Guide updated on 29th of February 2016

Configure spamassassin


Spamassassin is the antispam system we 'll use

Enable Spamassassin

systemctl enable spamassassin.service

Edit /etc/default/spamassassin to change the options :

OPTIONS="--create-prefs --max-children 5 --helper-home-dir -u vpopmail -v -x -i -m 5 -c -H -s mail --virtual-config-dir=/home/vpopmail/.spamassassin"

IP::Country::Fast perl installation

Install perl package (deb)

dpkg -i /downloads/deb-packages/libip-country-perl_2.28-1_all.deb

Take the latest version of IP database from http://mailfud.org/ip-country-fast/

cd /usr/share/perl5/IP/Country/Fast
mv cc.gif cc.gif.old
mv ip.gif ip.gif.old
wget http://mailfud.org/ip-country-fast/cc.gif
wget http://mailfud.org/ip-country-fast/ip.gif
cd /downloads/

Configure pyzor

Add the Pyzor servers by running the following command.

pyzor --homedir /etc/spamassassin discover

OPTIONAL : If you want to report spam with the Vipul's Razor spam-reporting system

razor-admin -d -home=/etc/razor -create
razor-admin -d -home=/etc/razor -register

Load additionnal plugins

Uncomment this in /etc/spamassassin/init.pre (line 22)

loadplugin Mail::SpamAssassin::Plugin::RelayCountry

Uncomment this in /etc/spamassassin/v310.pre (line 24)

loadplugin Mail::SpamAssassin::Plugin::DCC

Uncomment this in /etc/spamassassin/v320.pre (line 53)

loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody

Enable additionnal features

Edit /etc/spamassassin/local.cf to change the following options :

Uncomment following lines

required_score 5.0
use_bayes 1
bayes_auto_learn 1

Add following lines

score BAYES_99 5.300

add_header all Relay-Country _RELAYCOUNTRY_
skip_rbl_checks 1

use_pyzor 1
pyzor_options --homedir /etc/spamassassin/

use_razor2 1
razor_config /etc/razor/razor-agent.conf

OPTIONAL : If you want to change mail classification based on relaying countries, add following lines in /etc/spamassassin/local.cf

header RELAYCOUNTRY_BAD X-Relay-Countries =~ /CN/
describe RELAYCOUNTRY_BAD Relayed through China at some point
score RELAYCOUNTRY_BAD 3.0

header RELAYCOUNTRY_GOOD X-Relay-Countries =~ /^(BE|FR)/
describe RELAYCOUNTRY_GOOD Relayed through Belgium or France
score RELAYCOUNTRY_GOOD -0.2

Create a compiled version of some ruleset

sa-compile

Test configuration and start the service

/usr/bin/spamassassin -D --lint

systemctl start spamassassin

OPTIONAL : If you want qmail-smtpd to reject messages where the domain portion of the envelope sender is not a valid domain (feature non-related to spamassassin but added by patch qmail-1.03-mfcheck.3.patch.)

echo 1 > /var/qmail/control/mfcheck

Configure courier


Users comments
Thibs - 29/05/2016 18:29

@Ross : I had the same issue on a recent install

I ve fixed this by adding 

--virtual-config-dir=/home/vpopmail/.spamassassin

on the options into /etc/default/spamassassin

Thibs - 29/05/2016 18:09

@Lage : you can add plenty of rules by copying your needs from /usr/share/spamassassin

You can also update the used one with the command

sa-update -D

Lage - 27/05/2016 20:48

Spamassassin rules are not updating

Need to update rules, too much spam passing thru

Ross - 20/10/2015 16:35

For those who are getting the "config: cannot create user preferences file" - ".spamassassin/user_prefs: No such file or directory"... Have a look at this post:

https://forum.vestacp.com/viewtopic.php?f=12&t=5514#p22944

This solved the problem for me!

