Improving Anti-spam system: Difference between revisions
No edit summary |
No edit summary |
||
Line 27: | Line 27: | ||
<pre> | <pre> | ||
mkdir /opt/zimbra/.razor; chown -Rf zimbra:zimbra /opt/zimbra/.razor | mkdir /opt/zimbra/.razor; chown -Rf zimbra:zimbra /opt/zimbra/.razor | ||
</ | </pre> | ||
As zimbra user, create your razor account: | As zimbra user, create your razor account: | ||
Line 60: | Line 60: | ||
chmod -R a+rX /usr/share/doc/pyzor /usr/lib/python2.3/site-packages/pyzor /usr/bin/pyzor /usr/bin/pyzord | chmod -R a+rX /usr/share/doc/pyzor /usr/lib/python2.3/site-packages/pyzor /usr/bin/pyzor /usr/bin/pyzord | ||
</pre> | </pre> | ||
Create .pyzor folder into zimbra home and set perms | Create .pyzor folder into zimbra home and set perms | ||
Line 69: | Line 68: | ||
Open your firewall ports for pyzor (TCP/24441 outgoing) | Open your firewall ports for pyzor (TCP/24441 outgoing) | ||
And ready to go, as zimbra user, with: >pyzor discover | And ready to go, as zimbra user, with: | ||
<pre> | |||
pyzor discover | |||
</pre> | |||
---- | |||
4- Now we have PYZOR + RAZOR + SPF. But it would be advisable to enable it and give SPF a higher score. Those admins with wrong SPF entries should be punished since it's not mandatory and so, if you enable it, do it well. So open your spamassassin config at /opt/zimbra/conf/spamassassin/local.cf and add this rules at the end (customize it at your own): | 4- Now we have PYZOR + RAZOR + SPF. But it would be advisable to enable it and give SPF a higher score. Those admins with wrong SPF entries should be punished since it's not mandatory and so, if you enable it, do it well. So open your spamassassin config at /opt/zimbra/conf/spamassassin/local.cf and add this rules at the end (customize it at your own): | ||
<pre> | |||
ok_languages en es | |||
ok_locales en es | |||
trusted_networks 127. 10.70. 192.168. | |||
use_bayes 1 | |||
skip_rbl_checks 0 | |||
use_razor2 1 | |||
#use_dcc 1 <<< WORK IN PROGRESS | |||
use_pyzor 1 | |||
dns_available yes | |||
## Optional Score Increases | |||
score DCC_CHECK 4.000 | |||
score SPF_FAIL 10.000 | |||
score SPF_HELO_FAIL 10.000 | |||
score SPF_SOFTFAIL 10.000 | |||
score RAZOR2_CHECK 2.500 | |||
score PYZOR_CHECK 2.500 | |||
score BAYES_99 4.300 | |||
score BAYES_90 3.500 | |||
score BAYES_80 3.000 | |||
bayes_ignore_header Received: from mail3.vectorsf.com | |||
bayes_ignore_header Received: from localhost | |||
bayes_ignore_header Received: from mail1.vectorsf.com | |||
bayes_ignore_header Received: from mail2.vectorsf.com | |||
</pre> | |||
---- | |||
5- Some notes about this: In zimbra, by default, spam with 15 score of higher is discarded by amavisd. If you want your user receive these mails, you have to modify amavisd.conf settings (/opt/zimbra/conf/amavisd.conf) in order to pass this email. | 5- Some notes about this: In zimbra, by default, spam with 15 score of higher is discarded by amavisd. If you want your user receive these mails, you have to modify amavisd.conf settings (/opt/zimbra/conf/amavisd.conf) in order to pass this email. | ||
Line 83: | Line 116: | ||
I compile on different system to build an rpm to install in production environment. Use the attached spec file (rename it to .spec) to build an rpm with the command: | I compile on different system to build an rpm to install in production environment. Use the attached spec file (rename it to .spec) to build an rpm with the command: | ||
<pre> | |||
rpmbuild -ba /usr/src/redhat/SPECS/dcc.spec | rpmbuild -ba /usr/src/redhat/SPECS/dcc.spec | ||
</pre> | |||
install it on the production server: rpm -ivh dcc-x.y.z.rpm | install it on the production server: | ||
<pre> | |||
rpm -ivh dcc-x.y.z.rpm | |||
</pre> | |||
Change /etc/dcc/dcc_conf to read: | Change /etc/dcc/dcc_conf to read: | ||
<pre> | |||
DCCUID=zimbra DCCD_ENABLE=off | DCCUID=zimbra DCCD_ENABLE=off | ||
</pre> | |||
Change /opt/zimbra/conf/spamassassin/v310.pre to enable the DCC plugin: | Change /opt/zimbra/conf/spamassassin/v310.pre to enable the DCC plugin: |
Revision as of 08:48, 17 October 2006
We have started working with zimbra spamassasin in order to improve it. This is what we have done:
1- First of all, zimbra spamassassin has no SPF enabled. Since perl enviroment is system way integrated, adding SPF support is fair simple. If you use RedHat or CentOS, you can "yum-it" from dag.wieers.com repositories by executing:
yum install perl-Mail-SPF-Query
2- Second, we added Razor2 in order to improve score.
