Raspberry Pi Email Server Part 4: Spam Detection with Spamassassin

Powered by Drupal
Submitted by Sam Hobbs on

Spamassassin Logo This is the fourth part of a five part tutorial that will show you how to install a full featured email server on your Raspberry Pi. This tutorial covers how to mark emails as spam with Spamassassin.

The parts are:

The Introduction & Contents Page (read first)

Raspberry Pi Email Server Part 1: Postfix

Raspberry Pi Email Server Part 2: Dovecot

Raspberry Pi Email Server Part 3: Squirrelmail

Raspberry Pi Email Server Part 4: Spam Detection with Spamassassin

Raspberry Pi Email Server Part 5: Spam Sorting with LMTP & Sieve

Intro

I don’t actually get very many spam emails (famous last words, right?) but the occasional email gets past my helo access restrictions list (discussed in Raspberry Pi Email Server Part 1: Postfix). So, I decided to set up Spamassassin, a program that will check incoming emails and mark them as spam if they look suspicious. Spamassassin is pretty clever, it uses bayesian filtering to decide what’s spam and what’s not, and it will learn based on previous results, so it gets more accurate over time if you correct it when it gets things wrong. Spamassassin will only mark emails as spam, it will not sort them into folders for you as well. We’ll be doing the sorting with Dovecot’s Local Mail Transfer Protocol (LMTP) and the Sieve plugin, in the next tutorial: Raspberry Pi Email Server Part 5: Spam Sorting with LMTP & Sieve. Let’s get started:

Installing & Configuring Spamassassin

First, install Spamassassin:

sudo apt-get update
sudo apt-get install spamassassin

Now we need to edit values in the file /etc/spamassassin/local.cf. Some of these may already be set, in which case you can leave them as they are; add or amend the others as necessary: This one will add the spam score to the subject line of emails that Spamassassin considers to be spam:

rewrite_header Subject [***** SPAM _SCORE_ *****]

Spamassassin will also flag spam emails with “X-Spam-Flag: YES” in the headers. This flag is what we will eventually use to sort emails with; the rewritten subject line is purely to make the score easier to see. This next setting will tell Spamassassin to modify headers only, without making any changes to the body of the email:

report_safe 0

This one lowers the threshold for mail to be considered spam from 5 to 2. You can change this later if you get lots of false positives, but it’s nice to have some emails set off the rules to begin with, just so you know it’s working:

required_score 2.0

This tells Spamassassin to use Bayesian filtering:

use_bayes 1

This turns on automatic learning:

bayes_auto_learn 1

Now edit /etc/default/spamassassin and set:

ENABLED=1

You can now start the spamassassin daemon:

sudo service spamassassin start

If you are using a modern Debian derivative (Jessie or later), the init system has changed to systemd. You need to run this additional command to enable spamassassin, which will cause it to automatically start when you boot:

sudo systemctl enable spamassassin

Instructing Postfix to use Spamassassin

At this stage, the Spamassassin daemon is running but none of your incoming emails are being passed through it. We need to edit this line in /etc/postfix/master.cf (just under the headers):

smtp      inet  n       -       -       -       -       smtpd
        -o content_filter=spamassassin

And append this to the bottom of that same file, which will pipe the output back to Postfix using the Postfix’s Sendmail compatibility interface:

spamassassin    unix  -       n       n       -       -       pipe user=debian-spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}

Note: this is all one line, even if it appears wrapped in your browser. Now restart postfix:

sudo service postfix restart

If you get an error like this:

[....] Stopping Postfix Mail Transport Agent: postfix/usr/sbin/postconf: fatal: file /etc/postfix/master.cf: line 22: bad field count
postfix/postfix-script: fatal: cannot execute /usr/sbin/postconf!
 failed!