Goofy - 24/06/2015 17:18

Spamassassin starts differently on Jessie, make it autostart with:
systemctl enable spamassassin.service

The ENABLED=1 switch doesn t do anything anymore.
Further on, the /etc/default/spamassassin contains an option part.
I had to change it to:

OPTIONS="--create-prefs --max-children 5 -u vpopmail -v -x -i -H --virtual-config-dir=/home/vpopmail/domains/%d/%l -c -s mail"

Then python throws an error:
pyzor: check failed: internal error, python traceback seen in response

Fixed that with:
pyzor_options --homedir /home/vpopmail/spamassassin/


Of course I made the dir /home/vpopmail/spamassassin/ (also copied the file servers from /etc/spamassassin) and did a

 chown -R vpopmail:vchkpw spamassassin/

and to be sure

  chown -R vpopmail:vchkpw spamassassin.

Then DCC gives an error, fixed that with this site:

DCC source install

Pedro - 04/06/2015 02:04

I´m receiving the following in some emails:

debian spamc[3339]: skipped message, greater than max message size (512000 bytes)

Whare do i enable messages more than 512Kb to go to spamassassin??

Oh.. and GREAT GUIDE!, you rock!

Steph - 14/12/2014 19:16

I had some errors "pyzor: check failed: internal error" in syslog, it was a user right problem with /etc/spamassassin/servers generated by pyzor --homedir /etc/spamassassin discover

See here : http://mailadmin.wordpress.com/2008/06/23/my-case-of-pyzor-check-failed-internal-error/

Hope it helps.

Sirnene - 20/10/2014 12:39

Hello

Disable /etc/default/spamassassin

-H --helper-home-dir both is the same

and in config 

--max-children 5 -m 5 is the same 


Michiel - 14/10/2014 15:49

The above spamsassassin options give me the following problem:

 

Oct 14 15:40:50 server spamd[5767]: spamd: creating default_prefs: user@domain.nl/.spamassassin/user_prefs
Oct 14 15:40:50 server spamd[5767]: config: cannot create user preferences file user@domain.nl/.spamassassin/user_prefs: No such file or directory
Oct 14 15:40:50 server spamd[5767]: spamd: failed to create readable default_prefs: user@domain.nl/.spamassassin/user_prefs

 

I've tried to set the SAHOMEDIR in /etc/default/spamassassin:

SAHOME="/home/vpopmail/.spamassassin/"
ENABLED=1
OPTIONS="--create-prefs --max-children 5 --helper-home-dir ${SAHOME} -u vpopmail -v -x -i -m 5 -c -H -s mail -4"

But still the same issue.
It seems spamassassin or simscan does not find the SAHOME dir and tries to create the user_prefs in the email adres format homedir (it does not break the email and domain part from each other).

Does anybody know how to fix this so I can train spamassassin?

Sirnene - 31/08/2014 14:18

On Ubuntu 14.04

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6953

spamd: could not create IO::Socket::INET6 socket on [::]:783: Address already in use

Edit /etc/default/spamassassin to change the following options : add -4 to end

ENABLED=1
OPTIONS="--create-prefs --max-children 5 --helper-home-dir -u vpopmail -v -x -i -m 5 -c -H -s mail -4"
Thibs - 02/04/2013 21:42

@Matt :

Change line 69 of /service/qmail-smtpd/run

Then

qmailctl restart

Matt - 02/04/2013 10:55

I have a problem with using the Spamhaus PBL. It blocks emails from IP addresses that are fine.

How can I remove checking against the Spamhaus PBL?

Is it burried somewhere in SpamAssassin?

Matt

Phyllis smith - 25/01/2013 22:02

That got me to the right place. Don't know if I needed that line, but by itself, nothing changed. I also changed line 144 from

SPFBEHAVIOR=3

to

SPFBEHAVIOR=0

Thanks for the pointer. I (obviously) had no idea where to look.

