Mandriva 2005 Postfix Anti-Spam, Anti-Virus Relay Server for Exchange Server 2000/2003 - Page 2

STEP 3: Install Spamassassin, Razor, Pyzor, DCC and amavisd-new

a) At the console prompt or a putty window type the following command:

urpmi spamassassin

Say yes to the dependencies prompt. This will automatically install spamassassin and razor automatically. Configure spamassassin: If your mail server is behind a NAT firewall, you may consider setting up the trusted_networks and internal_networks in spamassassin’s local.cf file. This is a well known problem with spamassassin on a private IP. Here’s how to fix it. Edit the /etc/mail/spamassassin/local.cf file:

vi /etc/mail/spamassassin/local.cf

Add the trusted_networks and internal_networks line for every PUBLIC ip address your mail server is known for:

trusted_networks 123.456.789.123
trusted_networks 987.654.321.987
internal_networks 123.456.789.123
internal_networks 987.456.789.123

(Obviously substitute your own public IP address(es)) Add the following lines still in the /etc/mail/spamassassin/local.cf file to configure spamassassin to use razor, pyzor and dcc:

bayes_auto_learn 1
bayes_path /etc/mail/spamassassin/bayes
bayes_file_mode 0666
use_razor2 1
razor_config /root/.razor/razor-agent.conf
razor_timeout 10
use_pyzor 1
pyzor_timeout 10
pyzor_max 5
add_header all Pyzor _PYZOR_
use_dcc 1
dcc_timeout 10
dcc_home /var/lib/dcc
dcc_path /usr/bin/dccproc

Create a custom rule set for spamassassin by typing the following in the console:

vi /etc/mail/spamassassin/sa_rules_update.sh

Copy and paste the following into the file:

#!/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/71_sare_redirect_pre3.0.0.cf -O 71_sare_redirect_pre3.0.0.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_bayes_poison_nxm.cf -O 70_sare_bayes_poison_nxm.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_html.cf -O 70_sare_html.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_html4.cf -O 70_sare_html4.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_html_x30.cf -O 70_sare_html_x30.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_header0.cf -O 70_sare_header0.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_header3.cf -O 70_sare_header3.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_header_x30.cf -O 70_sare_header_x30.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_specific.cf -O 70_sare_specific.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_adult.cf -O 70_sare_adult.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/72_sare_bml_post25x.cf -O 72_sare_bml_post25x.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/99_sare_fraud_post25x.cf -O 99_sare_fraud_post25x.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_spoof.cf -O 70_sare_spoof.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_random.cf -O 70_sare_random.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_oem.cf -O 70_sare_oem.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_genlsubj0.cf -O 70_sare_genlsubj0.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_genlsubj3.cf -O 70_sare_genlsubj3.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_genlsubj_x30.cf -O 70_sare_genlsubj_x30.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_unsub.cf -O 70_sare_unsub.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_uri.cf -O 70_sare_uri.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://mywebpages.comcast.net/mkettler/sa/antidrug.cf -O antidrug.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.timj.co.uk/linux/bogus-virus-warnings.cf -O bogus-virus-warnings.cf &> /dev/nullcd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.yackley.org/sa-rules/evilnumbers.cf -O evilnumbers.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.stearns.org/sa-blacklist/random.current.cf -O random.current.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/88_FVGT_body.cf -O 88_FVGT_body.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/88_FVGT_rawbody.cf -O 88_FVGT_rawbody.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/88_FVGT_subject.cf -O 88_FVGT_subject.cf &> /dev/nullcd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/88_FVGT_headers.cf -O 88_FVGT_headers.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/88_FVGT_uri.cf -O 88_FVGT_uri.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/99_FVGT_DomainDigits.cf -O 99_FVGT_DomainDigits.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/99_FVGT_Tripwire.cf -O 99_FVGT_Tripwire.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/99_FVGT_meta.cf -O 99_FVGT_meta.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.nospamtoday.com/download/mime_validate.cf -O mime_validate.cf &> /dev/null
/etc/init.d/amavisd restart &> /dev/null
exit 0 

