Using Spamassassin with postfix and majordomo

To install spamassassin globally on a system using postfix, follow the steps outline below.

# install spamassassin (easy, it's mostly perl)
emerge Mail-SpamAssassin # this is for gentoo

groupadd spamass
useradd -g spamass -m spamass

/etc/init.d/spamd start 
# ensure that /etc/init.d/spamd is started with -c option
# to automatically create /home/spamass/.spamassassin/user_prefs

# create filter script in /etc/postfix
# 69 is error code for "service unavailable"

cat >/etc/postfix/spamc.sh <<\EOF
#!/bin/sh
#
# For more information see FILTER_README.gz in /usr/doc/postfix (or
# wherever your system keeps the documentation)
#
# This script does not actually block spam mail, it only tags messages
# that are considered spam using suitable headers. See the above
# postfix documentation for actually blocking messages here. The idea
# is that further mail delivery agents react to the spam headers.
#
# $@ expands to the positional parameters, starting from one. When the
# expansion occurs within double quotes, each parameter expands to a
# separate word. That is, "$@" is equivalent to "$1" "$2" .... When
# there are no positional parameters, "$@" and $@ expand to nothing
# (i.e., they are removed).
# 
cat | /usr/bin/spamc -f -u spamass 2>/dev/null |
  /usr/sbin/sendmail -i "$@"  || { echo "Message content rejected"; exit 69; }
exit 0
EOF

# Put proper permissions on spamc.sh:
chgrp spamass /etc/postfix/spamc.sh
chmod g+rx /etc/postfix/spamc.sh

# Edit /etc/postfix/master.cf:
#
# 1) Append this line to make the spamc.sh filter available to postfix.
# Note that spamc.sh does not use its parameters and options
# -f $sender and $recipient. These will be passed on to (the postfix
# version of) sendmail, see spamc.sh above.
spamc_filter     unix  -       n       n       -       10       pipe
  user=spamass argv=/etc/postfix/spamc.sh -f $sender $recipient

# For more information see FILTER_README.gz in /usr/doc/postfix (or
# wherever your system keeps the documentation)
#
# 2) Replace the line starting with 'smtp # inet'
#    with the 2nd line below (the first one is the original one commented out)
# smtp      inet  n       -       n       -       -       smtpd
smtp      inet  n       -       n       -       -       smtpd -o content_filter=spamc_filter:dummy

To block tagged mail to majordomo lists, it suffices to have a something like the fragment below in the list's configuration file. Note that the definition of moderator is meant to ensure that spam messages are forwarded to an existing address. The definition of moderator does not imply that the list is moderated (this is controlled by the moderate configuration directive).

moderator = spam@elvas.vub.ac.be
taboo_headers <<  END
/^X-Spam-Flag: YES/
END

Alternatively, one can probably (not yet tried) use postfix itself to discard tagged spam messages using header checks, see postfix UCE controls.


Dirk Vermeir (dvermeir@vub.ac.be) [Last modified: Sat Nov 1 11:30:15 MET 2003 ]