This is specific to the migration from amber to the second system named bock. ==== SpamAssassin Installation and Configuration ==== === Package Installation === ^Packages installed for SpamAssassin^^ ^Prerequisite packages^^ |libcrypt-openssl-bignum-perl|access OpenSSL multiprecision integer libraries | |libcrypt-openssl-rsa-perl |module for RSA encryption using OpenSSL | |libmail-dkim-perl |cryptographically identify the sender of email | |libmail-spf-perl |Perl implementation of SPF and Sender ID | |libsys-hostname-long-perl |Figure out the long (fully-qualified) hostname | ^Recommended or suggested not already installed^^ |libbsd-resource-perl |BSD process resource limit and priority funcs | |libencode-detect-perl |detects the encoding of data | |geoip-database |GeoIP library (country database) | |geoip-database-extra |GeoIP library (ASN/city database) | |libgeoip1:amd64 |non-DNS IP-to-country resolver library | |libgeo-ip-perl |Perl interface to GeoIP library | |libnet-cidr-lite-perl |for merging IPv4 or IPv6 CIDR address ranges | |pyzor |spam-catcher using a collaborative network | |razor |spam-catcher using a collaborative network | ^Base SpamAssassin^^ |re2c |tool for generating fast C-based recognizers | |sa-compile |Tools for compiling SpamAssassin rules into C | |spamassassin |Perl-based spam filter using text analysis | |spamc |Client for SpamAssassin spam filtering daemon | At the time of implementation, there were recommendations to use MaxMind GeoIP2, but this was not found in Debian repositories. And there were warnings that other DB editions "require you to purchase a license". So the legacy GeoIP was used. We have no need for city databases, only country and continent. == DCC == DCC code is not included with any Debian package. The plugin included with SpamAssassin relies on on a package that must be downloaded and installed from scratch. This is no mentioned in the Debian packaging, and not explicit in the SpamAssassin documentation. Download via the URL in the SpamAssassin documentation. * https://www.dcc-servers.net/dcc/source/dcc.tar.Z * https://www.dcc-servers.net/dcc/ * https://www.rhyolite.com/dcc/ tar zxf mail-spamassassin/packages/dcc-1.3.163.tar.Z cd dcc-1.3.163 rm -rf /tmp/dcc_base mkdir /tmp/dcc_base var_dir=/var/lib/dcc # For production unset DCC_OWN DCC_GRP MANOWN MANGRP # For production dcc_user=dcc-daemon # For production run_dir=/var/run/dcc # For production make > ../dcc-make-log.txt 2>&1 addgroup --gid 6000 dcc-daemon adduser --uid 6000 --gid 6000 --shell /bin/sh --disabled-password \ --home /var/lib/dcc --no-create-home \ --gecos "DCC Daemon" \ dcc-daemon make install > ../dcc-install-log.txt 2>&1 chmod go+rx /var/lib/dcc chmod go+rx /var/lib/dcc/bin /var/lib/dcc/man /var/lib/dcc/log == Other == Deleted "spamd" user and group, and associated /home/spamd/ directory. The origin of these is unknown. Debian uses "debian-spamd" for the spamd user/group with uid/gid numbers in the "system" range. Make sure the spamassassin.service is enabled and running. === Spamassassin Configuration === Custom rules were added in a separate config file force_score.cf to allow forcing increments or decrements to the score. This is trigger various actions on a score, such as rejection or changing the subject. This is by having the Subject: contain "Force Score " followed by numbers such as 02, 15, or -05. The score is incremented by the sum of those numbers on the subject line. Multiple numbers may be combined, but only once each. Unfortunately, this is a added to other test results, not an exact score. A subject using all the valid numbers would be: Subject: Force Score by 02 04 10 15 -01 -03 -05 -08 Actions based on score: * Reject with a score of 7 by editing /etc/default/spamass-milter to uncomment "-r 15" and change the score from 15 to 7. * At a score of 5, change the subject by editing /etc/spamassassin/local.cf and uncomment the "rewrite_header" line. * Below a score of 5, no change is made, and the mail is delivered. * Do not modify the message body, only add headers. == Optional tests implemented == * URILocalBL - Add to score if in Barracuda Reputation Block List (BRBL). * DCC - Configured in separate config file dcc.cf and enabled in v310.pre * AntiVirus - Enabled in v310.pre * TextCat - Enabled in v310.pre * RelayCountry - Add to the score for relay outside US. And more for certain suspect countries. Enabled in init.pre * Razor2 * FromNameSpoof - Configured in separate config file fromnamespoof.cf * Phishing - Configured in separate config file phishing.cf * PDFInfo - Enabled in v341.pre == Misc configuration == * A custom test from amber was copied, to reduce the score for local origin. * Add a header with stars, in addition to the numeric score. * Locally submitted mail will not be scored, unless via SMTP. * There is no customization for individual recipient preferences. * Only English expected. Others get significant increase in score. * Set resource_limit_* in local.cf. * Set lock_method flock in local.cf. A crontab entry runs script get_phishing_feeds.sh daily. == Not implemented == * TxRep * Bayes * "Url shortener" plugin * https://www.pccc.com/downloads/SpamAssassin/contrib/KAM.cf * https://www.pccc.com/downloads/SpamAssassin/contrib/nonKAMrules.cf * Modification of body to rewrite suspect URLs. * Diversion to a spam/junk folder for moderate spam scores. * Separate diversion scoring limits for each member. === Postfix Integration === There are several tools for integration into the mail server. Considered and rejected include: mimedefang, amavisd, milter-manager, SAQ. In the past we used MailScanner, but changed to use a milter. This meant the headers added to mail are different. == spamass-milter == Ordering of clamav-milter and spamass-milter was for clam to be after SA, due to clam almost never rejecting any mail. Logging to a specific log was implemented. This allows the SpamAssassin scores and test results to be reviewed in one compact location instead of being mixed with thousands of other log entries. * Log file "/var/log/redirected-procmail_log". * Create alias "spamass-milter-redirected" that invokes procmail. * Edit /etc/default/spamass-milter to add "-B spamass-milter-redirected@sluug.org" * Rotate the log monthly, 13 copies.