Line 77: |
Line 77: |
| ====I want to enable GreyListing==== | | ====I want to enable GreyListing==== |
| GreyListing support is under the covers and can easily be enabled for those who know what they are doing. However, many experienced users found that they spent more time looking after the greylisting configuration than they received in benefit. | | GreyListing support is under the covers and can easily be enabled for those who know what they are doing. However, many experienced users found that they spent more time looking after the greylisting configuration than they received in benefit. |
| + | |
| + | ====Setup Blacklists & Bayesian Autolearning==== |
| + | |
| + | (Much of what follows has been shamelessly copied from the Sonoracomm howto) |
| + | |
| + | The default SME settings (as you can see above) do not include DNSBL filtering, spam rejection, or (which is not obvious from the above) bayesian filtering in spamassassin to allow spamassassin to learn from received email and improve over time. |
| + | |
| + | The following command will enable the default blacklists, enable the bayesian learning filter and set |
| + | thresholds for the bayesian filter. |
| + | |
| + | config setprop spamassassin UseBayes 1 |
| + | config setprop spamassassin BayesAutoLearnThresholdSpam 4.00 |
| + | config setprop spamassassin BayesAutoLearnThresholdNonspam 0.10 |
| + | sa-learn --sync --dbpath /var/spool/spamd/.spamassassin -u spamd |
| + | chown spamd.spamd /var/spool/spamd/.spamassassin/bayes_* |
| + | chown spamd.spamd /var/spool/spamd/.spamassassin/bayes.mutex |
| + | chmod 640 /var/spool/spamd/.spamassassin/bayes_* |
| + | config setprop qpsmtpd DNSBL enabled |
| + | config setprop qpsmtpd RHSBL enabled |
| + | config setprop spamassassin status enabled |
| + | config setprop spamassassin RejectLevel 12 |
| + | config setprop spamassassin TagLevel 4 |
| + | config setprop spamassassin Sensitivity custom |
| + | signal-event email-update |
| + | |
| + | These commands will: |
| + | * enable spamassassin |
| + | * configure spamassassin to reject any email with a score above 12 |
| + | * tag spam scored between 4 and 12 in the email header |
| + | * enable bayesian filter |
| + | * 'autolearn' as SPAM any email with a score above 4.00 |
| + | * 'autolearn' as HAM any email with a score below 0.10 |
| + | * enable RHSBL using the default SBLList. Note that rhsbl checking has been known to place a heavy burden on SME servers. |
| + | * enable DNSBL using the default RBLList |
| + | |
| + | ====The entire Sonoracomm howto from Google's text cache==== |
| + | In situ: http://www.sonoracomm.com/index.php?option=com_content&task=view&id=49&Itemid=32 |
| + | |
| + | The Sonoracomm Howto has been a very well regarded set of instructions for quite a while now. An older version is included here in case you have trouble with the link above. |
| + | |
| + | These instructions are aimed mostly at configuring SME as the only mail server, not for using SME with an internal mail server. |
| + | |
| + | Specifically, LearnAsSpam.pl is harder to configure when using an internal mail server - you would have to develop a method for getting the unmarked SPAM into an IMAP folder directly on the SME server itself. Not impossible, but difficult! |
| + | |
| + | '''SONORA COMMUNICATIONS, INC.''' |
| + | This is a quick configuration howto, not an in-depth look at SpamAssassin. Much more can be done |
| + | beyond this document, but this will take a big dent out of your spam and free up CPU cycles on your server. |
| + | |
| + | See 'More Information' at the end. |
| + | |
| + | '''SpamAssassin''' |
| + | |
| + | The following command will enable the default blacklists, enable the bayesian learning filter and set thresholds for the bayesian filter. |
| + | <nowiki>rpm -Uvh \ |
| + | http://mirror.contribs.org/smeserver/contribs/\ |
| + | michaelw/sme7/smeserver-spamassassin-features-0.0.2-0.noarch.rpm</nowiki> |
| + | |
| + | This command will install the FuzzyOCR SA plugin designed to catch those nasty image-based spam messages. |
| + | yum -y --enablerepo=smeupdates-testing install FuzzyOcr |
| + | |
| + | '''Server-Manager''' |
| + | |
| + | Using the Server-Manager Configuration/E-Mail panel, adjust the settings to these reasonable |
