mail server setup

John G Heim jheim at
Tue Jan 19 10:18:17 EST 2016

You would be much better off googling for tutorials on setting up each 
of those tools. I mean if I just posted my config files, they wouldn't 
make a lot of sense. I'd have to spend so much time editing them for 
security and explaing the customizations I made that it would be like 
writing a tutorial.  But the ones already out there are better than I 
could do in the time allotted.

All of the tools I mentioned are like most linux tools, they take 2 
minuts to get working and 2 days to get working right.

A few  notes:

1. Spamassassin has this fuzzy logic feature. It's all under the 
bayesian filtering heading. Users can tell spamassassin that a message 
is spam and it will mark similar messages as spam in the future. I used 
spamassassin's mysql interface to store those fuzzy logic rules in a 
single database so all of my users would benefit when any one of them 
marked a message as spam.

2. My dcc, razor, and pyzor configurations were pretty standard. The one 
thing I'd suggest if you are going to set those up is to google for 
information on testing to see if they are actually working. All 3 of 
those tools tend to fail silently if there is anything wrong with the 
configuration. In a way, that's not the fault of the tools. Mostly, its 
that it's hard to know what to do when a tool is part of a pipeline. You 
have to send the message on to the next tool in the pipeline so it looks 
like the filter worked but didn't think the message was spam.

3. There are spamassassin rule sets you can download nightly. At the 
very least, you should update the rule set supplied by spamassassin 
every night.  Here is the crontab entry I used to do that:

32 6 * * * root /usr/bin/sa-update --channel && 
service spamassassin restart > /dev/null

On 01/18/2016 04:17 PM, Janina Sajka wrote:
> Well, John. You might just change my mind about spamassassin. Care to
> share your configuration somewhere? I'm willing to give it another try.
> I agree that crowd-sourced enhancements could indeed be powerful in this
> use case.
> Janina
> John G Heim writes:
>> I don't think there is a better spam filtering tool than spamassassin. I ran
>> the mail server for my department and all by myself, I was able to get
>> filtering as efficient as the campus mail server which used a commercial
>> product and had a full-time employee tuning it. The secret is crowd
>> sourcing. I had it download a new set of rules nightly and configured it to
>> use 3 crowd sourced systems, dcc, razor and pyzor. It took a while to set
>> all that up but once it was done, all I had to do was sit back and let the
>> world tune my spam filter.
>> Spamassassin is a bigger resource hog than anything else in a mail system. I
>> think that is probably true of any spam/virus filter. There is just a lot to
>> do.  And really, it's the virus scanning part that is the worst. You don't
>> want to skip that. We had about 200 users on a machine with 16 cores and 32
>> Gb of ram. It never had a problem with the load.
>> On 01/11/2016 01:43 PM, Janina Sajka wrote:
>>> Hi,
>>> I've got my crm set up via my personal ~/.procmailrc . It can also be
>>> setup system wide, however I haven't needed that recently.
>>> The crm home page does discuss site wide deployment:
>>> I note one can even use it with Spamassassin. I didn't go that way. I
>>> dropped Spamassassin because it was spawning far too many processes that
>>> were absorbing far too much of my available system resources, so that
>>> other tasks on my server were suffering.
>>> Am I completely happy with the results? No. I still get too many false
>>> positives and consequently still need to look at my spam folder from
>>> time to time. I've white-listed many more email sources than I would
>>> have expected.
>>> However, I see no more than a dozen or so emails in my inbox daily, and
>>> that's a big improvement over what I was getting from Spamassassin.
>>> hth
>>> Janina
>>> covici at writes:
>>>> How would you use crm114 for spam filtering?  Also, I am unfamiliar with
>>>> dkim and dmark, -- I do have sendmail -- how would those help?
>>>> Janina Sajka <janina at> wrote:
>>>>> Juan Hernandez writes:
>>>>>> I need webmail, imap, virtual domains, spam/antivirus protection, etc.
>>>>> Let's take them one at a time ...
>>>>> webmail
>>>>> This one is easy. Go with squirrelmail .
>>>>>   imap
>>>>>   Another easy one, dovecot .
>>>>>   virtual domains
>>>>>   Any mta worth its salt will give you this. It's pretty trivial, e.g. in
>>>>>   sendmail you simply add domains into a config file, one per line. If
>>>>>   need be, you can get more elaborate, e.g. direct mail addressed to
>>>>>   a at b.c. to d at e.f. It's all very doable.
>>>>>   spam/antivirus protection
>>>>>   This one is more complicated, and more important. I'm sure you're not
>>>>>   interested in becoming an open relay for every spammer on the planet?
>>>>>   So:
>>>>>   Antivirus -- You probably only care if you have users on Windows.
>>>>>   clamav is my choice for this, though mine is curently broken--I don't
>>>>>   have windows clients.
>>>>>   anti-spam -- much of this depends on a good mta configuration. Today's
>>>>>   mta's, you'll probably select either sendmail or procmail, set you up
>>>>>   by default with a pretty good configuration. You'll want to carefully
>>>>>   read your way through the config file to understand what's going on.
>>>>>   This is the starting point.
>>>>>   Next is the process of sorting the mail that arrives into "probably OK"
>>>>>   and "probably junk" piles. People used to rely on spamassassin for
>>>>>   that, but I found it far too resource heavy and stopped using it about
>>>>>   two years ago. I'm now using crm114. And, with Jason White, I'm looking
>>>>>   at possibly moving to rstampd .
>>>>>   In any case, you'll want to configure dkim and dmark for your mta.
>>>>>   These assist the net in assuring you and everyone else that what you
>>>>>   receive, and what you send is legit.
>>>>>   Spam is a never ending battle. Expect to need to work on your
>>>>>   configurations and approaches from time to time as the months and years
>>>>>   go by.
>>>>>   If this sounds daunting, that's probably good. It's not a trivial task,
>>>>>   but it can be fun and certainly can be rewarding. I certainly have no
>>>>>   interest in giving up my setup for some service somewhere else.
>>>>>   hth
>>>>>   Janina
>>>>> -- 
>>>>> Janina Sajka,	Phone:	+1.443.300.2200
>>>>> 			sip:janina at
>>>>> 		Email:	janina at
>>>>> Linux Foundation Fellow
>>>>> Executive Chair, Accessibility Workgroup:
>>>>> The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI)
>>>>> Chair, Accessible Platform Architectures
>>>>> _______________________________________________
>>>>> Speakup mailing list
>>>>> Speakup at
>>>> -- 
>>>> Your life is like a penny.  You're going to lose it.  The question is:
>>>> How do
>>>> you spend it?
>>>>           John Covici
>>>>           covici at
>>>> _______________________________________________
>>>> Speakup mailing list
>>>> Speakup at
>> _______________________________________________
>> Speakup mailing list
>> Speakup at

More information about the Speakup mailing list