May 4, 2004

Postfix and Spamassassin

I've written previously about using Postfix Enabler to set up the mail server I'm using for the site. The author, Bernard Teo, was nice enough to hook me up with a beta of version 1.1 that I've been running here for a bit over a week, and it is now available via the link above for anyone that wants to give it a shot. It now includes an optional setup for Spamassassin, as well as a handy Mail Stats generator to keep track of what your server is doing. Also included is a new field to set a RBL (Realtime block List) server, such as Spamhaus to help with spam checking.

I thought I had the Spamassassin part set up correctly, but after setting up a new account here for testing and then going out of my way to put that account where spammers would find it, I found that Spamassasin wasn't checking my mail at all. Read on for how I fixed this, and learned a bit about Postfix's configuration file.

The main think I discovered with Postfix and its config file (, was that if you give the same config line twice with two different sets of parameters, the second instance will replace the first. I suppose my work with CSS style sheets had me confused since one line could build on top of what came before, but this isn't the case with Postfix.

What was happening was that the Postfix Enabler was setting up the necessary commands for Spamassassin to filter the mail using the smtpd_recipient_restrictions control, but it turned out that I was using this for some additional filtering of my own, and Postfix Enabler was putting my custom config after its own settings, thereby overriding the settings for Spamassassin.

Once I finally realized what was going on, it was a simple matter to copy the relevant line from the config and put it into my custom settings and restart Postfix. A quick test mail then confirmed that Spamassassin was alive and well, filtering my mail.

For anyone curious, here are the custom commands that Postfix Enabler is setting, and my own custom settings below that. This sets some fairly strict filtering, so be warned.

###Start PostfixEnabler###
smtpd_recipient_restrictions=permit_mynetworks,check_recipient_access hash:/etc/postfix/filtered_domains

default_rbl_reply=$rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason} - see http://$rbl_domain.

###End PostfixEnabler###

###Start Custom Config###
strict_rfc821_envelopes = yes
smtpd_helo_required = yes
smtpd_helo_restrictions =
check_helo_access hash:/etc/postfix/access, reject_unknown_hostname,

smtpd_recipient_restrictions =
check_recipient_access hash:/etc/postfix/access,
check_sender_access hash:/etc/postfix/access,
check_client_access hash:/etc/postfix/access,
check_recipient_access hash:/etc/postfix/filtered_domains

smtpd_data_restrictions =

unknown_address_reject_code = 550
unknown_client_reject_code = 550
unknown_hostname_reject_code = 550

Posted by Jim at May 4, 2004 9:37 PM | TrackBack