| + | * Virus scanning Enabled |
| + | * Spam filtering Enabled |
| + | * Spam sensitivity Custom |
| + | * Custom spam tagging level 4 |
| + | * Custom spam rejection level 12 |
| + | * Sort spam into junkmail folder Enabled |
| + | * Modify subject of spam messages Enabled |
| + | |
| + | It is also recommend blocking all executable content. To do so, select (highlight) all of the attachment types other than zip files (the last two). |
| + | |
| + | Click Save. |
| + | |
| + | '''How It Works''' |
| + | |
| + | When receiving an incoming message, the server first tests for RBL and DNSBL listings, if enabled. If the sender is blacklisted, the messages are blocked outright and Spamassassin never sees it. |
| + | |
| + | With this configuration, the spammiest messages, those marked as 12 or above, will be rejected at the SMTP level. Those spam messages marked between 4 and 12, will be routed to the users' (IMAP) junkmail folder. This is done so the users can check for false-positives...valid messages that were classified as spam by SpamAssassin. |
| + | |
| + | Users may check their junkmail folders for false-positives via webmail, or, if they are using an IMAP mail client, by simply checking the junkmail folder exposed by their mail client. |
| + | |
| + | https://servername/webmail |
| + | |
| + | '''Tweaking''' |
| + | |
| + | The server will automatically delete old spam in the junkmail folders after 90 days. You can control the number of days old spam is kept with the following commands. Where 15 is the number of days you want to keep messages, do... |
| + | |
| + | db configuration setprop spamassassin MessageRetentionTime 15 |
| + | signal-event email-update |
| + | svc -t /service/qpsmtpd |
| + | |
| + | then |
| + | |
| + | config show spamassassin |
| + | |
| + | If you think you are losing misclassified mail, adjust the ''Custom spam rejection level'' higher. |
| + | |
| + | If too much spam is making through to your inbox, carefully adjust the 'Custom spam tagging level' down. Many people use the level 4. Anything below that may result in false-positives. YMMV. |
| + | |
| + | If too much spam is building up in your (IMAP) junkmail folder, adjust the 'Custom spam rejection level' down or change the number of days spam is kept in the junkmail folder before being automatically deleted by the server. |
| + | |
| + | '''Bayesian (Learning) Filter''' |
| + | |
| + | Install the LearnAsSpam.pl, (optional) mailstats and sa-update scripts, then configure nightly cron jobs like this: |
| + | <nowiki>cd /usr/bin |
| + | wget http://mirror.contribs.org/smeserver/\ |
| + | contribs//bread/mailstats/LearnAsSpam.pl |
| + | wget http://mirror.contribs.org/smeserver/\ |
| + | contribs//bread/mailstats/spamfilter-stats-7.pl |
| + | cd /etc/cron.d |
| + | wget http://mirror.contribs.org/smeserver/\ |
| + | contribs//bread/mailstats/LearnAsSpam.cron |
| + | wget http://mirror.contribs.org/smeserver/\ |
| + | contribs//bread/mailstats/mailstats.cron |
| + | cd /etc/cron.daily |
| + | wget http://mirror.contribs.org/smeserver/\ |
| + | contribs//bread/mailstats/sa-update |
| + | chmod +x sa-update |
| + | /etc/rc.d/init.d/crond restart</nowiki> |
| + | |
| + | Using an IMAP mail client, create a new folder called 'LearnAsSpam' (case sensitive). It can be created at the top level (like 'Inbox') or as a sub-folder. Create the folder for each user that will help train the Bayesian filter. Webmail will work fine for creating this folder, as well as for checking the junkmail (filtered mail or quarantine) folder. |
| + | |
| + | If any spam messages make it past the filter and into your inbox, just move them into the LearnAsSpam folder. A nightly cron job will process them and delete them for you. This is how you train the Bayesian filter. |
| + | |
| + | '''Testing''' |
| + | |
| + | You can check the auto-learning statistics with this command. You will be able to note the accumulation of the spam tokens (or not). Note that the Bayesian filtering must receive 200 spam messages before it starts to function, so don't expect instantaneous results. |
| + | sa-learn --dump magic |
| + | |
| + | You can check the spam filter log with this command: |
| + | tail -50 /var/log/spamd/current | tai64nlocal |
| + | |
