Spam
Spamassassin
Set spamassassin for automatically delete junkmail. You can change the "days" that spamassassin sets to automatically delete junkmail, to delete after two months
db configuration setprop spamassassin MessageRetentionTime 60 signal-event email-update
The "Custom spam rejection level" will only work when "Spam sensitivity" is set to custom.
- Open server-manager.
- Click e-mail in the navigation pane (left-hand side).
- Click Change e-mail filtering settings.
- Change "Spam sensitivity" to custom and adjust the settings to your liking.
This happens because by default, no mail (except for viruses) gets rejected without the admin doing something first.
X-Spam-Level Header in Email Messages
SME does not create an X-Spam-Level header in processed email messages by default.
To enable this capability:
/usr/bin/yum install --enablerepo=smecontribs smeserver-qpsmtpd-spamassassinlevelstars signal-event email-update
(Based on Bugzilla:3505)
Custom Rule Scores
You can customize the score assigned by a specific Spamassassin rule (SARE_ADULT2 in this case) as follows:
mkdir -p /etc/e-smith/templates-custom/etc/mail/spamassassin/local.cf cd /etc/e-smith/templates-custom/etc/mail/spamassassin/local.cf echo "score SARE_ADULT2 20.000" >> 20localscores signal-event email-update
You can now add additional tests and custom scores by editing the newly-created template fragment 20localscores and adding new custom scores using:
pico -w /etc/e-smith/templates-custom/etc/mail/spamassassin/local.cf/20localscores signal-event email-update
Each custom score goes on its own line. If you enter a score surrounded by parentheses, the "custom" score will be added to the default score for the specified test (use score TEST_NAME (-1) to reduce the score for 'TEST_NAME' by 1)
You can remove these customizations using:
rm -f /etc/e-smith/templates-custom/etc/mail/spamassassin/local.cf/20localscores signal-event email-update
References:
- http://spamassassin.apache.org/full/3.1.x/dist/doc/Mail_SpamAssassin_Conf.html#scoring_options
- http://spamassassin.apache.org/tests_3_2_x.html
- http://www.rulesemporium.com/
Real-time Blackhole List (RBL)
Enabling RBL's
RBL's are disabled by default to allow maximum accommodation (your ISP may be on a RBL & you may not know it). You can enable RBL's by:
config setprop qpsmtpd DNSBL enabled RHSBL enabled signal-event email-update
You can see your RBL's by:
config show qpsmtpd
You can add to your RBL's by:
config setprop qpsmtpd RBLList <rbl-list-name> signal-event email-update
Many will argue what's best but most would agree that you can set best-practice recommended settings by:
config setprop qpsmtpd RBLList zen.spamhaus.org:whois.rfc-ignorant.org:dnsbl.njabl.org signal-event email-update
Note: More information on this topic can be found here: [1] [2]
Server Only
Some of the spam filter rules cannot work unless the SMESERVER knows the external IP of the box. If you put a SMESERVER in server-only mode behind other firewalls, it will lose some of the anti-spam rules. For example, the rule that blocks attempts where spammers try "HELO a.b.c.d" where a.b.c.d is your external IP address.
Unfortunately, many admins believe that port-forwarding SMTP provides additional security. It doesn't, it limits the SMESERVER's ability to apply some rules.
I want to enable GreyListing
GreyListing support is under the covers and can easily be enabled for those who know what they are doing. However, many experienced users found that they spent more time looking after the greylisting configuration than they received in benefit.
Email Clients
"concurrency limit reached" when using IMAP
Sometime shows as Thunderbird giving this error message, This Mail-server is not a imap4 mail-server
To workaround thunderbirds limitations change, this thunderbird setting to false
- Preferences, Advanced, Config editor (aka about:config): filter on tls.
- set security.enable_tls to false
You can also increase the ConcurrencyLimitPerIP and/or ConcurrencyLimit value for imap and/or imaps (secure)
config setprop imap ConcurrencyLimitPerIP 20 config setprop imaps ConcurrencyLimitPerIP 20 signal-event post-upgrade; signal-event reboot
check
config show imap tail -f /var/log/imap/current | tai64nlocal
More detail can be found here.
