Rev | Author | # | Line |
---|---|---|---|
1 | DrewBroadley | 1 | !! How to make SpamAssassin run on your local e-mail machine (with [Evolution] in mind) |
2 | |||
3 | * get and install SpamAssassin, test that it works by piping a good email and a spam email through it | ||
4 | * check that fetchmail(1) works, write a <tt>.fetchmailrc</tt> file | ||
5 | * check that procmail(1) works, write a <tt>.procmailrc</tt> file | ||
6 | * disable the regular pop mailboxes in Evolution | ||
7 | * add a new "local delivery" mailbox to Evolution | ||
8 | * write a tiny script I called <tt>getmail</tt> that does <tt>fetchmail -m procmail</tt> and make sure that it gets your email from the POP3 server correctly | ||
9 | * add <tt>getmail</tt> to your crontab to run every 5 minutes | ||
10 | * add a filter rule to Evolution: if specific header <tt>X-Spam-Flag = YES</tt>, drop the email in my Spam folder | ||
11 | |||
12 | <tt>.fetchmailrc</tt>:: | ||
13 | <verbatim> | ||
14 | poll mail.myisp.co.nz protocol POP3 | ||
15 | user "pop3user" password "secret" is user "localuser" here mda "/usr/bin/procmail"; | ||
16 | </verbatim> | ||
17 | |||
18 | <tt>.procmailrc</tt>:: | ||
19 | <verbatim> | ||
20 | # correct incoming messages for programs like Evolution and mail | ||
21 | :0 fhw | ||
22 | | formail -I "From " -a "From " | ||
23 | |||
24 | :0fw | ||
25 | | spamassassin | ||
26 | </verbatim> | ||
27 | |||
28 | <tt>~/bin/getmail</tt>:: | ||
29 | <verbatim> | ||
30 | #!/bin/bash | ||
31 | /usr/bin/fetchmail >> ~/log/fetchmail | ||
32 | </verbatim> | ||
33 | |||
34 | crontab:: | ||
35 | <verbatim> | ||
36 | */5 * * * * /home/localuser/bin/getmail | ||
37 | </verbatim> | ||
38 | |||
4 | CraigBox | 39 | !! SpamAssassin's ClamAV Plugin |
1 | DrewBroadley | 40 | |
41 | This plugin submits the entire email to a locally running [ClamAV] server for virus detection. If a virus is found, it returns a positive return code to indicate spam and sets the header <tt>X-Spam-Virus: Yes ($virusname)</tt>. If you'd like to sort virus emails to a separate folder, create a rule looking for this header. | ||
4 | CraigBox | 42 | |
43 | This isn't necessarily the best way to run [ClamAV]; for example, your MailTransferAgent, if it has a method to call SpamAssassin, probably has a method to call [ClamAV] too. | ||
44 | |||
1 | DrewBroadley | 45 | |
46 | It requires | ||
47 | * [ClamAV] installed so that scanning a mail with <tt>clamscan</tt> works | ||
48 | * the [File::Scan::ClamAV | http://search.cpan.org/dist/File-Scan-ClamAV/] [Perl] module | ||
4 | CraigBox | 49 | |
1 | DrewBroadley | 50 | |
51 | To install, create the files in <tt>/etc/mail/spamassassin/</tt>. You can adjust the default score of 10 in <tt>clamav.cf</tt> if you like. Restart the <tt>spamd</tt> daemon if you're using that, and you should be all set. | ||
52 | |||
53 | <tt>clamav.cf</tt>:: | ||
54 | <verbatim> | ||
55 | loadplugin ClamAV clamav.pm | ||
56 | full CLAMAV eval:check_clamav() | ||
57 | describe CLAMAV Clam AntiVirus detected a virus | ||
58 | score CLAMAV 10 | ||
59 | </verbatim> | ||
60 | |||
61 | <tt>clamav.pm</tt>:: | ||
62 | <verbatim> | ||
63 | package ClamAV; | ||
64 | use strict; | ||
65 | use warnings; | ||
66 | |||
67 | use Mail::SpamAssassin; | ||
68 | use Mail::SpamAssassin::Plugin; | ||
69 | use File::Scan::ClamAV; | ||
70 | |||
71 | our @ISA = qw(Mail::SpamAssassin::Plugin); | ||
72 | |||
73 | sub new { | ||
74 | my ( $class, $mailsa ) = @_; | ||
75 | my $self = $class->SUPER::new( $mailsa ); | ||
76 | bless( $self, $class ); | ||
77 | $self->register_eval_rule( "check_clamav" ); | ||
78 | return $self; | ||
79 | } | ||
80 | |||
81 | sub _set_header { | ||
82 | my ( $msgstatus, $header ) = @_; | ||
83 | $msgstatus->{ main }->{ conf }->{ $_ }->{ "Virus" } = $header | ||
84 | for qw( headers_spam headers_ham ); | ||
85 | } | ||
86 | |||