| + | If you ever see an error such as: |
| + | ''warn: bayes: cannot open bayes databases /etc/mail/spamassassin/bayes_* R/W: tie failed: Permission denied'' |
| + | Try adjusting some permissions with these commands: |
| + | chown :spamd /var/spool/spamd/.spamassassin/* |
| + | chmod g+rw /var/spool/spamd/.spamassassin/* |
| + | |
| + | '''Whitelist and Blacklist''' |
| + | |
| + | If mail comes in and it is misclassified as spam, you can add the sender to the whitelist so that future messages coming in from that sender are not filtered. |
| + | |
| + | Conversely, you can add a spammer to the blacklist so you never see their spam again. |
| + | |
| + | Add senders (or their entire domains) to the global whitelist (or blacklist) with commands similar to these (as root): |
| + | db spamassassin setprop wbl.global *@vonage.com White |
| + | db spamassassin setprop wbl.global *domain2.com White |
| + | db spamassassin setprop wbl.global This e-mail address is being protected from spam bots, you need JavaScript enabled to view it White |
| + | db spamassassin setprop wbl.global This e-mail address is being protected from spam bots, you need JavaScript enabled to view it Black |
| + | expand-template /etc/mail/spamassassin/local.cf |
| + | svc -t /service/spamd |
| + | |
| + | You can view the lists with this command: |
| + | db spamassassin show |
| + | |
| + | '''Clam Antivirus''' |
| + | |
| + | Update and check your Clam Antivirus with this command. This is normally done automatically every hour via cron. |
| + | freshclam -v |
| + | |
| + | or |
| + | freshclam --debug |
| + | |
| + | Verify hourly update checking by viewing the freshclam/current log file via the Server-Manager View Log Files panel. |
| + | |
| + | '''Realtime Blackhole Lists and DNS Blacklists''' |
| + | |
| + | To view the settings for the RBL and DNSBL, use this command: |
| + | config show qpsmtpd |
| + | |
| + | If you followed the instructions above, both checks are enabled. |
| + | |
| + | To see the log of these tests, use a command like: |
| + | tail /var/log/qpsmtpd/current | tai64nlocal |
| + | |
| + | To specify multiple RBLs, use a command like this: |
| + | config setprop qpsmtpd RBLList \ |
| + | bl.spamcop.net,combined.njabl.org,dnsbl.ahbl.org,dnsbl-1.uceprotect.net,\ |
| + | list.dsbl.org,multihop.dsbl.org,psbl.surriel.com,zen.spamhaus.org |
| + | |
| + | Note: we have had trouble with the uceprotect.net level 2 list and sometimes remove it from the list as shown here. |
| + | |
| + | To enable or disable both available lists, use something like: |
| + | config setprop qpsmtpd DNSBL enabled RHSBL enabled |
| + | |
| + | To confirm any configuration changes and enact them: |
| + | signal-event email-update |
| + | svc -t /service/qpsmtpd |
| + | |
| + | '''More Information''' |
| + | |
| + | Introduction to Antispam Practices - [http://www.howtoforge.com/introduction_antispam_practices| here] |
| + | |
| + | Here is another great [http://mirror.contribs.org/smeserver//contribs/rmitchell/smeserver/howto/Spam%20blocking%20HOWTO%20using%20qpsmtpd%20&%20RBL%20for%20sme%20server.htm] howto. |
| + | |
| + | Informative URLs: |
| + | * http://forums.contribs.org/index.php?topic=35178.0 |
| + | * http://forums.contribs.org/index.php?topic=31278.0 |
| + | * http://forums.contribs.org/index.php?topic=31279.0 |
| + | * http://forums.contribs.org/index.php?topic=32158.0 |
| + | * http://mirror.contribs.org/smeserver/contribs/michaelw/sme7/ |
| + | * http://mirror.contribs.org/smeserver/contribs/bread/mailstats/ |
| + | * http://wiki.apache.org/spamassassin/BayesInSpamAssassin |
| + | * Enter this command at a console: |
| + | perldoc Mail::SpamAssassin::Conf |
| + | Last Updated ( Thursday, 21 June 2007 ) |
| | | |
| ===Email Clients=== | | ===Email Clients=== |
Line 515: |
Line 723: |
| signal-event email-update | | signal-event email-update |
| | | |
− | ====Setup Blacklists & Bayesian Autolearning====
| |
− |
| |
− | (Much of what follows has been shamelessly copied from the Sonoracomm howto)
| |
− |
| |
− | The default SME settings (as you can see above) do not include DNSBL filtering, spam rejection, or (which is not obvious from the above) bayesian filtering in spamassassin to allow spamassassin to learn from received email and improve over time.
