Void's Forums

by **cdhgold** » Thu Jun 14, 2007 7:32 am

I have a server running Redhat Enterprise Linux 4ES that is running dovecot/postfix/spamassain for a mail server.

Mail flows in and out no problem. Some users get their mail thru POP3 some use the squirrel mail web interface and i uSe the imap interface. My question is about spamassassin. I have installed it and running but do not have something configured right as still getting same amount of spam and none are being marked with spam in the subject like i have set spamassassin to do. My end goal is for spam to never make it to the inboxes at first i want the spam to go somewhere it can be reviewed to make sure working as needed and no false positives.

Also am open to any other spam rejecting /killing ideas. i can create a test or new mail user account if someone wants one to test with

thanks
chris

by **Void Main** » Thu Jun 14, 2007 8:00 am

I do exactly what you are are asking for. As soon as I get a little free time I'll try and outline my configuration.

by **cdhgold** » Thu Jun 14, 2007 8:06 am

thank you

by **Basher52** » Thu Jun 14, 2007 10:10 am

*Think I better take a peek on this thread from time to time*

by **Void Main** » Thu Jun 14, 2007 11:51 am

Ok, the way I spam filter is with Sendmail + spamassassin + spamass-milter. I configure each of those and then add a line in my /etc/mail/sendmail.mc that looks like this:

Code: Select all: INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass-milter/spamass-milter.sock, F=,T=C:15m;S:4m;R:4m;E:10m')dnl

I also run the "RulesDeJour" spam rules which get updated nightly. Incoming mail is sent through spamassassin and a header is added to the message with a spam score and more and if the score is high enough I have the spam sent to a specific user called "spam" (which I actually do make available as one of my IMAP folders by symbolic linking /var/spool/mail/spam to my folder directory and setting rw permissiosn for my userid so I can review it and clean it out occasionally). So the mail is redirected to this folder and the users never see it. It catches probably 99 out of 100 spam messages. I also have a "spam/ham" job run nightly to make the spam engine learn and work better. I can drag spam messages that do make it through into that spam folder and when the spam job runs it will learn from those messages it missed before. It actually works reasonably well.

Here is a typical dialog from my /var/log/maillog when a spam message is detected:

Jun 10 05:11:57 voidweb sendmail[9040]: l5AABt3P009040: from=<phr@vp.pl>, size=2658, class=0, nrcpts=1, msgid=<466BCE6E.8020102@vp.pl>, proto=SMTP, daemon=MTA, relay=OL15-174.fibertel.com.ar [24.232.174.15]
Jun 10 05:11:57 voidweb spamd[16710]: spamd: connection from localhost.localdomain [127.0.0.1] at port 47382
Jun 10 05:11:57 voidweb spamd[16710]: spamd: setuid to sa-milt succeeded
Jun 10 05:11:58 voidweb spamd[16710]: spamd: processing message <466BCE6E.8020102@vp.pl> for sa-milt:102
Jun 10 05:12:05 voidweb spamd[16710]: spamd: identified spam (18.6/5.0) for sa-milt:102 in 7.3 seconds, 3003 bytes.
Jun 10 05:12:05 voidweb spamd[16710]: spamd: result: Y 18 - BAYES_99,HTML_10_20,HTML_IMAGE_ONLY_24,HTML_MESSAGE,MIME_HTML_ONLY,RAZOR2_CF_RANGE_51_100,
RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL,RCVD_IN_XBL scantime=7.3,size=3003,user=sa-milt,uid=102,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=47382,mid=<466BCE6E.8020102@vp.pl>,bayes=1,autolearn=spam
Jun 10 05:12:05 voidweb sendmail[9040]: l5AABt3P009040: Milter add: header: X-Spam-Flag: YES
Jun 10 05:12:05 voidweb sendmail[9040]: l5AABt3P009040: Milter add: header: X-Spam-Status: Yes, score=18.6 required=5.0 tests=BAYES_99,HTML_10_20,\n\tHTML_IMAGE_ONLY_24,HTML_MESSAGE,MIME_HTML_ONLY,RAZOR2_CF_RANGE_51_100,\n\t
RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RCVD_IN_BL_SPAMCOP_NET,\n\tRCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL,RCVD_IN_XBL autolearn=spam version=3.1.8
Jun 10 05:12:05 voidweb sendmail[9040]: l5AABt3P009040: Milter add: rcpt: spam
Jun 10 05:12:05 voidweb sendmail[9040]: l5AABt3P009040: Milter add: header: X-Spam-Orig-To: <voidmain@voidmain.com>
Jun 10 05:12:05 voidweb sendmail[9040]: l5AABt3P009040: Milter delete: rcpt <voidmain@voidmain.com>
Jun 10 05:12:05 voidweb sendmail[9040]: l5AABt3P009040[1]: Milter add: header: X-Spam-Report: \n\t* 1.8 HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 bytes of words\n\t* 0.0 HTML_MESSAGE BODY: HTML included in message\n\t* 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%\n\t* [score: 1.0000]\n\t* 1.4 HTML_10_20 BODY: Message is 10% to 20% HTML\n\t* 0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts\n\t* 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level\n\t* above 50%\n\t* [cf: 100]\n\t* 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)\n\t* 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%\n\t* [cf: 100]\n\t* 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address\n\t* [24.232.174.15 listed in dnsbl.sorbs.net]\n\t* 1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net\n\t* [Blocked - see <http://www.spamcop.net/bl.shtml?24.232.174.15>]\n\t* 3.9 RCVD_IN_XBL ...
Jun 10 05:12:05 voidweb sendmail[9040]: l5AABt3P009040[2]: RBL: Received via a relay in Spamhaus XBL\n\t* [24.232.174.15 listed in sbl-xbl.spamhaus.org]\n\t* 1.9 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP\n\t* [24.232.174.15 listed in combined.njabl.org]
Jun 10 05:12:05 voidweb sendmail[9040]: l5AABt3P009040: Milter add: header: X-Spam-Level: ******************
Jun 10 05:12:05 voidweb sendmail[9040]: l5AABt3P009040: Milter add: header: X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on\n\tvoidweb.voidmain.home
Jun 10 05:12:05 voidweb sendmail[9040]: l5AABt3P009040: Milter change: header Subject: from overbearing flotilla to [SPAM] overbearing flotilla
Jun 10 05:12:05 voidweb sendmail[9040]: l5AABt3P009040: Milter message: body replaced
Jun 10 05:12:05 voidweb spamd[16693]: prefork: child states: II
Jun 10 05:12:05 voidweb sendmail[9044]: l5AABt3P009040: to=spam, delay=00:00:08, xdelay=00:00:00, mailer=local, pri=34469, dsn=2.0.0, stat=Sent

