Postfix Anti-Spam Tips and Tricks

July 19, 2005 — osblues

This seems like a pretty comprehensive guide for configuring the various parts of Postfix that can help the fight against spam.

Security Sage Postfix Anti-Spam Guide

This one is very useful too –

Postfix Anti-UCE Cheat Sheet

Enjoy 🙂

Posted in Spam. Leave a Comment »

DSPAM localStore CGI Hack

July 18, 2005 — osblues

As mentioned in my previous DSPAM post, I replaced the horrible symlinks necessary to get the CGI working when following the appliance instructions (localStore pref) with a CGI hack, which appeared to do the trick. After trying to setup a new user on the appliance I noticed that this hack only seems to work for users who are admins (appear in the admins text file) and for the life of me I couldn’t figure out why this was. After much more hair pulling I decided to see if a ‘better’ fix had been applied in the latest development version of DSPAM and luckily for me one has! It’s very simple to apply the bits that need changing for this, I would provide a patch but I’m not really sure how to do that 😉 So here goes in kinda patch notation –

Block 1
use Time::Local;
use vars qw { %CONFIG %DATA %FORM $MAILBOX $CURRENT_USER $USER $TMPFILE};
+use vars qw { $CURRENT_STORE };
require "ctime.pl";

Block 2
$CONFIG{'DSPAM_ARGS'} =~ s/%CURRENT_USER%/$CURRENT_USER/g;

+# Current Store
+do {
+ my(%PREF) = GetPrefs($CURRENT_USER);
+ $CURRENT_STORE = $PREF{"localStore"};
+ if ($CURRENT_STORE eq "") { $CURRENT_STORE = $CURRENT_USER; }
+};

-$USER = GetPath($CURRENT_USER);
+$USER = GetPath($CURRENT_STORE);
$MAILBOX = $USER . ".mbox";
$TMPFILE = $USER . ".tmp";

Block 3
_END
close(FILE);
}
}

- if ($CONFIG{'PREFERENCES_EXTENSION'} == 1) {
- open(PIPE, "$CONFIG{'DSPAM_BIN'}/dspam_admin l pref " . quotemeta($username) . "|");
- while() {
- chomp;
- my($directive, $value) = split(/\=/);
- $PREFS{$directive} = $value;
- }
- close(PIPE);
- }
-
- if (keys(%PREFS) eq "0" || $CONFIG{'PREFERENCES_EXTENSION'} != 1) {
- if (! -e $FILE) {
- $FILE = "./default.prefs";
- }
-
- if (! -e $FILE) {
- &error("Unable to load default preferences");
- }
-
- open(FILE, "< $FILE");
- while() {
- chomp;
- my($directive, $value) = split(/\=/);
- $PREFS{$directive} = $value;
- }
- close(FILE);
- }

+ %PREFS = GetPrefs();

$DATA{"SEDATION_$PREFS{'statisticalSedation'}"} = "CHECKED";
$DATA{"S_".$PREFS{'trainingMode'}} = "CHECKED";

Block 4
&error("Unable to determine filesystem scale");
}

+sub GetPrefs {
+ my(%PREFS);
+
+ my($FILE) = "$USER.prefs";
+
+ if ($CONFIG{'PREFERENCES_EXTENSION'} == 1) {
+ open(PIPE, "$CONFIG{'DSPAM_BIN'}/dspam_admin l pref " . quotemeta($CURRENT_USER) . "|");
+ while() {
+ chomp;
+ my($directive, $value) = split(/\=/);
+ $PREFS{$directive} = $value;
+ }
+ close(PIPE);
+ }
+
+ if (keys(%PREFS) eq "0" || $CONFIG{'PREFERENCES_EXTENSION'} != 1) {
+ if (! -e $FILE) {
+ $FILE = "./default.prefs";
+ }
+
+ if (! -e $FILE) {
+ &error("Unable to load default preferences");
+ }
+
+ open(FILE, "< $FILE");
+ while() {
+ chomp;
+ my($directive, $value) = split(/\=/);
+ $PREFS{$directive} = $value;
+ }
+ close(FILE);
+ }
+
+ return %PREFS
+}

That seemed to do the trick for me (YMMV).. Basically in each block above, find the first bit and then straight after that add or remove lines as denoted by the +/- symbols.

