From ConShell
Jump to navigation Jump to search

In a nutshell, this is how I filter spam on my mail server --Delimiter 22:28, 21 September 2008 (PDT)

I follow the concept of defense in depth. There are multiple (3+) layers of defense.

Install postfix-tls, amavisd-new, clamav and spamassassin.

Note: I am also considering pyzor but not sure how much effect this would have.

Layer 1

This is the first line of defense. Roughly half of the spam is turned away by DNS block lists (DNS BL).

I configure postfix to check the following blocklists:

smtpd_client_restrictions = permit_mynetworks, 

Example rejection (from /var/log/mail.log)

Sep 23 08:13:20 durango postfix/smtpd[26956]: NOQUEUE: reject: RCPT from[]: 554 5.7.1
Service unavailable; Client host [] blocked using;
Blocked - see;
from=<> to=<> proto=ESMTP

Layer 2

Configure postfix to use amavisd as a content/virus filter (re-injection technique). This utilizes both spamassassin and clamav to determine if the message is "spammy" or has a virus, in which case it will be quarantined (see /var/lib/amavis/virusemails/) Postfix uses to forward e-mail internally to amavisd, which checks the content and routes back to postfix via

Example rejection (from /var/log/mail.log)

Sep 23 08:11:19 durango amavis[26713]: (26713-05) Blocked SPAM, []
[] <> -> <>, quarantine: I/spam-IfTmYIbq993T.gz,
Message-ID: <01c91da9$90a23d80$db55b259@ghay>, mail_id: IfTmYIbq993T, Hits: 31.469,
size: 4809, 4774 ms

To maximize effectiveness, it is possble to train spamassassin to differentiate between ham and spam using bayesian filters - see SpamAssassin. I do this with a relearn script that aggregates users' mailboxes and feeds to sa-learn. However this should be done cautiously as this is a sytem-wide filter. Amavisd-new will not rewrite the message unless it is a rejection (quarantined) so there is less visibility here than might otherwise be desired. Alternatively, customized user filter can be done in 3rd-line.

Layer 3

Postfix is configured use procmail for local delivery. Procmail will do further processing and route or rewrite the message based on spam scores or other e-mail header data, for instance. This is optional, but if /home/user/.procmailrc contains the hook to spamassassin, further processing can be done.

Example procmail configuration $HOME/.procmailrc:

# SpamAssassin
* < 256000
| spamassassin
# messages tagged as spam by spamassassin go into SpamTrap
* ^X-Spam-Flag: YES

Note that this also may require some tweaks to $HOME/.spamassassin/user_prefs, e.g.

# How many points before a mail is considered spam.
required_score		3.5
score SUBJ_ILLEGAL_CHARS      1.0