Differences

This shows you the differences between two versions of the page.

--- build:spam [2006/11/18 16:43]
207.119.91.184
+++ build:spam [2007/09/16 21:46] (current)
75.132.107.251
@@ Line 3: / Line 3: @@
 [[http://spamassassin.apache.org/ | SpamAssassin]] is one of the best-known Open Source spam filters. It is now an Apache Foundation project. The main advantage of SpamAssassin is that it integrates many different types of tests -- each test adds to or subtracts from the message's "spaminess", and the message gets a final score that combines all the tests. The primary disadvantage of SpamAssassin is that it is relatively slow, because it is written in Perl and runs through a large number of tests. We believe that our boxes are plenty powerful enough to handle the load, especially with some of the Postfix spam-avoidance techniques (such as greylisting) that reduce the number of spam emails that make it into the system.
+We're using MailScanner as an interface between Postfix and SpamAssassin. We chose it because it's quite easy to understand, as compared with configuring amavisd and others to interface with Postfix. It was also used on the old AIX systems, so we were able to re-use most of the existing configuration settings.
 ===== Installation =====
+<code rootshell>
+apt-get install -y spamassassin
+apt-get install -y mailscanner
+apt-get install -y razor pyzor dcc-client
+</code>
 ===== Configuration =====
+Run ''pyzor discover'' to update pyzor's server list:
+<code rootshell>
+pyzor discover
+</code>
+Create a location for MailScanner to put files for SpamAssassin to scan.
+<code rootshell>
+mkdir /var/spool/MailScanner/spamassassin
+chown -R postfix:postfix /var/spool/MailScanner
+chown -R postfix:postfix /var/lib/MailScanner
+chown -R postfix:postfix /var/run/MailScanner
+chown -R postfix:postfix /var/lock/subsys/MailScanner
+</code>
+Back up the original MailScanner config file.
+<code rootshell>
+cp -a /etc/MailScanner/MailScanner.conf /etc/MailScanner/MailScanner.conf.dist
+</code>
+Edit the file ''/etc/MailScanner/MailScanner.conf'' to change these lines:
+<file>
+%org-name% = SLUUG
+%org-long-name% = St. Louis UNIX Users Group
+%web-site% = www.sluug.org
+Max Children = 2	# Upped it from 1, to hopefully improve throughput.
+Run As User = postfix
+Run As Group = postfix
+Incoming Queue Dir = /var/spool/postfix/hold
+Outgoing Queue Dir = /var/spool/postfix/incoming
+MTA = postfix
+Sendmail2 = /usr/sbin/sendmail
+Virus Scanning = no
+Virus Scanners = none
+Dangerous Content Scanning = no
+Quarantine Infections = no
+Information Header =
+Always Include SpamAssassin Report = yes
+Mark Unscanned Messages = no
+Notify Senders = no  # This is the default, but we want to be SURE on this setting!
+Virus Modify Subject = no
+Filename Modify Subject = no
+Content Modify Subject = no
+Size Modify Subject = no
+Disarmed Modify Subject = no
+Spam Modify Subject = no
+High Scoring Spam Modify Subject = no
+Send Notices = no
+Use SpamAssassin = yes  # This is the default.
+Required SpamAssassin Score = 5
+High SpamAssassin Score = 11
+SpamAssassin Timeout = 120
+High Scoring Spam Actions = delete
+Log Spam = yes
+Log Non Spam = yes
+</file>
+Edit ''/etc/MailScanner/spam.assassin.prefs.conf'' to add:
+<file>
+razor_config /etc/razor/razor-agent.conf
+</file>
+Edit ''/etc/razor/razor-agent.conf'' to add:
+<file>
+razorhome = /etc/razor/
+logfile = sys-syslog
+</file>
+Create ''/etc/postfix/header_checks'' containing a single line, to have Postfix
+send all incoming emails to the HOLD queue, where MailScanner will pick them up.
+<code rootshell>
+echo '/^Received:/ HOLD' > /etc/postfix/header_checks
+</code>
+Tell Postfix to put everything it receives into the HOLD queue.
+<code rootshell>
+postconf -e 'header_checks=regexp:/etc/postfix/header_checks'
+</code>
+Configure MailScanner to run when started.
+<code rootshell>
+echo 'run_mailscanner=1' >> /etc/default/mailscanner
+</code>
 ===== Startup =====
+Start the MailScanner daemon:
+<code rootshell>
+/etc/init.d/mailscanner start
+</code>
+Restart the Postfix daemon, to have it send incoming emails to the HOLD queue.
+<code rootshell>
+/etc/init.d/postfix restart
+</code>
 ===== Testing =====
+Check the logs for errors on startup, using ''tail -f /var/log/mail.log /var/log/syslog''.
+MailScanner logs to ''/var/log/syslog'' under the name ''check''. (Not sure why it uses that name in the log files instead of its own.)
 ===== Notes =====
-All SpamAssassin settings are global in nature and not settable on a per user basis. This is the reason that we set the delete threshold so high -- some users may want a higher threshold than others. Those that want a lower threshold can do so using procmail filters (or whichever other delivery agent we choose). Those wanting special rules will also have to set them up as procmail filters.
