Enhanced spam filtering using SpamAssassin
In the previous section we configured a content filtering framework using the amavisd daemon. At the moment however the content filter is somewhat less than useful as it is not capable of actually filtering any content in a meaningful way. In this section we shall address this shortcoming by integrating the SpamAssassin daemon to scan incoming mail for hints that is may be spam and score it accordingly.
Installing and configuring SpamAssassin
Before we can install the SpamAssassin package we need to ensure that the correct use-flags have been set so that all the functionality we require will be built in to the package and its dependencies. The example below shows the set of flags we have enabled. Feel free to add additional flags as required however be aware that removing flags will probably remove functionality which this guide uses. Once you are happy with the use-flags you have selected merge the package as shown below.
Calculating dependencies... done!
[ebuild N ] dev-libs/pth-2.0.7-r1 USE="-debug"
[ebuild N ] net-misc/curl-7.19.6 USE="ssl -ares -gnutls -idn -ipv6 -kerberos -ldap -nss -test"
[ebuild N ] dev-libs/libksba-1.0.7
[ebuild N ] app-crypt/pinentry-0.7.5 USE="caps ncurses -gtk"
[ebuild N ] perl-core/Package-Constants-0.02
[ebuild N ] perl-core/PodParser-1.38
[ebuild N ] app-crypt/gnupg-2.0.14 USE="bzip2 caps nls -adns -doc -ldap -openct -pcsc-lite -smartcard -static"
[ebuild N ] perl-core/IO-Zlib-1.09
[ebuild N ] virtual/perl-Package-Constants-0.02
[ebuild N ] virtual/perl-PodParser-1.38
[ebuild N ] virtual/perl-IO-Zlib-1.09
[ebuild N ] perl-core/Archive-Tar-1.54
[ebuild N ] virtual/perl-Archive-Tar-1.54
[ebuild N ] mail-filter/spamassassin-3.2.1-r1 USE="postgres ssl tools -berkdb -doc -ipv6 -ldap -mysql -qmail -sqlite"
lisa ~ # emerge spamassassin
Once the package and its dependencies have been merged some simple configuration changes are required. The first change is made to the local configuration file for the SpamAssassin daemon and simple disables the bayesian filtering component. We shall revisit this component in a later section but for now it is best if it is deactivated. The required modifications to the SpamAssassin configuration file are shown below.
use_bayes 0
bayes_auto_learn 0
There are also some additional plugins which will have been installed along with the SpamAssassin daemon which we also wish to enable at this stage. The first of these plugins checks the addresses of the servers which a mail message has been relayed through against those on various blacklists. It also checks the content of the message for links or references to addresses on these lists. The second plugin is used to implement the Hashcash extension to the email protocols. If you do not wish to use one or both of these plugins then feel free to leave them disabled.
loadplugin Mail::SpamAssassin::Plugin::URIDNSBL
loadplugin Mail::SpamAssassin::Plugin::Hashcash
Reconfiguring amavisd-new
Now that the SpamAssassin application is installed and configured we can configure the amavisd daemon to make us of it by commenting out one of the lines we added to its configuration in the previous chapter. With this line removed the amavisd daemon will automatically use the SpamAssassin application to filter messages for spam, assuming the filter profile requests this action, with no further configuration.
@bypass_spam_checks_maps = (1);
# @bypass_spam_checks_maps = (1);
The amavisd daemon will require restarting however before any changes to its configuration file will be used. This action can be performed, as usual, with the following command.
Creating and selecting a test policy
With the amavisd daemon configured to use the SpamAssassin application we can finally create a filter policy which makes use of the spam filtering capabilities we have just added to our content filter. We shall use the psql application as before to add another row to our filter_policies table as shown in the example below. Once we have created the filter policy we can assign it to all mailboxes and aliases as shown below.
postgres=# INSERT INTO filter_policies(policy_name, bypass_virus_checks, bypass_banned_checks, bypass_header_checks) postgres-# VALUES('Spam checks only', TRUE, TRUE, TRUE); INSERT 0 1
postgres=# UPDATE mailboxes SET filter_policy_id = 2; UPDATE 3
postgres=# UPDATE aliases SET filter_policy_id = 2; UPDATE 5
We can now test to see if the spam filter is functioning correctly by sending a test message containing the following text in the body of the message to one of our addresses. If the system is configured and operating correctly then the message should be tagged as spam with a score of nearly 100.
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
Additional SpamAssassin modules and configuration
Assuming that the previous test worked and the message was indeed tagged as spam the SpamAssassin application can now be further customised with the addition of extra modules to perform more thorough checking of incoming mail.
Calculating dependencies... done!
[ebuild N ] dev-perl/IP-Country-2.23
lisa ~ # emerge dev-perl/IP-Country
loadplugin Mail::SpamAssassin::Plugin::RelayCountry
Calculating dependencies... done!
[ebuild N ] dev-perl/Net-CIDR-Lite-0.20
[ebuild N ] dev-perl/Mail-SPF-Query-1.999.1
lisa ~ # emerge dev-perl/Mail-SPF-Query
loadplugin Mail::SpamAssassin::Plugin::SPF
Calculating dependencies... done!
[ebuild N ] dev-perl/Crypt-OpenSSL-Random-0.04
[ebuild N ] dev-perl/Error-0.17.008
[ebuild N ] dev-perl/Digest-SHA-5.45
[ebuild N ] dev-perl/Crypt-OpenSSL-RSA-0.25
[ebuild N ] dev-perl/Mail-DKIM-0.36
lisa ~ # emerge -pv dev-perl/Mail-DKIM
loadplugin Mail::SpamAssassin::Plugin::DKIM
$enable_dkim_verification = 1;