spam

Dovecot Anti-Spam Plugin

The antispam plugin allows you to retrain the spam filter by simply moving emails in and out of the Spam folder.

cd /extra/src
wget -O dovecot-antispam-plugin.tar.gz http://hg.dovecot.org/dovecot-antispam-plugin/archive/tip.tar.gz
tar zxf dovecot-antispam-plugin.tar.gz
cd dovecot-antispam-plugin-5ebc6aae4d7c

Configure and build it:

ACLOCAL='aclocal -I /usr/local/share/aclocal' ./autogen.sh
./configure --prefix=/usr/local
make
make install

To configure it, edit /usr/local/etc/dovecot/conf.d/90-plugin.conf:

Technology:

Move spam messages

Deliver messages that have been flagged as spam by Spamassassin or dspam into special IMAP folders and remove some clutter from your Inbox.

Spamassassin
There's a couple of ways to have spam messages filltered depending on how your Spamassassin has been configured:

  • Spamassassin has been configured to add X-Spam- headers to messages:

    if (/^X-Spam-Flag: *YES/)
    {
      to $VHOME/Maildir/.Spam
      exit
    }
  • Subject rewritten:
    if (/^X-Spam-Flag: *YES/)
    {
      to $VHOME/Maildir/.Spam
      exit
    }

Spam folder creation

Automatically create set of IMAP folders for sorting detected spam out of users' Inboxes and/or training a spam filter.

Spam folder creation for all users
For training a spam folder such as dspam, we'll give our users a "Spam" folder with subfolders for messages that were spam as well as folders for false positives and false negatives. We can install a global mailfilter on a domain that will make sure that those IMAP folders exist.
Create the Maildrop filter /home/vpopmail/domains/.mailfilter:

SHELL="/bin/sh"
import EXT
import HOST
VPOP="| /home/vpopmail/bin/vdelivermail '' bounce-no-mailbox"

Technology:

Testing your content filter

Testing your content scanner using an EICARS or gtube test pattern.

Eicars (antivirus)

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

gtube (spam)

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

Technology:

Testing virus and spam scanners

EICAR Test Pattern
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
http://www.eicar.org/anti_virus_test_file.htm

GTUBE (Generic Test for Unsolicited Bulk Email) Pattern
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

Technology:

Content Filtering

Virus and Spam Filtering options for your Qmail server along with the programs that call them.

The standard for virus scanning on Open Source mail servers is ClamAV so that's the instructions provided here.

For spam filtering, there are a couple of options with SpamAssassin being the most common.

Technology:

DSPAM

DSPAM is a scalable and open-source content-based spam filter designed for multi-user enterprise systems. DSPAM is an adaptive filter which means it is capable of learning and adapting to each user's email. Instead of working off of a list of "rules" to identify spam, DSPAM's probabilistic engine examines the content of each message and learns what type of content the user deems as spam (or nonspam).

Prerequisites

  • MySQL
  • Apache webserver, compiled with:
    ./configure \
    --enable-so \
    --enable-ssl \
    --enable-rewrite \
    --enable-suexec \
    --with-suexec-docroot=/var/websites

    Before you compile, edit support/suexec.h and change the AP_HTTPD_USER from the default "www" to the "nobody" that our Apache install instructions use:

    #define AP_HTTPD_USER "nobody"
    #define AP_UID_MIN 99
    #define AP_GID_MIN 99

Installation

Technology:

SpamAssassin

Prerequisites
Spamassassin has a boatload of Perl modules that it uses. Some can be installed via yum:

yum -y install perl-HTML-Parser perl-Digest-SHA1 perl-Digest-HMAC perl-Net-DNS
yum -y install perl-HTML-Tagset perl-Time-HiRes perl-DBI

Others are best installed from CPAN:

perl -MCPAN -e shell
install HTML::Parser
install Pod::Usage
install Parse::Syslog
install Statistics::Distributions
install MIME::Base64
install Net::DNS
install Net::SMTP
install Mail::SPF::Query
install LWP
install LWP::UserAgent
install HTTP::Date

Technology:

Spam

Traditionally, SpamAssassin has been the weapon of choice for spam filtering. It uses a variety of spam-detection techniques, that includes DNS-based and checksum-based spam detection, Bayesian filtering, external programs, blacklists and online databases.

DSPAM From the DSPAM website:

Technology:

Pages

Subscribe to RSS - spam

Recent Updates

  • 1 year 11 months ago
  • 1 year 11 months ago
  • 1 year 12 months ago
    php 8.x
  • 1 year 12 months ago
    10.6.7
  • 1 year 12 months ago
    Drop Centos 5/6 stuff