I decided to install SpamAssassin in my email
server. Actually, I already using spamcop, for at least more than 6 months our email
server never get SPAM, fight using header_check, upgrading to pcre support. Well now I need install SpamAssassin.
On 2012 until this day we got huge traffic email. I have to protect the users from SPAM.
Email Traffic
| Mails successfully sent | 1,028,599 | 448.49 GB (457.2 KB/Mails) | ||
| Mails failed/refused | 936,173 | 23.55 GB |
First, I upgrade my ports collections using cvsup.
#cvsup –L 2 port-supfiles
My old perl version is 5.8, so I have to upgrade to new one.
Don’t forget to read the UPDATING in /usr/ports/UPDATING
(20110517)
This file, will explain many thinks.
#cd /usr/ports/mail/p5-Mail-SpamAssassin
#make clean
#make install
And I got these error :
NOTE: the optional HTTP::Date module is not installed.
The
"sa-update" program requires this module to make HTTP
If-Modified-Since
GET requests.
REQUIRED module missing: HTML::Parser
REQUIRED module missing: Net::DNS
REQUIRED module missing: NetAddr::IP
optional module missing: Digest::SHA1
optional module missing: Mail::SPF
optional module missing: IP::Country
optional module missing: Razor2
optional module missing: Net::Ident
optional module missing: IO::Socket::INET6
optional module missing: IO::Socket::SSL
optional module missing: Mail::DKIM
optional module missing: DBI
optional module missing: LWP::UserAgent
optional module missing: HTTP::Date
warning: some functionality may not be available,
please read the above report before continuing!
Can't open Makefile: No such file or directory.
===> Building for
p5-Mail-SpamAssassin-3.3.2_6
make: cannot open Makefile.
*** Error code 1
Stop in /usr/ports/mail/p5-Mail-SpamAssassin.
*** Error code 1
Stop in /usr/ports/mail/p5-Mail-SpamAssassin.
So I have to install perl module.
#perl –MCPAN –e shell
….
cpan[1]> install HTML::Parser Net::DNS NetAddr::IP
Digest::SHA1 Mail::SPF IP::Country Razor2 Net::Ident IO::Socket::INET6
IO::Socket::SSL Mail::DKIM DBI LWP::UserAgent HTTP::Date
#cd /usr/ports/mail/p5-Mail-SpamAssassin
#make clean (Don’t
forget always make clean after getting error)
#make install
Some package maybe just already installs with older version,
just make deinstall, make clean then, start again.
sa-update now places state files in /var/db/spamassassin and
not
/var/lib/spamassassin.
This is to be consistant with Freebsd file
directory conventions.
If you run sa-compile, you will notice that files are in
/var/db/spamassassin/compiled//
instead of
/var/db/spamassassin/compiled/.
No attempts have been made to move old versions over. You
must recomp ile.
If you are running with spamd, you must add the following to
rc.conf:
spamd_enable="YES"
Security Note: If you
did NOT deselected AS_ROOT, spamd will be runn ing
as root. To change this, also add this to rc.conf:
spamd_flags="-u spamd -H /var/spool/spamd"
===> Correct pkg-plist sequence to create group(s) and
user(s)
===> Compressing
manual pages for p5-Mail-SpamAssassin-3.3.2_6
===> Running
ldconfig
/sbin/ldconfig -m /usr/local/lib
===> Registering
installation for p5-Mail-SpamAssassin-3.3.2_6
# netstat -a |grep LISTEN
tcp4 0 0 localhost.783 *.* LISTEN
….
