Fed up with SPAM? Who isn't?
Hopefully this tip can help. I'm going to try to talk you through tips to block spam on the server level, using RedHat 7.3, Postfix, AMaAVisD-New, and SpamAssassin. This is how I setup the BlueStream server, so these tips are in production this way. I can't go over everything, but I'll try to cover what issues we had to worry about.
First, install RedHat, making sure to add Postfix, Perl, and the Perl CPAN libraries are loaded.
Some of my favorite Postfix "rules" in the main.cf file for blocking a lot of junkmail are as follows:
maps_rbl_domains = relays.ordb.org, sbl.spamhaus.org
disable_vrfy_command = yes
smtpd_client_restrictions = permit_mynetworks, reject_maps_rbl, check_sender_access hash:/etc/postfix/siteoverride
smtpd_recipient_restrictions = permit_mynetworks, check_sender_access hash:/etc/postfix/siteoverride,
reject_unknown_recipient_domain, reject_unauth_destination, reject_unauth_pipelining,
reject_invalid_hostname, check_relay_domains
smtpd_helo_required = yes
The check_sender_access file siteoverride is a list of sites that I specifically block. It contains entries such as:
pm0.net 550 BLOCKED: SPAM
mb00.net 550 BLOCKED: SPAM
public.com 550 BLOCKED: SPAM
Then compile it with postmap /etc/postfix/siteoverride to allow postfix to use it. I like using it because it saves a lot of CPU processing when running SpamAssassin, and it makes the spammers choke on their own mail, since it never even gets any farther the the helo stage often. You can even get a bit creative, such as the following line I added:
topica.com 550 BLOCKED: SPAM You're a dumbass topica admin! Learn what 550 means!
The rest of the Postfix rules are well covered in many other sites. I basically use all the rules that make sure mail is coming in "well-formed" and I also run the RBL sites to catch a lot of the worst offenders. I run some of the rules twice to block some upon initial connection, and the rest after receiving the mail. You should make sure that all mail is flowing correctly at this point before continuing.
First you'll need to download the latest version of AMAVISD-NEW from http://www.ijs.si/software/amavisd/, gunzip and tar -xvf it and read all the directions. You'll need many more Perl CPAN libraries. The fast way is to start the SpamAssassin download and that will take care of many of the prerequisites.
- perl -MCPAN -e shell
You'll most likely be prompted for a manual or automatic configuration. Selecting No gives automatic configuration. Once completed, enter:
- o conf prerequisites_policy ask
install Mail::SpamAssassin
You most likely get several prompts about adding a prerequisite. Install all of them. If you get errors, you may have to install an RPM package called Kernel-Headers first. I only found a version for RedHat 7.2 on rpmfind.net, but they worked when I installed it. Then I went through the MCPAN installation again, and it worked.
Next, you'll need to install Vipul's Razor which is another Perl script, however, you have to manually download, ./configure, make, and make install it. It will most likely have more CPAN prerequisites from Perl, so just do the perl -MCPAN -e shell and install the libraries with install Net::DNS or whatever is required.
Finally, add an anti-virus package. I use McAfee and F-PROT for Linux, and both anti-virus packages scan each and every mail message. You can configure over a dozen anti-virus solutions.
Check the README files on AMAVISD-NEW. In some releases, you'll need to replace a file to enable all the anti-spam checking.
Install AMAVISD-NEW according to directions. The 20021227 version installs in seconds, with no compilation needed.
Configure the /etc/amavisd.conf file as explained. You may wish to ensure that spam doesn't get rejected at first, so you can make sure that you can white list whatever should get through. When you have no errors, you should be able to start the daemon by typing amavisd at the prompt. Telnet localhost 10024 and you should get a response. You'll most likely have to create something in the /etc/rc.d/init.d folder to allow amavisd to start automatically.
Finally it is time to make Postfix utilize AMAVISD. Just a few changes are required. In /etc/postfix/main.cf add the following line at the end of the file:
- content_filter = smtp-amavis:[127.0.0.1]:10024
And in /etc/postfix/master.cf, add
- smtp-amavis unix - - n - 10 smtp
-o smtp_data_done_timeout=1200s
-o smtp_never_send_ehlo=yes
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
You should now be able to enter postfix reload and then do a test. First off, anti-virus. Send an email through the server using the commonly found eicar.com test file. You should get bounces saying its found a virus. Then just wait for spam to roll in.
As an example of what to do with it, using Microsoft Outlook, create a folder called spam. Then create a rule using the rules wizard as follows:
Select Tools, Rules Wizard.
Select Start from a Blank Rule.
Select Check Message When They Arrive, then Next.
Select the With Specific Words in the Message Header.
Then click specific words in the rule description.
Simply Add "X-Spam-Status: Yes" (figure 1)
Click Next, then select move it to the specified folder. (figure 2)
Click specified in the rule description, and then select your spam folder.
Follow through the rest of the wizard and activate the rule.
 Figure 1 |
 Figure 2 |
You should see as spam comes in that it goes into this folder. Check each spam for something that should have came in, and add its sender to the white list. Now for the cool part: Look at some of the spam messages. Go to View/Options and look at some of the internet headers. You should see the X-Spam-Status header, which will show the "score" of how "spammy" the email is. Anything over 5 points is spam. My first email I received was 42.5 points. It will also show just how many checks that the individual piece of spam "failed."
Conclusion
Now you may have issues. It took me about 4 hours to get everything configured correctly. Since a lot of the Amavisd-new code is new,
there isn't much documentation on it. Also, many of the links about configuring Postfix with SpamAssassin I've followed precisely and couldn't get it to work.
I'm just waiting for new good RPM's to be made available for everything.