Spamassassin Ain't That Bad 2010-12-30
Anyone bothering to read this probably already knows that I have a mail server… and that I think spammers should be nailed to trees for their sins. I have spent plenty of time trying to find ways to dump spam but one that I have been avoiding is Spamassassin. Why? Well, for a few reasons:
- Apparently SA is a bitch to get running on Windows, and my mail server is Windows-based. Now, some people might say I am crazy for running a mail server on Windows… but they're wrong. hMailServer runs just fuckin' fine on Windows, and it doesn't have any serious security issues, and it supports everything I need it to, and it doesn't use a lot of resources. Then the scoffers say that I'm a moron for paying for Windows. Well, even if everyone in the world did pay for Windows, they could get a copy of WHS for like $150 which is plenty cheap if you really want to run something called a server.
- I never really understood how Spamassassin was configured. Clearly it is a *ix based system that is configged by flat text files… what I mean, is that I didn't want to become and expert on regex just so I could write rules for it.
- The times I had tried to setup SA, I found that it was another case of "dependency hell" where I needed an array of prerequisites out of the way before I could even get it installed. granted, this had been some time ago and I had high hopes for improvements here.
So… what changed my mind? What made me decide to try it again? Maybe it was Debian… maybe it was shit luck. Maybe it was sheer determination brought on by asshole spammers I wanted to beat with a hammer. I'm not sure.
So how did it happen? Well, I started getting lots of spam… feel free to peruse my previous posts, the point is that I was getting shit. And that shit was walking right through the antispam stuff I had setup. One of the specific problems was assholes sending spam from legitimate hotmail and gmail accounts. What the fuck can I do about someone sending from Hotmail? I can't very well blacklist Hotmail can I? I was being forced to find a better solution… and all signs pointed to SA.
Okay, so here's what you do:
- Setup a base install of Debian. This is really not that hard… go to this page and get the installation media. I personally like the "netinst" media in the section entitled Small CD's but you can read their explanations and decide what is best for you.
- During the install it'll ask you what you want to install and it will probably default to a "desktop system" which is fine if you want a workstation but not what you are looking for if you want a server (like for Spamassassin). So make sure that only "Base System" is selected and let the setup continue… make sure to set a nice strong root password when the installer asks you. Seriously, many of the defaults should be just fine when installing Debian… just read what it says and answer accordingly. It really is easier than a Windows install.
- Install SSH. All access to your server will be at a command line so if you want to access it from a remote location (like say a Windows based client) then you'll want to be able to SSH into it. If you prefer to access your server right from the console you can of course skip this step. apt-get install ssh
- Install SA. It'll handle the dependencies and install shitloads of them for you. apt-get install spamassassin
- Allow your mail server to talk to SA. By default SA assumes that it is only going to be used by the mail server that is installed locally. if you are going to run SA and your mail server on separate machines then you need to tell SA that your mail server is allowed to talk to it. Edit your /etc/default/spamassassin file and "enable" it ENABLED=1
- Then look for the line that starts with OPTIONS so you can add –allowed-ips 22.214.171.124
- at the end… course replace that IP address with whatever your mail server IP is. Thanks to CrazySquirrel for that little tidbit!
- Enjoy a nap. Seriously, that is it. That is what screwed me up previously. You don't need to tell it what DNSBLs to use. Or what SURBLs, or what rDNS or EHLO checks to use. It just has it's own ideas of what is good or bad and it uses them. The thing that fucked me up was that you're not supposed to configure SA! I guess some people might configure the threshold at which SA says a message is spam, but I bet a lot of people don't even touch that.
Now, if you are smart enough to be running hMailServer you can simply tell it to use your Spamassassin server and disable your other spam prevention settings. Now, as it turns out I am a bit of a hardass when it comes to spam, so I decided to add a few rules to my SA installation. Maybe my next post will be about those custom rules.