Before configure main.cf and master.cf please READ CAREFULLY
this http://www.postfix.org/FILTER_README.html
Spamassasin configuration local.cf
rewrite_header Subject **SPAM**
required_score 6.0
report_safe 1
use_bayes 1
bayes_path /var/spool/spamd/.spamassassin/bayes
skip_rbl_checks 0
use_razor2 0
use_dcc 0
use_pyzor 0
dns_available yes
header LOCAL_RCVD Received =~ /.*\(\S+\.mydomain\.com\s+\[.*\]\)/
describe LOCAL_RCVD Received: from mydomain.com
score LOCAL_RCVD -50
score BAYES_99 4.300
score BAYES_90 3.500
score BAYES_80 3.000
required_score 6.0
report_safe 1
use_bayes 1
bayes_path /var/spool/spamd/.spamassassin/bayes
skip_rbl_checks 0
use_razor2 0
use_dcc 0
use_pyzor 0
dns_available yes
header LOCAL_RCVD Received =~ /.*\(\S+\.mydomain\.com\s+\[.*\]\)/
describe LOCAL_RCVD Received: from mydomain.com
score LOCAL_RCVD -50
score BAYES_99 4.300
score BAYES_90 3.500
score BAYES_80 3.000
I want to pool, all spam to one email account.here is a script :
filter.sh
#!/bin/sh
#Filter Script
SENDMAIL="/usr/sbin/sendmail -i"
EGREP=/usr/bin/egrep
EX_UNAVAILABLE=69
SPAMLIMIT=6
trap "rm -f /var/spool/spamd/filter/out.$$" 0 1 2 3 15
cat | /usr/local/bin/spamc -u spamd | sed 's/^\.$/../' > /var/spool/spamd/filter /out.$$
if $EGREP -q "^X-Spam-Level: \*{$SPAMLIMIT,}" < /var/spool/spamd/filter/out.$$
then
$SENDMAIL spampooler@mydomain.com < /var/spool/spamd/filter/out.$$
else
$SENDMAIL "$@" < /var/spool/spamd/filter/out.$$
fi
exit $?
#Filter Script
SENDMAIL="/usr/sbin/sendmail -i"
EGREP=/usr/bin/egrep
SPAMLIMIT=6
cat | /usr/local/bin/spamc -u spamd | sed 's/^\.$/../' > /var/spool/spamd/filter /out.$$
if $EGREP -q "^X-Spam-Level: \*{$SPAMLIMIT,}" < /var/spool/spamd/filter/out.$$
then
$SENDMAIL spampooler@mydomain.com < /var/spool/spamd/filter/out.$$
else
$SENDMAIL "$@" < /var/spool/spamd/filter/out.$$
fi
exit $?
edit the master.cf
#smtp inet n - n - - smtpd
smtp inet n - n - - smtpd
# -o content_filter=filter:dummy
-o content_filter=spamassassin:dummy
#
smtp inet n - n - - smtpd
# -o content_filter=filter:dummy
-o content_filter=spamassassin:dummy
#
#SPAMFILTERi/SPAMASSASSIN
spamassassin unix - n n - 10 pipe
flags=Rq user=spamd argv=/usr/sbin/filter.sh -f ${sender} -- ${recipient}
spamassassin unix - n n - 10 pipe
flags=Rq user=spamd argv=/usr/sbin/filter.sh -f ${sender} -- ${recipient}
maillog
Jun 8 16:52:36 blade postfix/qmgr[49965]: C8F22F7550: from=, size=1345, nrcpt=1 (queue active)
Jun 8 16:52:36 blade postfix/smtpd[96866]: disconnect from smtp.example.com[10.1.1.201]
Jun 8 16:52:36 blade spamd[86197]: spamd: connection from localhost [127.0.0.1] at port 17055
Jun 8 16:52:36 blade spamd[86197]: spamd: processing message <4FD1CB80.6080506@example.com> for spamd:58
Jun 8 16:52:36 blade spamd[86197]: spamd: clean message (-2.9/6.0) for spamd:58 in 0.1 seconds, 1353 bytes.
