Translation(s): English - Italiano -Русский
SpamAssassin
SpamAssassin используется для фильтра электронной почты от спама.
Более детально можно ознакомиться на официальной странице SpamAssassin http://spamassassin.apache.org/
Версии пакетов
Необходимо регулярно обновлять пакеты SpamAssassin, так как спамеры адаптируются к фильтрам.
Установка Postfix и SpamAssassin 3.3.2 (Wheezy)
Инструкция по интеграции ?SpamAssassin в Postfix для защиты почтового сервера от спама. Нужно установить следующие пакеты:
- postfix
- spamassassin
- spamc
Postfix
SA will be used as a content filter for the postfix 'smtp' (and submission) binary. The spamc binary passes the email to spamd (daemonized SA) and then back to the mail queue.
master.cf
Добавьте в smtp и submission сервисы строку:
-o content_filter=spamassassin
Должно получиться:
smtp inet n - - - - smtpd -o content_filter=spamassassin submission inet n - - - - smtpd -o content_filter=spamassassin
или что то похожее.
Также нужно добавить строки:
spamassassin unix - n n - - pipe user=debian-spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
main.cf
Не требует изменений.
Завершающий этап
Перегрузите конфигурацию
postfix reload
или
service postfix reload
Spamassassin
Конфигурацию ?SpamAssassin можно изменить по желанию. Например:
/etc/spamassassin/local.cf
снимите комментарий со строки
rewrite_header Subject *****SPAM*****
у всех писем со спамом будет изменятся заголовок письма на *****SPAM*****
Setting up Exim 4 and SA 2.64 to reject spam at SMTP time
This section contains outdated information.
It is fairly easy to set up Exim4 and SA to reject spam in the SMTP dialogue, that is, while the spam is still in transmission and your system is still talking to the spammer.
First of all, you need the exim4-daemon-heavy which has exiscan-acl. The latter allows scanning messages. Then, you need SA installed, and just follow the documentation exiscan-acl-docs.
Details
In the file /etc/exim4/conf.d/main/15_spamassassin-config I have simply the following:
spamd_address = 127.0.0.1 783
To avoid scanning messages that are destined to postmaster or abuse (and is their damned duty to read) modify the entry in /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt to read:
accept local_parts = postmaster:abuse domains = +local_domains set acl_m0 = rfcnames
Then, the rest goes in /etc/exim4/conf.d/acl/40_exim4-config_check_data
Pretty high up, you need:
accept condition = ${if eq{$acl_m0}{rfcnames} {1}{0}}
And then somewhere far down there:
warn message = X-Spam-Score: $spam_score ($spam_bar) spam = nobody:true
warn message = X-Spam-Flag: YES spam = nobody warn message = X-Spam-Report: $spam_report spam = nobody
# reject spam at high scores (> 12) deny message = This message scored $spam_score spam points. spam = nobody:true condition = ${if >{$spam_score_int}{120}{1}{0}}
However, note that any errors can result in loss of valid e-mail, so make sure you have read and understand the official documentation before you use it. This is meant to give a taste of what is involved in getting it working.
Important Notes
It is controversial whether rejecting at SMTP time is such a good idea. The problem is, spammers (and viruses) routinely forge the from address on the envelope. This means that if there is a bounce generated, it will go to this address, which can be randomly generated, or worse, an innocent third party.
Therefore, it is very important that your system doesn't generate a bounce. That's your responsibility. For one thing, you can't accept a message and then bounce it, that would be wrong. You can't, for example, have your secondary MX accept a message and then have your primary reject it. If you are to use this, your primary and secondary MX should have identical configurations with respect to rejecting spam.
The other thing are relays. Spammers often take over relays to obscure the true source of the spams. If a relay under a spammer's control generate a bounce message based on your rejection, that bounce may go to an innocent thrid-party, which would be bad. That's the main reason why some consider this approach harmful.
The advocates of this approach points out that spammers have no interest in generating bounces, as that would only cut into their own spamming bandwidth and make them less efficient. Therefore, one rarely sees a raped relay, or a spammer himself, generate a bounce, which solves the problem.
Other advocates hold the position that "my system, my responsibility, your system, your responsiblity", implying that an administrator would need a heads-up he would get from letting his relay pass on spam.
External Links
http://spamassassin.apache.org/ - Домашняя страница проекта;
http://wiki.apache.org/spamassassin/ - Wiki;
http://wiki.apache.org/spamassassin/FrequentlyAskedQuestions - Часто задаваемые вопросы
FixMe: This page needs to be brought up to date.