Versions Compared

Old Version 7

changes.mady.by.user ASF Infrabot

Saved on

compared with

New Version Current

changes.mady.by.user David

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Remove OpenProtect - no longer available

Integrated into several varieties of MTA

Amavisd-new is a high-performance interface between mailer (message transfer agent - MTA) and one or more content checkers: virus scanners, and/or SpamAssassin. It is written entirely in Perl, assuring high reliability, portability and maintainability. It talks to MTA via (E)SMTP or LMTP, or by using helper programs. Best with Postfix, works with Exim, sendmail/milter or with any MTA as a SMTP relay. http://www.ijs.si/software/amavisd/

MailScanner now includes support for SpamAssassin. This is "a virus scanner for e-mail designed for use on e-mail gateways. It can also detect a large proportion of unsolicited commercial e-mail (spam) passing through it." MailScanner does an excellent job with file names and types, and can be set to quarantine encrypted .ZIP files and apply normal filename rules and virus scanning inside unencrypted ones.

Another option is to use a filtering SMTP proxy such as spampd. It is typically used to filter the mail between an external-facing MTA instance/relay, and an "internal" MTA instance. http://www.worlddesign.com/index.cfm/rd/mta/spampd.htm

Integrated into Sendmail

With Sendmail, Spamassassin can be called for every user by editing /etc/procmailrc . More details at http://www.stearns.org/doc/spamassassin-setup.current.html#sitewide

An alternative is to use the smtp-vilter high-performance content filter using the sendmail milter API which has a backend for Spamassassins spamd. More details at http://www.etc.msys.ch/products/softwareunix/smtp-vilter/

Integrated into Postfix

This is just a summary of the following websites. Go there for more detailed information.

MIMEDefang, a sendmail milter written by Roaring Penguin Software, filters all e-mail messages sent via SMTP through a sendmail installation, blocking common mail viruses, and now – with the help of SpamAssassin – spam. "You can use SpamAssassin to test for spam, and then all of the MIMEDefang goodies to reject, manipulate or otherwise mangle the message." Integrated with the MTA to the level of returning 5xx error codes during the SMTP session, so viruses or detected spam can be rejected at the delivery, which notifies the sender, that the mail was rejected, without generating an additional email message.http://www.geocitiesmimedefang.org/

spamass-milt com/scottlhenderson/spamfilter.htmlhttp://wwwsavannah.dambrosioautognu.com/razor_config.html

http://www.ijs.si/software/amavisd/#faq-spam

This document describes the configuration for sitewide use of SpamAssassin with Amavis and Razor. The distribution used is SuSE Linux 9.0. If you use something else, some options may be different. For example Amavis may run as user amavis, not vscan and the path to the Amavis spool directory may be
/var/amavis not /var/spool/amavis

  • Postfix Configuration*

/etc/postfix/master.cf:

Add these lines to the end of the file

No Format

smtp-amavis	unix	-	-	y	-	2	smtp
	-o smtp_data_done_timeout=1200
	-o disable_dns_lookups=yes

127.0.0.1:10025	inet	n	-	y	-	-	smtpd
	-o content_filter=
	-o local_recipient_maps=
	-o relay_recipient_maps=
	-o smtpd_restriction_classes=
	-o smtpd_helo_restrictions=
	-o smtpd_sender_restrictions=
	-o smtpd_recipient_restrictions=permit_mynetworks,reject
	-o mynetworks=127.0.0.0/8
	-o strict_rfc821_envelopes=yes

After that, the master.cf file should look like this

No Format

# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       y       -       -       smtpd
#628      inet  n       -       n       -       -       qmqpd
pickup    fifo  n       -       y       60      1       pickup
cleanup   unix  n       -       y       -       0       cleanup
qmgr      fifo  n       -       y       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       nqmgr
rewrite   unix  -       -       y       -       -       trivial-rewrite
bounce    unix  -       -       y       -       0       bounce
defer     unix  -       -       y       -       0       bounce
flush     unix  n       -       y       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       y       -       -       smtp
relay     unix  -       -       y       -       -       smtp
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       y       -       -       showq
error     unix  -       -       y       -       -       error
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       y       -       -       lmtp

smtp-amavis	unix	-	-	y	-	2	smtp
	-o smtp_data_done_timeout=1200
	-o disable_dns_lookups=yes

