====== SpamAssassin and Postfix ======

**Note:** This page has been resurrected from my old site (R.I.P.). As I still see hits in my logs from people looking at it, I managed to get its content and put it here.

SpamAssassin (SA) updates its bayesian filter with the command ''sa-learn''. However, if one use a setup using for instance AMaViS to activate an antivirus and SA for all the mails going through the server, it can be useful to provide 2 mail aliases (eg spam@example.com and ham@example.com) to report false positives and false negatives that could have gone through SA. Theses aliases would allow, just by forwarding the offending mail, to transmit them to sa-learn.

To achieve this we will configure several parts of Postfix and use a wrapper script for sa-learn.

Beware: for this to work with the provided script, your forwarded message must be in the form of message/rfc822. Ths is possible for example with Thunderbird or Mozilla by choosing to forward messages as attachments in Options/Composition. A following version will accept Outlook forwarded messages. If you want to do this yourself, please tell me and I will include your patch. Thomas A. Luther tells me that if you compose a new message with Outlook, then drag and drop the spams/hams to it they will be sent as message/rfc822. So this can be a method.

===== Postfix configuration =====

==== /etc/postfix/aliases file ====

In this file, add the two first and optionally the third aliases like this:

<code>
spam:		spam@spam.spam
ham:		ham@ham.ham
notspam:	ham@ham.ham
</code>

You can now issue the command newaliases, it causes no harm. These aliases will redirect the mail towards the special domains that we will define later.

N.B. : The aliases spam and ham are examples. To avoid their spreading and thus being targetted by spammers, choose other aliases at your convenience.

==== /etc/postfix/main.cf file ====

Here we are going to define the transport file (if this is not already done) :

<code>
transport_maps = hash:/etc/postfix/transport
</code>

==== /etc/postfix/transport file ====

You must create this file with the following lines, or just add them is it already exists:

<code>
spam.spam	sa-spam:
ham.ham		sa-ham:
</code>

These lines define (fictitious) domains for which we will use a special transport defined in ''/etc/postfix/master.cf''.

Don't forget to issue the command ''postmap /etc/postfix/transport''.

==== /etc/postfix/master.cf file ====

Here we are going to setup the domain transports defined previously:

<code>
# Spam & Ham
sa-spam	unix	-	n	n	-	-	pipe user=amavis:amavis argv=/usr/local/bin/sa-wrapper.pl spam ${sender}
sa-ham	unix	-	n	n	-	-	pipe user=amavis:amavis argv=/usr/local/bin/sa-wrapper.pl ham  ${sender}
</code>

Replace the ''user=amavis:amavis'' parameter with the user:group that executes SA in your configuration.

===== Wrapper =====

The script is available [[sa-wrapper|here]]. Download it in ''/usr/local/bin'' and edit it to set variable ''$UNPACK_DIR'' on a directory that you create in the ''$HOME'' directory of the user that execute SA (for instance amavis) and the ''$SA_LEARN'' variable to the path of the sa-learn executable. the ''$DEBUG'' variable purpose is to verify the correct setup of this hack (see below). The ''@DOMAINS'' variable has been added to check the sender against predefined values to allow only some senders to use these aliases. Set it to the domains you want to allow. Don't forget to set the rights and / or owner of the script to allow executing by amavis user and / or group.

Note: The script use the ''MIME::Tools'' package that is either already available for your distribution (for instance perl-MIME-tools-5.411-6mdk for Mandrake 9.2 (wow, not really recent :-P)), or at CPAN.

===== Final setup =====

Issue a postfix reload.

To check the correct configuration, set the ''$DEBUG'' variable to 1 in the wrapper script and forward a spam to the address ''spam@example.com'' where ''example.com'' is your domain. Check any error in the logfiles and wait until a line like this:

<code>
Jan 10 05:12:49 moulin postfix/pipe[8288]: 72C167E0C: to=<spam@spam.spam>, orig_to=<spam@example.com>, relay=sa-spam, delay=15, status=sent (spam.spam)
</code>

appears in the mail logfile (or in ''/var/log/syslog''). Then check the file(s) ''/tmp/spam.log.''//pid// (where //pid// is the ''PID'' of the process) to see if the SA tokens match the text of the spam that you forwarded. Do this test again but with a normal mail that you forward to ''ham@example.com''. Don't forget to set the ''$DEBUG'' variable back to 0 if everything seems OK. The ''$DEBUG'' variable also ask the script to output some ''MIME::Tools'' info to /tmp/spam_err.log.

In case of problem, suggestion or question, email me to [[mid@gtmp.org]].