Kalinga's Community Support Forum

[kalinga]

here's the postfix + SpamAssassin with SPAM Quarantine

same as you did with the basic script here

1. Install SpamAssassin

if you need any help visit
http://spamassassin.apache.org/

add a user call spamfilter with out shell.

Code: Select all

adduser spamfilter -s /sbin/nologin


2. Setup Postfix

edit the master.cf

add the line

Code: Select all

spamfilter unix - n n - - pipe
  flags=Rq user=spamfilter argv=/usr/local/bin/spamfilter -f ${sender} -- ${recipient}



edit the SMTP as

Code: Select all


smtp      inet  n       -       n       -       -       smtpd
        -o content_filter=spamfilter:dummy


now create a file call

/usr/local/bin/spamfilter

eg

Code: Select all

vi /usr/local/bin/spamfilter

Code: Select all

# Kalinga Athulathmudali
# 2006-01-06
# Variables

SENDMAIL="/usr/sbin/sendmail.postfix -i"
EGREP=/bin/egrep

# Exit codes from <sysexits.h>

EX_UNAVAILABLE=69

# Number of *'s in X-Spam-level header needed to sideline message:
# (Eg. Score of 5.5 = "*****" )

SPAMLIMIT=5

# Clean up when done or when aborting.

trap "rm -f /var/tempfs/out.$$" 0 1 2 3 15

# Pipe message to spamc

cat | /usr/bin/spamc -u spamfilter > /var/tempfs/out.$$

if $EGREP -q "^X-Spam-Level: \*{$SPAMLIMIT,}" < /var/tempfs/out.$$

   then

## Change the Email address where you want your spam to get fwd to

   $SENDMAIL -f spamadmin@yourdomain.com spamtrap@yourdomain.com < /var/tempfs/out.$$

   else


     $SENDMAIL "$@" < /var/tempfs/out.$$

   fi

# Postfix returns the exit status of the Postfix sendmail command.

exit $?



now chnage the email address in script

your admin email address spamadmin@yourdomain.com
this is where your spam get fwd to spamtrap@yourdomain.com


now chnage the owner of the file to spamfilter

Code: Select all

chown spamfilter /usr/local/bin/spamfilter

now set permisson as

Code: Select all

chmod 755 /usr/local/bin/spamfilter

creat a dir call tempfs in var

Code: Select all

mkdir /var/tempfs

chnage the folder owner to spamfilter

Code: Select all

chown spamfilter:root /var/tempfs

reload postfix

Code: Select all

/etc/init.d/postfix reload

your done.

[bannerd]

Nice post kalinga, I have a question...I have postfix and spamd running great ATM. I have set up header_checks and tried reject subject lines with ***SPAM***.

After testing it...it doesn't work...is there away in the master.cf to have spamd inject the message back to postfix so it can read the subject line and reject it?

I know this isn't good to do...but I was planning to enable this feature on the weekends as this is the time we get hammered and real company email isn't active.

[kalinga]

hi,

this is not really postible with one postfix instace, and also what i think is the best would be to play with a script little more and delete the mails that get marked as spam.

or else u need to setup a 2nd MTA (postfix) running on the server and inject mail to that form first postfix instance and then use the header checks to delete the msg.

if you wish i can take a look and make the script to delete messages that has a 10 or more score to get deleted.

[monty]

In fact you can... That's what I'm using:

code for the file spamfilter:

Code: Select all

#!/bin/bash
        /usr/bin/spamassassin | /usr/sbin/sendmail -i "$@"
        exit $?


Add this line to your main.cf configuration:

Code: Select all

header_checks = regexp:/etc/postfix/header_checks


Then, create a file called "header_checks" in /etc/postfix, and add this line to the file:

Code: Select all

/^X-Spam-level: \*\*\*\*\*\*\*.*$/ DISCARD


reload postfix configuration... Now, you should see things like that in your maillog:

Code: Select all

Aug 22 18:36:16 mercury postfix/smtpd[5251]: EDF0034C007: client=xxxx.com[xx.xx.174.130]
Aug 22 18:36:17 mercury postfix/cleanup[5210]: EDF0034C007: message-id=<20060822163616.EDF0034C007@xxxx.xxx.com>
Aug 22 18:36:18 mercury postfix/qmgr[1809]: EDF0034C007: from=<mjxdifgfr@freeserve.co.uk>, size=28147, nrcpt=1 (queue active)
Aug 22 18:36:26 mercury postfix/pipe[5418]: EDF0034C007: to=<xxx@xxx.com>, relay=spamfilter, delay=10, status=sent (xxx@xxx.com)
Aug 22 18:36:26 mercury postfix/qmgr[1809]: EDF0034C007: removed
Aug 22 18:36:26 mercury postfix/pickup[5357]: E580934C003: uid=1001 from=<mjxdifgfr@freeserve.co.uk>
Aug 22 18:36:26 mercury postfix/cleanup[5485]: E580934C003: discard: header X-Spam-Level: ********************************************* from local; from=<mjxdifgfr@freeserve.co.uk> to=<xxx@xxx.com>


[bannerd]

Where does the first code above go?

