s/w note

Minggu, 11 November 2007

anti spam

Introduction
If you followed the installation guide on QmailRocks you will finish up with a functional mail server with integrated spam filtering using SpamAssassin, but only with the most minimal settings. This is what you need to do to get your SpamAssassin really kicking ass.

Note: This page is best viewed using Mozilla Firefox.
Last updated: 24-08-2006

Install some supporting technologies

First we are going to install DCC, Pyzor, and Razor. Keeping with the QmailRocks conventions, I download my files to /downloads.

mkdir /downloads/spam
cd /downloads/spam
wget http://www.rhyolite.com/anti-spam/dcc/source/dcc.tar.Z
tar zxfv dcc.tar.Z
cd dcc-1.x.xx
./configure
make install
cd /downloads/spam

Download Pyzor from Sourceforge, from your nearest mirror. For example,

wget http://kent.dl.sourceforge.net/sourceforge/pyzor/pyzor-0.4.0.tar.bz2
tar xjvf pyzor-0.4.0.tar.bz2
cd pyzor-0.4.0
python setup.py build
python setup.py install
cd /downloads/spam

Download Razor from Sourceforge, from your nearest mirror. For example,

wget http://kent.dl.sourceforge.net/sourceforge/razor/razor-agents-2.80.tar.bz2
tar xjfv razor-agents-2.80.tar.bz2
cd razor-agents-2.80
perl Makefile.PL
make test
make install

Razor requires a little more configuration. You will need to install these perl modules, if you don’t have them already:

perl -MCPAN -e “install Time::HiRes”
perl -MCPAN -e “install Digest::SHA1″
perl -MCPAN -e “install MIME::Base64″
perl -MCPAN -e “install Test::Simple”
perl -MCPAN -e “install Test::Harness”
perl -MCPAN -e “install Getopt::Long”
perl -MCPAN -e “install File::Copy”
perl -MCPAN -e “install URI::Escape”

You need to create a config file, using a non root user. Substitute ben with a real non-root user on your system:

su ben
razor-admin -create
exit

Register your Razor install with the Razor servers. Replace the address with your admin’s e-mail address:

razor-admin -register -user=foo

Razor is now ready for integration with SpamAssassin. If you need to know more, have a look at the Razor installation pages.
SpamAssassin configuration

Next we will write a new local.cf. This is the file your global SpamAssassin settings are stored in. The default installation has a minimal config that’s pretty basic and doesn’t catch much spam. Before we make any changes we will backup your old config, just in case you want to see it again:

mv /etc/mail/spamassassin/local.cf /etc/mail/spamassassin/local.cf.old

Get a new config using the configuration generator tool from the SpamAssassin website. Make sure you enable Bayes, DCC, Pyzor, and Razor. Copy the contents, and paste it into /etc/mail/spamassassin/local.cf (new file).

While you have your local.cf open we will also add some configuration options for Razor, DCC and Pyzor. Substitute ben with the non-root user you used earlier to configure Razor.

razor_config /home/ben/.razor/razor-agent.conf

dcc_home /var/dcc
dcc_path /usr/bin/dccproc
dcc_dccifd_path /var/dcc/libexec/dccifd

pyzor_path /usr/bin/pyzor
score PYZOR_CHECK 1

This is what my local.cf looks like. If you’re with me so far then yours should look very similar.

Now create a new bayes database using:

sa-learn –sync

Get more rules

I’ve been using a load of rules from the SpamAssassin website for a while and I have never had any problems with them. All you need to do to install them is place them in your spamassassin directory and restart the daemon:

cd /etc/mail/spamassassin
wget http://mywebpages.comcast.net/mkettler/sa/antidrug.cf
wget http://www.emtinc.net/includes/backhair.cf
wget http://www.timj.co.uk/linux/bogus-virus-warnings.cf
wget http://www.emtinc.net/includes/chickenpox.cf
wget http://www.sa-blacklist.stearns.org/sa-blacklist/sa-blacklist.current.uri.cf
wget http://www.sa-blacklist.stearns.org/sa-blacklist/random.current.cf
wget http://www.rulesemporium.com/rules/99_FVGT_Tripwire.cf
wget http://www.nospamtoday.com/download/mime_validate.cf
wget http://bl.csma.biz/csma.cf

Now just restart SpamAssassin to put all of these changes into effect.

Slackware

/etc/rc.d/rc.spamd restart

Debian

/etc/init.d/rc.spamd restart

RedHat / Fedora

/etc/rc.d/init.d/spamassassin restart

Other rules are available from the SpamAssassin website and Rules Emporium.

Now to test the SpamAssassin configuration. You can check the config for errors by running this command:

spamassassin -D –lint

You don’t need to understand all of this output, just look for any errors and use Google for any troubleshooting, if required. You should also have a file on your system from the QMR install called sample-nonspam.txt which we can use to test the SA configuration. To look for it, try:

locate sample-nonspam

If you don’t have the file, you can download it from me, using:

cd /downloads/spam
wget http://opensourceheaven.net/sample-nonspam.txt

We’ll use this file to test the SpamAssassin configuration:

spamassassin -t < /path/to/sample-nonspam.txt

If everything is working you should see a nicely formatted report about SpamAssassin's analysis of the message.

Enable RBL checking

Real time Black Lists can greatly reduce the amount of spam to your server, but they have a few disadvantages. They are unmoderated and sometimes legitimate organisations can be added to them through no fault of their own. So be careful which ones you choose as there are some real coyboys out there (under NO circumstances should you use SORBS). That being said, I use RBL's and they stop a ton of spam getting to my mailbox - I easily get 50 messages a day to my inbox alone blocked because of RBL's. To implement them on your Qmail server, edit your /var/qmail/supervise/qmail-smtpd/run and add the following bold lines:

/etc/tcp.smtp.cdb -c "$MAXSMTPD" \ -u "$QMAILDUID" -g ................ \
rblsmtpd \
-r sbl.spamhaus.org \
-r bl.spamcop.net \
-r relays.ordb.org \
/var/qmail/bin/qmail-smtpd server.yourdomain.com \