127.0.0.1:10025	inet	n	-	y	-	-	smtpd
	-o content_filter=
	-o local_recipient_maps=
	-o relay_recipient_maps=
	-o smtpd_restriction_classes=
	-o smtpd_helo_restrictions=
	-o smtpd_sender_restrictions=
	-o smtpd_recipient_restrictions=permit_mynetworks,reject
	-o mynetworks=127.0.0.0/8
	-o strict_rfc821_envelopes=yes

/etc/postfix/main.cf:

  • myorigin - domain mail from this machine appears to come from.

postconf -e "myorigin = domain1.com"

Replace domain1.com with your actual domain.

  • myhostname - the fully-qualified domain name ("FQDN") of the machine running the Postfix system.

postconf -e "myhostname = spamfilter.domain1.com"

  • mydestination - specifies for which domains this machine will accept mail
    (from the outside, i.e., from the Internet). You want to list here ONLY
    domains that you are responsible for which you are responsible for accepting mail.
    Separate them with commas.

postconf -e "mydestination = domain1.com, domain2.com"

  • mynetworks - the machines I trust, and will relay mail for, to any destination.
    Generally, this is set to my LAN, or just one, or a few trusted internal mail servers.
    This is an important one to get right, or else you can become an "open relay".
    In other words, your box could accept and forward mail to domains for which it has
    no business doing so. Being an "open relay" is a serious issue, and can cause you to get
    "blacklisted" by various Internet anti-spam lists, among other problems.

postconf -e "mynetworks = x.x.x.x/32"

(where x.x.x.x is the IP address of a specific machine)

If you will be dealing with multiple internal mail servers, and/or want to allow several machines
and/or subnets to relay through this server (carefull!!), just add them to this parameter in CIDR format,
like this:

postconf -e "mynetworks = 172.20.32.5/32, 10.0.0.0/16, 172.20.16.0/8"

(the above will allow the machine 172.20.32.5, and any machines that have an IP address starting
with 10.0, or 172.20.16, to relay smtp mail through this box)

  • biff - we won't use biff notifications

postconf -e "biff = no"

  • smtpd_banner - what this server calls itself, when talking with other mail servers

postconf -e "smtpd_banner = mail.domain1.com"

  • message_size_limit - maximum size email that postfix will let in the "front door"

postconf -e "message_size_limit = 1000000000"

(The above allows emails up to 1GB)

  • local_transport - give an error message for local delivery attempts.

postconf -e "local_transport = no local mail delivery"

  • local_recipient_maps - don't try to determine valid email recipients

In our situation, the postfix server will have no idea if we have a bob@domain1.com or a
jsmith@domain2.com, etc. It doesn't have any such lists to check against!
We could fix this, but it is far easier to just ignore this problem.
If mail comes in to a recipient that I don't have, postfix will process it and
transport it on to the internal mail server, which will promptly reject it and will
attempt to do the NDR (non-delivery report) to the stated sender email address.
There are other potential solutions here, but I will only cover this simple configuration,
which works fine. So we'll just set this value to nothing:

postconf -e "local_recipient_maps = "

/etc/postfix/transport

Postfix will check the transport file for redirection or relaying of mail addressed to particular domains. In our case, all inbound mail will be relayed on to other mail servers:

Wiki Markup
{{domain1.com   smtp:\[x.x.x.x\]}}

Wiki Markup
{{domain2.com   smtp:\[y.y.y.y\]}}

(DO include the brackets on these lines!)
*These lines tell postfix to transport any mail addressed to recipients in domain#.com to the mail servers at the IP address(es) specified (i.e. your internal mail server(s), using the smtp protocol. The format is exacting, get every symbol correct and leave some white space between the domains and the "smtp" part.