[bannerd]

ahh master.cf

/^X-Spam-level: \*\*\*\*\*\*\*.*$/ DISCARD

This line, say I have the header ***SPAM*** I rewrite it like so,

/^X-Spam-level: ***SPAM***.*$/ DISCARD

?

[kalinga]

/^X-Spam-level: \*\*\*\*\*\*\*.*$/ DISCARD

This line, say I have the header ***SPAM*** I rewrite it like so,

/^X-Spam-level: ***SPAM***.*$/ DISCARD

no leave it as it is... its read the header that add by spamc to the header like let say the spam score is 10 it add 10 ********** so if you need to delete any mail that had a spam level of 5 then you need to set it up as

Code: Select all

/^X-Spam-level: \*\*\*\*\*.*$/ DISCARD

[kartagis]

Hello,

I created a user spamfilter without a shell and edited master.cf as you suggested, but postfix complained about user spamfilter not having a shell with the following error. What to do? Thanks in advance

Code: Select all

Dec 20 17:22:50 kunduz postfix/smtpd[31157]: connect from english-breakfast.cloud9.net[168.100.1.9]
Dec 20 17:22:51 kunduz postfix/smtpd[31157]: 0DA8A1829F: client=english-breakfast.cloud9.net[168.100.1.9]
Dec 20 17:22:51 kunduz postfix/cleanup[31101]: 0DA8A1829F: message-id=<45894D3A.8070206@schetterer.org>
Dec 20 17:22:51 kunduz postfix/qmgr[30778]: 0DA8A1829F: from=<owner-postfix-users@postfix.org>, size=4098, nrcpt=1 (queue active)
Dec 20 17:22:51 kunduz postfix/smtpd[31157]: disconnect from english-breakfast.cloud9.net[168.100.1.9]
Dec 20 17:22:51 kunduz spamd[7384]: spamd: connection from LOCALHOST [127.0.0.1] at port 4061
Dec 20 17:22:51 kunduz spamd[7384]: spamd: setuid to spamfilter succeeded
Dec 20 17:22:51 kunduz spamd[7384]: spamd: creating default_prefs: /home/spamfilter/.spamassassin/user_prefs
Dec 20 17:22:51 kunduz spamd[7384]: mkdir /home/spamfilter: Permission denied at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin.pm line 1530
Dec 20 17:22:51 kunduz spamd[7384]: config: cannot write to /home/spamfilter/.spamassassin/user_prefs: No such file or directory
Dec 20 17:22:51 kunduz spamd[7384]: spamd: failed to create readable default_prefs: /home/spamfilter/.spamassassin/user_prefs
Dec 20 17:22:51 kunduz spamd[7384]: mkdir /home/spamfilter: Permission denied at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin.pm line 1530
Dec 20 17:22:51 kunduz spamd[7384]: spamd: processing message <45894D3A.8070206@schetterer.org> for spamfilter:1007
Dec 20 17:22:52 kunduz named[4362]: unexpected RCODE (SERVFAIL) resolving '163.224.52.212.sbl-xbl.spamhaus.org/A/IN': 193.70.192.64#53
Dec 20 17:22:52 kunduz named[4362]: unexpected RCODE (SERVFAIL) resolving '50.224.52.212.sbl-xbl.spamhaus.org/A/IN': 193.70.192.64#53
Dec 20 17:22:55 kunduz spamd[7384]: mkdir /home/spamfilter: Permission denied at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin.pm line 1530
Dec 20 17:22:55 kunduz spamd[7384]: locker: safe_lock: cannot create tmp lockfile /home/spamfilter/.spamassassin/auto-whitelist.lock.kunduz.org.7384 for /home/spamfilter/.spamassassin/auto-whitelist.lock: No such file or directory
Dec 20 17:22:55 kunduz spamd[7384]: auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create tmp lockfile /home/spamfilter/.spamassassin/auto-whitelist.lock.kunduz.org.7384 for /home/spamfilter/.spamassassin/auto-whitelist.lock: No such file or directory
Dec 20 17:22:55 kunduz spamd[7384]: bayes: locker: safe_lock: cannot create tmp lockfile /home/spamfilter/.spamassassin/bayes.lock.kunduz.org.7384 for /home/spamfilter/.spamassassin/bayes.lock: No such file or directory
Dec 20 17:22:55 kunduz spamd[7384]: spamd: clean message (0.0/5.0) for spamfilter:1007 in 4.0 seconds, 4063 bytes.
Dec 20 17:22:55 kunduz spamd[7384]: spamd: result: . 0 - scantime=4.0,size=4063,user=spamfilter,uid=1007,required_score=5.0,rhost=LOCALHOST,raddr=127.0.0.1,rport=4061,mid=<45894D3A.8070206@schetterer.org>,autolearn=failed
Dec 20 17:22:55 kunduz spamd[7337]: prefork: child states: II
Dec 20 17:22:55 kunduz postfix/pickup[30777]: 7FC1DE9305: uid=1007 from=<owner-postfix-users@postfix.org>
Dec 20 17:22:55 kunduz postfix/cleanup[31101]: 7FC1DE9305: message-id=<45894D3A.8070206@schetterer.org>
Dec 20 17:22:55 kunduz postfix/pipe[31102]: 0DA8A1829F: to=<kartagis@kunduz.org>, relay=spamfilter, delay=4.5, delays=0.34/0/0/4.1, dsn=2.0.0, status=sent (delivered via spamfilter service)
Dec 20 17:22:55 kunduz postfix/qmgr[30778]: 0DA8A1829F: removed
Dec 20 17:22:55 kunduz postfix/qmgr[30778]: 7FC1DE9305: from=<owner-postfix-users@postfix.org>, size=4186, nrcpt=1 (queue active)
Dec 20 17:22:55 kunduz postfix/local[31163]: 7FC1DE9305: to=<kartagis@kunduz.org>, relay=local, delay=4.2, delays=4.1/0.02/0/0.03, dsn=2.0.0, status=sent (delivered to mailbox)
Dec 20 17:22:55 kunduz postfix/qmgr[30778]: 7FC1DE9305: removed


