beyond this document, but this will take a big dent out of your spam and free up CPU cycles on your server.
See 'More Information' at the end.
If you upgraded your SME server to version 7.2 (or later) from 7.1.3 (or earlier), follow the instructions here first.
SpamAssassin
Basic Configuration
The following command will enable the default blacklists, enable the bayesian learning filter and set
thresholds for the bayesian filter.
rpm -Uvh http://distro.ibiblio.org/pub/linux/distributions/smeserver/contribs/michaelw/sme7/\ smeserver-spamassassin-features-0.0.2-0.noarch.rpm
Enable/Disable Filtering Per-User
This procedure doesn't really disable the spam filtering, it just stopps the spam from being routed to the 'junkmail' folder.
Per-user filtering is enabled by default. Disable filtering with the following command, as root:
db accounts setprop USERNAME SortSpam disabled db accounts show USERNAME # only displays settings signal-event user-modify USERNAME
Server-Manager
Using the Server-Manager Configuration/E-Mail panel, adjust the settings to these reasonable defaults.
- Virus scanning Enabled
- Spam filtering Enabled
- Spam sensitivity Custom
- Custom spam tagging level 4
- Custom spam rejection level 12
- Sort spam into junkmail folder Enabled
- Modify subject of spam messages Enabled
I would also recommend blocking all executable content. To do so, select (highlight) all of the attachment types other than zip files (the last two).
Click Save.
How It Works
When receiving an incoming message, the server first tests for RBL and DNSBL listings, if enabled. If the sender is blacklisted, the messages are blocked outright and Spamassassin never sees it.
With this configuration, the spammiest messages, those marked as 12 or above, will be rejected at the SMTP level. Those spam messages marked between 4 and 12, will be routed to the users' (IMAP) junkmail folder. This is done so the users can check for false-positives...valid messages that were classified as spam by SpamAssassin.
Users may check their junkmail folders for false-positives via webmail, or, if they are using an IMAP mail client, by simply checking the junkmail folder exposed by their mail client.
https://servername/webmail
Tweaking
The server will automatically delete old spam in the junkmail folders after 90 days. You can control the number of days old spam is kept with the following commands. Where 15 is the number of days you want to keep messages, do...
db configuration setprop spamassassin MessageRetentionTime 15 signal-event email-update svc -t /service/qpsmtpd
then
config show spamassassin
If you think you are losing misclassified mail, adjust the 'Custom spam rejection level' higher.
If too much spam is making through to your inbox, carefully adjust the 'Custom spam tagging level' down. Many people use the level 4. Anything below that may result in false-positives. YMMV.
If too much spam is building up in your (IMAP) junkmail folder, adjust the 'Custom spam rejection level' down or change the number of days spam is kept in the junkmail folder before being automatically deleted by the server.
Bayesian (Learning) Filter (optional)
Install the LearnAsSpam.pl and mailstats scripts, and configure nightly cron jobs like this:
cd /usr/bin wget http://distro.ibiblio.org/pub/linux/distributions/smeserver/contribs/bread/mailstats/LearnAsSpam.pl cd /etc/cron.d wget http://distro.ibiblio.org/pub/linux/distributions/smeserver/contribs/bread/mailstats/LearnAsSpam.cron /etc/rc.d/init.d/crond restart
Using an IMAP mail client, create a new folder called 'LearnAsSpam' (case sensitive). It can be created at the top level (like 'Inbox') or as a sub-folder. Create the folder for each user that will help train the Bayesian filter. Webmail will work fine for creating this folder, as well as for checking the junkmail (filtered mail or quarantine) folder.
If any spam messages make it past the filter and into your inbox, just move them into the LearnAsSpam folder. A nightly cron job will process them and delete them for you. This is how you train the Bayesian filter.
Manual Training
You can manually train the bayesian filter with commands like these:
sa-learn --ham /home/e-smith/files/users/[your-user-name]/Maildir/cur/* sa-learn --spam /home/e-smith/files/users/[your-user-name]/Mail/junkmail/cur/*
If you save real mail in other folders, you could also teach SA about those emails. If you make a mistake with a folder or a few mails just rescan them with the right rule and they will be recategorized.
Mail Statistics (optional)
See here for details on the mailstats package.
yum install --enablerepo=smecontribs smeserver-mailstats
Testing
You can check the auto-learning statistics with this command. You will be able to note the accumulation of the spam tokens (or not). Note that the Bayesian filtering must receive 200 spam messages before it starts to function, so don't expect instantaneous results.
sa-learn --dump magic
You can check the spam filter log with this command:
tail -50 /var/log/spamd/current | tai64nlocal
Check spamassassin configuration like this:
spamassassin -D --lint
If you ever see an error such as:
warn: bayes: cannot open bayes databases /etc/mail/spamassassin/bayes_* R/W: tie failed: Permission denied
Try adjusting some permissions with these commands:
chown :spamd /var/spool/spamd/.spamassassin/* chmod g+rw /var/spool/spamd/.spamassassin/*
Whitelist and Blacklist
If mail comes in and it is misclassified as spam, you can add the sender to the whitelist so that future messages coming in from that sender are not filtered.
Conversely, you can add a spammer to the blacklist so you never see their spam again.
