Open source software security

Installing SpamAssassin on Mandrake

30 November -0001
by: Justin Klein Keane
June 10, 2005
Disclaimer: This article focuses on SpamAssassin on Mandrake Linux with Sendmail and Procmail. Directory structures and package names are specific to this architecture and may vary depending on your system.

Required Packages:

spamassassin (ex. spamassassin-2.63-2.1.100mdk)
perl-Mail-SpamAssassin (ex. perl-Mail-SpamAssassin-2.63-2.1.100mdk)
spamassassin-tools (ex. spamassassin-tools-2.63-2.1.100mdk)

Supporting Systems:
sendmail (ex. sendmail-8.13.1-1mdk)
procmail (ex. procmail-3.22-4mdk)

The Way Spamassassin Works

Spamassassin works by inspecting incoming email and tagging it based on a list of criteria. Assuming you've got sendmail and procmail installed on your system you should understand where this process occurs. Normally, sendmail will handle mail delivery, but mail delivered locally (i.e. to an end user) requires a MTA (Mail Transport Agent). Sendmail will operate by picking up incoming messages off the ports and determining if it is destined for a local user. Sendmail can operate as a relay, passing the message off to another mail server if necessary. If sendmail determines that the mail is bound for a local user then it hands the mail off to the local MTA (procmail in this case).

You can hook spamassassin into the mail delivery in two places. You can either use a 'milter' to have sendmail inspect messages directly, or you can configure spamassassin to work with the local MTA. In the second scenario you have to alter procmail to filter mails through spamassassin before dropping them into a mailbox (for instance in /var/spool/mail/). Not to confuse matters too much, but if you're using this configuration you can also configure procmail on a per-user basis or on a system wide basis.

Assuming you've got sendmail and procmail installed and your system is handling messages properly you can safely move on to installing spamassassin. I would highly recommend confirming that your mail handling systems are working properly before installing spamassassin. That way if you have problems you can rule out an issue with the underlying mail systems and focus on spamassassin.

Installing spamassassin is relatively easy. However, once the system is installed it must be configured properly to function. This article focuses only on the most basic configuration. The first step is to insure that spamassassin is working properly. Look in your initialization scripts (/etc/rc.d/init.d) for the spamassassin init script. If it's there try and start up spamassassin using:

# /etc/rc.d/init.d/spamassassin start

You should see an 'ok' confirmation message. Check to make sure spamassassin has started in daemon mode (spamd) by using:

# ps -ef | grep spamd

If you don't see spamd in the output of the running processes something has gone wrong. If spamassassin is up and running then you'll next want to test the daemon. To do this use first locate a sample-spam.txt file. This may be included with your spamassassin installation (try using 'find /usr/share/spamassassin/ | grep sample-spam.txt'), or you can probably find a good sample using a quick Google search. Test the configuration with:

# spamassassin -D < /path/to/sample-spam.txt

where '/path/to/' is replaced by the actual path to your sample-spam.txt file. You should see some output that confirms that spamassassin identified the sample spam.

Once you're sure spamassassin is up and functioning correctly you need to configure the rules spamassassin is going to use to report on spam. In order to do this update the file /etc/mail/spamassassin/local.cf. A sample configuration is as follows:

# This is the right place to customize your installation of SpamAssassin.
#
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
#
###########################################################################
#
rewrite_subject 1
required_hits 4
subject_tag *****SPAM***** 
# report_safe 1
# trusted_networks 212.17.35.

    auto_whitelist_path        /var/spool/spamassassin/auto-whitelist
    auto_whitelist_file_mode   0666

Spam is tagged with a integer denoting its 'spamminess'. The higher the indicator, the more likely the message is spam. The default threshhold for spamassassin is 5, meaning that messages that test higher than 5 will be identified as spam. You may wish to lower this level. This level is indicated by the required_hits directive in the configuration file. The subject_tag directive is the text that gets prepended to messages that score above the required_hits spam threshhold. The rewrite_subject directive tells spamassassin to actually append the subject_tag value.

The last step in getting spamassasin to work is to update the procmail settings. In order to use a global configuration update the /etc/procmailrc file (or create one if none exists). Alternatively users can create their own .procmailrc files in their home directories. A sample procmailrc file that filters incoming mail handled by procmail through spamassassin follows: <


DROPPRIVS=yes
:0fw
| /usr/bin/spamc -f

Once all this is configured and installed you may want to restart sendmail and spamassassin just for good measure.