When originally setting it up I found a HOWTO out there that covered most of it. I can't for the life of me find that article now. It's not really bad though and this is roughly how I do it. I know you probably would like more specific configuration information and I can give that to you as well. I also used to run the clamav milter to automatically add virus checking and add headers in the same way but since I don't use Windows it was just a wast of CPU cycles.

Also, all of the packages I am using are part of the Fedora repository so I don't have to use 3rd party stuff (except for the additional RulesDeJour rules, etc).

by **cdhgold** » Thu Jun 14, 2007 12:50 pm

thanks for the info. Definitely could use more detail for starters I do not have spamassassin setup right i followed article i found on-line and all mail stopped coming in ... i tired using up2date-nox to get spamass-milter but got the following

Code: Select all: [root@101009-phoenix ~]# up2date-nox spamass-milter Fetching Obsoletes list for channel: rhel-i386-es-4... ######################################## Fetching Obsoletes list for channel: rhel-i386-es-4-extras... ######################################## Fetching Obsoletes list for channel: rackspace-rhel-i386-es-4-common... Fetching rpm headers... ######################################## Name Version Rel ---------------------------------------------------------- The following packages you requested were not found: spamass-milter

plus what are your "RulesDeJour" ? and how would your config differ from mine since i use postfix instead of sendmail?

by **Void Main** » Thu Jun 14, 2007 2:26 pm

I don't have any experience with postfix so I don't think I can be of much help there and spamass-milter would be sendmail specific so that wouldn't do you any good. My current solution hinges on Sendmail. If you get it working with postfix please share your solution here.

EDIT: This looks like a very nice HOWTO that includes RulesDuJour:
http://www.linuxhomenetworking.com/wiki ... il_Servers

I don't think that solution redirects the message to another user though, just tags it. That's where spamass-milter comes in.

This looks like another option:
http://www.redhat.com/magazine/025nov06 ... index.html

Also, I had misspelled RulesDuJour earlier. Basically they are just more spamassassin rules that are updated often. Here is a little more on it:
http://labs.erweb.it/pub/sare_rules_rulesdujour.php

by **cdhgold** » Mon Oct 08, 2007 12:43 pm

I now have postfix / dovecot / spamassassin / squirrelmail working where spamassassin marks spam by altering the header with [SPAM] .. if this config is helpful to anyone I will be glad to post my config files here ..

by **Void Main** » Mon Oct 08, 2007 4:10 pm

Didn't you also want it thrown into a separate mailbox? That's an additional step I take. If you think it will help others feel free to share your configs. Can never have too many instructions out there. :)

by **cdhgold** » Tue Oct 09, 2007 6:50 am

as far as moving it to other mailbox I have not gotten that part configured yet will post configs when i get more server side mail filtering in place

Void's Forums

mail server tweaking

mail server tweaking

Who is online