Mail server is not an IMAP4 mail server
This is a bug in Thunderbird, the previous tips may help
The Bat
The gives this error message, but they are wrong.
"This server uses TLS v3.0 which is considered to be obsolete and insecure.
The server must use TLS v3.1 or above."
Outlook/Outlook Express give error 10060/0x800CCC90
Most likely OUTLOOK (EXPRESS) isn't configured correctly.
-open OUTLOOK -click TOOLS > ACCOUNTS -click CHANGE (on the right-hand side) -find INCOMING MAIL SERVER & OUTGOING MAIL SERVER (on right-hand side) -type: mail.yourdomain.tld (in both places) -click MORE SETTINGS (on bottom-right) -click OUTGOING SERVER tab (at the top) -checkmark "MY OUTGOING SERVER REQUIRES AUTHENTICATION" -bullet "USE SAME SETTINGS AS INCOMING MAIL SERVER" -click ADVANCED tab (at the top) -find OUTGOING SERVER -checkmark "THIS SERVER REQUIRES A SECURE CONNECTION" (under outgoing server) -change 25 to 465 -[possibly required, secure IMAP is 993] -click OK > NEXT > FINISHED -you're finished, your email should work now
Outlook test message doesn't come through
You clicked the TEST ACCOUNT SETTINGS in OUTLOOK didn't you? This is a bug in OUTLOOK. The test message sends a test email with 'no Date header'. As the name suggests, this means a message without any date. Since the server doesn't accept mail with 'no Date header' (because it's required) the message is rejected. To test, send an actual message from OUTLOOK.
If you want, you can try THUNDERBIRD. It's like OUTLOOK but made by a different company. It's completely free and works very well at home and at the office.
I can't receive/send email from my application (ACT!, vTiger, MS Outlook, etc)
Most likely, this is a bug the application you're using and not a problem with the SMESERVER. The application sends an email with 'no Date header'. As the name suggests, this means a message without any date. Since the server doesn't accept mail with 'no Date header' (because it's required) the message is rejected.
As a workaround you can disable the check for the 'Date header'. To disable this check on the internal interface:
mkdir -p /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/local cd /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/local echo "# 17check_basicheaders disabled by custom template" > \ 17check_basicheaders signal-event email-update
To disable this check for the external interface:
mkdir -p /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/0 cd /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/0 echo "# 17check_basicheaders disabled by custom template" > \ 17check_basicheaders signal-event email-update
After I upgrade my SME Server, my email folders have disappeared when using IMAP
After upgrade, if there are missing IMAP folders, the client may need to re-subscribe to folders. This may affect either webmail users or users who use an IMAP email client.
Entourage: Using SME's Self-Signed Certificate for SSL Connections from Entourage on OS X 10.4
The main problem here is that Microsoft has decided that Entourage will only support trusted, PEM Base-64 Encoded certificates. To use IMAPS or SMTPS from Entourage with your SME server, you will need to:
1. Login to your Mac as a user with administrative privileges 2. Open Safari and browse to https://smeserver/server-manager. When you receive the warning about your certificate: - click on "Show Certificate" - click and drag the gold-rimmed image of a certificate to your desktop. You will now have myserver.mydomain.tld.cer on your desktop. 3. Locate and open the Microsoft Cert Manager - "Import" the certificate you downloaded in step 2. 4. Highlight the imported certificate and "Export" it. - Select the "PEM..." format - add "pem." to the beginning of the filename - export it to your Desktop 5. Double-click on the new pem.myserver.mydomain.tld.cer - Apple's Keychain Access application will open. - Select the X509Anchors Keychain and click "OK" 6. While still in Apple's Keychain Access, select the "Certificates" category - Drag pem.myserver.mydomain.tld.cer into the certificates window.
You should now be able to connect to your SME from your Entourage using IMAPS.
If you are accessing your SME server using a different name than the one encoded in the certificate you will still receive a security warning from Entourage, but "OK" will now grant access to your folders.
Notes:
- Procedure mostly taken from http://www.kerio.com/manual/kmsug/en/ch09s06.html
- I still get various other IMAP errors due, I suspect, to the "concurrency limit reached" issue.