…then check the whitespace before the -o in content_filter=spamassassin. I can’t quite remember what I did but I think I changed tabs to spaces or the other way round, and then restarted postfix. Now watch the mail log with this command:

tail -f /var/log/mail.log

…and send a test email. You should see testing something like this:

Jan  8 22:21:18 samhobbs postfix/smtpd[952]: connect from blu0-omc2-s3.blu0.hotmail.com[65.55.111.78]
Jan  8 22:21:19 samhobbs postfix/smtpd[952]: 542E83F519: client=blu0-omc2-s3.blu0.hotmail.com[65.55.111.78]
Jan  8 22:21:19 samhobbs postfix/cleanup[957]: 542E83F519: message-id=
Jan  8 22:21:19 samhobbs postfix/qmgr[941]: 542E83F519: from=, size=1579, nrcpt=1 (queue active)
Jan  8 22:21:19 samhobbs spamd[445]: spamd: connection from localhost [127.0.0.1] at port 35680
Jan  8 22:21:19 samhobbs postfix/smtpd[952]: disconnect from blu0-omc2-s3.blu0.hotmail.com[65.55.111.78]
Jan  8 22:21:19 samhobbs spamd[445]: spamd: setuid to debian-spamd succeeded
Jan  8 22:21:19 samhobbs spamd[445]: spamd: creating default_prefs: /var/lib/spamassassin/.spamassassin/user_prefs
Jan  8 22:21:19 samhobbs spamd[445]: config: created user preferences file: /var/lib/spamassassin/.spamassassin/user_prefs
Jan  8 22:21:19 samhobbs spamd[445]: spamd: processing message  for debian-spamd:111
Jan  8 22:21:24 samhobbs spamd[445]: spamd: clean message (0.0/2.0) for debian-spamd:111 in 5.0 seconds, 1541 bytes.
Jan  8 22:21:24 samhobbs spamd[445]: spamd: result: . 0 - HTML_MESSAGE,MSGID_FROM_MTA_HEADER scantime=5.0,size=1541,user=debian-spamd,uid=111,required_score=2.0,rhost=localhost,raddr=127.0.0.1,rport=35680,mid=,autolearn=ham
Jan  8 22:21:24 samhobbs postfix/pickup[940]: D83DE3F521: uid=111 from=
Jan  8 22:21:24 samhobbs postfix/pipe[958]: 542E83F519: to=, relay=spamassassin, delay=5.7, delays=0.44/0.05/0/5.2, dsn=2.0.0, status=sent (delivered via spamassassin service)
Jan  8 22:21:24 samhobbs postfix/qmgr[941]: 542E83F519: removed
Jan  8 22:21:24 samhobbs postfix/cleanup[957]: D83DE3F521: message-id=
Jan  8 22:21:24 samhobbs postfix/qmgr[941]: D83DE3F521: from=, size=1890, nrcpt=1 (queue active)
Jan  8 22:21:25 samhobbs postfix/local[964]: D83DE3F521: to=, relay=local, delay=0.2, delays=0.06/0.1/0/0.03, dsn=2.0.0, status=sent (delivered to maildir)
Jan  8 22:21:25 samhobbs postfix/qmgr[941]: D83DE3F521: removed
Jan  8 22:21:25 samhobbs spamd[439]: prefork: child states: II

So the steps you can see here are:

  1. Outlook server connects to RasPi/Postfix on port 25
  2. Postfix accepts the message and hands it to Spamassassin to process
  3. Spamassassin decides the message is clean and marks it as HAM
  4. The email is passed back from Spamassassin to Postfix and delivered to the inbox

Training Spamassassin

We’ve deliberately set the score limit for spam to a low value. This inevitably means we’ll get some false positives, but we can use these to train Spamassassin and make it better. First, some things to understand about the Maildir format we’re using. Here’s what my structure looks like:

