[rt-users] HOWTO: protect RT queues with SpamAssassin

Phil Homewood pdh at snapgear.com
Fri Jun 21 02:16:09 EDT 2002 

Well, this proved trivial enough to do, but is such a neat
arrangement that I thought I'd summarise it for the list.

SpamAssassin (www.spamassassin.org) is a mail filter to identify
spam. 

We, like many others no doubt, receive a lot of spam to RT
queues. And we don't like it. (I know Bruce has also mentioned
this kind of thing before.)

Since we've been trialling SpamAssassin for end-user delivery
on (conveniently) the same host that RT runs on, I decided to
put RT behind SpamAssassin as well.

Rather than reject or lose any detected spam, I chose to shunt
it into its own queue for review and disposal. Of course others
may choose differently; this is very simple to change.

The procedure (under FreeBSD, using Sendmail at least) is very
simple:

* procmail must be installed.

* spamassassin must be installed (duh!), spamc/spamd installed,
  and spamd running. (If you don't want to use spamc/spamd,
  replace the "spamc" command with the appropriate "spamassassin"
  command in the attached procmailrc.)

* The user running spamassassin (I chose the MTA's "mailnull"
  user) must have (or have permission to create) a .spamassassin
  directory under his home dir. This was the only roadblock I
  hit (as spamassasin's "spamc" silently does nothing if this is
  not the case.)

  Under FreeBSD:
	mkdir ~mailnull/.spamassassin
	chown mailnull ~mailnull/.spamassassin

  (other OSs will be similar.)

* Create a "spam" queue in RT, make sure "everyone" has the right
  to "create ticket" and season other rights to taste.

* Drop the attached procmailrc into /usr/local/etc/procmailrcs/rt
  and correct any paths for your local installation. Change the
  ownership of this file to your chosen user ("mailnull" in the
  example above.)

* Change the alias for each queue you wish to protect. For example,
  assuming I have a queue called "test", with correspond address
  "test at example.com" and comment address "test-c at example.com", I'd
  use the following:

test:"|/usr/local/bin/procmail -m /usr/local/etc/procmailrcs/rt test correspond"
test-c:"|/usr/local/bin/procmail -m /usr/local/etc/procmailrcs/rt test comment"

That's it! Told you it was simple. :-)

Variations to the procmailrc:

* Change "spamc" to "spamassassin -P" if you don't use spamd.
* Change the "X-Spam-Status: Yes" delivery rule to bounce, or
  blackhole, or deliver to mailbox, or whatever, if you don't
  want a "spam" queue. The choice is yours!

Enjoy :)

-P.

More information about the rt-users mailing list