Use postfix and spamassassin packages on CentOS 6 to reject SPAM - without custom users and scripts

centos postfix centos6 spam spamassassin
5,850

Solution 1

The point of my question (maybe I haven't stated it clearly enough) has been: how to combine Postfix and Spamassassin on CentOS with minimal efforts.

Here is my solution in only 5 steps:

  1. yum install spamassassin

  2. chkconfig spamassassin on

  3. useradd spam (you can't omit this step!)

  4. Add /^Subject: \[SPAM\]/ DISCARD to /etc/postfix/header_checks (consult /etc/mail/spamassassin/local.cf for the exact string to match)

  5. Add the following 2 lines to /etc/postfix/master.cf:

(note the usage of the new spam user from the step 2):

smtp         inet n - n - - smtpd -o content_filter=spamassassin
spamassassin unix - n n - - pipe user=spam argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}

Finally restart the postfix and spamassassin services.

Send a test SPAM mail to yourself using the GTUBE subject:

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

See that mail being discarded in /var/log/maillog:

postfix/smtpd[2048]: connect from mail-ig0-f176.google.com[209.85.213.176]
postfix/smtpd[2048]: 333F28007C1: client=mail-ig0-f176.google.com[209.85.213.176]
postfix/cleanup[2052]: 333F28007C1: message-id=<CAADeyWiTN=Nfmd6Z6P92arctGjZcRgrRtgt3r9TAU+a-=8CGug@mail.gmail.com>
postfix/qmgr[2037]: 333F28007C1: from=<[email protected]>, size=1883, nrcpt=1 (queue active)
spamd[1643]: spamd: connection from localhost [127.0.0.1] at port 53400
spamd[1643]: spamd: setuid to spam succeeded
spamd[1643]: spamd: processing message <CAADeyWiTN=Nfmd6Z6P92arctGjZcRgrRtgt3r9TAU+a-=8CGug@mail.gmail.com> for spam:502
postfix/smtpd[2048]: disconnect from mail-ig0-f176.google.com[209.85.213.176]
spamd[1643]: spamd: identified spam (999.9/5.0) for spam:502 in 0.1 seconds, 1846 bytes.
spamd[1643]: spamd: result: Y 999 - DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,GTUBE,HTML_MESSAGE scantime=0.1,size=1846,user=spam,uid=502,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=53400,mid=<CAADeyWiTN=Nfmd6Z6P92arctGjZcRgrRtgt3r9TAU+a-=8CGug@mail.gmail.com>,autolearn=no
postfix/pickup[2036]: 92AE8809366: uid=502 from=<[email protected]>
postfix/cleanup[2052]: 92AE8809366: message-id=<CAADeyWiTN=Nfmd6Z6P92arctGjZcRgrRtgt3r9TAU+a-=8CGug@mail.gmail.com>
postfix/cleanup[2052]: 92AE8809366: discard: header Subject: [SPAM] XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X from local; from=<[email protected]> to=<[email protected]>
postfix/pipe[2053]: 333F28007C1: to=<[email protected]>, orig_to=<[email protected]>, relay=spamassassin, delay=0.51, delays=0.35/0.01/0/0.15, dsn=2.0.0, status=sent (delivered via spamassassin service)
postfix/qmgr[2037]: 333F28007C1: removed
spamd[1642]: prefork: child states: II

Solution 2

Ok, so basically, you are piping the email into spamc, and then having spamc email the output to the recipient (well,actually remailing to the sender, but I think the intent was to remail to the recip)..

No offense, but that is nuts.

If you want mail to be rejected based on the SA score, you're going to need a milter or policy deamon to do that. Spamassassin doesn't reject mail, it only scores it. Avamisd-new, or spamass-milter could work for you.

As to why spamassassin is not rewriting, it probably is, its just not sending the modified version of the email to where you are expecting it to.

the original QueueID is 3124F80A3DA. Spamassassin is remailing it as QueueID B3FFF809367 back to the sender!

Looking at the rest of your log dump, it appears you're doing that with all the incoming spam - and Gmail is even "deferring" your IP due to the volume of it.

Don't reinvent the wheel and accidentally get blacklisted in the process. You want to reject incoming spam based on SA score, use a milter or policy daemon.

