Skip to main content

Setting up Spam Detection System for mail server

For over a month, I did a research on how to install, configure and test spam detection system on mail server which i manage. Here's the quick step :

1. Install spamassassin from spamassassin.org. I use spamc and spamd and not the perl version. Advantage: faster for bz server.

2. Make this setting in /etc/mail/spamassassin/local.conf



# SpamAssassin user preferences file.
# See 'man Mail::SpamAssassin::Conf' for
# details of what can be tweaked.

# score needed to deem an email to be spam.
# the lower the score, the more likely the email
# will be classified as spam. default is 5, but
# I have found that 4 works a little bit better
required_hits 4

# if you find an email from an address classified
# as spam that should
# *never* be classified as spam, add it to the whitelist
whitelist_from *@mp3.com

# if you receive an email from an address that will
# always be spam, add it to the blacklist (comma separated)
blacklist_from big@boss.com

# Whitelist and blacklist addresses are now
# file-glob-style patterns, so
# "friend@somewhere.com", "*@isp.com",
# or "*.domain.net" will all work.

# append the subject line with "[SPAM]"
# if you do not want the subject line altered,
# just remove this line
subject_tag [SPAM]

3. Make sure procmail is installed. use 'which procmail' to know. if not, go to www.procmail.org to download and install.

4. Test for one user first. configure .procmailrc in one user home directory like this:


## Set to yes when debugging

VERBOSE=no


## Put '#' before LOGFILE if you want
# no logging (not recommended)
LOGFILE=procmaillog



:0fw: spamassassin.lock
/usr/bin/spamc

# The following three lines move messages tagged
# as spam to a folder called "spam-folder" If you
# want mail to stay in your inbox, just
# delete the lines

:0:
* ^X-Spam-Status: Yes
spam-folder



Update :
You could replace spam-folder with /dev/null if you want the spam mails to be automatically deleted as below (Not Recommended):

:0:
* ^X-Spam-Status: Yes
/dev/null


Note : The 3 last lines is important for automatic moving of spam mails to 'spam-folder'. Spam mails are marked [SPAM] in their subject and this mark is user-definable.

Ok. That's all there is to it. Test it for a month and hope that spam mails ever reach the spam-folder. :-) I bet they will.

Comments

Popular posts from this blog

mplayer-gui error : Error in skin config file

After installing mplayer-gui package, I can't start it.

$ gmplayer MPlayer 1.1-4.8 (C) 2000-2012 MPlayer Team mplayer: could not connect to socket mplayer: No such file or directory Failed to open LIRC support. You will not be able to use your remote control. Error in skin config file on line 6: PNG read error in /usr/share/mplayer/skins/default/main Config file processing error with skin 'default'
After googling a bit, I found out that it was due to the png files in dir /usr/share/mplayer/skins/default. This is the default skin directory. To fix this error, I have to install ImageMagick package because I want to use the convert program to convert all of the png files to format png24. Thus, cd /usr/share/mplayer/skins/default; for FILE in *.png ; do sudo convert $FILE -define png:format=png24 $FILE ; done
Rerun gmplayer and all should be fine.
Have fun!
UPDATE (02-10-2017)

It doesn't work on Ubuntu 16.04 (xenial) but there's a workaround here.

You can update your syst…

Transparent proxy with squid 2.6

I have upgraded my squid from 2.5 STABLE13 to 2.6 STABLE18. Transparent proxy is setup differently in this version. You need this directives in squid.conf (usually in /etc or /usr/local/etc or /usr/local/squid/etc, check with your distro).

acl our_networks src 192.168.2.0/24 127.0.0.1
http_access allow our_networks
http_port 192.168.2.1:3128 transparent
always_direct allow all

where 192.168.2.1 is your proxy server IP address.


If you have flushed your iptables, create new rule:

iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 80 -j REDIRECT –to-port 3128

where 3128 is the port where squid is running.
References:
http://www.deckle.co.za/squid-users-guide/Transparent_Caching/Proxy

postfix - mailbox size limit and message size limit

postfix is my MTA of choice. I use it for my mailserver because its simplicity , security and sendmail-compatible (the widely used smtp in the world but not as secure). It is also extensible by plugging other servers for various purposes (antispam, antivirus,database etc).

I had one problem with file attachment larger than 10MB. Users couldn't send it although I have setup squirrelmail (SM) to be able to attach files summed up more than 20MB and I had modified php settings as per here. The problem was not in SM setting. It was postfix. By default, attachment size that can be sent by postfix is 10MB ~ 10240000 byte. How did I know it? I looked in log file (for my system it is in /var/log/mail/errors. For other system, the file to look is /var/log/maillog). The line looked like this:

Feb 26 16:30:53 webmail postfix/sendmail[30775]: fatal: me@mymailserver.org(74): Message file too big


Solution
Open /etc/postfix/main.cf with a text editor of choice and find message_size_limit directive an…