Filtering Spam before Forwarding Email with Postfix/SpamAssassin

One feature many cPanel/Shared Webhosts has is an option to forward your email to a different address. Very useful if you want to have multiple email addresses but check it all in one place (Gmail) like I do. But if you’re like me, you’ve likely migrated onto your own dedicated server you manage yourself, and its likely your making mistakes with email forwarding and filtering spam!

The problem is that that when you receive spam, you are also forwarding spam to your email provider, which makes them upset with you and tarnishes your servers IP address. I did this for years! I always thought that Gmail would be smart enough to see the path in the headers to realize it was forwarded – but then thinking about it – why would Gmail trust me that those servers actually sent the email and that I didn’t just spoof those Received: lines to blame someone else?

When I recently migrated my host, I put in a lot more effort into filtering the spam before it even hits Gmail, and learned quite a few things.

Filtering Spam with Postfix

First Off: Initial Connection Client Checks – These stop a majority of the spammers, and its so simple!
Add this line to your /etc/postfix/main.cf:

smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination reject_rbl_client zen.spamhaus.org reject_rbl_client bl.spamcop.net reject_rbl_client cbl.abuseat.org reject_unknown_client permit

This will enforce a lot of restrictions on the client, namely the Zen Spamhaus check, which knocks out so many spammer connections!

Filtering Spam with SpamAssassin

If you haven’t already installed SpamAssassin, do so now. There is a bit to this than I want to put into this post, so follow this sites guide: http://plecko.com.hr/?p=389

His instructions look spot on to me. Key thing I did not do on my setup and I just realized I needed to do: enable CRON=1! I’ve been running with stale SA Rules… But his guide covers it!

Next up is this page: http://wiki.apache.org/spamassassin/ImproveAccuracy

One thing it mentions is missing Perl Modules that SpamAssassin can try to use. For me, I had to run these commands to get them all installed.

sudo apt-get install libgeoip-dev
sudo cpan Geo::IP Mail::DKIM Encode::Detect DBI IO::Socket::IP Digest::SHA1 Net::Patricia

I don’t know what some of them are for, but SpamAssassin is obviously trying to use them, so give them to it!

Passing SPF Checks

Then there is SRS Rewriting. One problem with forwarding email is that it makes every one of your emails now fail SPF checks, because it looks like your server is sending mail for InsertBigNameDomain.com which does not authorize you to send mail on their behalf.

SPF is considered a “broken” implementation, and it is preferred that system admins use DKIM instead as a way to verify authenticity of an email, so ideally you need to rewrite the return path to be your own server name instead.

I used this guide: https://www.mind-it.info/forward-postfix-spf-srs/
Which summarizes down to

sudo apt-get install cmake sysv-rc-conf
cd /usr/local/src/
wget https://github.com/roehling/postsrsd/archive/master.zip
unzip master
cd postsrsd-master/
sudo make install
sudo postconf -e "sender_canonical_maps = tcp:"
sudo postconf -e "sender_canonical_classes = envelope_sender"
sudo postconf -e "recipient_canonical_maps = tcp:"
sudo postconf -e "recipient_canonical_classes = envelope_recipient"
sudo sysv-rc-conf postsrsd on
sudo service postsrsd restart
sudo service postfix reload

Now when you inspect a received emails header, you will see that the ReturnPath is now something like  <SRS0+9CLa=52=paypal.com=service@starlis.com>
And your SPF will now pass (You do have SPF records set right for your domain?)

Dropping the Spam

Now the final part… getting rid of that spam before it goes to Gmail!

In /etc/postfix/header_checks (you likely will need to create this file), add this simple line:

/^X-Spam-Level: \*{5,}.*/ DISCARD spam

then in /etc/postfix/main.cf:

header_checks = regexp:/etc/postfix/header_checks

This will drop the spam, but you may want to only drop higher level spam, so instead you could change the 5 to a 7, and then add to your /etc/spamassassin/local.cf (might already be there commented out):

rewrite_header Subject *****SPAM*****

This makes it so that any spam that doesn’t get dropped, has SPAM prepended to the header, which Gmail suggests you do if you do end up forwarding spam to Gmail.

