Cart

    Sorry, we could not find any results for your search querry.

    Postfix antispam with Spamassassin

    Bots and other malicious actors send a lot of spam via email. They try to exploit vulnerabilities on servers (e.g., your VPS) to send spam from an infected mail server. Therefore, it is important to use anti-spam software on your mail server in addition to good overall VPS security.

    In this tutorial, we show how to use SpamAssassin as spam protection for a mail server with Postfix and Dovecot.

     

     

    SpamAssassin in short

    SpamAssassin scans mail for elements that it recognizes as possible spam characteristics, such as:

    • A small amount of text relative to the number of images in an email
    • An email subject consisting of uppercase letters
    • An invalid or absent DKIM record (more and more parties automatically block email as spam if it doesn't have DKIM; see also this guide)
    • etc.

    When SpamAssassin sees such characteristics, it assigns a score for that characteristic. The score is higher when the specific characteristic often appears in spam. SpamAssassin adds up all the scores, and if it reaches a pre-set value, the email is blocked as spam.


     

    Installing and configuring SpamAssassin

     

    Step 1

    Connect to your VPS via SSH or the VPS console in the TransIP control panel.


     

    Step 2

    Install SpamAssassin with:

    Ubuntu & Debian:

    apt -y install spamassassin

    CentOS Stream, AlmaLinux & Rocky Linux:

    dnf -y install spamassassin

     

    Step 3

    Then open the master configuration of Postfix:

    nano /etc/postfix/master.cf

     

    Step 4

    Expand the smtp line at the top of the file so that it looks like this:

    smtp      inet  n       -       n       -       -       smtpd -o content_filter=spamassassin

    Then scroll all the way to the bottom of the file and add the following code:

    spamassassin unix - n n - - pipe flags=R user=spamd argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}

    Save the changes and close the file (ctrl + x > y > enter).


     

    Step 5

    By default, SpamAssassin is set to block email with a score of 5 (see 'SpamAssassin in brief'). This is quite strict and can lead to false positives. We see this, for example, more often when older email software is used to send emails. Old software often contains errors in the formatting of the emails, which can cause them to be marked as spam.

    We therefore recommend using a value between 7 and 10 instead of 5. You can adjust this in the following file:

    nano /etc/mail/spamassassin/local.cf

    Adjust the value of required_hits to the desired value, for example:

    required_hits 8

    Spam messages get the addition [SPAM] behind the subject. You are free to adjust this by modifying the block rewrite_header Subject [SPAM].

    Save the changes and close the file (ctrl + x > y > enter).

    Individual SpamAssassin rules can be found in the files in /usr/share/spamassassin. The content of these files is outside the scope of this guide.


     

    Step 6

    Then add a user for SpamAssassin so that Postfix can communicate with SpamAssassin:

    groupadd spamd
        useradd -g spamd -s /bin/false -d /var/log/spamassassin spamd
        chown spamd:spamd /var/log/spamassassin

     

    Step 7

    Restart SpamAssassin, update the spam rules, and restart Postfix:

    systemctl enable spamassassin
        systemctl start spamassassin

     

    Step 8 - optional

    You can automatically update the spam rules via a cron job, for example by opening crontab (with sudo or as root):

    crontab -e

    Add the following line at the bottom of the file. This updates the spam rules every Sunday at 0:00:

    0 0 * * 0 sa-update && systemctl restart spamassassin

    Save the changes and finally close crontab with :wq!


     

    This brings us to the end of this tutorial. However, there are additional checks you can perform to see if mail is spam: blacklist checking. We explain how to enable blacklist checking in this tutorial.

    If you have any questions based on this guide, do not hesitate to contact our support department. You can reach them via the 'Contact us' button at the bottom of this page.

    Need help?

    Receive personal support from our supporters

    Contact us