[rt-users] Spam filtering using procmail and SpamAssassin (was: Stop abusers)

Dag Bruck dag at dynasim.se
Mon Sep 22 08:13:46 EDT 2003 

I have implemented spam filtering for RT using SpamAssassin and
procmail. Here is a more detailed description of what I have done.


1. Configuration

I run RedHat 7.2 and have upgraded to Perl 5.8.0 etc. The machine
running RT sits inside our firewall and is regarded as safe.


2. Installing SpamAssassin

I installed SpamAssassin as described in the documentation:

	perl -MCPAN -e shell
	o conf prerequisites_policy ask
	install Mail::SpamAssassin

I then installed the recommended packages too:

	install DB_File
	install Net::DNS

I did tweak the configuration of SpamAssassin somewhat, but nothing here
is related to RT as such.


3. Script for procmail

I have written a procmail script that acts as glue between the mail
system, SpamAssassin and RT. The purpose is to send potential spam to a
human being for review, and messages which are "ok" are sent directly to
the right RT queue.

This is the script:

---------------------
# SpamAssassin interface for RT queue specified by env. var. RT_QUEUE.
#
# Pipe the mail through spamassassin (replace 'spamassassin' with 'spamc'
# if you use the spamc/spamd combination)
# The condition line ensures that only messages smaller than 200 KB
# (200 * 1024 = 204800 bytes) are processed by SpamAssassin. Most spam
# isn't bigger than a few k and working with big messages can bring
# SpamAssassin to its knees.
:0fw
* < 204800
| /usr/local/bin/spamassassin

# All mail tagged as spam (eg. with a score higher than the set threshold)
# is sent for confirmation.
:0:
* ^X-Spam-Status: Yes
! spam-admin at mailhost.yourdomain

# Ok mail is forwarded to RT queue.
:0:
*
|/etc/smrsh/rt-mailgate --queue $RT_QUEUE --action correspond --url http://rthost.yourdomain/
---------------------

The first action runs SpamAssassin and gets back a message with
additional header fields. The second action mails potential spam to a
special user. The third action (otherwise) sends the message to RT.

You recognize the command sending mail to RT, it's stolen from the
original /etc/aliases and just slightly modified.


4. Interfacing procmail

In /etc/aliases I have made the following definitions:

---------------------
rt: "|procmail RT_QUEUE=general /root/rt-spamfilter"
rt-ok: "|rt-mailgate --queue general --action correspond --url http://rt.dynasim.se/"
rt-comment: "|rt-mailgate --queue general --action comment --url http://rt.dynasim.se/"
---------------------

The first line defines the "insecure" entry point, i.e., the mail
address which may get spam. It calls procmail (link in /etc/smrsh
needed) and specifies the script file rt-spamfilter. The argument
RT_QUEUE specifies the queue, so a single procmail script can be used
for multiple RT queues (I have assumed that the URL is always the same).

The second line defines my "secure" entry point, which is not exposed to
external users. If a message tentatively marked as spam gets human
approval, this is where such a message should be forwarded. It goes
directly into RT without passing SpamAssassin.

The third line defines the usual comment address, which I have not
protected because I assume that only trusted people use it.


5. Mail setup

Some little things have been set up on our mail gateway machine.

First, there is a mail alias that forwards all mail directly to the
machine running RT, corresponding to the "rt" address above.

Second, I have defined the alias spam-admin to point to a real user who
takes care of screening potential spam.


6. Concluding notes

One of the design decisions was to run SpamAssassin on the RT machine,
which does its own spam filtering regardless of the spam filtering we do
for plain users on the mail gateway. I wanted them to be separate, so I
can tweak them differently.

I decided to use procmail instead of the solution Jesse presented a
little while back (Perl script and Mail::Audit). The main reason is that
I'm familiar with procmail. Perhaps other people can comment on
pros/cons of these approaches.

I will gratefully accept any comments or suggestions.

Dag Brück
Dynasim AB, Sweden

More information about the rt-users mailing list