- Click on "Show Keychains" in Apple's "Keychain Access" if you need to delete a certificate and try again.
Server Settings
Double bounce messages
To stop admin receiving double bounce messages
config setprop qmail DoubleBounceTo someoneuser signal-event email-update
Or just delete them. You risk losing legitimate double bounces (which are rare, but you want to look at them when they do occur)
config setprop qmail DoubleBounceTo devnull signal-event email-update
see a longer explaination here
Keep a copy of all emails
You may need to keep a copy of all emails sent to or from your email server. This may be for legal, or other reasons.
The following instructions will create a new user account (maillog) and forward every email that goes through your SME server to it.
First, log onto the server-manager and create the user maillog
Go to the SME Command Line (logon as root) and issue the following commands:
config setprop qpsmtpd Bcc enabled signal-event email-update
Optionally make the forwarding of the emails invisible to the end user. Without it, there will be an X-Copied-To: header in each email. Run this command before the signal-event
config setprop qpsmtpd BccMode bcc
If you want to view the emails, point your email client at the SME and log on as maillog.
Set max email size
Restrict the size of email messages that can pass through your mail server
config setprop qmail MaxMessageSize x signal-event email-update
where x is in bytes, eg 6000000 = 6 MB
add the admin user as an administrator for Horde
config setprop horde Administration enabled signal-event email-update
Disable mail to a user from an external network
Can be either a user, pseudonym or group
db accounts setprop groupname/username Visible internal signal-event email-update
I can't receive mail at: user@mail.domain.tld
Add mail.domain.tld as a virtualdomain.
-login to SERVER-MANAGER -click DOMAINS (on the left) -click ADD -type: mail.domain.tld
How do I find out who is logged into webmail and what IP number.
This is logged is in /var/log/messages.
How do I enable smtp authentication for users on the internal network.
mkdir -p /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/local cd /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/local cp /etc/e-smith/templates/var/service/qpsmtpd/config/peers/0/05auth_cvm_unix_local . signal-event email-update
(note the "." at the end of the 3rd line)
Authentication for the local network will now follow the setting of config::qpsmtpd::Authentication
How do I disable SMTP relay for unauthenticated LAN clients
http://forums.contribs.org/index.php?topic=38797.msg176490#msg176490
- Enable smtp authentication as shown above
- Disable un-authenticated smtp relay for the local network(s)using:
mkdir -p /etc/e-smith/templates-custom/var/service/qpsmtpd/config/relayclients echo "# SMTP Relay from local network denied by custom template" >\ /etc/e-smith/templates-custom/var/service/qpsmtpd/config/relayclients/80relayFromLocalNetwork signal-event email-update
- Configure your email clients to use smtps with authentication:
- change outgoing smtp port to 465 and select SSL
- enable Authentication against the outgoing mail server
Internet provider's port 25 is blocked: How to set an alternative port for the SMTP server
If your provider is blocking smtp port 25 on your internet connection but your hosting provider is offering an alternative port (or when using some relay service) you can simply set this alternative port by adding it to the 'Address of Internet provider's mail server' value in the 'E-mail delivery settings' screen of the server-manager like this:
<internet providers mail server name or ip-address>:<alternative port>
For example: mail.mydomain.com:587
How do I enable and configure a disclaimer in email messages
A disclaimer message can be added to the footer of all outgoing email messages.
The message can be the same for all domains or it can be different for all domains.
This functionality is part of sme7.2 release so make sure you have upgraded before doing this.
To create a general disclaimer for all domains on your sme server
config setprop smtpd disclaimer enabled pico -w /service/qpsmtpd/config/disclaimer
Enter the required disclaimer text
To save & exit
Ctrl o Ctrl x
To make the changes take effect
signal-event email-update
To create domain specific disclaimers, create seperate domain based disclaimer text files
Delete the general (all domains) disclaimer file if you have already created it
rm /service/qpsmtpd/config/disclaimer config setprop smtpd disclaimer enabled pico -w /service/qpsmtpd/config/disclaimer_domain1.com.au pico -w /service/qpsmtpd/config/disclaimer_domain2.com pico -w /service/qpsmtpd/config/disclaimer_domain3.org
Enter the required text in each disclaimer file
To save & exit
Ctrl o Ctrl x
After making any changes remember to do
signal-event email-update
Note if you only wish to have a disclaimer for some domains, then only create a disclaimer text file for those domains
Note also the criteria for when a disclaimer is attached
(see http://bugs.contribs.org/show_bug.cgi?id=2648)
eg a disclaimer is added to internal to external messages but not internal to internal messages.
