1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
---
title: "FreeBSD email server - Part 5: Filtering mail"
date: 2016-10-31 20:02:19
tags: Tutorial FreeBSD Email Postfix SpamAssassin Pigeonhole
layout: post
---
Being able to send mail and not be flagged as spam is pretty awesome on itself.
But you also get hit by a lot of spam. The more you give out your email address
and domain name, the more spam you will receive over time. I welcome you to
another part of the FreeBSD email server series. In this part, we will set up
email filtering at the server side.
We will accomplish this with a couple packages, [SpamAssassin][spamassassin]
and [Pigeonhole][pigeonhole]. The former deals with scanning the emails to
deduce whether it is spam or not. The latter filters messages. We will use this
filtering to drop emails marked as spam by SpamAssassin into the Junk folder,
instead of the inbox.
## Installing the packages
Both packages are available through FreeBSD's `pkg` utility. Install them as
such.
{% highlight sh %}
pkg install dovecot-pigeonhole spamassassin
{% endhighlight %}
## SpamAssassin
### Enabling the service
Like most services, you have to enable them as well. Pigeonhole is an extension
to Dovecot, and Dovecot will handle this one. SpamAssassin requires you to
configure the service as well. You can enable it and set sane configuration to
it with the following two commands.
{% highlight sh %}
echo 'spamd_enable="YES"' >> /etc/rc.conf.local
echo 'spamd_flags="-u spamd -H /srv/mail"' >> /etc/rc.conf.local
{% endhighlight %}
### Acquiring default spam rules
SpamAssassin has to "learn" what counts as *spam* and what counts as *ham*. To
fetch these rules, you should execute the updates for SpamAssassin with the
following command.
{% highlight sh %}
sa-update
{% endhighlight %}
You most likely want to run this once every while, so it is advised to setup a
cronjob for this purpose.
## Postfix
In order to have mails checked by SpamAssassin, Postfix must be instructed to
pass all email through to SpamAssassin, which will hand them back with a
`X-Spam-Flag` header attached to them. This header can be used by other
applications to treat it as spam.
### master.cf
There's not much to include to the already existing Postfix configuration to
enable SpamAssassin to do its job. Just open `/usr/local/etc/postfix/master.cf`
and append the block given below.
{% highlight ini %}
spamassassin unix - n n - - pipe
user=spamd argv=/usr/local/bin/spamc
-f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
{% endhighlight %}
## Pigeonhole
Pigeonhole is an implementation of Sieve for Dovecot. It deals with filtering
messages on the server side using a set of rules, defined in a file usually
named `sieve`. This file is generally saved at
`/srv/mail/domain.tld/user/sieve`. A default file to filter spam out is the
following example.
```
require [
"fileinto",
"mailbox"
];
if header :contains "X-Spam-Flag" "YES" {
fileinto :create "Junk";
stop;
}
```
This looks for the `X-Spam-Flag` header, which is added by SpamAssassin. If it
is set to `YES`, this indicates SpamAssassin thinks the message is spam. As
such, sieve is instructed to filter this message into the folder `Junk`, and to
create this folder if it does not exist yet. The `stop;` makes sieve stop
trying to process this message further based on later rules.
## Dovecot
Dovecot needs some additional configuration to work with Pigeonhole. Modify the
following files and add the contents described.
### conf.d/20-lmtp.conf
This will enable Pigeonhole in Dovecot.
{% highlight ini %}
protocol lmtp {
mail_plugins = $mail_plugins sieve
}
{% endhighlight %}
### conf.d/90-plugin.conf
This configures Pigeonhole to look for a file named `sieve` in the mailbox
homedir, and execute that when delivering mail.
{% highlight ini %}
plugin {
sieve = /srv/mail/%d/%n/sieve
}
{% endhighlight %}
## Conclusion
Spam is a pain, especially if you get a lot of it. The configuration added in
this part of the FreeBSD email server series should get rid of most of it. This
also concludes the series. If you have any questions or suggestions, please
contact me via any of the methods detailed on [my home page][home].
Thanks for reading along, and enjoy your very own email server!
[home]: {{ "/" | prepend: site.baseurl }}
[pigeonhole]: http://pigeonhole.dovecot.org/
[spamassassin]: https://spamassassin.apache.org/
|