Add senders (or their entire domains) to the global whitelist (or blacklist) with commands similar to these (as root):
db spamassassin setprop wbl.global *@vonage.com White db spamassassin setprop wbl.global *domain2.com White db spamassassin setprop wbl.global This e-mail address is being protected from spambots. You need JavaScript enabled to view it White db spamassassin setprop wbl.global This e-mail address is being protected from spambots. You need JavaScript enabled to view it Black expand-template /etc/mail/spamassassin/local.cf svc -t /service/spamd
You can view the lists with this command:
db spamassassin show
If you have a text file of e-mail addresses and/or domains (one per line and with entries formatted as above) that you want to whitelist, here is a command line to be run as root that will parse the list and add them to the database all at one time.
dos2unix /tmp/whitelist.txt # make sure the list of addresses and domains is in unix format for id in `cat /tmp/whitelist.txt`; do db spamassassin setprop wbl.global $id White; done
The Horde webmail whitelisting feature does not have the desired effect. However, if you have had users try to use the Horde whitelisting feature, you can extract those whitelist entries into a text file to be used as above.
Clam Antivirus
Update and check your Clam Antivirus with this command. This is normally done automatically every hour via cron.
freshclam -v
or
freshclam --debug
Verify hourly update checking by viewing the "freshclam/current log" file via the Server-Manager View Log Files panel.
Realtime Blackhole Lists and DNS Blacklists
To view the settings for the RBL and DNSBL, use this command:
config show qpsmtpd
If you followed the instructions above, both checks are enabled.
To see the log of these tests, use a command like:
tail /var/log/qpsmtpd/current | tai64nlocal
To specify multiple RBLs, use commands like these:
config setprop qpsmtpd RBLList zen.spamhaus.org:whois.rfc-ignorant.org:dnsbl.njabl.org config setprop qpsmtpd SBLList bogusmx.rfc-ignorant.org:multi.surbl.org:black.uribl.com\ :bulk.rhs.mailpolice.com:fraud.rhs.mailpolice.com:porn.rhs.mailpolice.com:adult.rhs.mailpolice.com:ex.dnsbl.org
Note: here in the US, we have had problems with the (European) Level 2 list at uceprotect.net. If you recieve any complaints from your clients about mail not going through because it was listed on this list, I recommend you remove it. We have also had issues with SORBS, so it is also removed.
To enable or disable both available lists, use something like:
config setprop qpsmtpd DNSBL enabled RHSBL enabled
To confirm any configuration changes and enact them:
signal-event email-update svc -t /service/qpsmtpd
Greylisting
Greylisting is an incredibly efficient way to cut back on spam. It does so by delaying messages from new senders. Valid senders will always retry later and spammers most often will not. Greylisting does this with an absolute minimum of server resources.
mkdir -p /var/lib/qpsmtpd/greylisting chown qpsmtpd:qpsmtpd /var/lib/qpsmtpd/greylisting mkdir -p /etc/e-smith/templates-custom/var/service/qpsmtpd/config/whitelisthosts cat >> /etc/e-smith/templates-custom/var/service/qpsmtpd/config/whitelisthosts/10whitelisthosts << EOF 127.0.0.1 192.168 10 172.16 172.17 172.18 172.19 172.20 172.21 172.22 172.23 172.24 172.25 172.26 172.27 172.28 172.29 172.30 172.31 12.5.136.141 12.5.136.142 12.5.136.143 12.5.136.144 12.107.209.244 63.82.37.110 63.169.44.143 63.169.44.144 64.7.153.18 64.12.137 64.12.138 64.124.204.39 64.125.132.254 66.94.237 66.100.210.82 66.135.209 66.135.197 66.162.216.166 66.206.22.82 66.206.22.83 66.206.22.84 66.206.22.85 66.218.66 66.218.67 66.218.69 66.27.51.218 152.163.225 194.245.101.88 195.235.39.19 195.238.2 195.238.3 204.107.120.10 205.188.139.136 205.188.139.137 205.188.144.207 205.188.144.208 205.188.156.66 205.188.157 205.188.159.7 205.206.231 205.211.164.50 207.115.63 207.171.168 207.171.180 207.171.187 207.171.188 207.171.190 209.132.176.174 211.29.132 213.136.52.31 217.158.50.178 EOF expand-template /var/service/qpsmtpd/config/whitelisthosts mkdir -p /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/0 echo whitelist_soft > /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/0/05whitelist_soft echo greylisting black_timeout 60 db_dir /var/lib/qpsmtpd/greylisting > /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/0/10greylisting /sbin/e-smith/expand-template /var/service/qpsmtpd/config/peers/0 signal-event email-update
More Information
Introduction to Antispam Practices - here
Here is another great howto.
Informative URLs:
http://contribs.org/viewtopic.php?t=35178
http://contribs.org/viewtopic.php?t=31278
http://contribs.org/viewtopic.php?t=31279
http://contribs.org/viewtopic.php?t=32158
http://distro.ibiblio.org/pub/linux/distributions/smeserver/contribs/michaelw/sme7/
http://distro.ibiblio.org/pub/linux/distributions/smeserver/contribs/bread/mailstats/
http://wiki.apache.org/spamassassin/BayesInSpamAssassin
Enter this command at a console.
perldoc Mail::SpamAssassin::Conf
| < Prev | Next > |
|---|