87 | sub check_clamav { | ||
88 | my ( $self, $permsgstatus, $fulltext ) = @_; | ||
89 | my $clamav = File::Scan::ClamAV->new( port => 3310 ); | ||
90 | my ( $code, $virus ) = $clamav->streamscan( ${ $fulltext } ); | ||
91 | if ( !$code ) { | ||
92 | my $errstr = $clamav->errstr(); | ||
93 | Mail::SpamAssassin::Plugin::dbg( "ClamAV: Error scanning: $errstr" ); | ||
94 | _set_header( $permsgstatus, "Error ($errstr)" ); | ||
95 | } | ||
96 | elsif ( $code eq 'OK' ) { | ||
97 | Mail::SpamAssassin::Plugin::dbg( "ClamAV: No virus detected" ); | ||
98 | _set_header( $permsgstatus, "No" ); | ||
99 | } | ||
100 | elsif ( $code eq 'FOUND' ) { | ||
101 | Mail::SpamAssassin::Plugin::dbg( "ClamAV: Detected virus: $virus" ); | ||
102 | _set_header( $permsgstatus, "Yes ($virus)" ); | ||
103 | return 1; | ||
104 | } | ||
105 | else { | ||
106 | Mail::SpamAssassin::Plugin::dbg( "ClamAV: Error, unknown return code: $code" ); | ||
107 | _set_header( $permsgstatus, "Error (Unknown return code from ClamAV: $code)" ); | ||
108 | } | ||
109 | return; | ||
110 | } | ||
111 | 1; | ||
112 | </verbatim> | ||
113 | |||
114 | !!Inappropriate ioctl for device in your debug logs under Sarge/Hoary | ||
115 | |||
116 | <verbatim> | ||
117 | debug: using "/root/.spamassassin" for user state dir | ||
118 | debug: lock: 29656 created /root/.spamassassin/auto-whitelist.lock.firewall.itpartners.co.nz.29656 | ||
119 | debug: lock: 29656 trying to get lock on /root/.spamassassin/auto-whitelist with 0 retries | ||
120 | debug: lock: 29656 link to /root/.spamassassin/auto-whitelist.lock: link ok | ||
121 | debug: Tie-ing to DB file R/W in /root/.spamassassin/auto-whitelist | ||
122 | debug: unlock: 29656 unlink /root/.spamassassin/auto-whitelist.lock | ||
123 | debug: open of AWL file failed: Cannot open auto_whitelist_path /root/.spamassassin/auto-whitelist: Inappropriate ioctl for device | ||
124 | </verbatim> | ||
125 | |||
126 | You're using old format database files. | ||
127 | |||
128 | The perl version change effected a change of the BDB version being used. The bayes_seen and bayes_toks fixes are BDB files and | ||
129 | can be fixed by doing an db4.x_upgrade on them. sarge/hoary use Berkely DB 4.2, and you can install the db4.2-util package. with HTML | ||
130 | |||
131 | !! I'm running spamassassin from my MTA, and I get the error <tt>spam acl condition: cannot parse spamd output</tt> or similar. | ||
132 | |||
133 | This occurs if you have upgraded perl, and not restarted spamd. Try restarting spamd and see if it solves the problem. It could also be a version mismatch, in which case you'll have to upgrade whichever process is calling spamassassin | ||
134 | |||
135 | !! I'm running spamassassin on [Debian] and get this error <tt>Cannot open bayes databases /home/jimbobdobalina/.spamassassin/bayes_* R/O: tie failed:</tt> (or similar) | ||
136 | |||
137 | Fix: | ||
138 | |||
139 | <verbatim> | ||
140 | apt-get install db4.3-util | ||
141 | </verbatim> | ||
142 | |||
143 | Go to where you Bayes DB's lie. | ||
144 | |||
145 | <verbatim> | ||
146 | db4.3_upgrade bayes_seen | ||
3 | PhilMurray | 147 | db4.3_upgrade bayes_toks |
1 | DrewBroadley | 148 | </verbatim> |
149 | |||
150 | Restart spamassassin, and voila! | ||
151 | |||
4 | CraigBox | 152 | !!Web based spam management |
153 | |||
154 | [Maia Mailguard|http://renaissoft.com/maia/] is a web-based interface and quarantine management system for amavisd-new, which allows users to manage their own spam. It has all the pitfalls of amavis, but might suit your needs. | ||
5 | CraigBox | 155 | |
156 | !!Making Razor go | ||
157 | |||
158 | Is Razor running? | ||
159 | |||
160 | Uncomment it in /etc/spamassassin/v310.pre and you're effectively away. If you want to be able to submit, you have to [create an account|http://wiki.apache.org/spamassassin/InstallingRazor]. | ||
161 | |||