Phyllis

Thibs - 24/01/2013 22:18

Try to modify line 146 of /var/qmail/supervise/qmail-smtpd/run

By

SPF_BLOCK_PLUS_ALL=0
Phyllis smith - 23/01/2013 06:08

I'm hoping that someone can help me.  I followed this cookbook and even understand most of it.  My server is working well, EXCEPT - I have a subscription to mxlogic, which does a lot of the same filtering, but all my incoming mail comes from mxlogic.com (for a variety of reasons).  While regular e-mail gets through, I'm not getting any of my bulk e-mails.  They fail with

250 Bounce (550 See http://spf.pobox.com/why.html?sender=bounce-25895894-584293325%40lists.n-email1.net&ip=208.65.144.247&receiver=mail.csmiths.com (#5.7.1));
Mode: normal; Queued: no; Frontend TLS: no; SPF: Pass in the mxlogic log

and

@4000000050feafaf0dc40a4c tcpserver: end 3729 status 0
@4000000050feafaf0dc4121c tcpserver: status: 0/30 @4000000050feafb82de35274 tcpserver: status: 1/30
@4000000050feafb82de4f46c tcpserver: pid 3730 from 208.65.144.247 @4000000050feafb82f55c27c tcpserver: ok 3730 mail.csmiths.com:216.161.59.153:25 mxl144v247.mxlogic.net:208.65.144.247::59195 @4000000050feafb912f8606c qmail-smtpd[3730]: MFCHECK pass [208.65.144.247] lists.n-email1.net @4000000050feafb92bc97324 qmail-smtpd[3730]: Received-SPF: fail (mail.csmiths.com: SPF record at ne16.com does not designate 208.65.144.247 as permitted sender) @4000000050feafb92bca1b1c qmail-smtpd[3730]: MAIL FROM: @4000000050feafb92d6d0934 qmail-smtpd[3730]: RCPT TO:

in my qmail-smtp log.

I've set the file spfbehavior to contain a 0, which should say to ignore spf.  I've disabled spamassasin, so this might not be the right place for this message, but HELP.  I'd like to receive my bulk e-mail.

I've seen some references to tcpserver as a place to deal with this, but I can't find any specific instructions.

Thanks for any help you can provide!

Thibs - 17/09/2012 11:49

Hello Daniel,

I've never tried. I think you should first take a look to the file /var/qmail/bin/qmail-scanner-queue.pl

Daniel - 17/09/2012 05:18

Is there a way to configure spamassasin to put spam in each user (in each domain)'s INBOX path so that they can see it in their mail client? Right now, all spam end up in the same quarantine location and users can't manage spam effectively. Maybe there's a message that was marked as spam incorrectly but users without access to /var/spool/qscan/quarantine won't be able to see if they've got incorrectly marked spam....

Thibs - 12/12/2011 10:49

@David :

The easiest thing is to make what I describe on download-sofwares.php :

cd /downloads/deb-packages
dh-make-perl --build --install --cpan 'IP::Country::Fast'

With this method, you can build your own deb package

It supposes that the package dh-make-perl is installed on your system

David - 10/12/2011 02:26

If you're on ubuntu natty or older, you may require one of the libgeography-countries-perl builds for oneiric in order for libip-country-perl to resolve its dependencies.

https://launchpad.net/ubuntu/+source/libgeography-countries-perl/2009041301-1

Thibs - 07/10/2011 00:08

Sorry Alexey, it was my only idea (but your question is really interresting and I hope finding a solution )

Alexey - 04/10/2011 20:39

I tried different options in my /service/qmail-smtpdssl/run But even if I set

export RELAYCLIENT=""

emails are scanned by qms and SA. :-(
Alexey - 04/10/2011 13:55

According to http://qmail.jms1.net/patches/combined.shtml this feature is not on TODO list of John M. Simpson. :-) He advices to use AUTH_RELAYCLIENT="" instead. I'm not sure if he doesn't mean AUTH_SET_RELAYCLIENT. But both options are not included in the run-file. :-(

He warns to be aware that the RELAYCLIENT environment variable is used for more than just granting permission to relay. (Read the man page for qmail-smtpd (i.e. run "man qmail-smtpd" on your system) for more details.)

