Blog roll
R-bloggers, Debian Weekly![[Valid RSS]](valid-rss-rogers.png "Validate my RSS feed")
Last modified:
oktober 17, 2019
Problem: add a spam-filter to a basic exim4 installation (exim4-daemon-light).
Solution:
exim4-daemon-light with exim4-daemon-heavy,sa-exim, greylistd, spamassassin and some extra packages, see belowI had a working exim4 installation that accepted mail from a trusted server that performed spam-filtering. That server was taken out of service and now the spam-filtering part have to be done on this server instead. First, install exim4-daemon-heavy.
apt-get install exim4-daemon-heavy
This will automatically remove exim4-daemon-light, which is good. I tested that the new server accepted mails and contiued to install greylistd and sa-exim.
apt-get install greylistd sa-exim greylistd-setup-exim4 add
sa-exim pulls in spamc but spamc does not depend on spamassassin, though, since one might want to run spamassassin on only one server in a network and spamc on several clients. Therefore, an explicit installation of spamassassin is needed.
apt-get install spamassassin
Now, in order to enhance the performance of spamassassin, I followed the advice in /usr/share/doc/spamassassin/README.Debian.gz and installed some packages to be able to use precompiled patterns:
apt-get install re2c libc6-dev gcc make
To get it all started configure /etc/default/spamassassin and set
# Change to one to enable spamd #ENABLED=0 ENABLED=1 #CRON=0 CRON=1
and configure /etc/spamassassin/v320.pre where the following line should be un-commented
loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody
Now, compile some patterns with sa-compile:
# sa-compile [31687] info: generic: base extraction starting. this can take a while... [31687] info: generic: extracting from rules of type body_0 96% [========================================== ] 5.32 rules/sec 00m04s LEFT
On a computer as slow as mine, it will take a while...
When the compilation is done, start spamassassin.
/etc/init.d/spamassassin start Starting SpamAssassin Mail Filter Daemon: spamd.
One thing left to do, explicitly enable spamassassin in /etc/exim4/sa-exim.conf.
The original:
#---------------------------------------------------------------------- # Remove or comment out the following line to enable sa-exim SAEximRunCond: 0 #----------------------------------------------------------------------
must read:
#---------------------------------------------------------------------- # Remove or comment out the following line to enable sa-exim # SAEximRunCond: 0 #----------------------------------------------------------------------
I had trouble getting sa-exim to actually run spamassassin on the message until I realised that I did not use split_config. greylistd added itself to the monolithic exim4.conf.template so it worked, but sa-exim only added a file /etc/exim4/conf.d/main/15_sa-exim_plugin_path. So, I had to switch to
dc_use_split_config='true'
in /etc/exim4/update-exim4.conf.conf to get sa-exim to run spamassassin.
In /etc/greylistd/whitelist-hosts I put a pattern that matches mail sent from the domain of my employer
*bar.com
And in /etc/spamassassin/local.cf I added a few lines with mail-addresses that I trust.
whitelist_from *@bar.com whitelist_from my@baz.com
Sticking with the default 5.0 for now.
greylisting relies on that the same IP will be used for successive attempts to deliver, googles mail service does not - always - work that way. A workaround is to whitelist *google.com in /etc/greylistd/whitelist-hosts.
Since my ISP blocks tcp/25 outgoing I had not the possibility to use the debated callout test. Here's a two articles on the subject: for and against.
To get SPF-testing to work, I did:
apt-get install libmail-spf-query-perl
And created a file /etc/exim4/conf.d/main/00_local_options
CHECK_RCPT_REVERSE_DNS = yes CHECK_RCPT_SPF = yes
update-exim4.conf invoke-rc.d exim4 restart