Difference between revisions of "Spamassassin"

From Atomicorp Wiki
Jump to: navigation, search
m (Updating spamassassin rules and signatures)
m (Updating spamassassin rules and signatures)
Line 64: Line 64:
  
 
Run these commands as root once to setup the system:
 
Run these commands as root once to setup the system:
 
+
''
  wget http://spamassassin.apache.org/updates/GPG.KEY
+
wget http://spamassassin.apache.org/updates/GPG.KEY
  sa-update --import GPG.KEY
+
sa-update --import GPG.KEY
 
+
gpg --keyserver pgp.mit.edu --recv-keys BDE9DC10
  gpg --keyserver pgp.mit.edu --recv-keys BDE9DC10
+
gpg --armor -o pub.gpg --export BDE9DC10
  gpg --armor -o pub.gpg --export BDE9DC10
+
sa-update --import pub.gpg''
  sa-update --import pub.gpg  
+
  
 
2. Run the rule updater
 
2. Run the rule updater
  
  sa-update --allowplugins --gpgkey D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel saupdates.openprotect.com --channel updates.spamassassin.org
+
''sa-update --allowplugins --gpgkey D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel saupdates.openprotect.com --channel updates.spamassassin.org''
  
 
3.  (Optional)  Compile the rules to make spamassassin rule faster
 
3.  (Optional)  Compile the rules to make spamassassin rule faster
  
  mkdir /root/tmp
+
''mkdir /root/tmp
  TMP=/root/tmp
+
TMP=/root/tmp
  export TMP
+
export TMP
  TMPDIR=$TMP
+
TMPDIR=$TMP
  export TMPDIR
+
export TMPDIR
  /usr/bin/sa-compile
+
/usr/bin/sa-compile''
  
 
4. Restart spamassassin
 
4. Restart spamassassin
Line 91: Line 90:
 
5. (Optional) Setup spamassassin updates in your root crontab
 
5. (Optional) Setup spamassassin updates in your root crontab
  
  crontab -e
+
''crontab -e''
  
 
Then add this line:
 
Then add this line:
  
  10      4      *      *      *      sa-update --allowplugins --gpgkey D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel saupdates.openprotect.com --channel updates.spamassassin.org && TMP=/root/tmp; export TMP; TMPDIR=$TMP; export TMPDIR; /usr/bin/sa-compile &&  /etc/init.d/spamassassin condrestart 1> /dev/null
+
''10      4      *      *      *      sa-update --allowplugins --gpgkey D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel saupdates.openprotect.com --channel updates.spamassassin.org && TMP=/root/tmp; export TMP; TMPDIR=$TMP; export TMPDIR; /usr/bin/sa-compile &&  /etc/init.d/spamassassin condrestart 1> /dev/null''

Revision as of 19:15, 29 December 2009

Contents

General Improvements

Add razor, dcc and pyzor

Step 1) Add atomic channel:

 wget -q -O - http://www.atomicorp.com/installers/atomic.sh |sh

Step 2) Add razor, dcc, pyzor

 yum install razor-agents dcc pyzor

Step 3) Restart spamassassin

 /etc/init.d/spamassassin restart


Force spamassassin to scan messages from localhost, when using qmail-scanner

 vi /etc/xinetd.d/smtp_psa
service smtp
{
       socket_type     = stream
       protocol        = tcp
       wait            = no
       disable         = no
       user            = root
       instances       = UNLIMITED
       env             = QS_SPAMASSASSIN="on"
       server          = /var/qmail/bin/tcp-env
       server_args     = /usr/sbin/rblsmtpd -r sbl-xbl.spamhaus.org /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
}


Mysql settings for whitelisting

INSERT INTO userpref (username,preference,value) VALUES ('%tsginc.com','whitelist_from','*domain.com');
INSERT INTO userpref (username,preference,value) VALUES ('%tsginc.com','whitelist_from','*@domain.com');


Limiting Load

Add max_load to /etc/xinetd.d/smtp_psa. SMTP will throttle connections when load reaches a certain point. The per_source flag will limit the maximum number of concurrent connections from a single IP.

service smtp
{
       socket_type     = stream
       protocol        = tcp
       wait            = no
       disable         = no
       user            = root
       max_load        = 5
       per_source      = 2
       instances       = UNLIMITED
       env             = QS_SPAMASSASSIN="on"
       server          = /var/qmail/bin/tcp-env
       server_args     = /usr/sbin/rblsmtpd -r sbl-xbl.spamhaus.org /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
}

Updating spamassassin rules and signatures

1. Import the GP keys of the rule repositories (spamassassin and the SARE rules):

Run these commands as root once to setup the system: wget http://spamassassin.apache.org/updates/GPG.KEY sa-update --import GPG.KEY gpg --keyserver pgp.mit.edu --recv-keys BDE9DC10 gpg --armor -o pub.gpg --export BDE9DC10 sa-update --import pub.gpg

2. Run the rule updater

sa-update --allowplugins --gpgkey D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel saupdates.openprotect.com --channel updates.spamassassin.org

3. (Optional) Compile the rules to make spamassassin rule faster

mkdir /root/tmp TMP=/root/tmp export TMP TMPDIR=$TMP export TMPDIR /usr/bin/sa-compile

4. Restart spamassassin

/etc/init.d/spamassassin condrestart

5. (Optional) Setup spamassassin updates in your root crontab

crontab -e

Then add this line:

10 4 * * * sa-update --allowplugins --gpgkey D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel saupdates.openprotect.com --channel updates.spamassassin.org && TMP=/root/tmp; export TMP; TMPDIR=$TMP; export TMPDIR; /usr/bin/sa-compile && /etc/init.d/spamassassin condrestart 1> /dev/null

Personal tools