admin@samhobbs ~ $ sudo ls -al /home/sam/Maildir/
total 604
drwx------ 12 sam sam   4096 Mar  6 14:55 .
drwxr-xr-x  3 sam sam   4096 Mar  5 23:07 ..
drwx------  2 sam sam  36864 Mar  6 12:59 cur
-rw-------  1 sam sam  11920 Mar  6 04:14 dovecot.index
-rw-------  1 sam sam 415744 Mar  6 14:50 dovecot.index.cache
-rw-------  1 sam sam  10332 Mar  6 13:08 dovecot.index.log
-rw-------  1 sam sam  32784 Mar  5 16:22 dovecot.index.log.2
-rw-------  1 sam sam     30 Jan 13 22:30 dovecot-keywords
-rw-------  1 sam sam    144 Mar  3 17:49 dovecot.mailbox.log
-rw-------  1 sam sam  27138 Mar  6 09:27 dovecot-uidlist
-rw-------  1 sam sam      8 Mar  5 23:07 dovecot-uidvalidity
-r--r--r--  1 sam sam      0 Nov 23 22:55 dovecot-uidvalidity.52913278
drwx------  5 sam sam   4096 Mar  5 22:36 .Drafts
drwx------  5 sam sam   4096 Mar  4 21:53 .foo
drwx------  5 sam sam   4096 Mar  3 17:49 .INBOX.foo
drwx------  2 sam sam   4096 Mar  6 09:37 new
drwx------  5 sam sam   4096 Mar  5 22:36 .Sent
drwx------  5 sam sam   4096 Mar  6 14:37 .Spam
-rw-------  1 sam sam     37 Mar  3 17:49 subscriptions
drwx------  5 sam sam   4096 Nov 27 19:00 .Templates
drwx------  2 sam sam   4096 Mar  6 09:27 tmp
drwx------  5 sam sam   4096 Mar  6 04:08 .Trash

You can see I’ve created a couple of test folders here: one top level folder called “foo” and another subfolder in the inbox also called “foo” (.INBOX.foo). Each folder has three subdirectories: new for new (unread) emails, cur for emails that have been read, and tmp for temporary storage during delivery. You can read more about this on the Dovecot Wiki if you’d like to know more. So, the important thing to take away from this is that HAM emails are stored here: /home/username/Maildir/cur …and SPAM emails will be stored here (after sieve has been configured): /home/username/Maildir/.Spam/cur Spamassassin has a commandline training tool that is invoked like this:

sa-learn --no-sync [--spam or --ham] [folder/{cur,new}]

Each user has its own spamassassin database, which is located in the user's home directory in a hidden folder (.spamassassin). By default, the sa-learn command trains the database in the home directory of the user running the command, and since the spamassassin pipe we set up processes email as the user debian-spamd, we need to make sure we train the database in debian-spamd's home directory (which is /var/lib/spamassassin - you can check by looking in /etc/passwd). Unfortunately, if you run the command as debian-spamd using sudo -u debian-spamd command, you won't have read permissions for your emails. Here’s the plan: move any false positives back into the inbox with your email client, and move any missed spam into the spam folder. Then run these three commands using sudo, so you have permission to read your emails and write to the spamassassin database, and use the --dbpath option to specify which database to write to:

# Scan HAM
sudo sa-learn --dbpath /var/lib/spamassassin/.spamassassin/ --no-sync --ham /home/username/Maildir/{cur,new}
# Scan SPAM
sudo sa-learn --dbpath /var/lib/spamassassin/.spamassassin/ --no-sync --spam /home/username/Maildir/.Spam/{cur,new}
# sync the journal and databases
sudo sa-learn --dbpath /var/lib/spamassassin/.spamassassin/ --sync

On my Pi, running the HAM command took about 5mins to process ~500 messages, with WordPress running at the same time. If you’re sure you will always move emails into the correct folders, you could add these two commands to a cron job so that they run regularly and keep everything up to date. Alternatively, you can just run the commands when you notice a few false positives or missed spam emails. Over time, your spam filter will get better and better.

Automated learning using a script

If you don't want to run the commands manually all the time, you can use this simple cron job I wrote. The cron job runs as root, so you don't need the sudo part we used earlier. Create the script like this:

sudo nano /etc/cron.daily/spamassassin-learn

Now copy and paste this into the file (ctrl + shift + v to paste in nano):

#!/bin/bash

# Script by Sam Hobbs, see the following URL for updates:
# https://samhobbs.co.uk/2014/03/raspberry-pi-email-server-part-4-spam-detection-with-spamassassin

# redirect errors and output to logfile
exec 2>&1 >> /var/log/spamassassin.log

NOW=$(date +"%Y-%m-%d")

# Headers for log
echo ""
echo "#================================ $NOW ================================#"
echo ""

# learn HAM
echo "Learning HAM from Inbox"
sa-learn --dbpath /var/lib/spamassassin/.spamassassin/ --no-sync --ham /home/sam/Maildir/{cur,new}

