Much has been written about Postfix, Spamassassin, VPS systems and Debian, but very little has been written about actually getting them all working together and behaving nicely.

Historically I've always used Postfix, Amavisd and Spamassassin to do my mail filtering. However, Amavisd is memory hungry and overkill. So, I spent much of today configuring Postfix to use Spamassassin directly.

First of all, it's important to get Postfix running first. Then you can configure any mailing list software you use, eg. Mailman. The configuration of these two are beyond the scope of this post - but we're aiming for a fairly standard installation which is well-documented elsewhere.

Once Postfix is installed and configured, Spamassassin can be installed with "aptitude install spamassassin spamc".

Spamassassin needs a user to run as. We add this user by running:


#groupadd -g 5001 spamd
#useradd -u 5001 -g spamd -s /sbin/nologin -d /var/lib/spamassassin spamd
#mkdir /var/lib/spamassassin
#chown spamd:spamd /var/lib/spamassassin 


Now we need to configure spamd to run at startup, and tell it where it's home directory is. We therefore edit /etc/default/spamassassin to read:


ENABLED=1
SAHOME="/var/lib/spamassassin/"
OPTIONS="--create-prefs --max-children 2 --username spamd --helper-home-dir ${SAHOME} -s ${SAHOME}spamd.log"
PIDFILE="${SAHOME}spamd.pid"


Which will let us then start up spamd with "/etc/init.d/spamassassin start".

Next we need to tell Postfix to use Spamassassin. This is done by changing /etc/postfix/master.cf. We want to edit the smtp service and add a spamassassin service. We want the smtp service to read like:


smtp      inet  n       -       -       -       2       smtpd
  -o content_filter=spamassassin


The 2 in this entry limits Postfix's memory usage by only allowing two processes to run, which for a lightly used VPS server with very little memory is fine. It should be increased or removed entirely for a "proper" server, and should be the same number as max-children in /etc/default/spamassassin.

In master.cf, we also want to add:


spamassassin unix -     n       n       -       -       pipe
  user=spamd argv=/usr/bin/spamc -f -e
  /usr/sbin/sendmail -oi -f ${sender} ${recipient}


You'll probably also want to tweak /etc/spamassassin/local.cf a bit. local.cf is well commented, but it is recommended you at least add:


report_safe 0


We can now restart postfix by running "/etc/init.d/postfix reload". Test the mail server by sending it a real email, and then test it by sending an email with the following in the body:


XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X


That should get flagged as spam, but you'll still get the email. This is great, but weren't we aiming to get the spam filtered out? Well yes, we were. So we edit /etc/postfix/main.cf and add:


header_checks = regexp:/etc/postfix/header_checks


And in /etc/postfix/header_checks we add:


/^X-Spam-level: \*\*\*\*\*\*\*.*$/ DISCARD


Which will discard any spam scoring more than seven. So again we restart postfix by runnning "/etc/init.d/postfix reload", and again we test it by sending both some real email and some spam.

Now we should see /var/log/mail.log discarding spam. We should also see /var/lib/spamassassin/spamd.log showing how that spam is being discarded. You should check both logs to make sure there are no errors being shown, even if you are getting email correctly.

Perfect, everything's working great! There's still plenty of tweaking can be done, but this is the system we're using on a list/mail server and it's quite happily coping on a mid-range VPS system running a handful of lists of 10-100 members.

After all this configuration, it's probably helpful to keep an eye on the server for a while. Using multitail and a couple of shell files we can watch what's happening quite nicely.

vpsfree.sh:


#/bin/bash
awk '/oomguarpages/ {print "RAM Guarantee:            " $2/256 "MB in use out of " $4/256 "MB with a maximum of " $3/256 "MB"}' /proc/user_beancounters
awk '/privvmpages/  {print "Allowed Burst RAM:        " $2/256 "MB in use out of " $4/256 "MB with a maximum of " $3/256 "MB"}' /proc/user_beancounters
awk '/vmguarpages/  {print "Virtual Memory Guarantee: " $2/256 "MB in use out of " $4/256 "MB with a maximum of " $3/256 "MB"}' /proc/user_beancounters


watchmail.sh:


#!/bin/sh
multitail -Z red,black,inverse -T -x "%m %u@%h %f (%t)  [%l] " -m 100 -n 0 -f -cS postfix "/var/log/mail.log" -n 0 -f -cS spamassassin -I "/var/lib/spamassassin/spamd.log" -m 3 -wh 3 -r 30 -n 0 -l "/home/lordrich/vpsfree.sh"


Running the above watchmail.sh as root will give a nice screen with coloured mail logs and resource usage of your VPS.