add spamassassin instructions

content/en/docs/tutorials/email/dkim.md

@@ -82,8 +82,8 @@ Make sure that port `12301` is free for OpenDKIM to use.
 Open `/etc/postfix/main.cf` and add the following lines if they are not already present:
 ``` text
 # The mail filter protocol version and optional protocol extensions for communication with a Milter application
-# 2 specifies that we want to use Sendmail 8 mail filter protocol version 2
-milter_protocol = 2
+# 6 specifies that we want to use Sendmail 8 mail filter protocol version 6
+milter_protocol = 6
 # The default action when a Milter (mail filter) response is unavailable (for example, bad Postfix configuration or Milter failure).
 # accept specifies that we should proceed as if the mail filter was not present.
 milter_default_action = accept
@@ -94,7 +94,7 @@ smtpd_milters = inet:localhost:12301
 non_smtpd_milters = inet:localhost:12301
 ```
 
-If `smtpd_milters` or `non_smtpd_milters` are already present and populated, add `, inet:localhost:12301` to the end of both of them. For example, if using [SpamAssassin](/docs/tutorials/email/spam) the current configuration will look like this:
+If `smtpd_milters` or `non_smtpd_milters` are already present and populated, add `, inet:localhost:12301` to the end of both of them. For example, if using [SpamAssassin](/docs/tutorials/email/spam) as a milter, the current configuration will look like this:
 ``` text
 smtpd_milters = unix:/spamass/spamass.sock
 non_smtpd_milters = unix:/spamass/spamass.sock

content/en/docs/tutorials/email/maa.md

@@ -77,7 +77,7 @@ userdb {
 
 New users can be created using the usual commands for Linux:
 ``` bash
-sudo useradd -m <username> -p <password>
+sudo useradd -m <username>
 sudo usermod -L <username>
 ```
 

content/en/docs/tutorials/email/new-users.md

@@ -11,15 +11,15 @@ Creating new mail users is not straightforward with our setup, and while instruc
 
 Each mail user must have a corresponding system user; this is created using the commands:
 ``` bash
-sudo useradd -m <username> -p <password>
+sudo useradd -m <username>
 sudo usermod -L <username>
 ```
 
 Users created with these commands will have a home directory to store their mailbox in Maildir format, but cannot login on the mail server. Preventing login ensures that users cannot access and edit their own mails on the server, thus corrupting `dovecot` state.
 
 ## Creating a password
 
-For security purposes, the new mail user needs a password for their email which differs from the system password. This can be setup by running the following command:
+The new mail user needs a password to send mail and access their mailbox. This can be setup by running the following command:
 ``` bash
 printf "<mail-username>:`doveadm pw -s BLF-CRYPT -p '<password>'`\n" | sudo tee -a /usr/local/etc/passwd.replica
 ```

content/en/docs/tutorials/email/spam.md

@@ -3,4 +3,129 @@ title: Setting up a spam filter
 description: Tutorial for setting up a spam filter on Postfix using SpamAssassin
 date: 2017-01-04
 weight: 40
----
+---
+
+I found [this tutorial](https://www.linuxbabe.com/mail-server/block-email-spam-check-header-body-with-postfix-spamassassin) helpful while writing this article.
+
+## Installation
+
+To install [SpamAssassin](https://spamassassin.apache.org), run the following commands:
+``` bash
+sudo apt-get update
+sudo apt-get install -y spamassassin spamc spamass-milter
+```
+
+Add a system user for SpamAssassin to use (this is not done automatically):
+``` bash
+sudo useradd -m spamd
+sudo usermod -L spamd
+```
+
+Enable and start SpamAssassin using:
+``` bash
+sudo systemctl enable spamassassin
+sudo service spamassassin start
+```
+
+You can check that SpamAssassin is running correctly using
+``` bash
+sudo service spamassassin status
+```
+
+## Reloading Configuration
+
+Whenever you modify SpamAssassin's configuration, make sure to restart it using
+```
+sudo service spamassassin reload
+```
+for the changes to take effect.