After that run the command:

postmap /etc/postfix/transport

  • Amavis configuration*

Amavis is just used for spam detection, not virus protection. See the options below.

/etc/amavisd.conf

Change the following options:

  • $mydomain = 'example.com'
    Change 'example.com' to 'domain1.com'
  • @bypass_virus_checks_acl . . . .
    Change to @bypass_virus_checks_acl = qw( . );

We only want spam protection and no virus scanning, so this will disable virus scanning for all
your domains.

  • $mailfrom_notify_spamadmin . . .
    Change
    "spam.police@$mydomain"; to "postmaster@domain1.com";
  • #$spam_quarantine_to = 'spam-quarantine';

and insert a # symbol at the beginning of that line On the very next line, you'll see:

#$spam_quarantine_to = "spam-quarantine@$mydomain";

Here, remove the leading # symbol. (And make sure you have an emailbox for this address on a destination server -
This is where you will review quarantined emails, and will forward on any "false positives" to the proper recipient.)
*Alternative:* Instead of delivering the spam to an emailbox on the internal server, drop it into a folder right on the spamfilter. To do that, comment out the "spam_quarantine_to" line above that references the email address, and instead select and indicate a folder name for the value "spam_quarantine_to". (Read the comments in this area of amavisd.conf for more info.)

Go to the chapter # SpamAssassin settings When you run SpamAssassin with Amavis, you have to do most of the configuration in amavisd.conf.

See http://www.ijs.si/software/amavisd/#faq-spam for details.

  • $sa_local_tests_only = 0;
    If you want to use Razor, this has to be set to 0.
  • $sa_tag_level_deflt = -999;
    The number of hits needed to update the mail headers.
    With a value of -999 all headers will be updatedt with X_Spam_Flag, X_Spam_Level and X_Spam_Status
  • $sa_tag2_level_deflt = 5.0;
    The number of hits required to set X_Spam_Flag to Yes.
  • $sa_spam_subject_tag = '***SPAM*** ';
    Remove the # if you want ***SPAM*** to be added to the subject of spam mails.

Go to /etc/mail/spamassassin and edit local.cf. My file looks like this.

Be sure to doublecheck this options with amavisd.conf. If one of these options is in amavisd.conf, the one in local.cf will not be used.

No Format

# Add your own customisations to this file.  See 'man Mail::SpamAssassin::Conf'
# for details of what can be tweaked.
#
# How many hits before a message is considered spam.

required_hits           5.0

# Whether to change the subject of suspected spam

rewrite_subject         0

# Text to prepend to subject if rewrite_subject is used

subject_tag             *****SPAM*****

# Encapsulate spam in an attachment

report_safe             1

# Use terse version of the spam report

use_terse_report        0

# Enable the Bayes system

use_bayes               1

# Enable Bayes auto-learning

auto_learn              1

# Enable or disable network checks

skip_rbl_checks         0
use_razor2              1
use_dcc                 0
use_pyzor               0

# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.

ok_languages            all

# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.

ok_locales              all

Amavis expects to see spamassassin's user_prefs file in /var/spool/amavis/.spamassassin but that directory and that file do not exist. Spamassassin's Bayes data is also stored there.

cp -r /root/.spamassassin /var/spool/amavis

This will create it (and copy user_prefs to that directory at the same time).

chown -R vscan:vscan /var/spool/amavis/.spamassassin

Give amavis ownership

If you run spamassassin --lint -D from a command line you will notice that
spamassassin looks for config files in /root/.spamassassin and razor files in /root/.razor
This is misleading and confusing because
that is not where it looks when it runs under amavis.
You can create symbolic links to help make the command line debug look cleaner.
Also, it will not find any Bayes files in /root/.spamassassin so the
symbolic links will help there too.

cd /root/.spamassassin

rm user_prefs

ln -s /var/spool/amavis/.spamassassin/user_prefs user_prefs

ln -s /var/spool/amavis/.spamassassin/bayes_seen bayes_seen

ln -s /var/spool/amavis/.spamassassin/bayes_toks bayes_toks

  • Razor configuration*

Open port 2703 in your firewall.

