Reducing Spam with postfix, SpamAssassin and AMaVIS on Ubuntu

January 19, 2014

The Spam Problem

I’ve set up postfix to forward emails, for my various addresses, to my usual email address. Postfix is running on my wonderful server with Digital Ocean. I started to receive a lot of spam; so I installed a spam filter. However, SpamAssasin doesn’t actually stop spam, it just flags it as spam (with a spam score - indicating how spam-like the email was).

As a consequence I still received more spam than I was comfortable with.

The Solution

Update Postfix to Stop Some Spam

First I made the following changes to my /etc/postfix/main.cf after reading this article on filtering spam with postfix:

# try to reduce the spam!
# HELO restrictions:
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions =
    permit_mynetworks,
    reject_non_fqdn_helo_hostname,
    reject_invalid_helo_hostname,
    permit
# Sender restrictions:
smtpd_sender_restrictions =
    permit_mynetworks,
    reject_non_fqdn_sender,
    reject_unknown_sender_domain,
    permit
# Recipient restrictions:
smtpd_recipient_restrictions =
    reject_unauth_pipelining,
    reject_non_fqdn_recipient,
    reject_unknown_recipient_domain,
    permit_mynetworks,
    reject_unauth_destination,
    reject_rbl_client bl.spamcop.net,
    permit
# Block clients that speak too early
    smtpd_data_restrictions = reject_unauth_pipelining

Use AMaVIS to Block Spam Flagged by SpamAssassin

Second, I followed this guide from Ubuntu to set up AMaVIS-New.

However, when I tried to start postfix, the mail log said that there was already something running on port 10025. So, I changed the port in the master.cf file from 10025 to 10026 and added the following lines to /etc/amavis/conf.d/50-user:

$notify_method  = 'smtp:[127.0.0.1]:10026';
$forward_method = 'smtp:[127.0.0.1]:10026';

Gmail

I also found a problem with trying to send emails to GMail. It said:

postfix/smtp[]: connect to gmail-smtp-in.l.google.com[2a00:1450:400c:c05::1a]:25: Network is unreachable

This was fixed by adding the following to /etc/postfix/main.cf:

inet_protocols = ipv4

However, sorting out IPv6 networking may have been a better solution.

Conclusion

Hopefully this will significantly reduce the spam I get but at the same time not block any legitimate emails.