| |
− |
| |
− | The following command will enable the default blacklists, enable the bayesian learning filter and set
| |
− | thresholds for the bayesian filter.
| |
− |
| |
− | config setprop spamassassin UseBayes 1
| |
− | config setprop spamassassin BayesAutoLearnThresholdSpam 4.00
| |
− | config setprop spamassassin BayesAutoLearnThresholdNonspam 0.10
| |
− | sa-learn --sync --dbpath /var/spool/spamd/.spamassassin -u spamd
| |
− | chown spamd.spamd /var/spool/spamd/.spamassassin/bayes_*
| |
− | chown spamd.spamd /var/spool/spamd/.spamassassin/bayes.mutex
| |
− | chmod 640 /var/spool/spamd/.spamassassin/bayes_*
| |
− | config setprop qpsmtpd DNSBL enabled
| |
− | config setprop qpsmtpd RHSBL enabled
| |
− | config setprop spamassassin status enabled
| |
− | config setprop spamassassin RejectLevel 12
| |
− | config setprop spamassassin TagLevel 4
| |
− | config setprop spamassassin Sensitivity custom
| |
− | signal-event email-update
| |
− |
| |
− | These commands will:
| |
− | * enable spamassassin
| |
− | * configure spamassassin to reject any email with a score above 12
| |
− | * tag spam scored between 4 and 12 in the email header
| |
− | * enable bayesian filter
| |
− | * 'autolearn' as SPAM any email with a score above 4.00
| |
− | * 'autolearn' as HAM any email with a score below 0.10
| |
− | * enable RHSBL using the default SBLList. Note that rhsbl checking has been known to place a heavy burden on SME servers.
| |
− | * enable DNSBL using the default RBLList
| |
− |
| |
− | ====The entire Sonoracomm howto from Google's text cache====
| |
− | In situ: http://www.sonoracomm.com/index.php?option=com_content&task=view&id=49&Itemid=32
| |
− |
| |
− | The Sonoracomm Howto has been a very well regarded set of instructions for quite a while now. An older version is included here in case you have trouble with the link above.
| |
− |
| |
− | These instructions are aimed mostly at configuring SME as the only mail server, not for using SME with an internal mail server.
| |
− |
| |
− | Specifically, LearnAsSpam.pl is harder to configure when using an internal mail server - you would have to develop a method for getting the unmarked SPAM into an IMAP folder directly on the SME server itself. Not impossible, but difficult!
| |
− |
| |
− | '''SONORA COMMUNICATIONS, INC.'''
| |
− | This is a quick configuration howto, not an in-depth look at SpamAssassin. Much more can be done
| |
− | beyond this document, but this will take a big dent out of your spam and free up CPU cycles on your server.
| |
− |
| |
− | See 'More Information' at the end.
| |
− |
| |
− | '''SpamAssassin'''
| |
− |
| |
− | The following command will enable the default blacklists, enable the bayesian learning filter and set thresholds for the bayesian filter.
| |
− | <nowiki>rpm -Uvh \
| |
− | http://mirror.contribs.org/smeserver/contribs/\
| |
− | michaelw/sme7/smeserver-spamassassin-features-0.0.2-0.noarch.rpm</nowiki>
| |
− |
| |
− | This command will install the FuzzyOCR SA plugin designed to catch those nasty image-based spam messages.
| |
− | yum -y --enablerepo=smeupdates-testing install FuzzyOcr
| |
− |
| |
− | '''Server-Manager'''
| |
− |
| |
− | Using the Server-Manager Configuration/E-Mail panel, adjust the settings to these reasonable
| |
− | * Virus scanning Enabled
| |
− | * Spam filtering Enabled
| |
− | * Spam sensitivity Custom
| |
− | * Custom spam tagging level 4
| |
− | * Custom spam rejection level 12
| |
− | * Sort spam into junkmail folder Enabled
| |
− | * Modify subject of spam messages Enabled
| |
− |
| |
− | It is also recommend blocking all executable content. To do so, select (highlight) all of the attachment types other than zip files (the last two).
