Home

spam

Move spam messages

Posted in

Deliver messages that have been flagged as spam by Spamassassin or dspam into special IMAP folders and remove some clutter from your Inbox.

Spamassassin
There's a couple of ways to have spam messages filltered depending on how your Spamassassin has been configured:

  • Spamassassin has been configured to add X-Spam- headers to messages:
    if (/^X-Spam-Flag: *YES/)
    {
      to $VHOME/Maildir/.Spam
      exit
    }

  • Subject rewritten:
    if (/^X-Spam-Flag: *YES/)
    {
      to $VHOME/Maildir/.Spam
      exit
    }

Spam folder creation

Posted in

Automatically create set of IMAP folders for sorting detected spam out of users' Inboxes and/or training a spam filter.

Spam folder creation for all users
For training a spam folder such as dspam, we'll give our users a "Spam" folder with subfolders for messages that were spam as well as folders for false positives and false negatives. We can install a global mailfilter on a domain that will make sure that those IMAP folders exist.
Create the Maildrop filter /home/vpopmail/domains/.mailfilter:

SHELL="/bin/sh"
import EXT
import HOST
VPOP="| /home/vpopmail/bin/vdelivermail '' bounce-no-mailbox"

Testing your content filter

Posted in

Testing your content scanner using an EICARS or gtube test pattern.

Eicars (antivirus)

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

gtube (spam)

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

Testing virus and spam scanners

Posted in

EICAR Test Pattern
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
http://www.eicar.org/anti_virus_test_file.htm

GTUBE (Generic Test for Unsolicited Bulk Email) Pattern
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

Content Filtering

Posted in

Virus and Spam Filtering options for your Qmail server along with the programs that call them.

The standard for virus scanning on Open Source mail servers is ClamAV so that's the instructions provided here.

For spam filtering, there are a couple of options with SpamAssassin being the most common.

DSPAM

Posted in

DSPAM is a scalable and open-source content-based spam filter designed for multi-user enterprise systems. DSPAM is an adaptive filter which means it is capable of learning and adapting to each user's email. Instead of working off of a list of "rules" to identify spam, DSPAM's probabilistic engine examines the content of each message and learns what type of content the user deems as spam (or nonspam).

Prerequisites

  • MySQL
  • Apache webserver, compiled with:
    ./configure \
    --enable-so \
    --enable-ssl \
    --enable-rewrite \
    --enable-suexec \
    --with-suexec-docroot=/var/websites

    Before you compile, edit support/suexec.h and change the AP_HTTPD_USER from the default "www" to the "nobody" that our Apache install instructions use:
    #define AP_HTTPD_USER "nobody"
    #define AP_UID_MIN 99
    #define AP_GID_MIN 99

Installation

SpamAssassin

Posted in

Prerequisites
Spamassassin has a boatload of Perl modules that it uses. Some can be installed via yum:

yum -y install perl-HTML-Parser perl-Digest-SHA1 perl-Digest-HMAC perl-Net-DNS
yum -y install perl-HTML-Tagset perl-Time-HiRes perl-DBI

Others are best installed from CPAN:

perl -MCPAN -e shell
install HTML::Parser
install Pod::Usage
install Parse::Syslog
install Statistics::Distributions
install MIME::Base64
install Net::DNS
install Net::SMTP
install Mail::SPF::Query
install LWP
install LWP::UserAgent
install HTTP::Date

Spam

Posted in

Spam filtering for your Qmail server using either SpamAssassin or DSPAM.

Traditionally, SpamAssassin has been the weapon of choice for spam filtering. It uses a variety of spam-detection techniques, that includes DNS-based and checksum-based spam detection, Bayesian filtering, external programs, blacklists and online databases.

DSPAM From the DSPAM website:

rbldns

Posted in

In addition to relying on 3rd-party realtime blackhole lists (RBLs), you can also create your own RBL lists. You can blacklist IP addresses that aren't on other lists and you can also whitelist addresses that want to receive mail from, even if they happen to be on a blacklist.

In addition to relying on 3rd-party realtime blackhole lists (RBLs), you can also create your own RBL lists. You can blacklist IP addresses that aren't on other lists and you can also whitelist addresses that want to receive mail from, even if they happen to be on a blacklist.

Instructions here are adapted from http://www.antagonism.org/mail/rbldns-qmail.shtml and http://ladro.com/docs/dns/rblsmtpd.html

Blacklist
Firstly, we'll create a user for our RBL to run under. Probably don't need this step if we ran rbldns as the dnscache user (dnsrun)

Syndicate content