Installing Spamassassin Milter on FreeBSD
This document assumes that you have a working installation of FreeBSD with sendmail up and running. Beyond that, this document should cover everything else. Please email me if you run into any problems, though.
Update Ports Tree
Before you begin, make sure that your FreeBSD ports tree is up-to-date.
I update my ports as follows (as root, of course):
# cd # cvsup -L2 -g portsupfilewhere my /root/portsupfile looks like:
*default tag=. *default release=cvs *default host=cvsup3.freebsd.org *default base=/usr/local/etc/cvsup *default prefix=/usr *default delete *default use-rel-suffix *default compress ports-all
Install Spamassassin from Ports
To install Spam Assassin, simply do the following:
# cd /usr/ports/mail/spamass-milter # make install clean
This will install the spamassassin software and the milter to allow it to plug into sendmail.
Copy local.cf.sample to local.cf. This is the spamassassin config. See the documentation for configuration options.
Verify this file is chmod 755 and this line appears:
Add the following line
Run the following
# /usr/local/etc/rc.d/spamd.sh start # /usr/local/etc/rc.d/spamass-milter.sh start
Enter the /etc/mail directory and edit the YOURHOSTNAME.mc file. Add the following lines at the end:
INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m') define(`confINPUT_MAIL_FILTERS', `spamassassin')
While you are in /etc/mail, run the following commands to update the configuration files and to restart sendmail
# make # make install # make restart
To verify that this is working, send a message to a mailbox on this server. Then, view /var/log/maillog and you should see some lines that look like this:
Apr 12 18:08:17 web spamd: processing message <2714751.1081811244156.Jav aMail.Administrator@184.108.40.206> for root:65534. Apr 12 18:08:18 web spamd: clean message (0.9/5.0) for root:65534 in 1.1 seconds, 5603 bytes. Apr 12 18:08:18 web sm-mta: i3CN8GTw034219: Milter add: header: X-Spam-S tatus: No, hits=0.9 required=5.0 tests=CLICK_BELOW,HTML_50_60,\n\tHTML_FONTCOLO R_RED,HTML_IMAGE_RATIO_06,HTML_LINK_CLICK_HERE,\n\tHTML_MESSAGE,OFFERS_ETC auto learn=no version=2.63
In addition, view the headers of the message that you just received and you should see some lines that look like this:
X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on web.netstreme.com
Setup your client
To finish your setup, simply configure your mail client to filter emails based upon the results of these headers. A spam message's headers will look more like this:
X-Spam-Flag: YES X-Spam-Status: Yes, hits=21.1 required=5.0 tests=AS_SEEN_ON,BANG_EXERCISE, BANG_GUARANTEE,BANG_OPRAH,BIZ_TLD,HAIR_LOSS,HG_HORMONE,HTML_50_60, HTML_FONTCOLOR_BLUE,HTML_FONT_INVISIBLE,HTML_MESSAGE, MIME_HTML_NO_CHARSET,MIME_HTML_ONLY,MIME_HTML_ONLY_MULTI, PRIORITY_NO_NAME,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,REVERSE_AGING, SOME_BREAKTHROUGH,X_PRIORITY_HIGH autolearn=no version=2.63 X-Spam-Level: ********************* X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on web.netstreme.com
And, you may see the following:
Spam detection software, running on the system "web.netstreme.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or block similar future email. If you have any questions, see the administrator of that system for details. Content preview: As seen on NBC, CBS, and CNN, and even Oprah! The health discovery that actually reverses aging while burning fat, without dieting or exercise! This proven discovery has even been reported on by major Science Journals. Forget aging and dieting forever! And It's Guaranteed! [...] Content analysis details: (21.1 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.5 X_PRIORITY_HIGH Sent with 'X-Priority' set to high 4.3 REVERSE_AGING BODY: Reverses Aging 1.9 AS_SEEN_ON BODY: As seen on national TV! 0.6 HAIR_LOSS BODY: Cures Baldness 1.1 BANG_GUARANTEE BODY: Something is emphatically guaranteed 2.2 BANG_OPRAH BODY: Talks about Oprah with an exclamation! 0.6 SOME_BREAKTHROUGH BODY: Describes some sort of breakthrough 1.2 BANG_EXERCISE BODY: Talks about exercise with an exclamation! 0.4 HTML_FONT_INVISIBLE BODY: HTML font color is same as background 0.1 HTML_FONTCOLOR_BLUE BODY: HTML font color is blue 0.2 HTML_50_60 BODY: Message is 50% to 60% HTML 1.6 RAZOR2_CF_RANGE_51_100 BODY: Razor2 gives confidence between 51 and 100 [cf: 100] 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.0 HTML_MESSAGE BODY: HTML included in message 0.7 MIME_HTML_NO_CHARSET RAW: Message text in HTML without charset 0.8 BIZ_TLD URI: Contains a URL in the BIZ top-level domain 0.9 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 2.0 HG_HORMONE Talks about hormones for human growth 0.8 PRIORITY_NO_NAME Message has priority setting, but no X-Mailer 1.1 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts The original message was not completely plain text, and may be unsafe to open with some email clients; in particular, it may contain a virus, or confirm that your address can receive spam. If you wish to view it, it may be safer to save it to a file and open it with an editor.
This is from a conversation I had with Bill Moss who has been very helpful in getting this document updated. He is emailing back and forth with one of the spamass-milter developers.
>> >I was going to suggest using "-r 15 -b devnull", where devnull is a >> >local alias pointing to /dev/null, but that will silently drop all >> >spam, not just high-scoring spam. I may have to rethink the >> >interactions between -r, -b, and -B. >> >>How come it will drop all spam - what affect does the -r 15 have in >>the above example? How does it know to drop any spam. Is it inherent >>in the -b command? > > -b and -B apply whenever spamassassin marks a message as spam; -r > applies when it's spam AND has a specific score. There's currently no > way to say "mark all spam but silently drop spam over 15".