# learn SPAM
echo "Learning SPAM from Spam folder"
sa-learn --dbpath /var/lib/spamassassin/.spamassassin/ --no-sync --spam /home/sam/Maildir/.Spam/{cur,new}

# Synchronize the journal and databases.
echo "Syncing"
sa-learn --dbpath /var/lib/spamassassin/.spamassassin/ --sync

Important: edit the paths so that they match your username! If you want to scan ham and spam for all users (this only works if you trust all users to be sensible and move ham/spam to the right folder) then replace the username "sam" with a glob ("*"), i.e:

sa-learn --dbpath /var/lib/spamassassin/.spamassassin/ --no-sync --ham /home/*/Maildir/{cur,new}

Now make the script executable:

sudo chmod +x /etc/cron.daily/spamassassin-learn

The script will learn from ham/spam daily, and write a log file at /var/log/spamassassin.log. Make sure you move any spam you find into your spam folder, and any false positives back into your inbox. Don't worry if ham is accidentally marked as spam one day and gets "learned", if you move the messages to their correct locations then the next time the script runs spamassassin will correct itself.

What’s next?

We’re now done with Spamassassin. The only thing left to do is find a way to sort spam emails directly into the spam folder, which is covered in the next tutorial: Raspberry Pi Email Server Part 5: Spam Sorting with LMTP & Sieve. Feel free to leave a comment to let me know how you get on!

Comments

Looking into this a little more I noticed this in the header "Received: from [238.250.247.210] by web181404.mail.ne1.yahoo.com via HTTP;"

I can't find anything about 238.250.247.210 or ping it. Any ideas?

My friend was using yahoo mail on a Windows PC to respond to an email that I sent him from my pi email server. There is NO possibility that he is playing games.

Where could that IP come from?