There are also various switches that can be applied
(see http://bugs.contribs.org/show_bug.cgi?id=2648).
To disable the disclaimer function for all domains on your sme server
config setprop smtpd disclaimer disabled signal-event email-update
External Access
Allow external IMAP mail access
There was a deliberate decision to remove non-SSL protected username/password services from the external interface.
to allow unsecure IMAP access
config setprop imap access public signal-event email-update
But before you do this try to use secure IMAP
fixme: explain how
POP3 & webmail HTTP
I want to set my SMESERVER to allow POP3 (or webmail HTTP) but it's not an option, I only see POP3S (or webmail HTTPS).
The SMESERVER is secure by design. POP3 (or webmail HTTP) is viewed as inadequate security and removed as an option from a standard installation to encourage unknowing administrators to select the 'best practice' option -a secure connection with POP3S, IMAPS, or HTTPS.
You can still set your SMESERVER to allow POP3 settings by:
config setprop pop3 access public signal-event email-update
Allow external pop3 access
Email settings > POP3 server access in SME 7.1 server-manager allows only pop3s protocol for clients outside the LAN. Some email clients (eg The Bat! v3.98.4) won't allow pop3s connections to SME 7.1 because of ssl version conflict. Until this is sorted out, a workaround is to hack SME to allow regular pop3 on the external interface using the following commands.
config setprop pop3 access public signal-event email-update svc -t /service/pop3s
more information bugzilla:2620
Imap
Folders with a dot in name
Email folder names that have a period ('.') in the folder name, will be split into sub-folders. e.g. folder name 'www.contribs.org' is created as
www
contribs
org
qpsmtpd
SME uses the qpsmtpd smtp daemon.
Official Description
qpsmtpd is a flexible smtpd daemon written in Perl. Apart from the core SMTP features, all functionality is implemented in small "extension plugins" using the easy to use object oriented plugin API.
qpsmtpd was originally written as a drop-in qmail-smtpd replacement, but now it also includes smtp forward, postfix, exim and maildir "backends".
qpsmtpd wiki: http://wiki.qpsmtpd.org
Default Plugin Configuration
SME uses the following qpsmtpd plugins to evaluate each incoming email.
SME maintains 2 distinct configurations: one for the 'local' networks (as defined in server-manager::Security::Local networks) and another for 'remote' networks (everyone else).
The default configuration of each plugin is indicated in the 'Default Status' column.
