Postfix as an Anti-Spam Relay

Author: JeffKarpinski

There's a LOT of bad info out there about setting dspam up with postfix, particularly when you're using a postfix as a relay. Here's an easy way to integrate dspam with minimal fuss...

About this document

The goal here is to add dspam to an existing postfix mail relay gateway (e.g. mail is forwarded to an internal server like Exchange), accept user re-training via user@SPAM.example.com and user@HAM.example.com, and restrict dspam processing to mail destined for example.com only.

Implementation

  1. Build and install dspam with the storage driver of your choice. Obviously, on a mail relay, users aren't local so add the --enable-virtual-users option.

  2. Create a dspam user and make sure it can read /usr/local/etc/dspam.conf, execute /usr/local/bin/dspam, and has rwx to dspam's home directory as defined in dspam.conf (I moved mine to /var/dspam since I HATE programs that write data to /usr/local.)

  3. Add MX records to your DNS for spam.example.com and ham.example.com that point to your postfix relay.

  4. Shut down postfix so you won't bounce mail while configuring everything.

Configuration

/usr/local/etc/dspam.conf: You'll want to add dspam as a trusted user, set dspam's delivery agent, and tell dspam to tag suspect spam so your users can filter it out... 

TrustedDeliveryAgent "/usr/sbin/sendmail"
Trust dspam
Preference "spamAction=tag"
Preference "spamSubject=**SPAM**"

/etc/postfix/master.cf: Here you'll define the content filter for the smtp service... 

smtp      inet  n       -       n       -       -       smtpd
  -o content_filter=dspam:
dspam     unix  -       n       n       -       10      pipe
  flags=Rhqu user=dspam argv=/usr/local/bin/dspamit ${sender} ${recipient}

/etc/postfix/main.cf: Limit dspam to getting only one address at a time... 

dspam_destination_recipient_limit = 1

/usr/local/bin/dspamit: Grab a copy of the dspamit wrapper and save it as /usr/local/bin/dspamit, with execute permission for user dspam. Edit to set your e-mail domain... 

MYDOMAIN="example.com"

Usage

Simple as can be. Users forward spam to user@SPAM.example.com and ham to user@HAM.example.com. You may want to point out to users that <user> may also be a distribution list - it should match however the spam came in.

last edited 2006-01-07 02:09:18 by FrankLuithle