Difference between revisions of "Spamassassin"

From Atomicorp Wiki
Jump to: navigation, search
m (Updating spamassassin rules and signatures)
m
Line 75: Line 75:
 
''sa-update --allowplugins --gpgkey D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel saupdates.openprotect.com --channel updates.spamassassin.org''
 
''sa-update --allowplugins --gpgkey D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel saupdates.openprotect.com --channel updates.spamassassin.org''
  
3.  (Optional)  Compile the rules to make spamassassin rule faster
+
3.  (Optional)  Compile the rules to make spamassassin run faster
 +
 
 +
Note:  This can take some time to complete and will generate load on your system.
 +
 
 +
(The steps below are also optional and are useful on systems that use ASL with the real time malware prevention system to help prevent the system from being triggered, the /root/ directory is considered trusted.)
  
 
   mkdir /root/tmp
 
   mkdir /root/tmp
Line 82: Line 86:
 
   TMPDIR=$TMP
 
   TMPDIR=$TMP
 
   export TMPDIR
 
   export TMPDIR
 +
 +
This step however is not optional if you want to compile the rules:
 +
 
   /usr/bin/sa-compile
 
   /usr/bin/sa-compile
  

Revision as of 18:05, 2 January 2010

Contents

General Improvements

Add razor, dcc and pyzor

Step 1) Add atomic channel:

 wget -q -O - http://www.atomicorp.com/installers/atomic.sh |sh

Step 2) Add razor, dcc, pyzor

 yum install razor-agents dcc pyzor

Step 3) Restart spamassassin

 /etc/init.d/spamassassin restart


Force spamassassin to scan messages from localhost, when using qmail-scanner

 vi /etc/xinetd.d/smtp_psa
service smtp
{
       socket_type     = stream
       protocol        = tcp
       wait            = no
       disable         = no
       user            = root
       instances       = UNLIMITED
       env             = QS_SPAMASSASSIN="on"
       server          = /var/qmail/bin/tcp-env
       server_args     = /usr/sbin/rblsmtpd -r sbl-xbl.spamhaus.org /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
}


Mysql settings for whitelisting

INSERT INTO userpref (username,preference,value) VALUES ('%tsginc.com','whitelist_from','*domain.com');
INSERT INTO userpref (username,preference,value) VALUES ('%tsginc.com','whitelist_from','*@domain.com');


Limiting Load

Add max_load to /etc/xinetd.d/smtp_psa. SMTP will throttle connections when load reaches a certain point. The per_source flag will limit the maximum number of concurrent connections from a single IP.

service smtp
{
       socket_type     = stream
       protocol        = tcp
       wait            = no
       disable         = no
       user            = root
       max_load        = 5
       per_source      = 2
       instances       = UNLIMITED
       env             = QS_SPAMASSASSIN="on"
       server          = /var/qmail/bin/tcp-env
       server_args     = /usr/sbin/rblsmtpd -r sbl-xbl.spamhaus.org /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
}

Updating spamassassin rules and signatures

1. Import the GP keys of the rule repositories (spamassassin and the SARE rules):

Run these commands as root once to setup the system:

 wget http://spamassassin.apache.org/updates/GPG.KEY
 sa-update --import GPG.KEY
 gpg --keyserver pgp.mit.edu --recv-keys BDE9DC10
 gpg --armor -o pub.gpg --export BDE9DC10
 sa-update --import pub.gpg 

2. Run the rule updater

sa-update --allowplugins --gpgkey D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel saupdates.openprotect.com --channel updates.spamassassin.org

3. (Optional) Compile the rules to make spamassassin run faster

Note: This can take some time to complete and will generate load on your system.

(The steps below are also optional and are useful on systems that use ASL with the real time malware prevention system to help prevent the system from being triggered, the /root/ directory is considered trusted.)

 mkdir /root/tmp
 TMP=/root/tmp 
 export TMP
 TMPDIR=$TMP
 export TMPDIR

This step however is not optional if you want to compile the rules:

 /usr/bin/sa-compile

Note: the re2c package must be installed to compile the rule, if you do not have that package installed you can install it with this command on a RHEL, Fedora or Centos system:

 yum install re2c

4. Restart spamassassin

/etc/init.d/spamassassin condrestart

5. (Optional) Setup spamassassin updates in your root crontab

crontab -e

Then add this line:

10 4 * * * sa-update --allowplugins --gpgkey D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel saupdates.openprotect.com --channel updates.spamassassin.org && TMP=/root/tmp; export TMP; TMPDIR=$TMP; export TMPDIR; /usr/bin/sa-compile && /etc/init.d/spamassassin condrestart 1> /dev/null

Personal tools