| Plugin | Purpose | Default Status |
|---|---|---|
| hosts_allow | Prohibit more than "InstancesPerIP" connections from any single host (change with 'config setprop smtp InstancesPerIP'). Allow or deny connections according to the contents of /var/service/qpsmtpd/config/hosts_allow. See hosts_allow SVN code for more details. | upcoming |
| peers | Allow different plugin configuration based on the sending computer's IP address. By default SME maintains different configurations for the local networks (in /var/service/qpsmtpd/config/peers/local) and for everyone else (in /var/service/qpsmtpd/config/peers/0) | enabled |
| logging/logterse | Allow greater logging detail using smaller log files | enabled |
| auth/auth_cvm_unix_local | Allow authenticated smtp relay | enabled (remote) disabled (local) |
| check_earlytalker | reject email from servers that talk out of turn | enabled (remote) disabled (local) |
| count_unrecognized_commands | reject email from servers that issue X invalid commands | enabled (remote) disabled (local) |
| bcc | bcc all email to a specific address for archiving | disabled |
| check_relay | Check to see if relaying is allowed (in case the recipient is not listed in one of SME's local domains) | enabled |
| check_norelay | Check to see if the sending server is specifically forbidden to relay through us. | enabled |
| require_resolvable_fromhost | Check that the domain listed in the sender's email address is resolvable | enabled (remote) disabled (local) |
| check_basicheaders | reject email that lacks either a From: or Date: header | enabled |
| rhsbl | Reject email if the sender's email domain has a reputation for disregarding smtp RFCs. | disabled (always disabled for local connections) |
| dnsbl | Reject email from hosts listed in your configured dnsbl servers | disabled |
| check_badmailfrom | Reject email where the sender address is listed in /var/service/qpsmtpd/config/badmailfrom | enabled |
| check_badrcptto_patterns | Reject email addressed to any address matching an expression listed in /var/service/qpsmtpd/config/badrcptto_patterns | enabled |
| check_badrcptto | Reject email addressed to any address listed in /var/service/qpsmtpd/config/badrcptto | enabled |
| check_spamhelo | Reject email from hosts that say 'helo ...' using a value in /var/service/qpsmtpd/config/badhelo | enabled |
| check_smtp_forward | If config show DelegateMailServer or db domains show <domainname> MailServer is set (telling SME to deliver email for all domains or just <domainname> to another server), check_smtp_forward will connect to the specified server and will reject the message outright if the internal mail server would also reject it. | disabled unless an internal mail server is configured. |
| check_goodrcptto | Accept email only if the recipient address matches an entry in /var/service/qpsmtpd/config/goodrcptto. For domains that are configured to use an internal mail server, the entire domain name will be added to .../goodrcptto. | enabled |
| rcpt_ok | Return 'OK' if none of the other host checks has returned 'DENY' (??) | enabled |
| pattern_filter | Reject email according to content patterns (??) | disabled |
| tnef2mime | Convert MS TNEF (winmail.dat) and uuencoded attachments to MIME | enabled |
| disclaimer | Add a configurable disclaimer to email messages | disabled |
| spamassassin | Check email using spamassassin, and optionally reject it completely if the score exceeds a configurable value. | disabled (always disabled for local connections) |
| virus/clamav | Scan incoming email with ClamAV | enabled |
| queue/qmail-queue | Deliver the incoming message to qmail for delivery. | enabled |
Internal Mail Servers
SME can be configured as a spam and antivirus filter for one or more "Internal" mail servers on a domain-by-domain basis. The mail server specified does not have to be on the same local network as your SME server.
Deliver ALL email to a single internal mail server
You can deliver all email for all domains on your SME server to a single internal mail server by setting the mail server address in server-manager::Configuration::E-mail::Change e-mail delivery settings::Address of internal mail server.
Deliver email for one domain to an internal mail server
You can also configure only a single domain to use an internal mail server, or you can configure different domains to use different internal mail servers.
First, create the necessary virtual domains using server-manager::Configuration::Domains::Add Domain.
Then, (assuming your domain is called test.com and the actual mail server is at a.b.c.d issue the following commands:
db domains setprop test.com MailServer a.b.c.d signal-event email-update
Setup Blacklists & Bayesian Autolearning
(Much of what follows has been shamelessly copied from the Sonoracomm howto)
The default SME settings (as you can see above) do not include DNSBL filtering, spam rejection, or (which is not obvious from the above) bayesian filtering in spamassassin to allow spamassassin to learn from received email and improve over time.
The following command will enable the default blacklists, enable the bayesian learning filter and set thresholds for the bayesian filter.
config setprop spamassassin UseBayes 1 config setprop spamassassin BayesAutoLearnThresholdSpam 4.00 config setprop spamassassin BayesAutoLearnThresholdNonspam 0.10 sa-learn --sync --dbpath /var/spool/spamd/.spamassassin -u spamd chown spamd.spamd /var/spool/spamd/.spamassassin/bayes_* chown spamd.spamd /var/spool/spamd/.spamassassin/bayes.mutex chmod 640 /var/spool/spamd/.spamassassin/bayes_* config setprop qpsmtpd DNSBL enabled config setprop qpsmtpd RHSBL enabled config setprop spamassassin status enabled config setprop spamassassin RejectLevel 12 config setprop spamassassin TagLevel 4 config setprop spamassassin Sensitivity custom signal-event email-update
These commands will:
- enable spamassassin
- configure spamassassin to reject any email with a score above 12
- tag spam scored between 4 and 12 in the email header
- enable bayesian filter
- 'autolearn' as SPAM any email with a score above 4.00
- 'autolearn' as HAM any email with a score below 0.10
- enable RHSBL using the default SBLList. Note that rhsbl checking has been known to place a heavy burden on SME servers.
