spamassassin Problems

Steve Cowles steve at stevecowles.com
Mon Aug 30 16:43:39 UTC 2004 

On Stardate 6609.08, A Ve said:

> Hi !
> 
> System: Fedora2, Following Apps installed: spamassassin-2.63-8,
> postfix-2.1.4-4.fc2.
> 
> Postfix 2.1.4 is finally working - after some help from postfix
> mailinglist and postfix-guru Ralf H and some other helpfull postfix-guys.
> 
> But ... spamassassin still not running. I configured it - as suggested in
> the spamassassin doc:
> 
> master.cf before:
>   smtp      inet  n       -       n       -       -       smtpd
> 
> mater.cf after:
> smtp      inet  n       -       n       -       -       smtpd -o
> content_filter=spamassassin
> 
>   spamassassin  unix  -       n       n       -       -       pipe 
> user=test argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender}
> ${recipient}
> 

My requirements are a little different than yours, so I call SA a little 
differently than what you have configured above. The main reason is my 
MTA is also a backup MX for another domain, so I needed the flexibility 
to _NOT_ call SA on e-mails received in a backup MX mode. Anyway, maybe 
the following might get you started in the right direction. Then you can 
fine tune your configuration.

With the above in mind...

In /etc/master.cf

smtp    inet    n       -       y       -       -       smtpd

filter  unix    -       n       n       -       10       pipe
   flags=Fq
   user=spamassassin
   argv=/usr/bin/spamc -f -x -e /usr/sbin/sendmail -i -f $sender $recipient

Note: Don't set the chroot field to *y* until you get things working on 
the smtpd instance. Then, if necessary, enable the chroot'd environment.

In main.cf, I added a call to check_sender_access and 
check_recipient_access in smtpd_recipient_restrictions as follows:

smtpd_recipient_restrictions =
   permit_mynetworks
   permit_sasl_authenticated
   reject_unauth_destination
   ... more tests ...
   check_sender_access hash:/etc/postfix/whitelist_sender
   check_recipient_access hash:/etc/postfix/filtered_domains

Note: The order in which the tests are listed is critical. SA is called 
last. In other words, the first matching test wins. So whitelisted 
senders are not run through SA.

In /etc/postfix/whitelist_sender, I add the envelope sender address 
(mail from) of list servers that I subscribe to so that SA is *not* run 
on these e-mails. Virus checking is done on all inbound e-mails on 
another server. i.e.

# List all list server subscription "mail from" addresses here.
fedora-list-bounces at redhat.com     OK
etc...

Then in /etc/postfix/filtered_domains, I add the domain names that I 
want to have SA called. These are all my registered domains, not the 
backup MX domains.

# Add only the domain you want to have filtered (run spamassassin)
mydomain1.com  FILTER  filter:spamassassin
mydomain2.com  FILTER  filter:spamassassin

Note: The call to the FILTER action.
See: http://www.postfix.org/access.5.html for info on the FILTER action 
syntax.

If you want to run SA on *all* e-mails, then you don't need to add the 
call to check_sender_access, just add the check_recipient_access at the end.

Thats it! Good luck
Steve Cowles

More information about the fedora-list mailing list