With this approach, low score (5-6) spam will be forwarded but makes Gmail happy that you told them its spam ahead of time, and 7+ spam won’t even bother forwarding.

Taking these steps will help you maintain a good mail sending reputation (Hopefully I don’t have to repair mine too much…). Good luck 🙂

Final note for Gmail users

And one final step if you are using Gmail, ensure EVERY email address that you receive mail from that is forwarded to Gmail is added as a “Send Mail As” account. Gmail uses this list to know it is a forwarded address, and will be more lenient in spam rules. I don’t know if other ESP’s do this, but Gmail has requested you do this if you forward mail to them.


Ubuntu Live Streaming to Twitch.tv!

Good news for Linux users, the popular application for live streaming on Windows “Open Broadcasting Software” commonly known as OBS has been rewritten and now supports Linux. Ubuntu Live Streaming is now a thing with OBS.

First off, you will need a more up to date ffmpeg, found at the very common ppa:jon-severinsson/ffmpeg PPA.

sudo apt-add-repository ppa:jon-severinsson/ffmpeg
sudo apt-get update
sudo apt-get install ffmpeg

Then you will need the PPA provided by the OBS developer for almost daily updates:

sudo apt-add-repository ppa:btbn/obs-studio
sudo apt-get update
sudo apt-get install obs-studio

You will now have OBS installed.  Newest builds should have an Application Icon added for you, so find it under Audio/Video.

If your new to using this app – a quick run down of the terminology:

  • Scene: Configuration of multiple video/image sources to be output. You can have multiple scenes, such as 1 for left monitor, 1 for right monitor, 1 for ONLY a game, 1 for only a webcam, etc. You can switch between these while streaming to change what you are broadcasting.
  • Sources: Actual video and imagery sources. You add sources to a Scene such as your entire desktop or a single app, or your webcam, or a static image.

Play around with sources, each one should be obvious as to what it does, and build you a setup. When you add a source, you can resize and move it around the screen.

One issue I am having is that it does not work for my Webcam. Webcam works fine for other apps, so this has to be an issue with OBS, and another user also reports the problem.

To put my webcam into my stream, I opened up the Cheese application, then added a new Source that targets only that window, and crops off window parts and other non camera feed parts. I did have to invert Red/Blue.

Since its targeting a window and not the full desktop, you can safely minimize it and it works fine.

Now to stream to Twitch, you need to simply go to settings, go to the Streaming section, and put in your Stream key and select which server is closest to you.

Oh and one final detail (hopefully it hasn’t gotten you yet) The app likes to crash a lot when changing settings, so be sure to close the app after making a few changes to make it save them incase it crashes. I haven’t had any mid-stream crash issues though.

Good luck!


Minimal Gnome – My Ubuntu Theme / Layout

I’ve tweaked my OS layout quite a bit lately to highly customize it to give me alot of screen real estate. I’m pretty satisfied with it and decided to share.

Minimal Gnome (monitor 1)

Minimal Gnome (monitor 2)


Minimal Gnome 3 (apps)

I will give you instructions on how to setup your Ubuntu 10.10 to be like this, however note this guide will expect you to be moderately technically experienced with the Linux OS… not going to hand feed things here.

First, download my theme: http://aikar.co/dropbox/MinimalGnome.zip
And the background: http://aikar.co/dropbox/GNOME-AlphaGnome_1024x768.png

This theme is based off the Clearlooks theme, which was very white. I based off this because alot of apps are not friendly to dark backgrounds for input boxes and web pages, messing up websites without full CSS rules, and apps like Evolution having dark backgrounds and people setting black fonts made it impossible to read. So we want to keep some aspects white still while making the overall OS dark.
I’ve modified the colors of Clearlooks to do this. With a very nice blend of dark greys.

Unzip the MinimalGnome theme into your ~/.themes/ folder. Then go to System > Preferences > Appearence and choose it.
Go to backgrounds tab and choose this background, and select a background color thats dark. This background is transparent and will blend to what ever background color you choose!

You should now be dark!

Next steps is to rearrange Gnome panels to be like mine to get a nice minimal theme.

