How to install SpamFilter

 

Contributions by: Ray Mitchell for his RBL Howto
Created/Updated: 03-09-2006 (revision history)
Versions Supported: 6.0.x (SME 7.x has native support)

 


The SME SpamFilter uses the new SpamAssassinV3 engine and has updated Razor2, and DCC network test modules associated. In the new Server-Manager panel  it has been made very simple to configure Real Time Block/Black Lists (RBLs), White/Black Lists (WBLs) and other Spamassassin functions. The installation script will migrate RBL if configured as per Ray Mitchell's HowTo and WBL settings if configured in the old Spamassassin server manager module. See RBL information below for details on this.

 

[root@e-smith]# cd /root

[root@e-smith]# wget -N http://sme.swerts-knudsen.dk/downloads/SpamFilter/spamfilter_install.sh

[root@e-smith]# sh spamfilter_install.sh

 

 

When installation is complete you should now configure and enable the Spam Filter via the Spam Filter configuration menu in the Server Manager. Please notice that the admin account is not being scanned by the Spam Filter. If you get spam on this account (properly via postmaster or another alias) then I recommend that you redirect admin email to a "real" user via server-manager->Configuration->E-mail->forwarding address.

 

Quite often spammer are trying to reach all kinds of non-existing account on your server from potentially also non-existing email accounts. This can result in many double bounce messages to your postmaster account. Use the "How to delete double bounce messages" to avoid this.

 

See FAQ below if you have any questions before mailing me.

 

 

Real Time Block/Black List (RBL) Information

 

 

Using more lists will result in more queries being sent & received over your Internet connection but should result in more spam being rejected. Some lists are included on other lists so be careful not to include "double listings" as these only result in extra unnecessary queries, potentially slowing down the list servers response times. Choose RBL lists carefully to ensure they meet your needs. Some lists are very aggressive in the implementation of their "inclusion" policy, and while using those lists may block more spam they will also block legitimate messages. You can read the "criteria for inclusion policies" on each list at the list owners web site. The web site addresses are readily discernible from the list names. See Web sites section below.

For example using the bl.spamcop.net list will result in email messages from yahoo, hotmail and earthlink accounts being rejected. If you have legitimate users sending messages from those types of accounts, then do not use the bl.spamcop.net list. This also applies to some other lists.

Inclusion on a list can happen for many reasons, including being a known spammer or having a dynamic dial up IP number or sending via open relay servers or having incorrect address information or being listed by a system admin after receiving a spate of unsolicited email. Inclusion on "conservative" lists usually requires a positive identification of spamming or similar type activity. It is possible for legitimate users to be listed as part of a "block listing" of an IP number range such as has happened with Telstra Bigpond, AOL & other "large" ISP's etc. These listings are generally temporary until the specific spam culprit is identified and has their account cancelled by the ISP.

Here is a list of what appear to be "conservative & safe" lists ie there is justifiable or provable reason for being included on these lists. This is by no means an exhaustive list but is the result of my own investigations and conclusions.

Note that all the lists except spamhaus.org include open relays, so using these lists will block email sent via open relays.

 

Conservative lists

Registration required/Commercial list

Aggressive lists

Web sites for further information

 

 

Frequently Asked Questions (FAQ):

 

Question Answer
I have enabled "Sort to junkmail folder" but emails are not sorted even though the subject has the [SPAM...] tag The RPM installation script should have enabled procmail for all users but I have heard of it failing. The best and easiest way to enable procmail is then to first install the UserPanel and the Lazy Admin Tools. First install both and then issues the following command from shell:
 

# lat-procmail -c "*|enabled|no|some|normal"

Lazy Admin Tool:
http://sme.swerts-knudsen.dk/downloads/e-smith-lazy_admin_tools-0.9.0-1.noarch.rpm

UserPanel (1.60 for SME 6.0.x):
http://sme.swerts-knudsen.dk/downloads/Userpanel/