As root: Get razor-agents-sdk from razor.sourceforge.net, untar it and
perl Makefile.PL make make install
Get also razor-agents from razor.sourceforge.net, untar it and
perl Makefile.PL make make install
Open your firewall ports for razor2 (TCP/2703 outgoing).
Create .razor folder in /opt/zimbra and give zimbra user permissions
mkdir /opt/zimbra/.razor; chown -Rf zimbra:zimbra /opt/zimbra/.razor
As zimbra user, create your razor account:
razor-admin -create razor-admin -discover razor-admin -register
And finally enable razor. Edit /opt/zimbra/conf/spamassassin/v310.pre and uncomment line
loadplugin Mail::SpamAssassin::Plugin::Razor2
3- Now we are going to add pyzor support for increase (again) spam score
As root, install python support.
yum install python
Get pyzor package from pyzor.sourceforge.net, untar it and:
python setup.py build python setup.py install
Set perms according with pyzor readme.
chmod -R a+rX /usr/share/doc/pyzor /usr/lib/python2.3/site-packages/pyzor /usr/bin/pyzor /usr/bin/pyzord
Create .pyzor folder into zimbra home and set perms
mkdir /opt/zimbra/.pyzor; chown zimbra:zimbra /opt/zimbra/.pyzor
Open your firewall ports for pyzor (TCP/24441 outgoing)
And ready to go, as zimbra user, with:
pyzor discover
4- Now we have PYZOR + RAZOR + SPF. But it would be advisable to enable it and give SPF a higher score. Those admins with wrong SPF entries should be punished since it's not mandatory and so, if you enable it, do it well. So open your spamassassin config at /opt/zimbra/conf/spamassassin/local.cf and add this rules at the end (customize it at your own):
ok_languages en es ok_locales en es trusted_networks 127. 10.70. 192.168. use_bayes 1 skip_rbl_checks 0 use_razor2 1 #use_dcc 1 <<< WORK IN PROGRESS use_pyzor 1 dns_available yes ## Optional Score Increases score DCC_CHECK 4.000 score SPF_FAIL 10.000 score SPF_HELO_FAIL 10.000 score SPF_SOFTFAIL 10.000 score RAZOR2_CHECK 2.500 score PYZOR_CHECK 2.500 score BAYES_99 4.300 score BAYES_90 3.500 score BAYES_80 3.000 bayes_ignore_header Received: from mail3.vectorsf.com bayes_ignore_header Received: from localhost bayes_ignore_header Received: from mail1.vectorsf.com bayes_ignore_header Received: from mail2.vectorsf.com
5- Some notes about this: In zimbra, by default, spam with 15 score of higher is discarded by amavisd. If you want your user receive these mails, you have to modify amavisd.conf settings (/opt/zimbra/conf/amavisd.conf) in order to pass this email.
ENABLING DCC
To setup DCC: Download dcc from DCC Site
I compile on different system to build an rpm to install in production environment. Use the attached spec file (rename it to .spec) to build an rpm with the command:
rpmbuild -ba /usr/src/redhat/SPECS/dcc.spec
install it on the production server:
rpm -ivh dcc-x.y.z.rpm
Change /etc/dcc/dcc_conf to read:
DCCUID=zimbra DCCD_ENABLE=off
Change /opt/zimbra/conf/spamassassin/v310.pre to enable the DCC plugin:
Code:
1. DCC - perform DCC message checks. # # DCC is disabled here because it is not open source. See the DCC # license for more details. # loadplugin Mail::SpamAssassin::Plugin::DCC
Have fun. I use sqlgrey as greylist server, so I don't need another one. As to me the standard value DCC == 2.5 Spamassassin point is ok, so I do not change it. With SA 3.xx you do not need to use enable_dcc il local.cf. That's the same for razor2 indeed...
I think we should prepare a script to save and restore this config changes upon zimbra updates...