====== Spam Filtering ====== Bleh, I hate spam..... ===== Using Spamhaus' Blacklists With Sendmail ===== Well, I basically just followed the documentation. I don't think you have to go through as many steps simply because you are a low-traffic individual user type and can point directly to the [[http://www.spamhaus.org|Spamhaus]] servers for your sendmail dnsbl feature. ==== Editing Your Sendmail Macro ==== First, you need to open up your .mc file: bash-# vi /usr/share/sendmail/cf/cf/config.mc For yzzerdd.net running Slackware: bash-# cd /usr/share/sendmail/cf/cf bash-# vi sendmail-slackware-yzzerdd.mc Now we add in the FEATURE **dnsbl**: FEATURE(`dnsbl',`sbl-xbl.spamhaus.org',`"554 Rejected " $&{client_addr} " Your Custom Rejection Message"')dnl Notice that each entry is encapsulated by a backquote ` and a single quote '. NOT a single quote on each side!\\ \\ Also be aware, as of sendmail 8.12, you **CANNOT** have a "'' , ''" (comma) in your custom rejection message! If you're interested in selectively choosing which users have access to Spamhaus' blacklisting features: FEATURE(`access_db')dnl FEATURE(`delay_checks',`friend')dnl Place that somewhere after your **dnsbl** FEATURE. Then save your changes to config.mc and: bash-# cd /etc/mail bash-# vi access You'll want to add each user who will receive spam to his/her own line in this file like so: Spam:thisIsForTheRough@tough.org FRIEND Now save your changes to the access file and type this sucka: bash-# pwd /etc/mail bash-# makemap hash access < access This should create the file //access.db//. Now all you have to do is rebuild your sendmail config file from the macro we previously edited. Which can be easily accomplished by: bash-# cd /usr/share/sendmail/cf/cf/ bash-# ./Build config.cf For yzzerdd.net running Slackware (the Build script is modified by Pat): bash-# cd /usr/share/sendmail/cf/cf bash-# ./Build sendmail-slackware-yzzerdd.mc bash-# cp sendmail-slackware-yzzerdd.cf /etc/mail/sendmail.cf That about does it. Restart sendmail so it can read your new configuration then you can use the test described [[http://www.crynwr.com/spam/|here]] to see if you've set everything up correctly. This is my addition to /usr/share/sendmail/cf/cf/sendmail-slackware-yzzerdd.mc: dnl# Spamhaus filtering configuration FEATURE(`enhdnsbl',`sbl-xbl.spamhaus.org',`"554 Rejected " $&{client_addr} " Thi s email has been marked as spam. If you think this is an error email root@yzze rdd.net from a different email server."')dnl FEATURE(`access_db')dnl FEATURE(`delay_checks',`friend')dnl ===== Sorbs Filtering with Sendmail ===== Add this to your sendmail.cf (/usr/share/sendmail/cf/cf/sendmail-slackware-yzzerdd.mc): dnl# Sorbs filtering configuration FEATURE(`dnsbl',`dnsbl.sorbs.net',`"554 Rejected " $&{client_addr} " found in dnsbl.sorbs.net"')dnl ===== Whitelisting Specific Addresses ===== ==== in sendmail ==== From:user@whitelist.address OK Add a line like the above for each email address you would like to whitelist to your access file. Then, bash-# makemap hash access < access while in /etc/mail, and restart sendmail. After some testing we found that adding users to the access.db whitelist did not require a sendmail restart. ==== in spamassassin ==== Add an entry in ''/etc/mail/spamassassin/local.cf'' similar to the following: whitelist_from *@sparkingwire.com [[http://wiki.apache.org/spamassassin/ManualWhitelist]] ===== SpamAssassin Info ===== ==== Custom Rulesets ==== To enhance SpamAssassin's functionality, you should probably add some [[http://wiki.apache.org/spamassassin/CustomRulesets|custom rulesets]] to your installation: * [[http://saupdates.openprotect.com/]] * [[http://www.rulesemporium.com/rules.htm]] === Daily Updates for SARE Rules with sa-update === Figuring out where SpamAssassin was actually reading the rules from was tricky. Mostly because I'm using an install of FreeBSD where nothing is in the default directories. Adding to the