Installation hangs or SpamFilter (Spamassassin) uses a lot of CPU resources If Spamassassin seems to take up a lot of CPU time or the installation hang while "Discovering Razor Servers" then your server is most likely behind a firewall. Make sure to open the following ports. Outgoing TCP port 2703 (Razor2) and TCP port 7 (Echo). Razor2 uses TCP pings to discover what servers are closest to it.
I have installed the spamfilter on a mail gateway forwarding to another internal mail server and spam mail is not being moved to junkmail folder and not deleted if score is above 15 The automatic deletion of spam and sort to junkmail is only active for users local to the server where spamfilter is running as it is dependant of procmail. If you have all local users and it still doesn't work then hold your horses I am working on it :-)
How does the SpamFilter interact with other antivirus packages/installations? The spamfilter hooks into the mail queue dependant of other installed packages.

1) If pagefault.org's antivirus is installed then is follow the rules set by Damien.

To enable Spamassassin after installing and configuring these packages via the web manager panel at the command line type the commands:

/sbin/e-smith/db configuration setprop amavis-ng qmail-queue /var/qmail/bin/qmail-spamc
/sbin/e-smith/signal-event email-update.
 

2) If my new Antivirus panel is installed then it will react like as #1 as this panel is based on the one from pagefault.org


3) If my old ClamAV script is installed then it will change the qmail-queue parameter in the amavis.conf file

4) If none of the above then it will directly hook into the queue system via:

/sbin/e-smith/db configuration setprop smtpfront-qmail ExternalInterfacesFilter /usr/bin/qmail-spamc
/sbin/e-smith/signal-event email-update

 

Revision History

 

Date Changes
Sep 3, 2006 Updated to SpamAssassin 3.1.5 and removed support for SME 6.5 as it is a non-existing release.
March 16, 2006 sme-spamfilter now can autodelete on a configured score and not only 15. Updated the script to install Spamassassin 3.1.1 and ensured that everybody will be autoupdated if they have that enabled in the server-manager panel.
Oct 14, 2005 Updated the script to install Spamassassin 3.1.0 and ensured that everybody will be autoupdated if they have that enabled in the server-manager panel.
June 25, 2005 Updated the script to install Spamassassin 3.0.4 and ensured that everybody will be autoupdated if they have that enabled in the server-manager panel.
Dec 19, 2004 Updated the script to install Spamassassin 3.0.2 and ensured that everybody will be autoupdated if they have that enabled in the server-manager panel.
Oct 28, 2004 Updated the install script to install perl-Net-DNS version 0.45 as the old version was not sufficient for Spamassassin V3 to run all tests. Can be individually downloaded and installed via:

# rpm -Uvh http://sme.swerts-knudsen.dk/downloads/SpamFilter/perl-Net-DNS-0.45-3.i386.rpm

Oct 25, 2004 Updated the script to install Spamassassin 3.0.1 and ensured that everybody will be autoupdated if they have that enabled in the server-manager panel.
Sept 22, 2004 Updated the script to install Spamassassin Final and ensured that everybody will be autoupdated if they have that enabled in the server-manager panel.
Sept 14, 2004 Updated the script to install Spamassassin RC5 and ensured that everybody will be autoupdated if they have that enabled in the server-manager panel.
Sept 13, 2004 Updated sme-spamfilter to version 1.0.4-1 with the following changes:

 

- Minor clarifications in the panel (autodelete above 15 and sort to junk mail only possible with local users)

- Updated the startup sequence to properly enable procmail for all users.

- Ensured the "divide by zero" errors got removed from the statistics

 

Sept 10, 2004 Updated the script to install Spamassassin RC4 and ensure that all already user will be autoupdated if they have that enabled in the server-manager panel
Sept 9, 2004 Updated sme-spamfilter to version 1.0.3-1 with the following changes:

 

- ensured to also do spam check on internal interface as this is the active in server mode

Install script:

 

- Setting proper rights on /var/qmail/.spamassassin during script install to avoid warnings in the messagelog
- Removed +x from template files and used new sort method for junkmail as they do not need to be executed

- Ensured to remove old crontab file from old installation during script install as we only need to update the database according to the config in the panel

- Enabled automatic migration of white/black list from old installations as well as RBL lists