By Francis Ndungu, Alibaba Cloud Tech Share Author. Tech Share is Alibaba Cloud’s incentive program to encourage the sharing of technical knowledge and best practices within the cloud community.

Unsolicited emails are very annoying because they take up your disk space and waste your time every time you try to weed them out from your inbox . Luckily, SpamAssassin is one of the best Open-source tools for filtering and blocking spam.

Designed in Perl, Apache SpamAssassin uses different approaches to identify and block spam. These include: online blacklist database lookup, checksum based filters, Bayesian algorithm and third party programs.

The highly configurable email filter utility is rule-based and to function effectively, it uses regular expressions to determine if an email contains Spam.

If you have already setup an email server with Postfix, SpamAssassin is a good tool for keeping your inbox free from unwanted emails from hackers and telemarketers.

This is a comprehensive guide that walks you through the process of securing your Ubuntu 16.04 Postfix email server with SpamAssassin.

Prerequisites

1. An Alibaba Cloud account.
2. An Alibaba Cloud ECS instance running Ubuntu 16.04 Linux distribution.
3. Postfix Email Server. See our guide for setting up an email server with Postfix, Dovecot and SquirrelMail on Ubuntu 16.04 Alibaba ECS
4. A non-root user that can perform sudo tasks on your server.

Step 1: Installing and Configuring SpamAssassin

SpamAssassin is available on the Ubuntu software repository. So before we install it, let’s first update the package information index:

$ sudo apt-get update

Then we can install SpamAssassin with the command below:

$ sudo apt-get install spamassassin spamc

Step 2: Creating a User for SpamAssassin

Next, we need to create a dedicated user for SpamAssassin:

$ sudo adduser spamd --disabled-login

Step 3: Configuring SpamAssassin

After installation, we are going to edit the SpamAssassin configuration file. To do this, open the file /etc/default/spamassassin using nano text editor:

$ sudo nano /etc/default/spamassassin 

To enable SpamAssassin on the system, find the parameter ENABLED and change its value from 0 to 1.

ENABLED =1

Next, we are going to create a SAHOME variable and direct it to SpamAssassin home directory:

SAHOME="/var/log/spamassassin/"

Then, locate the below line on the same file:

OPTIONS="--create-prefs --max-children 5 --helper-home-dir"

Change it to:

OPTIONS="--create-prefs --max-children 5 --username spamd --helper-home-dir /home/spamd/ -s /home/spamd/spamd.log"

To pick the latest updates from SpamAssassin, we are going to change the CRON value from 0 to 1:

CRON =1

When you are done editing the file, press CTRL+X, Y and Enter to save the changes.

Step 4: Adding Rules to SpamAssassin

We can now start adding rules to SpamAssassin. Open the file /etc/spamassassin/local.cf

Using nano text editor:

$ sudo nano /etc/spamassassin/local.cf

Make sure the below parameters and values are set on the file:

rewrite_header Subject [***** SPAM _SCORE_ *****]
required_score          5.0
use_bayes               1
bayes_auto_learn        1

The above parameters tell SpamAssassin to rewrite the subject of each email that surpasses the threshold score of 5.0. When set to 1, use_bayes instructs SpamAssassin to use the Bayes algorithm to classify emails as either ham or spam using a mathematical formula based on probability.

The parameter bayes_auto_learn is set to 1 to enable the auto-learning mechanism. Save and close the file by pressing CTRL+X, Y and Enter.

Step 5: Configuring Postfix to Use SpamAssassin as an Email Filter

Next, edit the Postfix master configuration file and instruct it to route emails to SpamAssassin for filtering:

$ sudo nano /etc/postfix/master.cf

Find the line:

smtp inet n - - - - smtpd

Then, add the following information below it:

   -o content_filter=spamassassin
spamassassin unix -     n       n       -       -       pipe
    user=spamd argv=/usr/bin/spamc -f -e  
    /usr/sbin/sendmail -oi -f ${sender} ${recipient}

Note: Please put several spaces before "-o content_filter=spamassassin" .

Save and close the file by pressing CTRL+X, Y and Enter. Then, restart both Postfix and SpamAssassin.

$ sudo service postfix restart
$ sudo service spamassassin restart

Step 6: Testing SpamAssassin Email Filter

To check whether SpamAssassin is working, send an email to your server (e.g. info@example.com) and add include the content below on the email body to trigger the spam check:

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

Open your email client (in this case, we are using SquirrelMail) and check your inbox. Your email should now be marked as spam and the subject should be re-written to indicate the same.

Conclusion

We have gone through the steps of securing your Postfix email server with SpamAssassin on Ubuntu 16.04 server hosted on Alibaba Cloud. We believe you are going to implement the steps in this article to safeguard your email servers from unwanted emails.