Save the file and change the permissions to executable: Shift ZZ

chmod 755 /etc/mail/spamassassin/sa_rules_update.sh

Run the file and ensure there are no errors. On the console or putty windowtype:

/etc/mail/spamassassin/sa_rules_update.sh

Under the /etc/mail/spamassassin directory you should see a bunch of files ending in .cf. Examples are: bogus_virus_warnings.cf, etc. That means the rules have been updated for spamassassin. Now, you must schedule this script to run on a regular basis. On the console or putty window type the following to schedule a cron job:

crontab -e

Paste the following in your putty window:

23 4 */2 * * /etc/mail/spamassassin/sa_rules_update.sh &> /dev/null  

(This will schedule the script to run every two days on 4:23. Obviously, don't copy mine verbatim but adjust to your liking. I used 4:23 to show you the hours/minutes.) Save the file: Shift ZZ b) At the console prompt or a putty window type the following command:

urpmi razor

(accept all dependencies)

urpmi pyzor

(accept all dependencies)

urpmi dcc

(accept all dependencies)

urpmi amavisd-new

Say yes to the dependencies prompt. This will automatically install amavisd-new. c) Configure amavisd by editing the /etc/amavisd/amavisd.conf:

vi /etc/amavisd/amavisd.conf

Hit "i" to start editing. Ensure the lines below are set as follows. Add them if they don't exist: This bypasses all virus checks. Not needed in this particular situation since we will be installing clamav further down. If you are having problems with clamav and cannot get it to work, it could potentially stop your mail server from operating. In that case, remove the # from in front of the line and it will bypass all virus checks.

#@bypass_virus_checks_acl = qw( . ); 

Ensure you enter the domain your mailserver belongs to. This setting is VERY important and without this setting messages WILL NOT be tagged as spam in the subject line.

$mydomain = 'yourdomain.tld'; 

This line ensures that ALL domains this server delivers mail for will be processed through the spam filter. Without this line, only the domain appearing in the $mydomain = line above will be processed through the spam filter.

@local_domains_acl = qw( . );  

Ensure this line is commented out with the ‘#’ symbol just like it looks here.

#@local_domains_maps = ( [".$mydomain"] );  

Email tagged as spam is passed but, subject is modified.

$sa_spam_modifies_subj = 1; 

Add spam info headers. I suggest you set as high as possible. Setting to undef is highly recommended so that all mail headers are modified no matter what.

$sa_tag_level_deflt = undef;  

Add 'spam detected' headers at that level. This is the minimum score the system will need to add spam headers to a message. It’s pretty low. Start out low and increase the value as you see fit. If you start to get a lot of false positives, you should increase this value.

$sa_tag2_level_deflt = 3;

Triggers spam evasive actions

$sa_kill_level_deflt = 15; 

Spam level beyond which a DSN is not sent

$sa_dsn_cutoff_level = 9; 

The word appended to the subject line of spam emails before passed to the end user

$sa_spam_subject_tag = '***SPAM*** '; 

Ensures spam is passed to the end user tagged as such. We never want the spam filter to kill messages. We want the end user to decide whether it's spam or not.

$final_spam_destiny = D_PASS; 

Ensures emails with bad headers is passed to the end user tagged as such.

$final_bad_header_destiny = D_PASS;  

HIT "ESC" and then "SHIFT ZZ" to save your amavisd.conf file. Edit your /etc/postfix/master.cf file and add the following entry to it as follows or amavisd will simply not work:

vi /etc/postfix/master.cf

Add the following entry at the very bottom of your master.cf file right before the line ##### END OF CONTENT FILTER CUSTOMIZATIONS #####:

smtp-amavis unix - - y - 2 smtp
  -o smtp_data_done_timeout=1200
  -o disable_dns_lookups=yes 

Now issue the following command for changes to take effect:

/usr/bin/amavisd reload
Share this page:

0 Comment(s)