How to Secure Postfix with SpamAssassin on an Ubuntu 18.04 VPS or Dedicated Server

Apache SpamAssassin is an intelligent software application for filtering unsolicited emails from telemarketers and hackers.  The utility runs on top of a Mail Transfer Agent (MTA) like Postfix to classify and block unwanted emails.

SpamAssassin is free and Open-source and relies on Perl language to scan and identify email headers, subject lines, and body to keep a server from spam.

In this guide, we will show you how to install SpamAssassin on your mail server hosted on Ubuntu 18.04 server...

Prerequisite

  • A VPS plan running Ubuntu 18.04 server
  • A non-root user with sudo privileges
  • Postfix email server

Step 1:  Installing SpamAssassin

We are going to install SpamAssassin using apt-get command. Before that, let us first update the package list information:

$ sudo apt-get update

Then, run the command below to install SpamAssassin:

$ sudo apt-get install spamassassin spamc

Press Y and hit Enter when prompted to confirm the installation

Step 2:  Adding SpamAssassin System User

SpamAssassin requires a system user to work. So we are going to add a new user on the system using the command below:

$ sudo adduser spamd --disabled-login

You will be prompted to enter more details about the user, just hit Enter key to skip the details. Towards the end of the prompt, you will be asked to confirm if the details are correct. Enter Y and press Enter to continue

Full Name []: Press Enter to skip
Room Number []:Press Enter to skip
Work Phone []:Press Enter to skip
Home Phone []:Press Enter to skip
Other []:Press Enter to skip
Is the information correct? [Y/n] Y

Step 3: Editing SpamAssassin Configuration File

Once SpamAssassin is installed, it has a default configuration file located at /etc/default/spamassassin. We are going to edit this file using a nano editor to change a few parameters.

$ sudo nano /etc/default/spamassassin

First change the value of ENABLED directive from 0 to 1:

Default Value:

$ ENABLED =0

Change to:

$ ENABLED =1

Next, you need to create a variable named SAHOME with the below value:

$ SAHOME="/var/log/spamassassin/"

Look for the OPTIONS directive and change its value as shown below:

Default Value:

$ OPTIONS="--create-prefs --max-children 5 --helper-home-dir"

Change to:

$ OPTIONS="--create-prefs --max-children 5 --username spamd --helper-home-dir /home/spamd/ -s /home/spamd/spamd.log"

Also, in order for SpamAssassin to pick updates, we are going to set the CRON value to 1 so that the utility can download new rules automatically.

Default Value:

$ CRON =0

Change to:

$ CRON =1

Press CTRL+X, Y and Enter to save the file

Step 4: Adding SpamAssassin Spam Rules

Next, we are going to add some spam rules. The file we are going to edit is located at /etc/spamassassin/local.cf. So, type the command below to open the file using nano editor:

$ sudo nano /etc/spamassassin/local.cf

>Uncomment the lines shown below and change the values as indicated

rewrite_header Subject [***** SPAM _SCORE_ *****]
required_score          5.0
use_bayes               1
bayes_auto_learn        1

Press CTRL+X, Y and Enter to save the file

Step 5: Editing Postfix

Next, we need to configure Postfix so that it can pipe mails through SpamAssassin. So run the command below to edit Postfix main configurations file:

$ sudo nano  /etc/postfix/master.cf

Look for the line:

$ smtp inet n - - - - smtpd

And change to:

$ smtp inet n - - - - smtpd
$  -o content_filter=spamassassin

Also, you need to add the line below to setup after queue content filter:

$ spamassassin unix -     n       n       -       -       pipe
    user=spamd argv=/usr/bin/spamc -f -e  
    /usr/sbin/sendmail -oi -f ${sender} ${recipient}

Press CTRL+X, Y and Enter to save the file

Step 6: Restart Postfix and SpamAssassin

For the changes to take effect, you need to restart Postfix and SpamAssassin using the commands below

$ sudo service postfix restart
$ sudo service spamassassin restart

Step 7: Testing SpamAssassin

You can check if SpamAssassin is working by sending an email to your server and examining headers from an email client.

Conclusion

In this guide, we have taken you through the steps of securing your email server with SpamAssassin. If you follow the configurations step-by-step, you will say goodbye to unsolicited emails on your server. This will keep your server safe and avoid lots of junk emails that could mix up with important messages about your business.

 

Check out these top 3 Email hosting services:

Was this article helpful?