Sorry I pasted whole process.

[kalinga]

hi this is your spamassasing trying to find config files for user spamfilter, simple add a dir

first make sure the line

/usr/bin/spamc -u filter

is setuped as

/usr/bin/spamc -u spamfilter

in the code

/home/spamfilter & set the own of the dir spamfilter to user spamfilter.

this should fix the issue

also

Dec 20 17:22:52 kunduz named[4362]: unexpected RCODE (SERVFAIL) resolving '163.224.52.212.sbl-xbl.spamhaus.org/A/IN': 193.70.192.64#53

this is some thing wrong with your DNS, do the RBL checks with postfix and not with spamassassin (disable the spamassassins RBL checks) as it will help your do reduce the load on your server.



also your running auto-whitelist this is not a good ida

[esben_r]

Hi all,

I tried to follow the directions to sideline emails but for some strange reason emails which are not reported as spam do not get delivered. I have postfix and spamassassin up and running just fine but when I apply a more advanced script something goes wrong

Would really appreciate if you can give me any pointers as to what I am doing wrong - have been pulling my hair for a couple of days now.

The simple filter that works fine looks like this:
SENDMAIL="/usr/sbin/sendmail.postfix -i"
SPAMASSASSIN=/usr/bin/spamassassin

# Exit codes from <sysexits.h>
EX_TEMPFAIL=75
EX_UNAVAILABLE=69

cat | $SPAMASSASSIN -x | $SENDMAIL "$@" || \
{ echo Message content rejected; exit $EX_UNAVAILABLE; }

exit 0


The filter I am trying to use but doesn't work is like this:
SENDMAIL="/usr/sbin/sendmail.postfix -i"
SPAMASSASSIN=/usr/bin/spamassassin
EGREP=/bin/egrep

# Directory to put high score spam into:
# (NOTE: Create this directory and give it permissions for user 'filter' to access)
SIDELINE_DIR=/var/spool/spam

