This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Page tree
Skip to end of metadata
Go to start of metadata

Setting Up SSL

Here's how I generated SSL certificates for use with "spamd --ssl" and "spamc --ssl":

rm -rf /etc/mail/spamassassin/certs
mkdir -p /etc/mail/spamassassin/certs
(
cd /etc/mail/spamassassin/certs
openssl genrsa 2048 > ca-key.pem
openssl req -new -x509 -nodes -days 1000 -key ca-key.pem > ca-cert.pem
openssl req -newkey rsa:2048 -days 1000 \
  -nodes -keyout server-key.pem > server-req.pem
[enter whatever random data you feel like]
openssl x509 -req -in server-req.pem -days 1000 \
  -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
)

Compiling SpamAssassin with SSL

The primary configuration requirement for compiling SpamAssassin with SSL is the ENABLE_SSL=yes option for the Makefile.PL.

NOTE: With SpamAssassin v3.4.0+, you will need a more modern compiler (tested as far back as GCC v3.2.3 which works but GCC 2.96 failed).

Here's an example which will configure the current 3.4 SVN branch to use a version of OpenSSL installed in /usr/local/ssl and GCC 3.2.3 installed in /usr/local/gcc3.2.3

perl Makefile.PL ENABLE_SSL="yes"
cd spamc
CXX=/usr/local/gcc3.2.3/bin/g++ CC=/usr/local/gcc3.2.3/bin/gcc LIBS=-I/usr/local/ssl/include/  LDFLAGS=-L/usr/local/ssl/lib CPPFLAGS="-I/usr/local/ssl/include" ./configure --prefix=/usr/local --sysconfdir=/etc/mail/spamassassin --datadir=/usr/local/share/spamassassin --enable-ssl=yes
./version.h.pl --with-version=3.4.2
cd ..
make
make test
spamc/spamc --version
make install

Spamd will use Net::SSLeay so to use an alternate SSL with that, use the OPENSSL_PREFIX=<path to alternate SSL> perl Makefile.PL. For example, OPENSSL_PREFIX=/usr/local/ssl perl Makefile.PL

  • No labels