Hello,
I have been using a mail gateway with postfix/amavis/clamav/spamassassin
for many years on CentOS 6.
I am now struggling to build a new system on CentOS 8 with the same
components (and the same configuration) to replace the original one, but
it is quite different from the original, so I will appreciate your guidance.
(Packages were installed from EPEL.)
I am trying to follow online tutorials, which are different between them
and differ from my original setup as well, so I am confused.
Some important questions:
1. Originally, I have used amavis as the interface to spamassassin.
However, current tutorials seem to suggest a direct call of spamassassin
by postfix using spamass-milter.
Here is an example of such a tutorial:
https://www.linuxbabe.com/mail-server/amavis-clamav-centos-8-rhel-8
https://www.linuxbabe.com/redhat/spamassassin-centos-rhel-block-email-spam
So, what is the suggested practice? In my original amavisd.conf (which I
am now migrating), I had:
$sa_tag_level_defltĀ = -999;
$sa_tag2_level_deflt = 3.4;
$sa_kill_level_deflt = 5.2;
$sa_dsn_cutoff_level = 9;
$sa_crediblefrom_dsn_cutoff_level = 10;
$sa_mail_body_size_limit = 400*1024;
$sa_spam_subject_tag = '* Spam ? * ';
It seems to me architecturally better to use spamassassin from within
amavis (because amavis remains the main/central control point).
Does this incur a penalty in SA functionality, effectiveness or performance?
2. If I use spamassassin through amavis, how do I enable bayes filtering?
Since $MYHOME = '/var/spool/amavisd', would it be enough to create
therein a .spamassassin directory (with amavis:amavis owner) and train
filter?
In my original (CentOS 6) system, I would do:
# su amavis
sh-4.1$
sh-4.1$ sa-learn --dbpath '/var/amavis/var/.spamassassin' --spam
/var/amavis/reported-spam
In CentOS 8 I would attempt the same (with adjusted paths) but I cannot
even change user (which is required, since operations and db should be
owned by amavis:
# su amavis
This account is currently not available.
How should I proceed?
Please advise.
3. I think I should enable sa-update. Shouldn't I?
If the answer is yes, then would it be enough to set:
SAUPDATE=yes
in /etc/sysconfig/sa-update
...?
How does this work? I don't see any cron job nor any active sa-update
service. There exists an sa-update service and I can start it:
systemctl start sa-update
but it cannot get enabled (for auto start with OS); If we try to enable,
a message states: "The unit files have no installation config" etc..
Yet, in /etc/sysconfig/sa-update, we read about the SAUPDATE=yes
setting: "Run sa-update even if no daemon is detected".
Does this daemon refer to sa-update (which means that we don't have to
run it)?
Please help me with the above!
Thanks in advance,
Nick
