Anti-spam setup

Man, setting up an anti-spam toolsuite is a PITA. Spammers suck.

Anyway, I started off with the this HOWOTO from howtoforge.com, skipping all the SQL stuff because I'm not using a virtual setup (for now - maybe the final setup will, I'm not sure yet). Some key
differences in my setup:

In the install:
  • The HOWOTO is for Fedora, not CentOS. You need to add "clamd" and "razor-agents" to the install.
  • There's no "pyzor" package for CentOS. Need to install from source.
  • I didn't setup razor/pyzor exactly like the HOWTO. I can't recall all the details, but I just su'd to amavis and did it as a "standalone user". But since amavisd does all the SA processing as amavis, it's effectively global. I think I just followed the default documentation.
  • There's no "freshclam" init script. I still have to write something that crons (or borrow the script from Fedora). I just ran it by hand for now.
  • Installed "fetchmail". I'm majorly impressed by Horde on this one. IMP was working great and as soon as I installed fetchmail, all the options for remote mail retrival showed up
In amavisd.conf:
  • $sa_tag_level_deflt = undef; - always print the SA headers
  • @local_domains_maps = ( [".$mydomain", 'example.com', 'foobar.tld'] ); - if all your domains aren't here, the SA headers won't be added to the messages
  • $sa_spam_subject_tag = '[SPAM] '; - damn, i hate the asterisks in the subject
  • Uncomment the 'ClamAV-clamd' section
  • Make sure you add amavis to the clamd group
In clamd.conf
  • Add "LocalSocket /var/run/clamav/clamd"
  • Comment out the TCPSocket and TCPAddr sections
  • Make sure you add clamd to the amavis group, just to be sure.
In Postfix
  • Got rid of the home_mailbox directive for Maildirs from yesterday's setup
  • added "mailbox_command = /usr/bin/procmail"
  • created /etc/procmailrc with:
    The logging stuff is just temporary.
  • The reason for the switch to procmail was the Ingo module for horde. It's pretty solid. It will update a user's .procmailrc via the FTP VFS backend, all using the single-signon password. My backend looks like this:
    $backends['procmail'] = array(
    'driver' => 'vfs',
    'preferred' => 'home.tonns.net',
    'hordeauth' => true,
    'params' => array(
    'hostspec' => 'localhost',
    'filename' => '.procmailrc',
    'port' => 21,
    'vfstype' => 'ftp'
    'script' => 'procmail',
    'scriptparams' => array(
    'path_style' => 'maildir',
    'variables' => array(
    'DEFAULT' => '$HOME/Maildir/',
    That last variable is redundant with the /etc/procmailrc settings, but I don't want the users to try anything crazy.
  • added to my .procmailrc using Ingo:
    ##### SPAM #####
    * ^X-Spam-Status:.*Yes
    Which does as you'd expect. I also added it to /etc/skel/.procmailrc, but horde doesn't read in existing procmail rules, it just knows about the ones it created. I have to look into it - maybe I'll put it in the global procmailrc.
  • mkdir -p /etc/skel/Maildir/SPAM; mkdir -p /etc/skel/Maildir/.LearnAsSpam; mkdir -p /etc/skel/Maildir/.LearnAsNotSpam - if the Maildir doesn't exist IMP default to mbox in $HOME/mail - which is not what we want, so have them created by default.
  • Finally, I wrote a shell script that uses archivemail and sa-learn to clean out everyone's LearnAsSpam/NotSpam directories and add them to the global SA bayes filter (which is in the user amavis's home directory)
Well, I think that's about it. I might have tweaked something else... but I'll have to pick it up later.

Finally, I'm gonna have to do a major hardware upgrade - it doesn't look like 256MB is enough to run the OS and apache and php and amavisd and clamd and mysql and vsftpd and postfix - doing absolutely nothing it's swapped out 150MB. Needing more RAM and a new harddrive to replace the failed one... it's getting to the point where it's not worth using this 1Ghz P3 Coppermine system.

No comments:

Ratings and Recommendations by outbrain