+
+## Basic Configuration
+
+SpamAssassin is configured using the file at `/etc/default/spamassassin`. Open this file and ensure that it contains the following values (you may have to edit or add values depending on whether they are already present):
+``` text
+# Options
+# See man spamd for possible options. The -d option is automatically added.
+#   '--create-prefs' specifies that user preferences files should be created.
+#   '--max-children 5' specifies that a maximum of 5 children workers should be spawned.
+#   '--username spamd' specifies that the user that spamd should run as is spamd
+#   '--helper-home-dir /home/spamd/' specifies that the home dir used by spamd should be /home/spamd/
+#   '-s /home/spamd/spamd.log' specifies the log file used by spamd.
+OPTIONS="--create-prefs --max-children 5 --username spamd --helper-home-dir /home/spamd/ -s /home/spamd/spamd.log"
+
+# Cronjob
+# Set to anything but 0 to enable the cron job to automatically update
+# spamassassin's rules on a nightly basis
+CRON=1
+```
+
+## Configuring `postfix` to work with SpamAssassin
+
+Open `/etc/postfix/main.cf` and ensure that the following values are set:
+``` text
+# Milter configuration
+milter_default_action = accept
+milter_protocol = 6
+smtpd_milters = local:spamass/spamass.sock
+non_smtpd_milters = local:spamass/spamass.sock
+```
+
+If you are using the [OpenDKIM extension](/docs/tutorials/email/dkim), the values of `smtpd_milters=` and `non_smtpd_milters=` should already be set:
+``` text
+smtpd_milters = inet:localhost:12301
+non_smtpd_milters = inet:localhost:12301
+```
+Change this to:
+``` text
+smtpd_milters = inet:localhost:12301,  local:spamass/spamass.sock
+non_smtpd_milters = inet:localhost:12301, local:spamass/spamass.sock
+```
+
+Run
+``` bash
+sudo service postfix reload
+```
+for the changes to take effect.
+
+## Spam Rules
+
+The filtering rules for SpamAssassin are highly configurable, and are specified by the user in the file `/etc/spamassassin/local.cf`.
+
+We will set up the following configuration:
+``` text
+# Set the score required before a mail is considered spam. 
+# n.nn can be an integer or a real number. 
+# 5.0 is the default setting, and is quite aggressive; it would be suitable for a single-user setup, 
+# but if you're an ISP installing SpamAssassin, you should probably set the default to be more conservative, like 8.0 or 10.0.
+required_score          5.0
+
+# Whether to use the naive-Bayesian-style classifier built into SpamAssassin.
+use_bayes               1
+# Whether SpamAssassin should automatically feed high-scoring mails (or low-scoring mails, for non-spam) into its learning systems.
+bayes_auto_learn        1
+```
+
+Run
+``` bash
+sudo service postfix reload
+```
+to make sure the changes to take effect.
+
+For a full list of configuration options see [here](https://spamassassin.apache.org/full/4.0.x/doc/Mail_SpamAssassin_Conf.html)
+
+## Verifying that SpamAssassin is working
+
+To check that SpamAssassin is working, send an email to one of the mailboxes configured on your mail server, and then open it in a UA program, such as Thunderbird. There should be an option to `View Source` of the email. Click it, which will show you the raw text actually sent over SMTP. If SpamAssassin is working you should find two lines that look like the following:
+``` text
+X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
+	DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,
+	HTML_MESSAGE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,
+	SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6
+X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mail.markmizzi.dev
+```
+
+The `X-Spam-Status` header also gives useful information about the spam score of an email, the threshold spam score set, and any tests used to determine the spaminess of the email.
+
+## Debugging
+
+Logs for SpamAssassin are found `/home/spamd/spamd.log`, this is helpful to check when running into issues.