- enable DNSBL using the default RBLList
The entire Sonoracomm howto from Google's text cache
In situ: http://www.sonoracomm.com/index.php?option=com_content&task=view&id=49&Itemid=32
The Sonoracomm Howto has been a very well regarded set of instructions for quite a while now. An older version is included here in case you have trouble with the link above.
These instructions are aimed mostly at configuring SME as the only mail server, not for using SME with an internal mail server.
Specifically, LearnAsSpam.pl is harder to configure when using an internal mail server - you would have to develop a method for getting the unmarked SPAM into an IMAP folder directly on the SME server itself. Not impossible, but difficult!
SONORA COMMUNICATIONS, INC. This is a quick configuration howto, not an in-depth look at SpamAssassin. Much more can be done beyond this document, but this will take a big dent out of your spam and free up CPU cycles on your server.
See 'More Information' at the end.
SpamAssassin
The following command will enable the default blacklists, enable the bayesian learning filter and set thresholds for the bayesian filter.
rpm -Uvh \ http://mirror.contribs.org/smeserver/contribs/\ michaelw/sme7/smeserver-spamassassin-features-0.0.2-0.noarch.rpm
This command will install the FuzzyOCR SA plugin designed to catch those nasty image-based spam messages.
yum -y --enablerepo=smeupdates-testing install FuzzyOcr
Server-Manager
Using the Server-Manager Configuration/E-Mail panel, adjust the settings to these reasonable defaults.
* Virus scanning Enabled * Spam filtering Enabled * Spam sensitivity Custom * Custom spam tagging level 4 * Custom spam rejection level 12 * Sort spam into junkmail folder Enabled * Modify subject of spam messages Enabled
I would also recommend blocking all executable content. To do so, select (highlight) all of the attachment types other than zip files (the last two).
Click Save.
How It Works
When receiving an incoming message, the server first tests for RBL and DNSBL listings, if enabled. If the sender is blacklisted, the messages are blocked outright and Spamassassin never sees it.
With this configuration, the spammiest messages, those marked as 12 or above, will be rejected at the SMTP level. Those spam messages marked between 4 and 12, will be routed to the users' (IMAP) junkmail folder. This is done so the users can check for false-positives...valid messages that were classified as spam by SpamAssassin.
Users may check their junkmail folders for false-positives via webmail, or, if they are using an IMAP mail client, by simply checking the junkmail folder exposed by their mail client.
Tweaking
The server will automatically delete old spam in the junkmail folders after 90 days. You can control the number of days old spam is kept with the following commands. Where 15 is the number of days you want to keep messages, do...
db configuration setprop spamassassin MessageRetentionTime 15 signal-event email-update svc -t /service/qpsmtpd
then
config show spamassassin
If you think you are losing misclassified mail, adjust the Custom spam rejection level higher.
If too much spam is making through to your inbox, carefully adjust the 'Custom spam tagging level' down. Many people use the level 4. Anything below that may result in false-positives. YMMV.
If too much spam is building up in your (IMAP) junkmail folder, adjust the 'Custom spam rejection level' down or change the number of days spam is kept in the junkmail folder before being automatically deleted by the server.