razor-client
This creates sym-links

razor-admin -d -create
Creates files in /root/.razor and shows debugging info.

razor-admin -register
Creates a random user name and password.
Necessary for data access to Razor2 servers.

razor-admin -discover
Refreshes the list of razor servers

Razor has to be patched to run under SpamAssassin.
Browse to http://www.ijs.si/software/amavisd/Razor2.patch-quinlan
use Save Page As and save in:
/usr/lib/perl5/vendor_perl/5.8.1/i586-linux-thread-multi/Razor2

cd /usr/lib/perl5/vendor_perl/5.8.1/i586-linux-thread-multi/Razor2

patch -p0 < Razor2.patch-quinlan

vi /root/.razor/razor-agent.conf
and insert
razorhome = /var/spool/amavis/.razor

Change the debuglevel from 3 to 0 or the log file will eventually
consume all disk space.
Save the file. We are going to copy Razor to it's new home in a moment.
Seems Amavis is not happy unless Razor is in that directory and it owns it.

cp -r /root/.razor /var/spool/amavis
This copies the stuff we need to where we need it.

razor-admin -d -create -home=/var/spool/amavis/.razor
This tries to force Razor to live there.

chown -R vscan:vscan /var/spool/amavis/.razor
Now amavis owns it.

vi /var/spool/amavis/.spamassassin/user_prefs
and insert

razor_config /var/spool/amavis/.razor/razor-agent.conf
This forces SpamAssassin to find the file here.

Integrated into Qmail

Can be integrated via qmail-scanner, an add-on to qmail. Info available at http://qmail-scanner.sourceforge.net/

This is actually quite easy. SA is auto-detected when you install qmail-scanner, and uses the spamd/spamc combo if available. Here is my configure line (sans private data):

org/projects/spamass-milt/ is a sendmail milter by Georg C. F. Greve, which allows sendmail users to filter spam at the heart of the sendmail message pipeline. It also allows SpamAssassin to be used for UUCP sites. If you plan to use this, be sure to read Kevin McGrail's walkthrough at Peregrine Hardware. http://www.peregrinehw.com/downloads/SpamAssassin/INSTALL-spamassmilter.

milter-spamd http://www.benzedrine.ch/milter-spamd.html is a simple BSD-licensed sendmail milter by Daniel Hartmeier.

BSM Development have released MailCorral and SpamCorral for use on UNIX and Linux systems, mail/spam filtering software using the sendmail milter interface. http://www.bsmdevelopment.com/

Yet Another Sendmail-SpamAssassin Interface Milter, milter-spamc by Snert http://www.snertsoft.com/doc/milter-spamc/

Integrated into Postfix

  • For Postfix v2.6 or greater, any of the "milter" software listed above can be used.
  • Another way to integrate postfix and spamassassin is to use spamd. See IntegratedSpamdInPostfix. This method supports after-queue filtering only and is not quite as robust or nearly as efficient.
  • IntegratePostfixViaSpampd is a more robust and efficient solution, but also a more complex one. It supports before-queue or after-queue filtering.
  • IntegratedInPostfixWithAmavis is more complicated still but provides a way to plug in ClamAV virus scanning as well. It supports before-queue or after-queue filtering.

Integrated into Qmail

Use SpamAssassin to reject spam at SMTP time with Simscan. Simscan works natively with Netqmail-1.05, or with vanilla qmail-1.03 with the qmailqueue patch.

SpamAssassin can be integrated into qmail system-wide using qmail-scanner, described in IntegratedInQmailWithQmailScanner.

Since qmail allows users to configure their own delivery options via ~/.qmail files, an alternative option, if you have spamd running and only want to scan mail delivered to local users, is to use ifspamh: see IntegratedInQmailWithIfspamh.

