spamassassin Problems
Steve Cowles
steve at stevecowles.com
Mon Aug 30 16:43:39 UTC 2004
On Stardate 6609.08, A Ve said:
> Hi !
>
> System: Fedora2, Following Apps installed: spamassassin-2.63-8,
> postfix-2.1.4-4.fc2.
>
> Postfix 2.1.4 is finally working - after some help from postfix
> mailinglist and postfix-guru Ralf H and some other helpfull postfix-guys.
>
> But ... spamassassin still not running. I configured it - as suggested in
> the spamassassin doc:
>
> master.cf before:
> smtp inet n - n - - smtpd
>
> mater.cf after:
> smtp inet n - n - - smtpd -o
> content_filter=spamassassin
>
> spamassassin unix - n n - - pipe
> user=test argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender}
> ${recipient}
>
My requirements are a little different than yours, so I call SA a little
differently than what you have configured above. The main reason is my
MTA is also a backup MX for another domain, so I needed the flexibility
to _NOT_ call SA on e-mails received in a backup MX mode. Anyway, maybe
the following might get you started in the right direction. Then you can
fine tune your configuration.
With the above in mind...
In /etc/master.cf
smtp inet n - y - - smtpd
filter unix - n n - 10 pipe
flags=Fq
user=spamassassin
argv=/usr/bin/spamc -f -x -e /usr/sbin/sendmail -i -f $sender $recipient
Note: Don't set the chroot field to *y* until you get things working on
the smtpd instance. Then, if necessary, enable the chroot'd environment.
In main.cf, I added a call to check_sender_access and
check_recipient_access in smtpd_recipient_restrictions as follows:
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
... more tests ...
check_sender_access hash:/etc/postfix/whitelist_sender
check_recipient_access hash:/etc/postfix/filtered_domains
Note: The order in which the tests are listed is critical. SA is called
last. In other words, the first matching test wins. So whitelisted
senders are not run through SA.
In /etc/postfix/whitelist_sender, I add the envelope sender address
(mail from) of list servers that I subscribe to so that SA is *not* run
on these e-mails. Virus checking is done on all inbound e-mails on
another server. i.e.
# List all list server subscription "mail from" addresses here.
fedora-list-bounces at redhat.com OK
etc...
Then in /etc/postfix/filtered_domains, I add the domain names that I
want to have SA called. These are all my registered domains, not the
backup MX domains.
# Add only the domain you want to have filtered (run spamassassin)
mydomain1.com FILTER filter:spamassassin
mydomain2.com FILTER filter:spamassassin
Note: The call to the FILTER action.
See: http://www.postfix.org/access.5.html for info on the FILTER action
syntax.
If you want to run SA on *all* e-mails, then you don't need to add the
call to check_sender_access, just add the check_recipient_access at the end.
Thats it! Good luck
Steve Cowles
More information about the fedora-list
mailing list