First, delete the Menubar on the top panel, then add a “Main Menu” to the panel (Not Menu Bar!) This gives you the same things as the Menu bar but all in 1 Ubuntu button.
Then beside that button add a Drawer.

Put all your apps inside the Drawer. Simply click it to open, open app, it closes.

Next move your Window List off the bottom panel and drag it to the top (there is a little handle to the left of the Window List, right beside show desktop if you still have that on panel, look closely)
If you cant drag it, simply delete it and readd it to your top panel flush to the left of the Ubuntu menu and Drawer icons. (Add to Panel > Window List)

Note you can right click on any panel and click move to move the panel easily and get each one tightly flushed to each other. Get that Ubuntu menu, Drawer and Window list flush left!
Then delete the bottom panel to get rid of it. (Move workspace/trash/showdesktop to top if you really want those)

Repeat the same on other monitors, and that will cover your base OS layout.
Simply drag apps into Drawer or right click on Drawer and Add to Drawer to add things.

Next up is the Firefox slim down.

You need a few addons for Firefox 3.6. I have not done this for 4.0 yet so this guide is for 3.6!

Get the following:
Theme: https://addons.mozilla.org/en-US/firefox/addon/ace-foxdie-graphite/
Tree Style Tabs: https://addons.mozilla.org/en-US/firefox/addon/tree-style-tab/
Hide Caption Titlebar Smart: https://addons.mozilla.org/en-US/firefox/addon/hide-caption-titlebar-plus-sma/
Compact Menu 2: https://addons.mozilla.org/en-us/firefox/addon/compact-menu-2/

Now from a base line installing these addons and maximizing firefox should get you to nearly where I am.
You don’t need to mirror my settings exactly and I dont know how to get you to exactly where I am, but you should be close now. So go tweak your setup to YOUR liking from here.

Tabs setup is in Tree Style Tabs addon, the hidden title bar is in Hide Caption Titlebar addon, and the theme itself is Foxdie in your tools menu and the fox icon in status bar, and it auto popups the configuring page on first start.

Tweak things to how you want them. Good luck!


Ubuntu – Prevent sleep while sharing files over samba

Windows has a little feature that Ubuntu/samba server sadly does not seem to have: On Linux, If another user is accessing files on your samba server, the system will still enter an S3 Sleep / suspend, where as Windows will stay awake until the share is no longer active.

After some research I have developed a script that will prevent Ubuntu from sleeping while sharing files. If your HTPC is accessing videos on your desktop, this can prevent your desktop from sleeping.

These instructions were designed for Ubuntu 10.10 with the GNOME desktop as it relies on a command “gnome-screensaver-command”. If you find another command that can reset the system idle timer, the script could work for you.

To Prevent sleeping while samba is active, create the file ~/.checksmb with the following script: (scroll down for instructions creating file if you don’t know how)

#!/usr/bin/env bash

# sleep prevent command - "gnome-screensaver-command --poke" resets idle timer
PREVENTSLEEP='gnome-screensaver-command --poke'

# gnome-screensaver-command uses X11 which expects this ENV to be set
export DISPLAY=:0.0

#### DO NOT EDIT ####
smbstatus | grep -q "DENY_WRITE"
if [ $? == 0 ]; then $PREVENTSLEEP ; fi

open a terminal (control + alt + T or use menu > Accessories) and type gedit ~/.checksmb and then paste that code into the file, save and close.

Then in the terminal, run chmod +x ~/.checksmb
Nothing should of printed from that.

Then type crontab -e to open the editor for crontab.

If prompted to select an editor, choose what ever number nano is. its the default on Ubuntu 10.10.

Scroll to bottom of file (page down key) and add ON A NEW LINE

* * * * * ~/.checksmb

That line should be all by itself. Now press Control + X, and then press Y to confirm save.

Now, if you haven’t already, you can go configure your PC to go to Sleep after inactivity under System > Preferences > Power Management.

Every 1 minute this script will run and check if anyone is accessing files over Samba (SMB) and it will prevent sleep / suspend.


I am Senior Software Engineer and Entrepeneur. I am an enthusiast and love creating things. I operate my own side company in my free time called Starlis LLC, working in Minecraft.

I enjoy doing things right and learning modern technologies.