SpamAssassin and Razor

SpamAssassin is an anti-spam mail filter.

Additional Resources:

• Debian SpamAssassin Packages
• SpamAssassin Product Home
• Debian Razor Packages
• Razor Product Home

Note: This chapter only installs SpamAssassin and Razor. We will configure Exim, the MTA, to use SpamAssassin as a filter in a subsequent chapter.

1. Login as the root user.
   [screenshot]

2. Update the package list.

   # apt-get update

3. Install the libnet-dns-perl and libmailtools-perl packages.

   # apt-get install libnet-dns-perl libmailtools-perl
   [screenshot]

   Note: These packages improve the performance of SpamAssassin, but they are not required.

4. Install a recent version of the Razor package.

   # apt-get install --target-release testing razor
   [screenshot]

   Note: Razor improves the performance of SpamAssassin, but it is not required.

5. Install a recent version of the SpamAssassin package.

   # apt-get install --target-release testing spamassassin
   [screenshot]

6. Copy this schema file to the target computer:
   [spamassassin-userpref.sql]

7. Use the schema file to create a database table for SpamAssassin.

   # mysql < spamassasin-userpref.sql
   [screenshot]

8. Start the MySQL monitor.

   # mysql
   [screenshot]

   Notice how the command prompt changes from "#" to "mysql>".

9. Verify that the spamassassin database was created.

   mysql> SHOW DATABASES;
   [screenshot]

   The spamassassin database should appear in the list.

10. Connect to the spamassassin database.

    mysql> USE spamassassin;
    [screenshot]

    The spamassassin database should appear in the list.

11. Verify that the userpref table was created.

    mysql> SHOW TABLES;
    [screenshot]

    The userpref table should appear in the list.

12. Verify that the userpref table was populated.

    mysql> SELECT * FROM userpref;
    [screenshot]

13. Create a MySQL user for the spamd daemon.

    mysql> GRANT SELECT ON spamassassin.* TO spamd@localhost IDENTIFIED BY 'def456';
    [screenshot]

    This command creates a MySQL user named spamd with password def456 that has read-only access to all tables in the spamassassin database.

    Note: Use a different password than def456.

    Note: The password must be given within single quotes.

    Note: The MySQL accounts database is separate from the domain. Domain users cannot login to MySQL.

14. Exit the MySQL monitor.

    mysql> exit
    [screenshot]

    Notice how the command prompt changes back to the "#".

15. Login to MySQL as the spamd user.

    # mysql -h localhost -u spamd -p
    [screenshot]

16. Verify that the spamd user can read the spamassasin database.

    mysql> SELECT * FROM spamassassin.userpref;
    [screenshot]

17. Exit the MySQL monitor.

    mysql> exit
    [screenshot]

    Notice how the command prompt changes back to the "#".

18. Create a local system user for the spamd daemon.

    # adduser --system --home /var/lib/spam --shell /bin/false --disabled-password --disabled-login spamd
    [screenshot]

19. Edit the /etc/spamassassin/local.cf file.

    # mcedit /etc/spamassassin/local.cf
    [screenshot]

    Change the file to read as follows:

    auto_whitelist_path /var/lib/spam/whitelist
    user_scores_dsn DBI:mysql:spamassassin:localhost
    user_scores_sql_username spamd
    user_scores_sql_password def456
    user_scores_table userpref
    

    Remember to substitute the appropriate password for def456.

20. Edit the /etc/default/spamassassin file.

    # mcedit /etc/default/spamassassin
    [screenshot]

    Change the file to read as follows:

    ENABLED=1
    OPTIONS="--username spamd --nouser-config --sql-config --whitelist"
    

21. Start the SpamAssassin daemon.

    # /etc/init.d/spamassassin start
    [screenshot]

22. Test SpamAssassin with the sample spam message.

    # zcat /usr/share/doc/spamassassin/sample-spam.txt.gz | spamc | more
    [screenshot]

    SpamAssassin is working properly if this line exists in the output:
    X-Spam-Status: YES

    (This is the 9th line in the screenshot.)