Here is more of the email header:
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on mydomain.com
X-Spam-Flag: YES
X-Spam-Level: ***
X-Spam-Status: Yes, score=3.4 required=2.0 tests=HTML_MESSAGE,RCVD_ILLEGAL_IP,
RCVD_IN_DNSWL_NONE,T_DKIM_INVALID autolearn=no version=3.3.2
X-Spam-Report:
* -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
* trust
* [216.109.115.19 listed in list.dnswl.org]
* 3.4 RCVD_ILLEGAL_IP Received: contains illegal IP address
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
Received: from nm14-vm4.access.bullet.mail.bf1.yahoo.com (nm14-vm4.access.bullet.mail.bf1.yahoo.com [216.109.115.19])
by mydomain.com (Postfix) with ESMTPS id 9C6609FB1C
for ; Thu, 29 Jan 2015 20:51:33 -0500 (EST)
Received: from [66.196.81.156] by nm14.access.bullet.mail.bf1.yahoo.com with NNFMP; 30 Jan 2015 01:51:31 -0000
Received: from [66.196.81.133] by tm2.access.bullet.mail.bf1.yahoo.com with NNFMP; 30 Jan 2015 01:51:31 -0000
Received: from [127.0.0.1] by omp1009.access.mail.bf1.yahoo.com with NNFMP; 30 Jan 2015 01:51:31 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 597202.61485.bm@omp1009.access.mail.bf1.yahoo.com
Received: (qmail 90579 invoked by uid 60001); 30 Jan 2015 01:51:30 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sbcglobal.net; s=s1024; t=1422582690; bh=5QsEzmDGcHXjY8HYBA7sXD+n+2SDpgoOzUTmZRS8m0s=; h=References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=FJp9OWYBNOdi6N574Ou4qdQtbEzxnGbf1J3h68/Z/ovdkA5eC+dwUTuykdj1eGX1ZOhsqPAJXQ33tv5IIr+7PSznKI3JHrOQuMWK8BrRyN7IWv/IeFU1kFnwH/RkkuXWVtZ7gimo5OOdpKl60YW14sukKXE4uuMxu1juNxyL0hU=
X-YMail-OSG: YhbtU0gVM1mHfXMZPI8aek889hxFvl0O5KFmuR7tbGYTC.e
g7xlbno8uoCQC4LrSrif.hG_n1qZwt0lvF2yTRgWB9FV33KrGLsnX0CqURmD
ydIoR3cTSMsLuG.5Jr4r_D7hkxQRyvRgMO0qJ3MODZuTCTVXevnlEhomdGLj
a7IsrDwSSCzH0SBDayb8IH8YCjJu68yy92nFSnKnWc8ZLLfciQwip37VmRSZ
Jk0PZIBkYqehXsmxJXC7WGO1GMSgQ.wpypcOWS3yb6CFnIavsVH0g0XKF8LM
4YnEd3S_pL0WQq1dKi2LvYEIxzC422HT8y3qzKfYN3quP9UAXt.I4aMg6vEV
0IYD6NLdLq5TaBc5mfilY0VsgyEiCyvpsMdvR4AHflmQPLvfA65aDoJd46UQ
qWP7yhAi0_hMr97dui53fJ4A.F5JkEi_.wbTrx2.egzjclXaoEucOBRXz7zG
fdaOJ1Ba09HUleaqX34HwiExN7QeNsVrOSPHk1ya..4UtSvirbfQ46A9Xf5J
NSiP8rSUXt8NFGCicU3qQ6sTLJ1169nfZLpbCLdDy0diN.Ci77xza629hW.y
mK2gK_6r0vG0dobqk2U1a
Received: from [238.250.247.210] by web181404.mail.ne1.yahoo.com via HTTP; Thu, 29 Jan 2015 17:51:29 PST
X-Rocket-MIMEInfo: 002.001,UmVwb3J0IEJ5IENhbGwgRnJlcXVlbmN5IGZvciBjYWxsZXJJRC5kYXQgZnJvbSAyMDE1LTAxLTAxIHRocm91Z2ggMjAxNS0wMS0yOSBpbiBibGFja2xpc3QuZGF0CgoKQ291bnQgIApDYWxsZXJJRCAKIAogICAgMTAgQU1FUiBSRUQgQ1JPU1MKICAgICA4ClVuYXZhaWxhYmxlICAgCiAgICAgNQpNQVJLRVQgU1RSQVRFR0kKICAgICA0IE1FTUJFUiBSRVdBUkRTICAKICAgICAzClRPTEwgRlJFRSBDQUxMRQogICAgIDMgTUkKU1QgVU5JViAgICAKICAgICAyClVOSVYgT0YgTUlDSCAgCiAgICAgMgpOQU1FIE5PVCABMAEBAQE-
X-Mailer: YahooMailWebService/0.8.203.740

hey sam, you can disregard that last post, as i fixed the problem! had a typo in my command, '/user/..' instead of '/usr/..' always the stupid mistakes that get me into trouble! lol. thanks for the great tutorial!

Chris Parish

Fri, 01/30/2015 - 01:48

Hi,
When I try and make the changes to master.cf required to activate spamassassin mail collection then fails.
I get the following errors in the mail.log log file

Jan 30 01:43:30 netbox postfix/smtpd[29485]: fatal: invalid option: ?
Jan 30 01:43:31 netbox postfix/master[29449]: warning: process /usr/lib/postfix/smtpd pid 29485 exit status 1
Jan 30 01:43:31 netbox postfix/master[29449]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling

Any ideas?
Thanks.

That's the strange thing, everything restarts without errors.

pi@netbox ~ $ sudo service postfix restart
[ ok ] Stopping Postfix Mail Transport Agent: postfix.
[ ok ] Starting Postfix Mail Transport Agent: postfix.
pi@netbox ~ $ sudo service dovecot restart
[ ok ] Restarting IMAP/POP3 mail server: dovecot.
pi@netbox ~ $ sudo service spamassassin restart
Restarting SpamAssassin Mail Filter Daemon: spamd.