Share:
5,850

Related videos on Youtube

Alexander Farber
Author by

Alexander Farber

/me/likes: Java, С#, Perl, PHP, JavaScript, PostgreSQL, Linux, Azure /me/speaks: German, English, Russian /me/learns: https://github.com/afarber/android-questions https://github.com/afarber/unity-questions https://github.com/afarber/ios-questions

Updated on September 18, 2022

Comments

  • Alexander Farber
    Alexander Farber over 1 year

    Here is what I'm trying at my CentOS 6.5 Linux server:

    1. Installed postfix and spamassassin packages
    2. Configured Postfix - it works well (I omit details here)
    3. Added -x to the SPAMDOPTIONS in /etc/sysconfig/spamassassin
    4. Added the following 2 lines to the /etc/postfix/master.cf

    Here:

    smtp         inet n - n - - smtpd -o content_filter=spamassassin
spamassassin unix - n n - - pipe user=nobody argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}

    Unfortunately, when I send the test SPAM mail with the subject

    XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

    it still comes through! (And the subject isn't rewritten - despite rewrite_header Subject [SPAM] in the unmodified /etc/mail/spamassassin/local.cf file).

    I wonder, what have I missed? My /var/log/maillog is below:

    postfix/postfix-script[2546]: starting the Postfix mail system
postfix/master[2547]: daemon started -- version 2.6.6, configuration /etc/postfix
postfix/qmgr[2550]: D5B19807033: from=<[email protected]>, size=1843, nrcpt=1 (queue active)
postfix/qmgr[2550]: 831CA809733: from=<[email protected]>, size=41369, nrcpt=1 (queue active)
postfix/qmgr[2550]: 42B7A80A312: from=<[email protected]>, size=4399, nrcpt=1 (queue active)
postfix/qmgr[2550]: AED94809D29: from=<[email protected]>, size=28035, nrcpt=1 (queue active)
postfix/qmgr[2550]: E69AA809D3C: from=<>, size=3487, nrcpt=1 (queue active)
postfix/qmgr[2550]: 2BDE980A61B: from=<[email protected]>, size=4073, nrcpt=1 (queue active)
postfix/qmgr[2550]: 0D37280A51F: from=<[email protected]>, size=7888, nrcpt=1 (queue active)
postfix/smtp[2552]: D5B19807033: host gmail-smtp-in.l.google.com[74.125.136.27] said: 421-4.7.0 [144.76.184.154      15] Our system has detected an unusual rate of 421-4.7.0 unsolicited mail originating from your IP address. To protect our 421-4.7.0 users from spam, mail sent from your IP address has been temporarily 421-4.7.0 rate limited. Please visit 421-4.7.0 http://www.google.com/mail/help/bulk_mail.html to review our Bulk 421 4.7.0 Email Senders Guidelines. l16si23407549wjr.0 - gsmtp (in reply to end of DATA command)
postfix/smtp[2552]: D5B19807033: to=<[email protected]>, orig_to=<[email protected]>, relay=alt1.gmail-smtp-in.l.google.com[74.125.25.27]:25, delay=6325, delays=6323/0/1.2/0.61, dsn=4.7.0, status=deferred (host alt1.gmail-smtp-in.l.google.com[74.125.25.27] said: 421-4.7.0 [144.76.184.154      15] Our system has detected an unusual rate of 421-4.7.0 unsolicited mail originating from your IP address. To protect our 421-4.7.0 users from spam, mail sent from your IP address has been temporarily 421-4.7.0 rate limited. Please visit 421-4.7.0 http://www.google.com/mail/help/bulk_mail.html to review our Bulk 421 4.7.0 Email Senders Guidelines. f7si4794087pdm.22 - gsmtp (in reply to end of DATA command))
postfix/smtpd[2557]: connect from mail-ie0-f180.google.com[209.85.223.180]
postfix/smtpd[2557]: B3FFF809367: client=mail-ie0-f180.google.com[209.85.223.180]
postfix/cleanup[2561]: B3FFF809367: message-id=<CAADeyWgi9VjXoXoUXtTf0n4jp_WJzMd2q7C7zqkRpK7=eKhNGQ@mail.gmail.com>
postfix/qmgr[2550]: B3FFF809367: from=<[email protected]>, size=1767, nrcpt=1 (queue active)
spamd[2034]: spamd: connection from localhost [127.0.0.1] at port 42928