# Number of *'s in X-Spam-level header needed to sideline message:
# (Eg. Score of 5.5 = "*****" )
SPAMLIMIT_HIGH=8
SPAMLIMIT_LOW=5

export SPAMLIMIT_HIGH
export SPAMLIMIT_LOW

# Exit codes from <sysexits.h>
EX_TEMPFAIL=75
EX_UNAVAILABLE=69

cat | $SPAMASSASSIN -L -x > out.$$

if $EGREP -q "^X-Spam-Level: \*{$SPAMLIMIT_HIGH,}" < out.$$
then

# Delete the message
#rm -f out.$$

# test purpose
mv out.$$ /var/spool/spam

elif $EGREP -q "^X-Spam-Level: \*{$SPAMLIMIT_LOW,"} < out.$$
then

mv out.$$ $SIDELINE_DIR/`date +%Y-%m-%d_%R`-$$

else

# mv out.$$ /var/spool/filter
$SENDMAIL "$@" < out.$$

fi

exit $?


If I try from the shell to 'cat | email.txt filter -f test -- user' the email arrives just fine to the user and if I do the same with the GTUBE test email it will be sidelined/deleted as I want it to - however, if I try to send and email from my Google account it never arrives.

Any pointers will be greatly appriciated as I am loosing my hair!

Thanks

[kalinga]

hi,

what do you see on the postfix logs ?

Code: Select all


SENDMAIL="/usr/sbin/sendmail.postfix -i"
SPAMASSASSIN=/usr/bin/spamassassin
EGREP=/bin/egrep

# Directory to put high score spam into:
# (NOTE: Create this directory and give it permissions for user 'filter' to access)
SIDELINE_DIR=/var/spool/spam

# Number of *'s in X-Spam-level header needed to sideline message:
# (Eg. Score of 5.5 = "*****" )
SPAMLIMIT_HIGH=8
SPAMLIMIT_LOW=5

export SPAMLIMIT_HIGH
export SPAMLIMIT_LOW

# Exit codes from <sysexits.h>
EX_TEMPFAIL=75
EX_UNAVAILABLE=69

cat | $SPAMASSASSIN -L -x > /var/spool/spam/out.$$

if $EGREP -q "^X-Spam-Level: \*{$SPAMLIMIT_HIGH,}" < /var/spool/spam/out.$$

then

   # Delete the message
   rm -f /var/spool/spam/out.$$


elif $EGREP -q "^X-Spam-Level: \*{$SPAMLIMIT_LOW,"} < /var/spool/spam/out.$$

then

   mv /var/spool/spam/out.$$ $SIDELINE_DIR/`date +%Y-%m-%d_%R`-$$

else

   $SENDMAIL "$@" < /var/spool/spam/out.$$

fi

exit $?




try this, didnt test it tho, make sure what ever user your running the filter has access to /var/spool/spam (read & write)

[esben_r]

Hi Kalinga,

Thanks a million - don't know exactly what did the trick, but all I did was to copy the script you asked me to try and now it works just fine. Must have been a typo or perhaps the path you added to the out.$$

Anyhow thank you very much!

[kalinga]

it was the path

[pjv]

HI,

I've got this problem

Code: Select all

Aug  1 17:49:15 ### postfix/smtpd[15350]: connect from ns351592.ovh.net[91.121.74.118]
Aug  1 17:49:32 ###postfix/smtpd[15350]: BF2FC37A40: client=#####[???.???.???.???]
Aug  1 17:49:35 ### postfix/cleanup[15355]: BF2FC37A40: message-id=<20070801154932.BF2FC37A40@ns351592.ovh.net>
Aug  1 17:49:35 ### postfix/qmgr[15331]: BF2FC37A40: from=<p@truc.fr>, size=356, nrcpt=1 (queue active)
Aug  1 17:49:35 ### pipe[15357]: fatal: pipe_command: execvp /usr/local/bin/spamfilter: Not a directory
Aug  1 17:49:35 ### postfix/pipe[15356]: BF2FC37A40: to=<postmaster@test.fr>, relay=spamfilter, delay=11, delays=11/0/0/0.01, dsn=4.3.0, status=deferred (temporary failure. Command output: pipe: fatal: pipe_command: execvp /usr/local/bin/spamfilter: Not a directory )


Is someone knows how can i solve this problem ?

thanks

[kalinga]

do the following

Code: Select all

ll /usr/local/bin/spamfilter


is should show some thing like this

Code: Select all

-rwxr-xr-x  1 spamfilter root 747 Mar  8 20:54 /usr/local/bin/spamfilter


then

Code: Select all

ll /var/


it should show some thing like this

Code: Select all

drwxr-xr-x   2 spamfilter root     4096 Aug  2 08:16 tempfs


show me what you see.