Fighting spam is more difficult than ever and many people let other parties handle their spam filtering. This is just one of the reasons products like Office365 and Google Apps for Work have become so successful. After all, there is not much glamor in running your own mail server.
If you run your own mail server you’ll have to handle spam yourself. If you have OTRS on its own server and you’re receiving spam, this is very annoying as it might send out false notifications and wastes time.
Luckily, it is very easy to use SpamAssassin to filter out spam emails in order to make sure you only receive valid mails in OTRS. SpamAssassin is an Apache foundation open source software that is used very widely to combat spam.
Installing SpamAssassin on your system
You can simply install SpamAssassin from your linux package manager, on CentOS/RHEL based systems:
sudo yum install -y spamassassin
and on Debian- or Ubuntu-systems:
sudo apt-get install spamassassin
After you’ve installed the package you can test if it’s available by typing /usr/bin/spamassassin –version in your console.
Of course spammers and spam-fighters are in a never-ending battle. New heuristics to determine spam messages are created often. On some systems the spamassassin rules can be out of date, run the sa-update command as root to update the rules. If you want you could run this as a cron job.
Setting up OTRS to use SpamAssassin
First, there are two options for handling spam. One is to delete incoming email marked as spam and one is to move it to a separate queue. The last option I would strongly recommend. If a message would falsely be marked as spam, it will be deleted from your system and you’d not know about it! It’s much better if the message is still available, at least for a small period of time, so you can restore it if needed.
So in order to make this happen, you can set up a special queue on the system where the message should be sorted into. If you make sure your agents only have read-permissions on this queue (and probably also move-into, but at least not read-write) they will not see the queue in the dashboard and in the queue view, they’ll not get notifications, but they are able to search through tickets in this queue.
In SysConfig, under Ticket > Core::PostMaster, there is a pre-defined filter called PostMaster::PreFilterModule###6-SpamAssassin. Just please make sure to fill in the queue you want under the Set: option, check the box, and save the SysConfig. Your setup is active now.
Verifying your setup
If a spam message reaches your system, a nice short message is added to your system log and the ticket is created in the spam queue automatically!