This tutorial sets up and configures the following:
Primary packages
- sendmail
- spamassassin
- milter-greylist
- GeoIP
- clamav
- spamassassin-milter
- clamav-milter
- dovecot
Addons to spamassassin
- SPF
- DKIM
Optional Extras
- spf-milter
NOTE: I’ll discuss how to setup the spf-milter, towards the end of this post but I now consider this an OPTIONAL package after talking with the maintainer of the city-fan.org repo, Paul Howarth. In talking with Paul, it turns out that spamassassin now has the ability to perform SPF checks based on a sender’s domain and IP address. This makes installing the spf-milter redundant and unecessary.
Getting Started
I found this very helpful YUM repository, city-fan.org that contains pretty much everything I needed to accomplish this, minus the ClamAV packages. For those I looked to another repository, rpmforge. To get started, I installed the repo rpm files below.
Setting up city-fan.org repo
1 2 3 4 5 6 7 8 | # install yum repo package rpm -Uvh http://www.city-fan.org/ftp/contrib/yum-repo/city-fan.org-release-1-7.rhel5.noarch.rpm # import repo's GPG Key rpm --import http://www.city-fan.org/ftp/contrib/yum-repo/CITY-FAN.ORG-GPG-KEY # perform an initial update yum update |
Setting up rpmforge repo
1 2 3 4 5 6 7 8 | # install yum repo package rpm -Uvh http://dag.wieers.com/rpm/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm # import repo's GPG Key rpm --import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt # perform an initial update yum update |
Setting up Spamassassin
1 2 | yum install spamassassin \
spamass-milter |
Setup /etc/sysconfig/spamassassin
1 2 | # Options to spamd SPAMDOPTIONS="-d -c -m5 -H" |
Setup /etc/sysconfig/spamass-milter
1 2 3 4 5 6 7 8 9 10 11 12 | ### Override for your different local config #SOCKET=/var/run/spamass-milter/spamass-milter.sock ### Standard parameters for spamass-milter are: ### -P /var/run/spamass-milter.pid (PID file) ### ### Note that the -f parameter for running the milter in the background ### is not required because the milter runs in a wrapper script that ### backgrounds itself ### ### You may add another parameters here, see spamass-milter(1) #EXTRA_FLAGS="-m -r 15" |
Add the following to sendmail.mc and re-make sendmail.cf
1 2 3 4 5 6 | dnl ** dnl ** enable spamassassin-milter to scan for spam using spamassassin ** dnl ** INPUT_MAIL_FILTER(`spamassassin', `S=unix:/var/run/spamass-milter/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl define(`confMILTER_MACROS_CONNECT',`t, b, j, _, {daemon_name}, {if_name}, {if_addr}')dnl define(`confMILTER_MACROS_HELO',`s, {tls_version}, {cipher}, {cipher_bits}, {cert_subject}, {cert_issuer}')dnl |
Setting up SPF (NOTE: used by spamassassin, NOT the milter!)
1 2 3 4 5 | # install perl-Mail-SPF yum install perl-Mail-SPF # restart spamassassin (in order to detect the spf plugin) /etc/init.d/spamassassin restart |
Spamassassin will automatically detect that SPF has been installed and will start using it as part of its scoring of each email. You can confirm that it’s working with this test.
1 2 3 4 5 6 7 8 9 10 11 | spamassassin -D < /usr/share/doc/spamassassin-3.2.5/sample-spam.txt 2>&1 |grep -i spf [18108] dbg: config: read file /usr/share/spamassassin/25_spf.cf [18108] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf [18108] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC [18108] dbg: spf: checking to see if the message has a Received-SPF header that we can use [18108] dbg: spf: using Mail::SPF for SPF checks [18108] dbg: spf: no suitable relay for spf use found, skipping SPF-helo check [18108] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [18108] dbg: spf: no suitable relay for spf use found, skipping SPF check [18108] dbg: spf: def_spf_whitelist_from: already checked spf and didn't get pass, skipping whitelist check [18108] dbg: spf: whitelist_from_spf: already checked spf and didn't get pass, skipping whitelist check |
Setting up DKIM
This module implements the various components of the DKIM and DomainKeys message-signing and verifying standards for Internet mail. It currently tries to implement these specifications:
* RFC4871, for DKIM
* RFC4870, for DomainKeys
1 | yum install perl-Mail-DKIM |
Spamassassin will automatically detect that DKIM has been installed and will start using it as part of its scoring of each email. I confirmed that it was working by sending myself an email from my gmail account and copying this email, make sure to include the full headers, into a text file. In my case I called this file test_email.txt.
1 2 3 4 5 6 | spamassassin -D < ~/sam2.txt 2>&1 |grep -i dk [18334] dbg: config: read file /usr/share/spamassassin/25_dkim.cf [18334] dbg: config: read file /usr/share/spamassassin/60_whitelist_dk.cf [18334] dbg: config: read file /usr/share/spamassassin/60_whitelist_dkim.cf DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; bh=8PW6kvDkcUGo7mGimEUrTlMVS5Y1dFw/IjjLn1WnNLw=; |
Setting up GeoIP
1 | yum install GeoIP |
This package will be leveraged by milter-greylist to perform greylisting based on geographic locations of the sender’s IP address.
Setting up milter-greylist
The latest version can be downloaded from this page
1 2 | wget http://www.mailscanner.info/files/greylist/milter-greylist-4.0-4.jkf.el5.i386.rpm yum --nogpgcheck install milter-greylist-4.0-4.jkf.el5.i386.rpm |
…. Continue reading → How to Setup a Mail Server on CentOS 5 »»
May 20th, 2009, @ 1:51 am |
Tags: 
Category: 
