home/jason/Maildir/.spam/"
}
}The last section fo the Maildrop configuation file just tells Maildrop to delivery the message to the default Maildir of the message owner.else
{
exception {
to "$HOME/Maildir/"
}
}
With this in place, I then logged into the Courier web-based administation UI, which runs locally on my machine on the URL: http://localhost/cgi/webadmin. Your URL may vary. I then went to the 'Local Mail Delivery' section, and clicked on the radio button next to 'Maildrop', then saved my new configuration.
If youre having problems with the web-based configuration, you can enable the Maildrop delivery manually by editing the file: /usr/lib/courier/etc/courierd (which may not be in that exact directory, depending on your courier configuration. Just find that 'courierd' configuration file, and look for the variable named 'DEFAULTDELIVERY'. That variable should then be set to pipe the mail message to maildrop. My maildrop binary is installed in /usr/lib/courier/bin/maildrop, so this looks like the following in my courierd config file:
Just make sure that you restart courier in order for this config file change to take effect (/etc/init.d/courier restart). The only thing left to do was to test the setup. To do so, I logged onto a web-based email system (you can use Yahoo! Mail, Hotmail, etc) and sent myself a message.DEFAULTDELIVERY="| /usr/lib/courier/bin/maildrop"
A few seconds later, the test message appeared in my Inbox. To make sure the file had been processed by spamassassin, I looked at the complete mail headers for the mail message (in mutt, press 'h', in mozilla mail, use 'View > Headers > All'. Much to my surprise, I found the following mail header in my test message:
Which means that the message has been processed by spamassassin, and found to not be a spam message. Which also means you're done!X-Spam-Status: No, hits=-6.0 required=5.0
tests=SPAM_PHRASE_01_02
version=2.41-cvs
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.