Spam Assassin takes a long time to restart but doesn't show any errors.
The mail.log looks ok

Jan 30 15:30:55 netbox postfix/master[2927]: terminating on signal 15
Jan 30 15:30:58 netbox postfix/master[8509]: daemon started -- version 2.9.6, configuration /etc/postfix
Jan 30 15:31:59 netbox dovecot: master: Warning: Killed with signal 15 (by pid=8540 uid=0 code=kill)
Jan 30 15:32:00 netbox dovecot: master: Dovecot v2.1.7 starting up (core dumps disabled)
Jan 30 15:32:09 netbox spamd[2539]: spamd: server killed by SIGTERM, shutting down
Jan 30 15:32:16 netbox spamd[8597]: logger: removing stderr method
Jan 30 15:32:53 netbox spamd[8605]: spamd: server started on port 783/tcp (running version 3.3.2)
Jan 30 15:32:53 netbox spamd[8605]: spamd: server pid: 8605
Jan 30 15:32:53 netbox spamd[8605]: spamd: server successfully spawned child process, pid 8608
Jan 30 15:32:53 netbox spamd[8605]: spamd: server successfully spawned child process, pid 8609
Jan 30 15:32:53 netbox spamd[8605]: prefork: child states: IS
Jan 30 15:32:53 netbox spamd[8605]: prefork: child states: II

So I am out of ideas.

Darrin Nelson

Sat, 01/31/2015 - 00:27

Sam
Thanks for your awesome turorials. I have used them to setup my email server on my ReadyNAS 312 box. I have also setup several websites on this NAS server as well. All working for months now, sweat as.

I have install Spamassassin as per your instructions. I can run the training and sync commands, and it processes my emails. I have restarted postfix with no errors. I check that debian-spamd user was created, it was. However when I send an email I don't see any activity in the mail.log file. There are not scores in any of my subject line or any indication that that the mail is being scanned in the header of the email.

Any ideas where to look first. I have spent hours trying to get this working.

Appreciate. tks Darrin

Hi Darrin, Are you sure you have this line in /etc/postfix/master.cf? It's the one that hands over mail to spamassassin from postfix.
smtp      inet  n       -       -       -       -       smtpd
        -o content_filter=spamassassin
Also check spamassassin is running:
sudo service spamassassin status
Sam

Darrin Nelson

Sat, 01/31/2015 - 19:02

Hi Sam.
Thanks for the quick reply.
I tried to copy in the actual outputs of the commands and files, but Mollom blocked it as spam by their spam filter. Go figure!

So here is what I found. Yes Spamassassin is running, but using user "spamd". Here is the details on the users when I list them:

debian-spamd:x:45:53::/var/lib/spamassassin:/bin/sh
spamd:x:1000:1000::/var/log/spamassassin:/bin/false

end part1

Darrin Nelson

Sun, 02/01/2015 - 07:54

I have it correct I think in master,cf and you described in your tutorial.
Mollom, won't let me cut and paste any code. Even when using the HTML tags.

Had to write the file name with out the dot above.


# ==========================================================================
smtp inet n - - - - smtpd -o content_filter=spamassassin
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
#smtps inet n - - - - smtpd -o content_filter=spamassassin

Sam Hobbs

Sun, 02/01/2015 - 10:35

In reply to by Darrin Nelson

Make sure there's a line break between mtpd and the -o for the content filter. Sam

Darrin Nelson

Sun, 02/01/2015 - 07:56

Might have figured out how to get around Mollom.

Here is what I have at the bottom of the file. Yes its located etc postfix master cf.

spamassassin unix - n n - - pipe user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}

Your user should be debian-spamd not spamd, try changing that to see what happens! BTW I think we may be struggling with getting this past mollom because the content looks like a bit like a sql injection attack (do something where user=foo). Sam

Hi Sam.

Reason I was using user=spamd was because when doing a status on the Spamassassin service it showed that user name was being used, see below:

spamassassin.service
Loaded: loaded (/etc/init.d/spamassassin)
Active: active (running) since Mon, 12 Jan 2015 09:21:33 +1300; 2 weeks and 5 days ago
Process: 10372 ExecReload=/etc/init.d/spamassassin reload (code=exited, status=0/SUCCESS)
CGroup: name=systemd:/system/spamassassin.service
├ 10381 /usr/sbin/spamd --create-prefs --max-children 2 --...
├ 10382 spamd child
└ 10383 spamd child

Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.

I did add the line break so the code in master_cf looks like this:

# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - - - - smtpd
-o content_filter=spamassassin
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject

Note that I have a few spaces before the -o's
Also changed the user back to debian-spamd.

