Haraka Mail Server: Spamassassin Plugin
Server - CentOS

One of the greatest assets of the Haraka mail server is the light weight and speed at which it functions. This important aspect is carried over into how it works with major plugins like Spamassassin. Spamassassin or similar tool is an absolute necessity for any mail server. Using this plugin with Haraka eliminates the typical need for an additional interface like Amavisd, just another advantage for Haraka.

 

In order to use spamassassin with Haraka you will need an install of spamassasin. Here is an example for CentOS.

yum install -y spamassassin

 

That command will install spamassassin and the dependencies that are required. Now start the daemon so it can be recognized by the Haraka plugin.

service spamassassin start

 

Create the file spamassassin.js in the haraka/plugins directory. This is simply copying the code from the site (https://github.com/baudehlo/Haraka). Initially you do not need to make any modifications to this file. In order to make spamassassin functional you will need to create a file in haraka/config called spamassassin.ini. This file may just have an empty header as a placement file. Here is an example for the spamsssassin.ini:

# Spamassassin

Now edit the haraka/config/plugins file to add spamassassin. Note the order so that spamassasin is completed before it is sent to a queue.

# default list of plugins

dnsbl

data.signatures

helo.checks

mail_from.blocklist

mail_from.is_resolvable

spamassassin

rcpt_to.in_host_list

test_queue

 

Now start haraka, stop the program if it was running and restart to update changes.

haraka -c /opt/haraka

 

When it starts you should see the connection to spamassassin in the output.

[INFO] Loading plugin: spamassassin

[DEBUG] registered hook data_post to spamassassin.hook_data_post

 

 

Test Haraka With Spamassassin

Send Email with Invalid DKIM

 

X-Original-To: This e-mail address is being protected from spambots. You need JavaScript enabled to view it

Delivered-To: This e-mail address is being protected from spambots. You need JavaScript enabled to view it

X-Spam-Level: *****

X-Spam-Status: Yes, hits=5.1 required=5.0

tests=FH_HELO_EQ_D_D_D_D,HELO_DYNAMIC_IPADDR2,TVD_RCVD_IP,T_DKIM_INVALID,T_RP_MATCHES_RCVD

X-Spam-Flag: YES

 

X-Original-To: This e-mail address is being protected from spambots. You need JavaScript enabled to view it

Delivered-To: This e-mail address is being protected from spambots. You need JavaScript enabled to view it

X-Spam-Level: ****

X-Spam-Status: No, hits=4.9 required=5.0

 

+tests=FM_LOTTO_YOU_WON,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,T_DKIM_INVALID,T_LOTS_OF_MONEY,T_TO_NO_BRKTS_F

+REEMAIL

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=gamma;

h=mime-version:date:message-id:subject:from:to:content-type;

bh=8D8VFcUTSpdPu1YevskbHlVl8DpiJOPBEV/UcIB/iII=;

b=bNTH+QJDnXFNK6feKNYpammyqdk1OtXnpMWvIksyYSr18TKiOEojAT2tmvTT8A94VU

m3ifLpN7m0FDDh/4bXNibGzlP98Npo88eGePnZg0WDBBMrFLy2l0HSSBlnU7ZOqwpmTu

+jJJEappfwcqGnumTMLcIMOyvfbo9d8mMtO4Y=

Date: Wed, 26 Oct 2011 05:39:45 -0600

Subject: LOTTO

 

Modifying Spamassassin Settings

When you want to make changes to default rules or use whitelisting, blacklisting, etc. it can be done by editing this file which will not get overwritten if you update spamassassin.

 

vi /etc/mail/spamassassin/local.cf

whitelist_from This e-mail address is being protected from spambots. You need JavaScript enabled to view it

 

In the output you can clearly see that the account is whitelisted so that it will drop 100 points. The example shows that -100 with the points for this email yields -95.1.

 

X-Original-To: This e-mail address is being protected from spambots. You need JavaScript enabled to view it

Delivered-To: This e-mail address is being protected from spambots. You need JavaScript enabled to view it

X-Spam-Level: *

X-Spam-Status: No, hits=-95.1 required=5.0

 

+tests=FM_LOTTO_YOU_WON,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,T_DKIM_INVALID,T_LOTS_OF_MONEY,T_TO_NO_BRKTS_F

+REEMAIL,USER_IN_WHITELIST

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=gamma;

h=mime-version:date:message-id:subject:from:to:content-type;

bh=bT54qfNkJIbhpZIAEMwk00Shf3eirpfNfWLjnraLy9o=;

b=kAXX4E0XiTdPYiy9rd2aMtKGUt1HL/vnh3aToP207WsWREoeyazxivaOM/Ia1nxDxM

sD6+UopxWKyHy2JUqdUfn+CG6NzqfIxhgL8H3Caff6AzHQJy51llQksNxuC6V7xTtEwG

6g85uvjT9twoi4b/npsk/sbiXtG+8ygK/wCvw=

Date: Wed, 26 Oct 2011 06:05:11 -0600

Subject: LOTTO WIN

From: someuser < This e-mail address is being protected from spambots. You need JavaScript enabled to view it >

To: This e-mail address is being protected from spambots. You need JavaScript enabled to view it

 

INTERLOTTO EUROPE /BONO LOTTO PROGRAM

OFFICE;PLAZA JUAN CARLOS C-14541,MADRID SPAIN.

FROM THE DESK OF VICE PRESIDENT INTERNATIONAL

PROMOTION/PRIZE AWARD

REFERENCE NUMBER:ILEAXX/654560011/ESP

ATTENTION:BENEFICIARY

We are pleased to inform you today of the relase of

INTERLOTTO ?UROPE /BONO LOTTO PROGRAM which was held on 5TH SEPTEMBER 2011

in collaboration with World Tourism Organization and Spanish Ministerio

 

The output of Haraka also shows this:

 

[INFO] [spamassassin] spamassassin returned: No, -95.1/5.0

 

 

Troubleshooting

If you see errors like those below, it means that you need to add a “.ini” file in the config directory. For example, to solve the spamassassin error create a file with a header commented out in haraka/config/spamassassin.ini.

 

[CRIT] E124A5AB-0692-4B4A-8B26-11B879D4092F.1 Plugin spamassassin failed: ReferenceError: matches is not defined\n

or

[CRIT] E124A5AB-0692-4B4A-8B26-11B879D4092F.1 Plugin clamd failed: ReferenceError: matches is not defined\n

 

 

Summary

Haraka works very well with Spamassassin, fast easy to set up and saves on resources.