spamd[2034]: spamd: setuid to nobody succeeded
spamd[2034]: spamd: processing message <CAADeyWgi9VjXoXoUXtTf0n4jp_WJzMd2q7C7zqkRpK7=eKhNGQ@mail.gmail.com> for nobody:99
postfix/smtpd[2557]: disconnect from mail-ie0-f180.google.com[209.85.223.180]
spamd[2034]: spamd: identified spam (999.9/5.0) for nobody:99 in 0.2 seconds, 1730 bytes.
spamd[2034]: spamd: result: Y 999 - DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,GTUBE,HTML_MESSAGE,T_TO_NO_BRKTS_FREEMAIL scantime=0.2,size=1730,user=nobody,uid=99,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=42928,mid=<CAADeyWgi9VjXoXoUXtTf0n4jp_WJzMd2q7C7zqkRpK7=eKhNGQ@mail.gmail.com>,autolearn=no
postfix/pickup[2549]: 3124F80A3DA: uid=99 from=<[email protected]>
postfix/cleanup[2561]: 3124F80A3DA: message-id=<CAADeyWgi9VjXoXoUXtTf0n4jp_WJzMd2q7C7zqkRpK7=eKhNGQ@mail.gmail.com>
postfix/pipe[2562]: B3FFF809367: to=<[email protected]>, orig_to=<[email protected]>, relay=spamassassin, delay=0.59, delays=0.37/0.01/0/0.22, dsn=2.0.0, status=sent (delivered via spamassassin service)
postfix/qmgr[2550]: B3FFF809367: removed
spamd[2032]: prefork: child states: II
postfix/qmgr[2550]: 3124F80A3DA: from=<[email protected]>, size=2843, nrcpt=1 (queue active)
    • c4f4t0r
      c4f4t0r over 9 years
      you to edit your postfix mainf.cf
    • c4f4t0r
      c4f4t0r over 9 years
      maybe you are missing the content_filter in /etc/postfix/main.cf, i used this how-to and i don't find any problem,andrewpuschak.com/dokuwiki/doku.php?id=centos_6_emai‌​l_server
    • Alexander Farber
      Alexander Farber over 9 years
      But I already have smtpd -o content_filter=spamassassin in the master.cf?
  • Alexander Farber
    Alexander Farber over 9 years
    I don't think it's nuts, because I'm trying to follow these 2 guides: debuntu.org/postfix-and-spamassassin-how-to-filter-spam-page‌​-2 and howto.gumph.org/content/run-spamassassin-with-postfix And yes, I'd like to resubmit the mail (but with the rewritten subject - which doesn't work for some reason) - so that I can reject the mail with header_checks (later, don't have it in my config files right now). As for Gmail deferring - of course - that is why I am trying to add Spamassassin in the 1st place. Here is the picture: akadia.com/services/postfix_spamassassin.html
  • Joe Sniderman
    Joe Sniderman over 9 years
    Your setup is resubmitting the mail alright - but not the way you want it to. Do you see in the log where the sender and recip are getting reversed?
  • Joe Sniderman
    Joe Sniderman over 9 years
    If you absolutely must use a post-queue content filter, at least do it the way postfix.org/FILTER_README.html suggests. Those two tutorials you referenced are dangerously wrong. For starters, you need whatever you pipe the mail into to return an appropriate status back to postfix to let postfix know what to do with the message (not something spamc is going to do).
  • Joe Sniderman
    Joe Sniderman over 9 years
    You can also see it reinjected and sent back to the sender in that log....
  • Chloe
    Chloe over 7 years
    Does this cause backscatter? If so why since step 4 looks like it discards spam?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

postfix failed to start CentOS 6.5
Mailscanner and amavisd-new comparison
Postfix- open relay. How to configure so it is not?
DKIM error: dkim=neutral (bad version) header.i=
How to make spamassasin reject mail based on score?
Postfix, how can I reject spam from unknown IP (no DNS)
Is there any alternative to SpamAssassin?
Is SRS rewriting absolutely necessary for a forwarding mailserver?
Postfix + procmail - delivery fails because "can't create user output file" - on CentOS 6.2
Delete mails from send mail mailing queue