confusion, the same rules were saved in two separate locations :'-( What's a boy to do. Well, this: bash ~# spamassassin -D config --lint >& lint.txt Obviously, sending the output to a .txt file is optional, but either way you'll be able to see the location of the rules SA is using. Although it's nice to know where your rules are stored, the step above isn't really necessary if you follow [[http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt|these instructions]]. Here's the contents of my channelfile, sare-sa-update-channels.txt: 70_sare_stocks.cf.sare.sa-update.dostech.net 70_sare_adult.cf.sare.sa-update.dostech.net 70_sare_bayes_poison_nxm.cf.sare.sa-update.dostech.net 70_sare_evilnum0.cf.sare.sa-update.dostech.net 70_sare_evilnum1.cf.sare.sa-update.dostech.net 70_sare_genlsubj0.cf.sare.sa-update.dostech.net 70_sare_genlsubj1.cf.sare.sa-update.dostech.net 70_sare_genlsubj2.cf.sare.sa-update.dostech.net 70_sare_genlsubj_eng.cf.sare.sa-update.dostech.net 70_sare_header0.cf.sare.sa-update.dostech.net 70_sare_header1.cf.sare.sa-update.dostech.net 70_sare_highrisk.cf.sare.sa-update.dostech.net 70_sare_html0.cf.sare.sa-update.dostech.net 70_sare_html1.cf.sare.sa-update.dostech.net 70_sare_obfu0.cf.sare.sa-update.dostech.net 70_sare_obfu1.cf.sare.sa-update.dostech.net 70_sare_oem.cf.sare.sa-update.dostech.net 70_sare_random.cf.sare.sa-update.dostech.net 70_sare_specific.cf.sare.sa-update.dostech.net 70_sare_spoof.cf.sare.sa-update.dostech.net 70_sare_unsub.cf.sare.sa-update.dostech.net 70_sare_uri0.cf.sare.sa-update.dostech.net 70_sare_uri1.cf.sare.sa-update.dostech.net 70_sare_uri3.cf.sare.sa-update.dostech.net 70_sare_uri_eng.cf.sare.sa-update.dostech.net 70_sare_whitelist.cf.sare.sa-update.dostech.net 70_sare_whitelist_rcvd.cf.sare.sa-update.dostech.net 70_sare_whitelist_spf.cf.sare.sa-update.dostech.net 70_sc_top200.cf.sare.sa-update.dostech.net 72_sare_bml_post25x.cf.sare.sa-update.dostech.net 72_sare_redirect_post3.0.0.cf.sare.sa-update.dostech.net 99_sare_fraud_post25x.cf.sare.sa-update.dostech.net updates.spamassassing.org It's the ruleset suggested by OpenProtect which doesn't contain any of the really aggressive SARE rules. However, some spam is still coming through. === john's updating of spamassassin === I just followed the steps at [[http://saupdates.openprotect.com/:OpenProtect]], and will incorporate this into a script: # sa-update --gpgkey D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel saupdates.openprotect.com setup crontab: # crontab -e and I added in: # run sa-update every date at 8:30am 30 8 * * * /root/spam_update/sa-auto-update setup the sa-auto-update script: # vi /root/spam_update/sa-auto-update and its contents: #!/bin/bash /usr/bin/sa-update --gpgkey D1C035168C1EBC08464946DA258CDB3ABDE9DC10 \ --channel saupdates.openprotect.com --channel updates.spamassassin.org -D == ===== Reference links ===== * [[http://www.spamhaus.org|Spamhaus]] * http://www.technoids.org/dnsbl.html#step2 * http://www.sendmail.org/m4/features.html * http://www.linuxquestions.org/questions/showthread.php?p=2468236 * [[http://www.sorbs.net|Sorbs]] * http://www.us.sorbs.net/mailsystems/sendmail.shtml ====== To Do ====== ===== Sendmail ===== * add [[http://www.njabl.org|Not Just Another Bogus List]] ===== SpamAssassin ===== * [[http://wiki.apache.org/spamassassin/RuleUpdates|SpamAssassin Rule Updating]] * [[http://wiki.apache.org/spamassassin/SiteWideBayesSetup|Sitewide Bayes Setup]] * [[http://wiki.apache.org/spamassassin/UsingNetworkTests|Network Tests]] * [[http://www.yrex.com/spam/spamconfig.php|local.cf configurator]] * [[http://wiki.apache.org/spamassassin/ManualWhitelist|Manual Whitelist]] * [[http://wiki.apache.org/spamassassin/UsingSpamAssassin|Using SpamAssassin]] * [[http://maxime.ritter.eu.org/article.php3?id_article=10|rule-get updater]] ===== MIMEDefang ===== * [[http://www.mimedefang.org/|MIMEDefang]] (used at columbia) \\ == {{tag>:linux :linux:server :linux:slackware}}