162 | !!Making DCC go | ||
163 | |||
164 | Is DCC running? Have you uncommnented it in /etc/spamassassin/v310.pre? | ||
165 | |||
166 | <verbatim> | ||
167 | # spamassassin -t -D < /tmp/spam | ||
168 | <snip> | ||
169 | [8407] dbg: dcc: dccifd is not available: no r/w dccifd socket found | ||
170 | [8407] dbg: dcc: check timed out after 5 seconds | ||
171 | </verbatim> | ||
172 | |||
173 | Default Ubuntu/Debian installation, SA probably can't find the <tt>dccifd</tt> file - add to /etc/spamassassin/local.cf: | ||
174 | |||
175 | <verbatim> | ||
176 | # Enable DCC | ||
177 | use_dcc 1 | ||
178 | dcc_home /var/lib/dcc | ||
179 | </verbatim> | ||
180 | |||
181 | !!Making Pyzor go | ||
182 | |||
183 | Is Pyzor running? Have you uncommnented it in /etc/spamassassin/v310.pre? | ||
184 | |||
185 | <verbatim> | ||
186 | # spamassassin -t -D < /tmp/spam | ||
187 | <snip> | ||
188 | [8615] dbg: util: executable for pyzor was found at /usr/bin/pyzor | ||
189 | [8615] dbg: pyzor: pyzor is available: /usr/bin/pyzor | ||
190 | [8615] dbg: info: entering helper-app run mode | ||
191 | [8615] dbg: pyzor: opening pipe: /usr/bin/pyzor check < /tmp/.spamassassin8615OvQ1ymtmp | ||
192 | [8617] dbg: util: setuid: ruid=0 euid=0 | ||
193 | [8615] dbg: pyzor: killed stale helper [8617] | ||
194 | [8615] dbg: pyzor: [8617] terminated: exit=0x000f | ||
195 | [8615] dbg: info: leaving helper-app run mode | ||
196 | [8615] dbg: pyzor: check timed out after 5 seconds | ||
197 | </verbatim> | ||
198 | |||
199 | The old Pyzor server has disappeared. Locate .pyzor/servers (systemwide on Debian/Ubuntu, it's under /root/.pyzor/servers) and replace the contents with <tt>82.94.255.100:24441</tt>. Don't run <tt>pyzor discover</tt> again, as it will overwrite the contents with the broken server. (Thanks to [this Nabble post|http://www.nabble.com/Pyzor-issue-since-upgrade-to-3.1.3-t1742083.html] for the answer) | ||
6 | CraigBox | 200 | |
201 | !!Graphing your SA scores | ||
202 | |||
203 | Thanks to Tom from ItPartners for this cool script. Requires gnuplot. Graphs your spam scores. | ||
204 | |||
205 | <verbatim> | ||
206 | #!/bin/bash | ||
207 | |||
208 | # Generate a graph of SpamAssassin spam score frequencies. | ||
209 | # Needs gnuplot. | ||
210 | |||
211 | LOGFILES=/var/log/mail.log* | ||
212 | |||
213 | SCOREFILE=/tmp/spamscores | ||
214 | IMAGEFILE=/tmp/spamplot.gif | ||
215 | |||
216 | > $SCOREFILE | ||
217 | for score in `zegrep "identified spam|clean message" $LOGFILES | awk '{print $9}' | cut -d "/" -f 1 | cut -d '(' -f 2` | ||
218 | do | ||
219 | echo $score 1 >> $SCOREFILE | ||
220 | done | ||
221 | |||
222 | gnuplot <<EOF | ||
223 | set term gif | ||
224 | set output "$IMAGEFILE" | ||
225 | plot "$SCOREFILE" smooth frequency | ||
226 | EOF | ||
227 | </verbatim> | ||
8 | LawrenceDoliveiro | 228 | |
229 | !!Systemwide filtering | ||
230 | |||
231 | ~SpamAssassin is normally supposed to be invoked on a per-user basis, perhaps via a procmail(1) rule, or directly in a <tt>.forward</tt> entry, that kind of thing. However, it is possible to filter all users' e-mail on a systemwide basis. The procedure for doing this with [Postfix] is described [here|http://www.geekly.com/entries/archives/00000155.htm]. | ||
232 | |||
7 | LawrenceDoliveiro | 233 | |
234 | !![SUSE] notes | ||
235 | |||
236 | Under SuSE, spamd is configured by default not to apply any rules that require Internet access (like accessing Pyzor, blocklists etc). To fix this, edit /etc/sysconfig/spamd. Look for the line | ||
237 | |||
238 | <verbatim> | ||
239 | SPAMD_ARGS="-d -c -L" | ||
240 | </verbatim> | ||
241 | |||
242 | and remove the "-L" switch. | ||
1 | DrewBroadley | 243 | |
244 | ---- | ||
4 | CraigBox | 245 | CategoryAntiSpam %%% |
246 | CategoryNotes |
lib/blame.php:177: Warning: Invalid argument supplied for foreach() (...repeated 4 times)