| |
− |
| |
− | Click Save.
| |
− |
| |
− | '''How It Works'''
| |
− |
| |
− | When receiving an incoming message, the server first tests for RBL and DNSBL listings, if enabled. If the sender is blacklisted, the messages are blocked outright and Spamassassin never sees it.
| |
− |
| |
− | With this configuration, the spammiest messages, those marked as 12 or above, will be rejected at the SMTP level. Those spam messages marked between 4 and 12, will be routed to the users' (IMAP) junkmail folder. This is done so the users can check for false-positives...valid messages that were classified as spam by SpamAssassin.
| |
− |
| |
− | Users may check their junkmail folders for false-positives via webmail, or, if they are using an IMAP mail client, by simply checking the junkmail folder exposed by their mail client.
| |
− |
| |
− | https://servername/webmail
| |
− |
| |
− | '''Tweaking'''
| |
− |
| |
− | The server will automatically delete old spam in the junkmail folders after 90 days. You can control the number of days old spam is kept with the following commands. Where 15 is the number of days you want to keep messages, do...
| |
− |
| |
− | db configuration setprop spamassassin MessageRetentionTime 15
| |
− | signal-event email-update
| |
− | svc -t /service/qpsmtpd
| |
− |
| |
− | then
| |
| | | |
− | config show spamassassin
| |
− |
| |
− | If you think you are losing misclassified mail, adjust the ''Custom spam rejection level'' higher.
| |
− |
| |
− | If too much spam is making through to your inbox, carefully adjust the 'Custom spam tagging level' down. Many people use the level 4. Anything below that may result in false-positives. YMMV.
| |
− |
| |
− | If too much spam is building up in your (IMAP) junkmail folder, adjust the 'Custom spam rejection level' down or change the number of days spam is kept in the junkmail folder before being automatically deleted by the server.
| |
− |
| |
− | '''Bayesian (Learning) Filter'''
| |
− |
| |
− | Install the LearnAsSpam.pl, (optional) mailstats and sa-update scripts, then configure nightly cron jobs like this:
| |
− | <nowiki>cd /usr/bin
| |
− | wget http://mirror.contribs.org/smeserver/\
| |
− | contribs//bread/mailstats/LearnAsSpam.pl
| |
− | wget http://mirror.contribs.org/smeserver/\
| |
− | contribs//bread/mailstats/spamfilter-stats-7.pl
| |
− | cd /etc/cron.d
| |
− | wget http://mirror.contribs.org/smeserver/\
| |
− | contribs//bread/mailstats/LearnAsSpam.cron
| |
− | wget http://mirror.contribs.org/smeserver/\
| |
− | contribs//bread/mailstats/mailstats.cron
| |
− | cd /etc/cron.daily
| |
− | wget http://mirror.contribs.org/smeserver/\
| |
− | contribs//bread/mailstats/sa-update
| |
− | chmod +x sa-update
| |
− | /etc/rc.d/init.d/crond restart</nowiki>
| |
− |
| |
− | Using an IMAP mail client, create a new folder called 'LearnAsSpam' (case sensitive). It can be created at the top level (like 'Inbox') or as a sub-folder. Create the folder for each user that will help train the Bayesian filter. Webmail will work fine for creating this folder, as well as for checking the junkmail (filtered mail or quarantine) folder.
| |
− |
| |
− | If any spam messages make it past the filter and into your inbox, just move them into the LearnAsSpam folder. A nightly cron job will process them and delete them for you. This is how you train the Bayesian filter.
| |
− |
| |
− | '''Testing'''
| |
− |
| |
− | You can check the auto-learning statistics with this command. You will be able to note the accumulation of the spam tokens (or not). Note that the Bayesian filtering must receive 200 spam messages before it starts to function, so don't expect instantaneous results.
