Tags
MailServer
spam
  1. ai spamassassin spamd sa-compile spamass-milter re2c pyzor libmail-spamassassin-perl libarchive-zip-perl libidn2-dev libgeo-ip-perl libgeoip-dev perl-doc cpanminus libnet-libidn2-perl libencode-detect-perl libnet-patricia-perl libio-compress-perl libmail-spf-perl libio-socket-inet6-perl libdbi-perl libdbd-sqlite3-perl libwww-perl liblwp-protocol-https-perl libbsd-resource-perl libemail-address-xs-perl libmail-dmarc-perl libdevel-cycle-perl libtext-diff-perl libnet-libidn-perl libmaxmind-db-reader-perl libmaxmind-db-reader-xs-perl libdigest-sha-perl
  2. usermod -a -G spamass-milter postfix
  3. systemctl enable --now spamd.service
  4. systemctl enable --now spamass-milter.service
  5. sa-update
  6. sa-compile
  7. /etc/default/spamd
  8. /etc/default/spamass-milter
  9. /usr/share/spamassassin/
# /etc/default/spamassassin
# Duncan Findlay

# WARNING: please read README.spamd before using.
# There may be security risks.

# Prior to version 3.4.2-1, spamd could be enabled by setting
# ENABLED=1 in this file. This is no longer supported. Instead, please
# use the update-rc.d command, invoked for example as "update-rc.d
# spamassassin enable", to enable the spamd service.

# Options
# See man spamd for possible options. The -d option is automatically added.

# SpamAssassin uses a preforking model, so be careful! You need to
# make sure --max-children is not set to anything higher than 5,
# unless you know what you're doing.
OPTIONS="--username=debian-spamd --create-prefs --max-children 5 --helper-home-dir /var/lib/debian-spamd"

# Pid file
# Where should spamd write its PID to file? If you use the -u or
# --username option above, this needs to be writable by that user.
# Otherwise, the init script will not be able to shut spamd down.
PIDFILE="/run/spamd.pid"

# Set nice level of spamd
NICE="--nicelevel 15"

# Cronjob
# Set to anything but 0 to enable the cron job to automatically update
# spamassassin's rules on a nightly basis
CRON=1

vim /etc/spamassassin/local.cf

dns_server 10.0.3.1

#   Add *****SPAM***** to the Subject header of spam e-mails
#
rewrite_header Subject *****SPAM*****

#   Save spam messages as a message/rfc822 MIME attachment instead of
#   modifying the original message (0: off, 2: use text/plain instead)
#
report_safe 1

#   Set which networks or hosts are considered 'trusted' by your mail
#   server (i.e. not spammers)
#
trusted_networks 10.0.3.0/24 PUBSERVERIP/32 

#   Set file-locking method (flock is not safe over NFS, but is faster)
#
lock_method flock

#   Set the threshold at which a message is considered spam (default: 5.0)
#
required_score 5.0

bayes_path /var/lib/spamassassin/bayes/db
bayes_file_mode 0775

# razor
use_razor2 1
razor_config /etc/razor/razor-agent.conf

#   Set headers which may provide inappropriate cues to the Bayesian
#   classifier
#
bayes_ignore_header X-Bogosity
bayes_ignore_header X-Spam-Flag
bayes_ignore_header X-Spam-Status

bayes_auto_learn 1
bayes_auto_learn_threshold_spam 6.0
bayes_auto_learn_threshold_nonspam -2.0
report_safe_copy_headers X-Spam-Status X-Spam-Flag

#   Whether to decode non- UTF-8 and non-ASCII textual parts and recode
#   them to UTF-8 before the text is given over to rules processing.
#
# normalize_charset 1

#   Some shortcircuiting, if the plugin is enabled
# 
ifplugin Mail::SpamAssassin::Plugin::Shortcircuit

#   default: strongly-whitelisted mails are *really* whitelisted now, if the
#   shortcircuiting plugin is active, causing early exit to save CPU load.
#   Uncomment to turn this on
#
 shortcircuit USER_IN_WHITELIST       on
 shortcircuit USER_IN_DEF_WHITELIST   on
 shortcircuit USER_IN_ALL_SPAM_TO     on
 shortcircuit SUBJECT_IN_WHITELIST    on

#   the opposite; blacklisted mails can also save CPU
#
 shortcircuit USER_IN_BLACKLIST       on
 shortcircuit USER_IN_BLACKLIST_TO    on
 shortcircuit SUBJECT_IN_BLACKLIST    on

#   if you have taken the time to correctly specify your "trusted_networks",
#   this is another good way to save CPU
#
 shortcircuit ALL_TRUSTED             on

#   and a well-trained bayes DB can save running rules, too
#
 shortcircuit BAYES_99                spam
 shortcircuit BAYES_00                ham

endif # Mail::SpamAssassin::Plugin::Shortcircuit

deBug

  1. sc-status spamd
  2. spamassassin --lint -D 2>&1 | egrep 'optional module not installed|fail|error|could not|missing' || echo "lint clean"
  3. sa-update --debug
  4. chown debian-spamd:debian-spamd -R /etc/mail/spamassassin/sa-update-keys/
  5. chmod 700 /etc/mail/spamassassin/sa-update-keys
  6. perldoc Mail::SpamAssassin::Conf