Tags

, , , , , , ,

SPAM or Unsolicited Commercial Email (UCE) is always hated by everybody. It is nightmare for all the system administrator. There are lot of talking and solutions regarding SPAM. I have collect some of this useful inforamtion and implement. These work miracle in my case. I have write this tutorial (basically collect!) to help you out. In this tutorial we will use Postfix as MTA. We will integrate MailScanner and Clamav for Antivirus solution and SpamAssassin and GreyListing for Antispam solution.

1. Postfix
2. Mailscanner

2. Clamav
4. SpamAssassin

5. GreyListing


MailScanner:

Before installing MailScanner make sure that your postfix is working properly. Download the MailScanner from http://www.mailscanner.info/downloads.html. Untar the file. Rune ./configure to install the MailScanner.
In the Postfix configuration file /etc/postfix/main.cf add this line:

header_checks = regexp:/etc/postfix/header_checks
In the file /etc/postfix/header_checks add this line:

/^Received:/ HOLD
The effect of this is to tell Postfix to move all messages to the HOLD queue.

In your MailScanner.conf file (probably in /etc/MailScanner or /opt/MailScanner/etc), there are 5 settings you need to change. They are all really near the top of the file. The settings are
Run As User = postfix

Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold

Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix

You will need to ensure that the user “postfix” can write to /var/spool/MailScanner/incoming and /var/spool/MailScanner/quarantine:
chown postfix.postfix /var/spool/MailScanner/incoming

chown postfix.postfix /var/spool/MailScanner/quarantine
Now run MailScanner, /etc/init.d/MailScanner start

Do the following to start MailScanner at startup
chkconfig postfix off

chkconfig —level 2345 MailScanner on
Clamav:

Download the clamav from http://www.clamav.net/. Untar the file. Add group clamav and user clamav under that group. Install the clamav. We don’t have to change anything in clamav configuration file. Make the following changes to the /etc/MailScanner/MailScanner.conf file:
Virus Scanning = yes

Virus Scanners = clamav 
Spamassain:

Download the spamassain from www.spamassassin.org. We need some perl module.
perl -MCPAN -e shell

Whenever it asks about manual configuration, say no
cpan> o conf prerequisites_policy ask

cpan> install Time::HiRes
cpan> quit

tar xzf Mail-SpamAssassin-version-no.tar.gz
cd Mail-SpamAssassin-version-no

perl Makefile.PL
make

You may now get some errors about pod2text. If you do, then do this command
ln -s /usr/bin/pod2man /usr/bin/pod2text

make
make test

This will fail horribly due to lack of Pod/Usage.pm, so now do this (remember whenever it asks about manual configuration, say no)
perl -MCPAN -e shell

cpan> o conf prerequisites_policy ask
cpan> install Pod::Usage

cpan> quit
Now to try the tests again

make test
make install

You now have installed SpamAssassin. The next step is to configure it and MailScanner.
vi /etc/MailScanner/MailScanner.conf

Change the setting for Required SpamAssassin Scoreto more than 5 as that generates quite a few false alarms.
It’s advised to setLog Spam = yesto start with.

You will of course needUse SpamAssassin = yes”.
You are almost done! Just restart the MailScanner again. Send some test mail and check the maillog that if you are receiving mail or not.

SpamAssassin mainly tagged the mail as spam or not. If you check the mail header you will get something like this:
X-Spam-Status: Yes

or
X-Spam-Status: No

If mail is tagged as spam than the spam status will be yes otherwise it will be no. Now we will send the spam tagged mail in user spam folder. For this we need procmail. Install procmail from www.procmail.org. Let say our user name is info and home folder in /home/info. Info user mail are stored in /home/info/mail folder. Create a file namedspamin /home/info/mail folder.
touch /home/info/mail/spam

chown info:info /home/info/mail/spam
Now create the following file in /home/info/ folder:

.procmailrc
# My variables

HOME=/home/info
MAILDIR=$HOME/mail

# neccessary variables
PATH=/usr/local/bin:/usr/bin

VERBOSE=no
LOGABSTRACT=yes

COMSAT=no
LOGFILE=$HOME/procmail.log

:0
* ^X-Spam-Status: Yes

$HOME/mail/spam
# spamassassin rule ends here

Here ^X-Spam-Status: Yes is the main part. If the mail is tagged as spam than the spam mail will be send to user spam folder.
create the following file in /home/info folder

.forward
”|/usr/bin/procmail -t #info”

From now the spam tagged mail for info user will go it’s spam folder.
GreyListing:

GreyListing is the comparatively new technique to fight against spam. This technique work in following ways:
When a request for delivery of a mail is received by Postfix via SMTP, the triplet CLIENT_IP / SENDER / RECIPIENT is built. If it is the first time that this triplet is seen, or if the triplet was first seen, less than 5 minutes ago, then the mail gets rejected with a temporary error. Hopefully spammers or viruses will not try again later, as it is however required per RFC.” [http://isg.ee.ethz.ch/tools/postgrey/]

With postfix we use PostGrey. Download PostGrey from http://isg.ee.ethz.ch/tools/postgrey/
For PostGrey we need the following perl module:

Net::Server
IO::Multiplex

BerkeleyDB (Perl module)
Berkeley DB (Library, version = 4.1)

tar -zxvf postgrey-1.27.tar.gz

cd postgrey-1.27
cp postgrey_whitelist_* /etc/postfix/

cp postgrey /usr/local/bin
cp postgrey /usr/local/sbin

groupadd nogroup
adduser postgrey

mkdir /var/spool/postfix/postgrey/
chown postgrey:nogroup /var/spool/postfix/postgrey/

And make the following change to the postfix main.cf file:
main.cf

smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10023
Run the following command:

/usr/local/sbin/postgrey —inet=10023 -d —delay=50 —greylist-text=”Policy restrictions; try later”
If everything is ok, postgrey will start. If anything does wrong you will get the output in /var/log/maillog.

Check netstat –nat for the port 10023. Try to send some test mail.
To start the postgrey at startup add the following lines in /etc/rc.local file:

# Start Postgrey
echo -n ‘Postgrey’;  /usr/local/sbin/postgrey —inet=10023 -d —delay=50 —greylist-text=”Policy restrictions; try later”

 # To /etc/rc.local before the start postfix line.

That’s all you need. Happy spam free mail.