Integrated into Exim

SpamAssassin can be integrated into Exim in three ways:

  1. As of Exim 4.50, by compiling Exim using WITH_CONTENT_SCAN=yes (see details, more). As an Exim 4.4x Exiscan-extended ACL condition stack, Exim can reject spam after reading the body, but before Exim acknowledges acceptance of the email. Debian Linux's exim4-daemon-heavy comes with the exiscan patch built in. You can discover its presence in your distro's exim binary directly with the command exim -bV or exim4 -bV; look for the phrase Contains exiscan-acl patch.
  2. As an Exim 4.x loadable module or local_scan.c replacement. SA-Exim also allows SpamAssassin to reject spam before its accepted by your MTA. More info at http://www.timj.co.uk/linux/exim.php. On debian this is the default method: install the sa-exim package and edit /etc/exim4/sa-exim.conf to enable it.
  3. As an Exim transport.

Integrated into Courier-MTA

If you use the Courier MTA, you can use maildrop, described in IntegratedInCourierUsingMaildrop.

There is also a rudimentary HOWTO at the Gentoo forums for integrating SpamAssassin and f-prot with Courier-MTA.

There is another HOWTO at http://da.andaka.org/Doku/imapspamfilter.html to feed SpamAssassin's bayes filter via Courier-IMAP.

Integrated into CommuniGate Pro

Integrated into XMail (Unix)

SpamAssassin Filter (sa_filter.pl) is an XMail filter send incoming email messages to SpamAssassin for spam filtering.

sa_filter.pl calls spamc, the SpamAssassin client (spamc calls spamd) and passes the output of spamc back to XMail for delivery. Neither sa_filter.pl nor spamc will delete emails that are flagged as spam.

Please find the filter source code and documentation at Drake Consulting

Integrated into Exchange (Windows)

See: http://www.christopherlewis.com/ExchangeSpamAssassin.htm

Also: http://sourceforge.net/projects/exchangespamc

Integrated into Novell E-Mail Products

Novell sells two E-Mail systems: GroupWise (full-featured collaboration) and NetMail (ISP-quality standards-based E-Mail only).

GroupWise: The GroupWise MTA-equivalent (GroupWise Internet Agent, or GWIA) implements its own RBLs and other anti-SPAM measures. Guinevere http://www.openhandhome.com, written by the maintainer of the SA Win32 HOWTO, provides integration with SA.

NetMail: NetMail is closer to what most *NIX admins are used to. There is an open-source project at SourceForge for integrating 3rd party software with NetMail. See Novell NetMail Agent

Integrated into Mail Avenger

Mail Avenger is an SMTP Server that allows individual users to run tests on mail messages during SMTP transactions, so that unwanted mail can be rejected before the mail server accepts responsibility for the message. One advantage of this is that it allows you to bounce messages marked as spam by spamassassin. (You can, of course, bounce spam after spooling it, but then you risk sending bounce messages to innocent third parties when spammers forge the sender address, as often happens.)

Individual users can bounce spam by putting the following lines in their $HOME/.avenger/rcpt files:

No Format

bodytest edinplace -x 111 spamassassin -e 100

To run spamassassin by default for all users, you might place the following code in the file /etc/avenger/default:

No Format

test -n "$MAIL_ERROR" && exit 0
bodytest edinplace -x 111 spamassassin -e 100

The first line just rejects the mail immediately if Mail Avenger will end up rejecting it anyway, to save the overhead of firing up spamassassin.

Note that another theoretical advantage of Mail Avenger is that you ought to be able to feed the netpath and SYN fingerprint information it collects into the spamassassin's bayesian filter, but there is not currently any special support for tokenizing the X-Avenger header.

Integrated into Mailsweeper and Mailmarshal (Windows)

A Guide there shows howto intergrated SA (from the sawin32.sourceforge.net) as a plugin for Mailsweeper and this can also be used by Mailmarshal http://www.tooms.dk/articles_tutorials/howto_use_spamassassin_as_a_mailsweeper_plugin/

Notes for MTA-Integration Developers

See MtaIntegrationDevNotes.

...