+All SpamAssassin settings are global in nature and not settable on a per user basis. This is the reason that
+we set the delete threshold so high -- some users may want a higher threshold than others. Those that want a lower threshold can do so using procmail filters (or whichever other delivery agent we choose). Those wanting special rules will also have to set them up as procmail filters.
 ===== TODO =====
-This will be integrated into the mail flow via the MailScanner software which will be installed from the mailscanner deb package.  (More info can be gotten from http://www.mailscanner.info/)
+We should really not use MailScanner's preferred method of picking up emails from the HOLD queue and injecting them back into the Postfix system via the INCOMING queue. Postfix documentation says that this method is not supported. Instead, there should be an SMTP-type listener added to ''/etc/postfix/master.cf'', which will submit the scanned messages back into Postfix via another SMTP listener (also listed in ''master.cf'') on another port. I believe amavisd supports this method. One main reason we went with MailScanner (at least at first) it that it's easier to configure than figuring out how to configure all the required services in ''master.cf''.
+Configure SpamAssassin more like Michelob/Dark. Their ''local.cf'' file looks like this:
+<file>
+# If this option is set to 0, incoming spam is only modified by adding
+# some `X-Spam-' headers and no changes will be made to the body.
+report_safe 0
+ok_languages            en
+# Trusted networks are assumed to not be originating spam.
+clear_trusted_networks
+trusted_networks   128.252.19.8   # michelob
+trusted_networks   128.252.19.9   # dark
+# Internal networks are other potential MXes for our domain.
+clear_internal_networks
+internal_networks  128.252.19.8   # michelob
+internal_networks  128.252.19.9   # dark
+internal_networks  206.196.99.162 # bud
+internal_networks  206.196.99.163 # budlight
+# Assume we always have DNS lookups available.
+dns_available yes
+# The score threshold below which a mail has to score, to be fed into
+# SpamAssassin's learning systems automatically as a non-spam message.
+bayes_auto_learn_threshold_nonspam -1.1
+# The score threshold above which a mail has to score, to be fed into
+# SpamAssassin's learning systems automatically as a spam message.
+bayes_auto_learn_threshold_spam 11.0
+# For feeding spam and and ham for saved messages, mailboxes
+# or directories:
+# Change X-YOURDOMAIN-COM to match your %org-name% as
+# set in MailScanner.conf
+bayes_ignore_header X-SLUUG-MailScanner
+bayes_ignore_header X-SLUUG-MailScanner-SpamCheck
+bayes_ignore_header X-SLUUG-MailScanner-SpamScore
+bayes_ignore_header X-SLUUG-MailScanner-Information
+# When using MailScanner, this is highly recommended.
+bayes_auto_expire 0
+# What should be the maximum size of the Bayes tokens database?
+bayes_expiry_max_db_size 600000
+lock_method flock
+use_auto_whitelist 0
+# This should be explicitly set for MailScanner
+envelope_sender_header X-MailScanner-From
+# Reduce timeouts for RBSLs.
+rbl_timeout 20
+razor_timeout 10
+pyzor_timeout 10
+</file>
+====Anti-virus====
+<code rootshell>
+   apt-get install clamav unrar lha arj unzoo
+</code>
+Edit /etc/MailScanner/MailScanner.conf:
+  Virus Scanning=yes
+  Virus Scanners=clamav
+and restart mailscanner.
+For some reason, even though "Still Deliver Silent Viruses" is set to "no", the system is delivering messages stripped of infected attachments. This is contrary to the documentation in MailScanner.conf. Accordingly, virus scanning is now turned off.
 ===== Credits =====
-===== Comments =====
+Installed, configured, and documented by Craig Buchek.
+Based on Mike Knight's MailScanner configuration on our AIX servers.
+These articles helped me figure out how to configure Postfix and MailScanner to work together:
+  * [[http://www.mailscanner.info/postfix.html]]
+  * [[http://www.debian-administration.org/articles/172]]
+These articles helped me figure out why MailScanner was stopping without restarting,
+due to razor putting its log file in ''/var/spool/postfix/hold'':
+  * [[http://mail-archives.apache.org/mod_mbox/spamassassin-users/200502.mbox/%3C41FF8713.4050100@netcore.co.in%3E]]
+  * [[http://lists.mailscanner.info/pipermail/mailscanner/2006-July/062949.html]]
+  * [[http://www.howtoforge.com/postfix_antispam_mailscanner_clamav_ubuntu_p4?s=f2f2c647ba0cb4454f7cf14d491ed6cd]]
+===== Comments =====

SLUUG Wiki

User Tools

Site Tools

Differences

Page Tools