Do you know what he means?

Thibs - 03/10/2011 23:15

Hello Alexey,

Your question is interresting but to be honnest at first sight I really don't known how to do it.

My first approach consist to try decreasing the SA score ... but your approach is better.

Nevertheless on Qmail-scanner FAQ I have read :

Qmail-Scanner will only pass the message to SpamAssassin if it originates from an external (non-local) SMTP client. This is defined by whether or not the standard Qmail RELAYCLIENT environment variable is set. i.e. if the mail originates locally, it isn't scanned by SA. This is done for performance reasons and to cut down on false positives (i.e. your local users will never complain that their email is being classified as spam :-) If you explicitly want to scan some/all local SMTP clients email too, then set QS_SPAMASSASSIN="1" within the tcpserver rules file."

My second approach (deducted from this FAQ) is try modifying the file /service/qmail-smtpd/run (online version)  by adding 

export RELAYCLIENT=""

on line 310 (just after

ARGS=" $LOCAL $CHECKPW $TRUE"

)

 

But I'm not sure of this solution and I currently have no time to test it

Alexey - 03/10/2011 20:29

Thank you for this wonderfull manual.

Is there a way to tell qmail-smtpd oder qmail-scanner not to scan the emails which are delivered from the mail client with successfull AUTH ? Otherwise there is a risk that some of them will be kicked out by SA or other scans.

So a standard email send by Outlook gets at least 3.4 point from SA.

X-Spam-Status: No, hits=3.4 required=5.0
X-Spam-Level: +++
X-Spam-Report: SA TESTS
  0.0 FSL_HELO_NON_FQDN_1    FSL_HELO_NON_FQDN_1
  0.9 SPF_FAIL               SPF: sender does not match SPF record (fail)
 [SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=email%40domain.de;ip=80.133.6.79;r=serverid.server.com]
  0.0 HTML_MESSAGE           BODY: HTML included in message
  1.0 HELO_NO_DOMAIN         Relay reports its domain incorrectly
  1.4 DOS_OUTLOOK_TO_MX      Delivered direct to MX with Outlook headers

Thibs - 28/01/2011 00:39

@Luc : C'est "normal" ... 

 

Ca fait un temps fou que les bugs suivants sont ouverts chez Debian :

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483359

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338352

Ceci dit, ça n'empêche pas spamassassin de fonctionner

Luc - 27/01/2011 21:16

salut,

je trouve ca dans mes logs

Jan 27 21:09:57 sd-24020 spamd[27806]: Use of uninitialized value $vpopdir in concatenation (.) or string at /usr/sbin/spamd line 2106,  line 2.
Jan 27 21:09:57 sd-24020 spamd[27806]: Can't exec "/bin/vuserinfo": Aucun fichier ou répertoire de ce type at /usr/sbin/spamd line 2106, line 2.
Jan 27 21:09:57 sd-24020 spamd[27806]: Use of uninitialized value $vpopdir in concatenation (.) or string at /usr/sbin/spamd line 2111, line 2.
Jan 27 21:09:57 sd-24020 spamd[27806]: Can't exec "/bin/valias": Aucun fichier ou répertoire de ce type at /usr/sbin/spamd line 2111, line 2.
Jan 27 21:09:57 sd-24020 spamd[27806]: Use of uninitialized value $dir in scalar chomp at /usr/sbin/spamd line 2118, line 2.

??

Color Coded Qmail Installation Key
  Regular Black Text     Qmail installation notes and summaries by the author.
  Bold Black Text     Commands to be run by you, the installer.
  Bold/Regular Red Text    Vital and/or critical information.
  Regular Blue text     Denotes helpful tips and hints or hyperlinks.
  Regular Orange Text     Command line output.
  Bold/Regular green text     Denotes the contents of a file or script.