How to install and integrate SpamAssassin with Exim on a CentOS 7

In the following tutorial we are going to cover the procedure of installing and integrating SpamAssassin with Exim on a CentOS 7 Linux . Once the set-up is completed, SpamAssassin will be able to scan and mark the emails detected as SPAM.

What is SpamAssassin?

It is a software program released under the Apache License 2.0 used for e-mail spam filtering based on content-matching rules. It is a very intelligent email filter which uses a diverse range of tests to identify unsolicited bulk email and apply the tests to email headers and content to classify email using advanced statistical methods.


ssh to your server and initiate a screen session using the command below:

## screen -U -S exim-spamd

once you’re in a screen session, update your CentOS 7 using yum as in:

## yum update


SpamAssassin is available in CentOS 7 base repository, so you can easily install it using yum:

## yum install spamassassin

Once it’s installed, edit /etc/mail/spamassassin/ using your favorite editor and set the following:

## vim /etc/mail/spamassassin/

required_hits 5
report_safe 0
rewrite_header Subject [SPAM]
required_score 5.0

with all that in place, proceed with starting spamassassin up and adding it to your system’s startup using systemctl

## systemctl start spamassassin
## systemctl status spamassassin
## systemctl enable spamassassin

update spamassassin rules using:

## sa-update --nogpg

next, check if spamassassin is listening on localhost ( on port 783 using ss from iproute2:

## ss -tnlp | grep spamd
LISTEN 0 0 *:* users:(("spamd child",1207,5),("spamd child",1206,5),("/usr/bin/spamd ",1205,5))


OK, next thing to do is to configure Exim to utilize Spamassassin for scanning and tagging unsolicited emails as SPAM. So, make a backup of your current Exim configuration file using:

## cp /etc/exim/exim.conf{,.backup-no-spamd}

Next, edit exim.conf and add the following line in the beginning of the file:

## vim /etc/exim/exim.conf
system_filter = /etc/exim/filters

Next, add or uncomment the spamd_address line as in:

## vim /etc/exim/exim.conf
spamd_address = 783

and add the following within the ACLs section in your Exim configuration file:

## vim /etc/exim/exim.conf

# Bypass SpamAssassin checks if the message is too large.
accept  condition  = ${if >={$message_size}{100000} {1}}
      add_header = X-Spam-Note: SpamAssassin run bypassed due to message size

# Run SpamAssassin, but allow for it to fail or time out. Add a warning message
# and accept the mail if that happens. Add an X-Spam-Flag: header if the SA
# score exceeds the SA system threshold.
warn    spam       = nobody/defer_ok
       add_header = X-Spam-Flag: YES
       add_header = X-Spam-Subject: [SPAM] $h_Subject

accept  condition  = ${if !def:spam_score_int {1}}
       add_header = X-Spam-Note: SpamAssassin invocation failed

# Unconditionally add score and report headers
warn    add_header = X-Spam-Score: $spam_score ($spam_bar)\n\
                    X-Spam-Report: $spam_report

Next, create the following Exim system filters in /etc/exim/filters:

## vim /etc/exim/filters
if $h_X-Spam-Flag: contains "YES"
    headers add "Old-Subject: $h_subject"
    headers remove "Subject"
    headers add "Subject: [SPAM] $h_old-subject"
    headers remove "Old-Subject"

and restart Exim for the changes to take effect using:

## systemctl restart exim
## systemctl status exim


To test the setup, simply send a test email with subject XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X to any email account available on the mailserver and you should see the following lines in the email header:

X-Spam-Flag: YES
X-Spam-Score: 1000.0 (+++++++++++++++++++++++++++++++++++++++++++++++++++)
X-Spam-Report: Spam detection software, running on the system "", has
 identified this incoming email as possible spam.  The original message
 has been attached to this so you can view it (if it isn't spam) or label
 similar future email.  If you have any questions, see
 @@CONTACT_ADDRESS@@ for details.
 Content preview:  nov spam email [...] 
 Content analysis details:   (1000.0 points, 5.0 required)
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 T_RP_MATCHES_RCVD      Envelope sender domain matches handover relay
 1000 GTUBE                  BODY: Generic Test for Unsolicited Bulk Email

PS. If you liked this post please share it with your friends on the social networks or simply leave a reply below. Thanks.

Be the first to comment

Leave a Reply

Your email address will not be published.