Jun 8 16:52:36 blade spamd[86197]: spamd: result: . -2 - ALL_TRUSTED,BAYES_00,T_RP_MATCHES_RCVD scantime=0.1,size=1353,user=spamd,uid=58,required_score=6.0,rhost=localhost,raddr=127.0.0.1,rport=17055,mid=<4FD1CB80.6080506@example.com>,bayes=0.000000,autolearn=ham
Jun 8 16:52:37 blade postfix/pickup[94779]: 002A3F7574: uid=58 from=
Jun 8 16:52:37 blade postfix/cleanup[97102]: 002A3F7574: message-id=<4FD1CB80.6080506@example.com>
Jun 8 16:52:37 blade postfix/pipe[97103]: C8F22F7550: to=, relay=spamassassin, delay=0.18, delays=0.02/0/0/0.16, dsn=2.0.0, status=sent (delivered via spamassassin service)
Jun 8 16:52:37 blade postfix/qmgr[49965]: C8F22F7550: removed
Jun 8 16:52:37 blade spamd[1622]: prefork: child states: II
Jun 8 16:52:37 blade postfix/qmgr[49965]: 002A3F7574: from=, size=1683, nrcpt=1 (queue active)
Jun 8 16:52:37 blade postfix/virtual[97142]: 002A3F7574: to=, relay=virtual, delay=0.13, delays=0.06/0/0/0.07, dsn=2.0.0, status=sent (delivered to maildir)
Jun 8 16:52:37 blade postfix/qmgr[49965]: 002A3F7574: removed
Header
Subject: **SPAM** =?GB2312?B?16jStcPYyunQ0NX+yMvUsby8xNzM4cn9?=
Date: Thu, 7 Jun 2012 05:44:11 +0800
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
smtp.mydomain.com
X-Spam-Flag: YES
X-Spam-Level: **************
X-Spam-Status: Yes, score=15.0 required=6.0 tests=BAYES_99,DOS_OE_TO_MX,
FORGED_MUA_OUTLOOK,MISSING_MID,RCVD_IN_BRBL_LASTEXT,RCVD_IN_PSBL,
RCVD_IN_SORBS_WEB,RDNS_NONE,TO_NO_BRKTS_MSFT autolearn=spam version=3.3.2
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_4FCFCF20.8B19D0B7"
Message-Id: <20120606214400.8012FF7551@smtp.mydomain.com>
Jun 8 16:52:36 blade postfix/qmgr[49965]: C8F22F7550: from=
Jun 8 16:52:36 blade postfix/smtpd[96866]: disconnect from smtp.example.com[10.1.1.201]
Jun 8 16:52:36 blade spamd[86197]: spamd: connection from localhost [127.0.0.1] at port 17055
Jun 8 16:52:36 blade spamd[86197]: spamd: processing message <4FD1CB80.6080506@example.com> for spamd:58
Jun 8 16:52:36 blade spamd[86197]: spamd: clean message (-2.9/6.0) for spamd:58 in 0.1 seconds, 1353 bytes.
Jun 8 16:52:36 blade spamd[86197]: spamd: result: . -2 - ALL_TRUSTED,BAYES_00,T_RP_MATCHES_RCVD scantime=0.1,size=1353,user=spamd,uid=58,required_score=6.0,rhost=localhost,raddr=127.0.0.1,rport=17055,mid=<4FD1CB80.6080506@example.com>,bayes=0.000000,autolearn=ham
Jun 8 16:52:37 blade postfix/pickup[94779]: 002A3F7574: uid=58 from=
Jun 8 16:52:37 blade postfix/cleanup[97102]: 002A3F7574: message-id=<4FD1CB80.6080506@example.com>
Jun 8 16:52:37 blade postfix/pipe[97103]: C8F22F7550: to=
Jun 8 16:52:37 blade postfix/qmgr[49965]: C8F22F7550: removed
Jun 8 16:52:37 blade spamd[1622]: prefork: child states: II
Jun 8 16:52:37 blade postfix/qmgr[49965]: 002A3F7574: from=
Jun 8 16:52:37 blade postfix/virtual[97142]: 002A3F7574: to=
Jun 8 16:52:37 blade postfix/qmgr[49965]: 002A3F7574: removed
Header
Subject: **SPAM** =?GB2312?B?16jStcPYyunQ0NX+yMvUsby8xNzM4cn9?=
Date: Thu, 7 Jun 2012 05:44:11 +0800
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
smtp.mydomain.com
X-Spam-Flag: YES
X-Spam-Level: **************
X-Spam-Status: Yes, score=15.0 required=6.0 tests=BAYES_99,DOS_OE_TO_MX,
FORGED_MUA_OUTLOOK,MISSING_MID,RCVD_IN_BRBL_LASTEXT,RCVD_IN_PSBL,
RCVD_IN_SORBS_WEB,RDNS_NONE,TO_NO_BRKTS_MSFT autolearn=spam version=3.3.2
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_4FCFCF20.8B19D0B7"
Message-Id: <20120606214400.8012FF7551@smtp.mydomain.com>