| |
− | sa-learn --dump magic
| |
− |
| |
− | You can check the spam filter log with this command:
| |
− | tail -50 /var/log/spamd/current | tai64nlocal
| |
− |
| |
− | If you ever see an error such as:
| |
− | ''warn: bayes: cannot open bayes databases /etc/mail/spamassassin/bayes_* R/W: tie failed: Permission denied''
| |
− | Try adjusting some permissions with these commands:
| |
− | chown :spamd /var/spool/spamd/.spamassassin/*
| |
− | chmod g+rw /var/spool/spamd/.spamassassin/*
| |
− |
| |
− | '''Whitelist and Blacklist'''
| |
− |
| |
− | If mail comes in and it is misclassified as spam, you can add the sender to the whitelist so that future messages coming in from that sender are not filtered.
| |
− |
| |
− | Conversely, you can add a spammer to the blacklist so you never see their spam again.
| |
− |
| |
− | Add senders (or their entire domains) to the global whitelist (or blacklist) with commands similar to these (as root):
| |
− | db spamassassin setprop wbl.global *@vonage.com White
| |
− | db spamassassin setprop wbl.global *domain2.com White
| |
− | db spamassassin setprop wbl.global This e-mail address is being protected from spam bots, you need JavaScript enabled to view it White
| |
− | db spamassassin setprop wbl.global This e-mail address is being protected from spam bots, you need JavaScript enabled to view it Black
| |
− | expand-template /etc/mail/spamassassin/local.cf
| |
− | svc -t /service/spamd
| |
− |
| |
− | You can view the lists with this command:
| |
− | db spamassassin show
| |
− |
| |
− | '''Clam Antivirus'''
| |
− |
| |
− | Update and check your Clam Antivirus with this command. This is normally done automatically every hour via cron.
| |
− | freshclam -v
| |
− |
| |
− | or
| |
− | freshclam --debug
| |
− |
| |
− | Verify hourly update checking by viewing the freshclam/current log file via the Server-Manager View Log Files panel.
| |
− |
| |
− | '''Realtime Blackhole Lists and DNS Blacklists'''
| |
− |
| |
− | To view the settings for the RBL and DNSBL, use this command:
| |
− | config show qpsmtpd
| |
− |
| |
− | If you followed the instructions above, both checks are enabled.
| |
− |
| |
− | To see the log of these tests, use a command like:
| |
− | tail /var/log/qpsmtpd/current | tai64nlocal
| |
− |
| |
− | To specify multiple RBLs, use a command like this:
| |
− | config setprop qpsmtpd RBLList \
| |
− | bl.spamcop.net,combined.njabl.org,dnsbl.ahbl.org,dnsbl-1.uceprotect.net,\
| |
− | list.dsbl.org,multihop.dsbl.org,psbl.surriel.com,zen.spamhaus.org
| |
− |
| |
− | Note: we have had trouble with the uceprotect.net level 2 list and sometimes remove it from the list as shown here.
| |
− |
| |
− | To enable or disable both available lists, use something like:
| |
− | config setprop qpsmtpd DNSBL enabled RHSBL enabled
| |
− |
| |
− | To confirm any configuration changes and enact them:
| |
− | signal-event email-update
| |
− | svc -t /service/qpsmtpd
| |
− |
| |
− | '''More Information'''
| |
− |
| |
− | Introduction to Antispam Practices - [http://www.howtoforge.com/introduction_antispam_practices| here]
| |
− |
| |
− | Here is another great [http://mirror.contribs.org/smeserver//contribs/rmitchell/smeserver/howto/Spam%20blocking%20HOWTO%20using%20qpsmtpd%20&%20RBL%20for%20sme%20server.htm] howto.
| |
− |
| |
− | Informative URLs:
| |
− | * http://forums.contribs.org/index.php?topic=35178.0
| |
− | * http://forums.contribs.org/index.php?topic=31278.0
| |
− | * http://forums.contribs.org/index.php?topic=31279.0
| |
− | * http://forums.contribs.org/index.php?topic=32158.0
| |
− | * http://mirror.contribs.org/smeserver/contribs/michaelw/sme7/
| |
− | * http://mirror.contribs.org/smeserver/contribs/bread/mailstats/
| |
− | * http://wiki.apache.org/spamassassin/BayesInSpamAssassin
| |
− | * Enter this command at a console:
| |
− | perldoc Mail::SpamAssassin::Conf
| |
− | Last Updated ( Thursday, 21 June 2007 )
| |
| | | |
| <noinclude>[[Category:Howto]]</noinclude> | | <noinclude>[[Category:Howto]]</noinclude> |