spamass-milter with postfix howto

French version

Mail filtering with spamass-milter combined with spamassassin and postfix

spamass-milter is a milter which allows to eliminate some mails which are spams.
spamassassin is an antispam software which attributes a score to mails depending
on the likelihood of their being spams. The higher the score, the most likely
the mail is junk.

We can put spamass-milter on the output of spamassassin to reject
mails which have a score higher thans some threshold. It is safer
to use a rather high threshold (>15 for example) to avoid false positives.
(a false negative is not too bad: a user gets a spam. A false positive
is more of a problem since a real message is lost).

Here is the recipe to make spamass-milter work with postfix.
Note that I tested with debian etch but it seams to work much the
same with other distributions.

I don't explain how to set up postfix and spamassassin, but there
are a lot of howtos on the web.

I explain here how to configure spamass-milter to work as an smtpd milter
(more powerfull it seems). See the postfix milters README
for the difference between smtpd and non-smtpd milters.

1) Configuration
2) List of errors and possible solutions

1) Configuration

a) main.cf
In the postfix configuration file /etc/postfix/main.cf ,
add the following lines:

# spamass-milter configuration
# the accept option is safer not to loose mails in production
milter_default_action = accept
smtpd_milters = unix:/var/run/spamass.sock

# change to this for use as a non_smtpd_milter :
#non_smtpd_milters = unix:/var/run/spamass.sock

The mails are transmitted from the spamassassin daemon (called spamd)
to spamass-milter via some socket. The data is transmitted using a unix protocol
(on the local machine) via a physical file of type socket, here called spamass.sock.

b) /etc/default/spamass-milter
Here is the file/etc/default/spamass-milter

# spamass-milt startup defaults

# OPTIONS are passed directly to spamass-milter.
# man spamass-milter for details

# Default, use the nobody user as the default user, ignore messages
# from localhost

# this one is the right one for use a smtpd_milters
# Reject emails with spamassassin scores > 15 : option -r 15
# Do not modify Subject:, Content-Type: or body option -m
OPTIONS="-u nobody -m -r 15 -i 127.0.0.1 -f -p /var/spool/postfix/var/run/spamass.sock"

SOCKET="/var/spool/postfix/var/run/spamass.sock"
SOCKETOWNER="postfix:postfix"
SOCKETMODE="0660"

c) Creation of the socket
We have to create the sockets in the filesystem before use (for the socket is
not created with the automatic invocation of spamass-milter by postfix)

mkdir /var/spool/postfix/var
mkdir /var/spool/postfix/var/run

and then create the sockets:

# spamass-milter -m -u nobody -f -p /var/run/spamass.sock
# chown postfix.users /var/run/spamass.sock
# spamass-milter -m -u nobody -f -p /var/spool/postfix/var/run/spamass.sock
# chown postfix.users /var/spool/postfix/var/run/spamass.sock

(if I get it right, postfix runs chrooted and not spamass-milter.
We have to create two sockets in two different places for
there to be a communication. Feedback welcome !)

Since we have to run the last four commands at each reboot,
we can put them in a script (for example) called /etc/init.d/initspamass
and have the script run at startup:

# chown +x /etc/init.d/initspamass
# update-rc.d initspamass defaults 99

We put 99 to make sure that the script is run after the starting
of the /etc/init.d/spamass-milter daemon at startup.

d) Check everything goes smoothly in the logs

# grep Milter /var/log/mail.log
# grep milter /var/log/mail.log
May 27 08:36:46 laic spamass-milter[29641]: spamass-milter 0.3.1 starting
#

You will find below a list of errors that I got and how I solved them.

2) List of errors and solutions

I had that kind of errors in /var/log/mail.log :
(do a grep Milter or grep milter on that file)

1) I had the following error: No such file or directory

May 25 10:52:24 laic postfix/smtpd[22561]: warning: connect to Milter
service unix:/var/run/spamass.sock: No such file or directory
May 25 10:52:24 laic postfix/smtpd[22561]: warning: connect to Milter
service unix:/var/run/spamass.sock: No such file or directory

Solution:
Create both sockets as above
/var/run/spamass.sock
/var/spool/postfix/var/run/spamass.sock

2) I had the following error : read error

May 25 10:43:11 laic spamass-milter[27170]: SpamAssassin:
st_optionneg[-1230103632]: 0x3d does not fulfill action requirements 0x13
May 25 10:43:11 laic postfix/smtpd[22145]: warning: milter
unix:/var/run/spamass.sock: can't read SMFIC_OPTNEG reply packet header:
Success
May 25 10:43:11 laic postfix/smtpd[22145]: warning: milter
unix:/var/run/spamass.sock: read error in initial handshake

Solution:
Use the -m option when creating the socket, for postfix doesn't support milters
that modify messages.

spamass-milter -m -u nobody -f -p /var/run/spamass.sock

3) I had the following error : Permission denied

May 25 10:46:11 laic postfix/smtpd[22145]: warning: connect to Milter
service unix:/var/run/spamass.sock: Permission denied

Solution:
Make the user postfix owner of the socket

# chown postfix.users /var/run/spamass.sock
# chown postfix.users /var/spool/postfix/var/run/spamass.sock

Don't forget the option -u nobody when initially creating the socket
spamass-milter -m -u nobody -f -p /var/run/spamass.sock

4) I had the following error: Connection refused

May 25 11:00:43 laic postfix/smtpd[22525]: warning: connect to Milter
service unix:/var/run/spamass.sock: Connection refused

Solution :
Add the following lines to /etc/default/spamass-milter :

SOCKET="/var/spool/postfix/var/run/spamass.sock"
SOCKETOWNER="postfix:postfix"
SOCKETMODE="0660"