Still no luck, its not processing any emails. I don't see any sign of a spam scan in the header of the email.

Darrin

darrin, looks like you may be mixing up smtps and smtp, smtps is port 465, that TLS only one for email submission. smtp is port 25 for server to server. here's part of my master.cf showing both:
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       -       -       -       smtpd
 -o content_filter=spamassassin
#smtp      inet  n       -       -       -       1       postscreen
#smtpd     pass  -       -       -       -       -       smtpd
#dnsblog   unix  -       -       -       -       0       dnsblog
#tlsproxy  unix  -       -       -       -       0       tlsproxy
#submission inet n       -       -       -       -       smtpd
#  -o syslog_name=postfix/submission
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       -       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
yours shows wrappermode as an option for smtp, not smtps - is it possible you're changing options in the wrong place? Sam

Hi Sam.

Yes I had mixed up smtp and smtps, I have corrected it. Actually I cut and pasted your code into my file.

Reloaded postfix, restart. Still not working. I checked the headers of a few emails, and there was not indication of spam filtering. Also checked the mail.log, no activity there either. Uhmmmmm

Darrin

Hi Sam.

Could be something dumb like using the wrong protocol and the message is not going to spamassassin? I currently use getmail to retrieve my mail from various mail servers. I don't have it coming directly to my server, but I am thinking of hosting my whole domain and email.

Just thinking. tks Darrin

Darrin

Sam Hobbs

Mon, 02/02/2015 - 09:10

In reply to by Darrin Nelson

Lol! Yep that'll be it. Postfix can only hand it over to spamassassin if it is the process receiving it in the first place! Try sending a test email to your server using telnet from another computer (make sure it's not whitelisted in your spamassassin config) and see if it gets processed. Sam

Sam,

Thanks for your help and sorry to waste your time. All makes sense now. I probably had it working in the first instance, many hours of flogging the dead horse latter and I figured it out. With your help of course.

I will have to setup the MX record and start pointing the mails directly to by server. My host doesn't seem to filter any spam.

Thanks for the great tutorials and the support.

Darrin

I tried to find something like your twitter profile or any other social plattform where I could have mentioned you with a big thanks, but unfortunately I didn't found something yet oO.

Anyway. I wanted say a very big THANK YOU for all those great email server tutorials!
I now have my own email server, secure and well working and it's a great feeling.

Your explanations are really helpful and, for me, easy to understand. Great job and well done!

best regards

I was so pleased when I got my server up and running for the first time, I felt like I had to help other people escape "freemail"! Really glad it all worked for you. As you have discovered, I don't have Google + or Twitter or Facebook, but referrals are still greatly appreciated! If you know anyone who might find the tutorials useful, let them know :) Anyway, thanks for the feedback! Sam

I followed your tutorial and have email server running on pi 2 for weeks. I noticed an ip address with 635 entries, in mail.log, within a few minutes today.

Mar 27 10:12:35 mydomain postfix/smtpd[10765]: connect from unknown[43.251.90.49]
Mar 27 10:12:36 mydomain postfix/smtpd[10765]: lost connection after UNKNOWN from unknown[43.251.90.49]

whois 43.251.90.49
No match!!

What is the best way to block an IP? I have fail2ban installed.

You can write a fail2ban rule that matches lost connection after UNKNOWN from unknown. I get a lot of that too BTW, it's when a client connects and sends non-smtp commands to the server. Could be a port scan... anyway, it's not something you need to worry about really. Failed authentication attempts, on the other hand, are worth fail2banning. Sam

Terry Harding

Thu, 04/09/2015 - 22:01

I have been following your tutorial and everything is working great. I can send and receive emails to my postfix server.
Today I decided to install spamassassin. I followed your directions. and I am receiving the following error from postfix.
Reloading Postfix configuration.. /usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: content-filter=spamassassin.
I have looked in mail.log and do not see the detail you are describing. so it looks like postfix is not sending to spamassassin.

Any help is greatly appreciated.

Add new comment

The content of this field is kept private and will not be shown publicly.

Filtered HTML

  • Web page addresses and email addresses turn into links automatically.
  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.