Osbaldestin

Anti Spam Mail Relay with Gentoo


Steps ripped from these locations


http://cvs.sourceforge.net/viewcvs.py/spamassassin/spamassassin/INSTALL?rev=1.1.2.4
http://advosys.ca/papers/postfix-filtering.html


emerge postfix -p

if ssmtp is installed unmerge that
emerge ssmtp -C


myhostname = spam01.consensus.co.uk
mynetworks_style = class
relay_domains = consensus.co.uk
relayhost = serv102.consensus.co.uk
smtpd_banner - $myhostname

--Now Build the aliases
newaliases

--Install razor, pyzor, DCC
emerge razor pyzor
--Add the admin accounts to allow access to the central servers
razor-admin -register -user=emailadmin@example.com -p=mypassword


DCC http://www.rhyolite.com/anti-spam/dcc/
The DCC ebuild is currently flagged ~ so a manual installation follows
DCC (Distributed Checksum Clearinghouse) is a system similar to Razor.
It supports fuzzy checksums and therefore detects some more spams than
Razor does at the moment. (Not my words)

To install it, download and perform the following steps:

wget http://www.rhyolite.com/anti-spam/dcc/source/dcc-dccproc.tar.Z
tar xfvz dcc-dccproc.tar.Z
--make a dir to hold it
mkdir /usr/local/dcc
cp -R dcc-dccproc-X.X.X --Where X.X.X is the current version
./configure && make && make install
cdcc 'new map'
cdcc 'add dcc.rhyolite.com'
cdcc 'info'



--Install the following Perl modules
--Note Perl v5 or above required
MIME::Base64
MIME::QuotedPrint
Net::DNS
DB_File

--Add a filter user and group
groupadd filter
useradd -g filter -s /bin/sh -d /var/spool/filter -p mypassword filter




--Download and extract Anomy Sanitizer from here
http://mailtools.anomy.net
--This version used 1.67
--Create a dir for anomy
mkdir /usr/local/anomy
--extrace anomy tar file and copy into the above dir
tar -zxf /root/anomy-sanitizer-1.67.tar.gz
cp -R /root/anomy/* /usr/local/anomy
--Change the permissions etc
chown -R root:filter /usr/local/anomy
chmod 0750 /usr/local/anomy

--install Spam Assassin
emerge Mail-SpamAssassin

--Add any whitelist entries you want:
nano -w /etc/mail/spamassassin/local.cf

--EG
whitelist_from roger.melly@example.com
whitelist_from *@example.com

--Test SPamAssassin
spamassassin -t < sample-nonspam.txt > nonspam.out
spamassassin -t < sample-spam.txt > spam.out

--sample-spam.txt should have been tagged as spam
-add spamd to start on boot
rc-update add spamd default
--Start spam assassin
/etc/init.d/spamd start

--Congfigure PostFix

--Create the filter script to pass to anomy, then spamassassin
--This should be in the same location as anomy
nano -w /usr/local/anomy/filter.sh
--Example file from here - http://advosys.ca/papers/filter.sh

#!/bin/sh
#
# filter.sh
#
# Simple filter to plug
Anomy Sanitizer and SpamAssassin
# into the Postfix MTA
#
# From http://advosys.ca/papers/postfix-filtering.html
# Advosys Consulting Inc., Ottawa
#
# For use with:
# Postfix 20010228 or later
# Anomy Sanitizer revision 1.49 or later
# SpamAssassin 2.42 or later
#
# Note: Modify the file locations to match your particular
# server and installation of SpamAssassin.

# File locations:
# (CHANGE AS REQUIRED TO MATCH YOUR SERVER)
INSPECT_DIR=/var/spool/filter/blocked
SENDMAIL="/usr/lib/sendmail -i"
ANOMY=/usr/local/anomy
SANITIZER=/usr/local/anomy/bin/sanitizer.pl
ANOMY_CONF=/usr/local/anomy/anomy.conf
ANOMY_LOG=/dev/null
SPAMASSASSIN=/usr/bin/spamassassin

export ANOMY

# Exit codes from
EX_TEMPFAIL=75
EX_UNAVAILABLE=69

cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; }

# Clean up when done or when aborting.
trap "rm -f out.$$" 0 1 2 3 15

cat | $SPAMASSASSIN -x | $SANITIZER \
$ANOMY_CONF 2>>$ANOMY_LOG > out.$$ || \
{ echo Message content rejected; exit $EX_UNAVAILABLE; }

$SENDMAIL "$@" < out.$$

exit $?

--Check the security on filter.sh
--should be -rwxr-x--- owner=root group=filter

--Create temporary dirs required
mkdir /var/spool/filter
chown root:filter /var/spool/filter
chmod 0770 /var/spool/filter

--Send a test message
su filter

--create the file text.txt
From: <tester@yourdomain.com>
To: <you@yourdomain.com>

Hi there. This is a test message.

--Send the file via the filter.sh script
cat test.txt | /usr/local/anomy/filter.sh -f tester -- myemail@example.com


--Add the filter recipients map
--First check your default database type
postconf default_database_type
--This is using a hash db
default_database_type = hash

create the filtered list file
cd /etc/postfix
nano -w filtered_domains
--EG
# Filter only mail addressed to local domains:
example.com FILTER filter:dummy
example.net FILTER filter:dummy
otherdomain.ca FILTER filter:dummy

--Create the corresponding data file
postmap filtered_domains


--Edit postfix main.cf
nano -w /etc/postfix/main.cf
--We need to add the smtpd_recipient_restrictions
--EG
smtpd_recipient_restrictions = permit_mynetworks, check_recipient_access hash:/etc/postfix/filtered_domains, reject_unauth_destination


--Edit postfix master.cf
nano -w /etc/postfix/master.cf
--Add the following lines to the bottom
# Filter with anomy and spamassassin
filter unix - n n - - pipe
flags=Rq user=filter argv=/usr/local/anomy/filter.sh -f ${sender} -- ${recipient}
smtp inet n - n - - smtpd
-o content_filter=filter:
smtp unix - - n - - smtp
-o content_filter=filter:

--Remember to remove the old smtp line. I mean, both lines that point smtp and uses smtpd and smtp.

--Check the postfix config
postfix check
--Reload postfix config
postfix reload


















--Enable logging for anomy
--change in the anomy.conf
feat_log_inline = 1
--change filter.sh
ANOMY_LOG=/var/log/anomy.log
--ensure filter has access to the above file




--For easier access to blocked attachments
--Change the default drop location for blocked attachments
mkdir /var/spool/filter/anomy/blocked
nano -w /usr/local/anomy/anomy.conf
--Change the value
--From
--file_name_tpl = /var/spool/filter/att-$F-$T.$$
--To
file_name_tpl = /var/spool/filter/blocked/att-$F-$T.$$
--Install VSFTP
emerge vsftpd

--You will need to change filter.sh as well
INSPECT_DIR=/var/spool/filter/blocked
--If you want to include an FTP link to the file add
msg_file_drop += The file can be downloaded from here:
msg_file_drop += ftp://myftp.location.example.com/blocked/att-$F-$T.$$

--Check the config, unless required do not allow annoymous upload
--Create a link so that access can be granted to the blocked attachments
ln
Login



Search

Articles :
Advanced Search
Advertisements
Your IP : 38.107.191.94 | CSS = 3 | Version : 0.019 | Page produced in 0.0906 Seconds
Copyright © 2003-2010 osbaldestin.net <=
Layout by 404 Creative Studios. http://www.404creative.com