{"id":110,"date":"2011-04-23T22:04:42","date_gmt":"2011-04-23T20:04:42","guid":{"rendered":"http:\/\/blog.garion.org\/?p=110"},"modified":"2011-04-26T20:13:35","modified_gmt":"2011-04-26T18:13:35","slug":"deleting-spam-with-postfix-and-spamassassin","status":"publish","type":"post","link":"https:\/\/joost.vunderink.net\/blog\/2011\/04\/23\/deleting-spam-with-postfix-and-spamassassin\/","title":{"rendered":"Deleting spam with postfix and SpamAssassin"},"content":{"rendered":"<p><a href=\"http:\/\/blog.garion.org\/wp-content\/uploads\/2011\/04\/mutt-screenshot-pixelised-small.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignright size-full wp-image-123\" title=\"mutt-screenshot-pixelised-small\" src=\"http:\/\/blog.garion.org\/wp-content\/uploads\/2011\/04\/mutt-screenshot-pixelised-small.png\" alt=\"\" width=\"250\" height=\"160\" \/><\/a>For years, I&#8217;ve been using <a href=\"http:\/\/www.mutt.org\/\">mutt<\/a> as my main mail program. I love being able to use mutt in <a href=\"http:\/\/www.gnu.org\/software\/screen\/\">screen<\/a> and thereby having access to my email from anywhere, with just ssh or <a href=\"http:\/\/www.chiark.greenend.org.uk\/~sgtatham\/putty\/\">PuTTY<\/a>. Back when I first created this setup, all opensource webmail software then available was still very poor in functionality, which I why I didn&#8217;t use webmail for the &#8220;access from anywhere&#8221; part.<\/p>\n<p>I have a hosted machine, and the MX records of my domains point to it. My mail is being handled by <a href=\"http:\/\/www.postfix.org\/\">postfix<\/a>, and spamfiltered by <a href=\"http:\/\/spamassassin.apache.org\/\">SpamAssassin<\/a>. <a href=\"http:\/\/www.procmail.org\/\">Procmail<\/a> helps me sort mail into different folders upon arrival.<\/p>\n<p>This setup has some disadvantages. Some spam leaks through, which is annoying &#8211; since I only receive a few emails every day, a relatively large portion of the mail I see is spam. Also, turning off or reinstalling my hosted machine means emails don&#8217;t arrive.<\/p>\n<p>I recently got a smartphone, and wanted to be able to use it to read my email. I briefly considered installing <a href=\"http:\/\/www.dovecot.org\/\">dovecot<\/a> on my hosted machine to provide IMAP, but decided to try <a href=\"http:\/\/www.google.com\/apps\/intl\/en\/group\/index.html\">Google Apps<\/a> instead.<\/p>\n<p>I followed the Google Apps setup document, and set the MX records of one of my domains to Google&#8217;s mailservers. That worked fine. Since the free version of Google Apps doesn&#8217;t support more than one domain, I then configured postfix on my hosted machine to forward mail sent to my other domains to gmail.<\/p>\n<p>This turned out to have one big disadvantage: with that setup, all spam received by my hosted machine is sent to Google anyway. Sure, SpamAssassin puts spam score headers in the message, but the message is sent to Google whether it&#8217;s spam or not. This results in my hosted machine sending 90% spam and 10% real mail to Google.<\/p>\n<p>I was afraid that Google might start seeing my hosted machine&#8217;s IP address as evil because of the relatively large amounts of spam, so I looked for a way to prevent most or all of the spam from being forwarded to Google.<\/p>\n<p>This is what I found: http:\/\/www.akadia.com\/services\/postfix_spamassassin.html<\/p>\n<p>See the section called &#8220;<strong>Create your own Content Filter<\/strong>&#8220;. This was exactly what I was looking for.