Step by step solutions to IT problems

Run SpamAssassin with Postfix

For filtering spam on a mail server, the best option is probably SpamAssassin. We walk through getting SpamAssassin installed and running on a Postfix mailserver.

Getting Started

Before you start you'll need an installed and working copy of postfix, and perl installed, as SpamAssassin is written in perl. If you don't have postfix installed and working yet, then do that first before installing SpamAssassin.

Firstly grab the latest source code for SpamAssassin, extract the files,

tar -xjf Mail-SpamAssassin-3.1.3.tar.bz2

Before you run the make file, ensure you have plenty of free memory (real or swap is fine), 128MB should be enough, as insufficient memory can cause the install to fail without warning.

cd Mail-SpamAssassin-3.1.3
perl Makefile.PL

When you run the makefile, you may find that it tells you that some perl packages are missing. If any look important, (such as IO:Zlib) then it's usually worth installing them.

NOTE: the optional IO::Zlib module is not installed.

The "sa-update" script requires this module to access compressed update archive files.

optional module missing: IP::Country optional module missing: Razor2 optional module missing: Net::Ident optional module missing: IO::Socket::INET6 optional module missing: IO::Socket::SSL optional module missing: Archive::Tar optional module missing: IO::Zlib

warning: some functionality may not be available, please read the above report before continuing!

Checking if your kit is complete... Looks good Writing Makefile for Mail::SpamAssassin

The easiest way to install missing modules is with perls CPAN module

perl -MCPAN -e "install IO::Zlib"

replacing the IO::Zlib with whichever module you need to install.

Now that SpamAssassin is sucessfully installed, you need to create a user account that SpamAssassin will run as. You can just use the "nobody" user, but SpamAssassin needs to create files in the user's home directory, and usually the "nobody" account doesn't have a home directory specified ( or its "/" ).

The easiest way is to just edit the /etc/passwd file, and copy the line for the user "nobody" giving it a new name and UID. You can leave the Group Id (GID) the same as for nobody.


Now create the home directory for that account, and change its permissions

mkdir /home/spamuser
chown spamuser:nogroup /home/spamuser

SpamAssassin is now ready to run, and should work with its default settings, but you can tweak them later on.

Configuring Postfix

The simplest way of getting Postfix to use SpamAssassin is to add it as a content filter, as you only need to edit postfix's config file.

Firstly check the locations of your spamc and sendmail programs, as we will need the correct paths for the content filter line.

root@darkstar:~# which spamc
root@darkstar:~# which sendmail

You now need to edit the file which is usually in /etc/postfix/

Change the smtp line from

# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       n       -       -       smtpd

adding the content filter to the end

# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       n       -       -       smtpd -o content_filter=spamassassin

And now add a new line at the bottom of the file for the new content filter. You can either split the line over multiple lines, as long as each continuation line starts with a space (as displayed below) , or you can put the whole lot on one line.

     unix  -       n       n       -       -       pipe
     -e /usr/sbin/sendmail 
     -oi -f ${sender} ${recipient}

Note that the paths to spamc and sendmail need match the paths you looked up earlier.

All the basic configuration is now done, and you should be ready to test the system.

Restarting the system

Firstly start the SpamAssassin daemon with the command


If everything works ok, then you will need to add an entry to one of your startup files ( such as /etc/rc.d/rc.postfix ) to start the SpamAssassin daemon every time the system starts, with the command

/usr/bin/spamd -d

Now restart postfix with the commands

postfix stop
postfix start

You could probably have just issued a reload command, but I prefer to completely stop and start the system whenever I make changes to the, so that I know it will start ok after a reboot.

Now before you send yourself an email testing the system, monitor the maillog for the spamassassin messages, with

tail -f /var/log/maillog

Now send an email through the mailserver, and you should see lines as below appearing

darkstar spamd[26817]: spamd: connection from localhost []
 at port 53540
darkstar spamd[26817]: spamd: setuid to spamuser succeeded
darkstar spamd[26817]: spamd: processing message <> 
 for spamuser :100
darkstar  spamd[26817]: spamd: clean message (0.0/5.0) for spamuser 
 :100 in 14.1 seconds, 6964 bytes.
darkstar spamd[26817]: spamd: result: .  0 - 

Now that SpamAssassin is installed and working, you can start looking at making any tweaks you want to the configuration files in /etc/mail/spamassassin with the command

man Mail::SpamAssassin::Conf

The best location for more detailed information on setting up SpamAssassin and its settings is the SpamAssassin Wiki

Submit to    digg    reddit    simpy