Defending Exchange Server Against Spam With SpamAssassin

This short howto is written and done on Windows 2003 Server and Exchange 2003 Server.

Because lately I (among other users) have begun to receive large number of spam on e-mail server of the company where I work, I have decided to implement SpamAssassin which is primary made for Linux.

I have searched little bit on the net how to do it and found ESA Sink written by Christopher G. Lewis. It works on the principle that SpamAssasin is working in serial mode (it scans one message at a time) and ESA Sink take incoming message from Exchange, outputs it to file, run that file through SpamAssasin and returns it to Exchange if it is OK.

Installation and configuration of everything is not that much complicated. It can be divided in following steps:

  1. Download and install the latest version of Active Perl from Active State
  2. Download NMake from Microsoft and after extracting move files to c:\perl\bin
  3. Download ESA Sink from Chris’s site
  4. After installation of ESA Sink you will get ExchangeSpamassassin.ini file opened
  5. Check config file values, change if necessary, I have changed MaxMsgSizeKB from -1 to 2048 = 2MB and leave it opened for later as well as installation
  6. Now start command prompt, Start->Run->Cmd and enter ppm to start Perl Package Manager
  7. If you receive message that ppm is not recognizable type set path=%path%;c:\perl\bin** and then ppm**
  8. Now in PPM press Ctrl+1 to see list of available perl modules for installation
  9. Type Net-Dns in search field and when you get this package in list click with right mouse button on it and select install
  10. Now we will do same thing for IO-Socket-INET6, IP-Country and Mail-SPF
  11. Now press Ctrl+Enter to install these packages and when it is done you can close PPM
  12. Download the latest version of SpamAssassin and unzip it to c:\Mail-SpamAssassin-3.2.5 (3.2.5=current version that you are downloading, in my case 3.2.5)
  13. In the command prompt now type cd c:\Mail-SpamAssassin-3.2.5
  14. Type following command: perl and answer questions before compiling
  15. Now we need to run nmake, so just type nmake /i (/i means that we want nmake to compile application ignoring errors)
  16. After compiling we need to run nmake /i install to install compiled files
  17. Unset read-only attribute from c:\perl\site\bin\spamassassin.bat file
  18. Now to test SpamAssassin we will enter in command prompt to directory C:\Mail-SpamAssassin-3.2.5\t\data\spam and execute command spamassassin -D < 001
  19. If you see lot of text on your command prompt it means that SpamAssassin works like it should and on the end of output you should find scoring for content of file 001
  20. Now we will return to .ini file from ESA setup and change line SpamAssassin_Batch_File to points to the location of our spamassassin.bat file which is c:\perl\site\bin\spamassassin.bat
  21. Save and close file and finish the ESA installation
  22. At the end of the installation you will leave checkbox to run ESA install script and click Finish button
  23. Small command prompt window will come and leave as soon as ESA is installed
  24. Now to see if it is working properly you can check C:\ESA\Ham or C:\ESA\Spam directories for files and you can send e-mail to yourself as well, if everything works you should find SpamAssassin information in header of the e-mail
  25. To be sure that you don’t have any errors you can check C:\ESA\Log directory in which you should find log file with errors

This configuration works OK on servers that don’t receive more than 1500-2000 e-mail per day, but I wouldn’t recommend it for higher number of e-mails without very strong machine, because in this configuration SpamAssassin works in serial mode, it process one object at a time and this includes downloading of e-mail to file, control against filters, control against URBL lists and then if everything is ok returning it to server for delivery.

For me it was simple test to see if it will work for us, it didn’t worked because of large number of e-mails that we receive (10 000+ per day) so I will go on solution to create Linux SpamAssassin gateway.

Note: I would recomend creating of small .bat script that will delete .out files older than 7 days to avoid running out of disk on your system disk