<\/p>\n<p>Steps 1, 3, 4 and 5 worked fine on my Ubuntu server, although there is a typo in the first step (&#8220;filer&#8221; instead of &#8220;filter&#8221;). Oh, and I decided to use <strong>\/var\/spamchk<\/strong> as sideline dir, so I created that dir and chowned it to the filter user. I changed the script in step 2 to the following:<\/p>\n<pre>#!\/bin\/sh\r\n# -----------------------------------------------------------------\r\n# File:        spamchk\r\n#\r\n# Purpose:     SPAMASSASIN shell-based filter\r\n#\r\n# Location:    \/usr\/local\/bin\r\n#\r\n# Usage:       Call this script from master.cf (Postfix)\r\n#\r\n# Certified:   Ubuntu Linux, Spamassassin 3.3.x, Postfix 2.7.x\r\n# -----------------------------------------------------------------\r\n# Variables\r\nSENDMAIL=\"\/usr\/sbin\/sendmail -i\"\r\nEGREP=\/bin\/egrep\r\nTMPFILE=\/tmp\/spamchk.$$\r\nSIDELINE_DIR=\/var\/spamchk\r\n# Number of *'s in X-Spam-level header needed to sideline message:\r\n# (Eg. Score of 5.5 = \"*****\" )\r\nSPAMLIMIT=10\r\n# Clean up when done or when aborting.\r\ntrap \"rm -f $TMPFILE\" 0 1 2 3 15\r\n# Pipe message to spamc and store in $TMPFILE\r\ncat | \/usr\/bin\/spamc -u filter | sed 's\/^\\.$\/..\/' &gt; $TMPFILE\r\n# Are there more than $SPAMLIMIT stars in X-Spam-Level header?\r\nif $EGREP -q \"^X-Spam-Level: \\*{$SPAMLIMIT,}\" &lt; $TMPFILE\r\nthen\r\n  # Option 1: Move high scoring messages to sideline dir so\r\n  # a human can look at them later:\r\n  mv $TMPFILE $SIDELINE_DIR\/`date +%Y-%m-%d_%R`-$$\r\n  # Option 2: Divert to an alternate e-mail address:\r\n  # $SENDMAIL xyz@xxxx.xx &lt; $TMPFILE\r\n  # Option 3: Delete the message\r\n  # rm -f $TMPFILE\r\nelse\r\n$SENDMAIL \"$@\" &lt; $TMPFILE\r\nfi\r\n# Postfix returns the exit status of the Postfix sendmail command.\r\nexit $?<\/pre>\n<p>I followed these steps and got what I wanted: 90% of the spam my mailserver receives has a score of 10+, and that&#8217;s now stored on my server instead of forwarded to Google!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>For years, I&#8217;ve been using mutt as my main mail program. I love being able to use mutt in screen and thereby having access to my email from anywhere, with just ssh or PuTTY. Back when I first created this &hellip; <a href=\"https:\/\/joost.vunderink.net\/blog\/2011\/04\/23\/deleting-spam-with-postfix-and-spamassassin\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[32],"tags":[36,37,214,33,215,35,34],"class_list":["post-110","post","type-post","status-publish","format-standard","hentry","category-sysadmin","tag-delete","tag-gmail","tag-linux","tag-postfix","tag-software","tag-spam","tag-spamassassin"],"_links":{"self":[{"href":"https:\/\/joost.vunderink.net\/blog\/wp-json\/wp\/v2\/posts\/110"}],"collection":[{"href":"https:\/\/joost.vunderink.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/joost.vunderink.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/joost.vunderink.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/joost.vunderink.net\/blog\/wp-json\/wp\/v2\/comments?post=110"}],"version-history":[{"count":20,"href":"https:\/\/joost.vunderink.net\/blog\/wp-json\/wp\/v2\/posts\/110\/revisions"}],"predecessor-version":[{"id":127,"href":"https:\/\/joost.vunderink.net\/blog\/wp-json\/wp\/v2\/posts\/110\/revisions\/127"}],"wp:attachment":[{"href":"https:\/\/joost.vunderink.net\/blog\/wp-json\/wp\/v2\/media?parent=110"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/joost.vunderink.net\/blog\/wp-json\/wp\/v2\/categories?post=110"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/joost.vunderink.net\/blog\/wp-json\/wp\/v2\/tags?post=110"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}