Posted in Spam. Leave a Comment »

DSPAM – after a few days

July 4, 2005 — osblues

I’ve had DSPAM up and running as a test on domains I use for personal mail now for nearly a week. I’m pretty impressed with the CGI interface and how easy it is to use from that respect. As for accuracy, I’m a little annoyed that it took a few days to even start to get any real accuracy but I have the feeling that may have been my fault! I automatically turned on Bayesian Noise Reduction from the CGI interface as it thought that sounded good, only to find out your not supposed to use it until you are getting 95-99% accuracy! I’m not sure whether turning that off or just letting it see a bit more mail has pushed it’s accuracy in the right direction but it is better now. I’m sure it’ll take a bit longer for me to see any real accuracy, but I’ll keep you posted.

I had my first false positive caught in DSPAM over the weekend and have been tearing my hair out over the last couple of days trying to work out why it wouldn’t deliver the mail when I corrected it as not spam. Basically I would clicked the ‘as innocent’ link in the history page only to be presented by this –

An Error Has Occured
The following error occured while trying to process your request:

sendmail: invalid option — d
sendmail: fatal: usage: sendmail [options]
2191: [7/2/2005 18:30:54] Delivery agent returned error, exit code: 64, command line: /usr/sbin/sendmail -d me@mydomain.com

For the life of me I couldn’t work out where the -d was coming from, finally I found the answer here which has now fixed it 🙂

I hope that one saves a few people a headache or two.

Oh, and the LMTP stuff appears to be working now.. not sure what I did to fix that though.

I’ve also got rid of the symlinks that I had to add to connect the virtual_uids with the login names. They were added to get various bits of the CGI interface to work, but this is a better fix, I actually just examined the patch and made the changes manually as the CGI has changed a bit since then.

Posted in Spam. Leave a Comment »

DSPAM Appliance HowTo (kinda)

June 28, 2005 — osblues

After much shouting and screaming, I finally got DSPAM up and running as an appliance (SMTP relay). I followed the step by step guide as mentioned in my previous post, but came across a few stumbling blocks along the way. By noting here what I did to get around them, I hope to reduce the amount hair-pulling required my others (and myself next time). I hope to get this written up as a proper howto, but for now it will be more of an amendments guide to the other guide.

Right, here we go 🙂

  1. After installing Postfix, you need to test that it’s starts correctly which mine didn’t. I realised that a default minimal install of FC4 installs sendmail and configures it to start. I, therefore simply used chkconfig to disable sendmail and Postfix was then able to start.
  2. I’m not using relay_recipients at all, I don’t think this is needed as the users are stored in the mysql table.
  3. I had to add all my domains to virtual_mailbox_domains (main.cf), the same ones that you put in transport. This actually throws up a warning in the maillog but it doesn’t seem to hurt.
  4. When creating the SSL certificate, the directories referred to weren’t present, so I had to create them (mkdir ssl.key, ssl.crt)
  5. I couldn’t get the first Perl GD module to compile without adding /usr/local/lib to /etc/ld.so.conf and running ldconfig -v
  6. See the appliance doc at doc/appliance.txt with the DSPAM distribution for details on creating the users in the mysql database
  7. Start DSPAM with dspam –daemon [–debug]
  8. In order for the CGI to find the correct logs etc for users you need to symlink things as noted here

Other than that, it pretty much works! I can’t get the forward spam to work though, I think LMTP is not configured correctly.

I hope this helps.

Posted in Spam. 2 Comments »

Building a DSPAM Relay (appliance)

June 25, 2005 — osblues

I am currently trying to build an anti-spam relay server running postfix and DSPAM. The only step by step guide I can find is on the DSPAM wiki (Dspam With Postfix Relay Step By Step) which is based around Fedora 2 or 3. I am using FC4 for my server and have all the components now install, I just need to configure them! The only problem I’ve had so far is that postfix wouldn’t start as a minimal install of FC4 includes sendmail. Once I’d disabled sendmail via chkconfig, postfix was able to start.

If anyone has any tips, suggestions or links to other howtos/guides on setting up DSPAM in this way, please let me know. When I do get everything working, I’ll post any suggestions I have and let you know how well it all works 🙂

Posted in Spam. 1 Comment »
« Older posts
Newer posts »