Setting Up SSL

Here's how I generated SSL certificates for use with "spamd --ssl" and "spamc --ssl":

rm -rf /etc/mail/spamassassin/certs
mkdir -p /etc/mail/spamassassin/certs
(
cd /etc/mail/spamassassin/certs
openssl genrsa 2048 > ca-key.pem
openssl req -new -x509 -nodes -days 1000 -key ca-key.pem > ca-cert.pem
openssl req -newkey rsa:2048 -days 1000 \
  -nodes -keyout server-key.pem > server-req.pem
[enter whatever random data you feel like]
openssl x509 -req -in server-req.pem -days 1000 \
  -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
)

Compiling SpamAssassin with SSL

The primary configuration requirement for compiling SpamAssassin with SSL is the ENABLE_SSL=yes option for the Makefile.PL.

NOTE: With SpamAssassin v3.4.0+, you will need a more modern compiler (tested as far back as GCC v3.2.3 which works but GCC 2.96 failed).

Here's an example which will configure the current 3.4 SVN branch to use a version of OpenSSL installed in /usr/local/ssl and GCC 3.2.3 installed in /usr/local/gcc3.2.3

perl Makefile.PL ENABLE_SSL="yes"
cd spamc
CXX=/usr/local/gcc3.2.3/bin/g++ CC=/usr/local/gcc3.2.3/bin/gcc LIBS=-I/usr/local/ssl/include/  LDFLAGS=-L/usr/local/ssl/lib CPPFLAGS="-I/usr/local/ssl/include" ./configure --prefix=/usr/local --sysconfdir=/etc/mail/spamassassin --datadir=/usr/local/share/spamassassin --enable-ssl=yes
./version.h.pl --with-version=3.4.2
cd ..
make
make test
spamc/spamc --version
make install

Spamd will use Net::SSLeay so to use an alternate SSL with that, use the OPENSSL_PREFIX=<path to alternate SSL> perl Makefile.PL. For example, OPENSSL_PREFIX=/usr/local/ssl perl Makefile.PL

  • No labels