Bayesian (Learning) Filter
Install the LearnAsSpam.pl, (optional) mailstats and sa-update scripts, then configure nightly cron jobs like this:
cd /usr/bin wget http://mirror.contribs.org/smeserver/\ contribs//bread/mailstats/LearnAsSpam.pl wget http://mirror.contribs.org/smeserver/\ contribs//bread/mailstats/spamfilter-stats-7.pl cd /etc/cron.d wget http://mirror.contribs.org/smeserver/\ contribs//bread/mailstats/LearnAsSpam.cron wget http://mirror.contribs.org/smeserver/\ contribs//bread/mailstats/mailstats.cron cd /etc/cron.daily wget http://mirror.contribs.org/smeserver/\ contribs//bread/mailstats/sa-update chmod +x sa-update /etc/rc.d/init.d/crond restart
Using an IMAP mail client, create a new folder called 'LearnAsSpam' (case sensitive). It can be created at the top level (like 'Inbox') or as a sub-folder. Create the folder for each user that will help train the Bayesian filter. Webmail will work fine for creating this folder, as well as for checking the junkmail (filtered mail or quarantine) folder.
If any spam messages make it past the filter and into your inbox, just move them into the LearnAsSpam folder. A nightly cron job will process them and delete them for you. This is how you train the Bayesian filter.
Testing
You can check the auto-learning statistics with this command. You will be able to note the accumulation of the spam tokens (or not). Note that the Bayesian filtering must receive 200 spam messages before it starts to function, so don't expect instantaneous results.
sa-learn --dump magic
You can check the spam filter log with this command:
tail -50 /var/log/spamd/current | tai64nlocal
If you ever see an error such as: warn: bayes: cannot open bayes databases /etc/mail/spamassassin/bayes_* R/W: tie failed: Permission denied Try adjusting some permissions with these commands:
chown :spamd /var/spool/spamd/.spamassassin/* chmod g+rw /var/spool/spamd/.spamassassin/*
Whitelist and Blacklist
If mail comes in and it is misclassified as spam, you can add the sender to the whitelist so that future messages coming in from that sender are not filtered.
Conversely, you can add a spammer to the blacklist so you never see their spam again.
Add senders (or their entire domains) to the global whitelist (or blacklist) with commands similar to these (as root):
db spamassassin setprop wbl.global *@vonage.com White db spamassassin setprop wbl.global *domain2.com White db spamassassin setprop wbl.global This e-mail address is being protected from spam bots, you need JavaScript enabled to view it White db spamassassin setprop wbl.global This e-mail address is being protected from spam bots, you need JavaScript enabled to view it Black expand-template /etc/mail/spamassassin/local.cf svc -t /service/spamd
You can view the lists with this command:
db spamassassin show
Clam Antivirus
Update and check your Clam Antivirus with this command. This is normally done automatically every hour via cron.
freshclam -v
or
freshclam --debug
Verify hourly update checking by viewing the freshclam/current log file via the Server-Manager View Log Files panel.
Realtime Blackhole Lists and DNS Blacklists
To view the settings for the RBL and DNSBL, use this command:
config show qpsmtpd
If you followed the instructions above, both checks are enabled.
To see the log of these tests, use a command like:
tail /var/log/qpsmtpd/current | tai64nlocal
To specify multiple RBLs, use a command like this:
config setprop qpsmtpd RBLList \ bl.spamcop.net,combined.njabl.org,dnsbl.ahbl.org,dnsbl-1.uceprotect.net,\ list.dsbl.org,multihop.dsbl.org,psbl.surriel.com,zen.spamhaus.org
Note: we have had trouble with the uceprotect.net level 2 list and sometimes remove it from the list as shown here.
To enable or disable both available lists, use something like:
config setprop qpsmtpd DNSBL enabled RHSBL enabled
To confirm any configuration changes and enact them:
signal-event email-update svc -t /service/qpsmtpd
More Information
Introduction to Antispam Practices - here
Here is another great [3] howto.
Informative URLs:
- http://forums.contribs.org/index.php?topic=35178.0
- http://forums.contribs.org/index.php?topic=31278.0
- http://forums.contribs.org/index.php?topic=31279.0
- http://forums.contribs.org/index.php?topic=32158.0
- http://mirror.contribs.org/smeserver/contribs/michaelw/sme7/
- http://mirror.contribs.org/smeserver/contribs/bread/mailstats/
- http://wiki.apache.org/spamassassin/BayesInSpamAssassin
- Enter this command at a console:
perldoc Mail::SpamAssassin::Conf
Last Updated ( Thursday, 21 June 2007 )