SPAMASSASIN and relays

[TalentedFool]

Hi all,

Have read quite a bit about SPAMASSASIN recently and was wonderig if anybody has got it working the way I want it to.

I'm only using Sendmail on my linux box to act as the front end in my DMZ and relaying to my exchange server behind my firewall.

Can I use SPAMASSASIN to get rid of all the crap before it hits my exchange server? Otherwise I'm going to have to implement something else on the inside - probably SurfControl since we use the webfilter for that.

Cheers


~ Remember - Nothing is Fool Proof to a Talented Fool ~

 

[deders]

Absolutely,
Put the following in your /etc/procmail.rc file :

:0 fw
* < 256000
| /usr/bin/spamc -f

This will mark mail identified as spam by including the word SPAM in the subject. If you're feeling particularly macho, you can then drop these SPAM-identified emails by also adding :

:0:
* ^Subject:.*SPAM*
/dev/null

All this requires you to have started SpamAssassin :

cd /etc/init.d
./spamassassin start

I put all my blacklist and whitelist entries in the text file :

/etc/mail/spamassassin/local.cf

Cheers,
Derek.

 

[TalentedFool]

I'm not using procmail ... least I don't think I'm not!

We have no local mailboxes on the machines - it basically sits in the middle and says thats for the inside and that to be delivered outside ...



~ Remember - Nothing is Fool Proof to a Talented Fool ~

 

[jad]

have a look at a tool called 'Mailscanner'

http://www.mailscanner.org.uk

(

http://www.sng.ecs.soton.ac.uk/mailscanner/

)

which can incorporate lots of different options into your sendmail configuration.

 

[TalentedFool]

Thanks

~ Remember - Nothing is Fool Proof to a Talented Fool ~

 

[Rhinokiller]

SpamAssassin needs some tuning done to it before it is really effective (and it is one of the best out there). You have to set a comfortable "scoring" level, the default is 5 but you can lower it. Whitelisting can be set in (figure a default installation) /usr/share/spamassassin/whitelist.cf. I don't manually do black listing because of the overhead. Instead I use the blueshore rbl (configured in /etc/mail/local.cf) see below:
### BlueShore Network Blacklist
header RCVD_IN_BNBL eval:check_rbl('bl','bl.blueshore.net.')
describe RCVD_IN_BNBL Listed by BNBL
tflags RCVD_IN_BNBL net
score RCVD_IN_BNBL 2
### End RBL
This is where you set your "scoring" threshhold.
The whole thing gets tied together in a procmailrc file, see below:
### Invoke 1 instance of spamassassin at a time.
### Only screen messages smaller than 256k.
### This will ensure system performance.
:0fw: spamassassin.lock
* < 256000
| spamc

### Mail scoring rules ###
:0:
* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
almost-certainly-spam

### Tag all mail as spam with a score higher than the set threshold.
:0:
* ^X-Spam-Status: Yes
probably-spam

### Procmail bug: Any output on stderr will cause the F in From to be dropped.
### This will re-add it.
:0
* ^^rom [ ]
{
LOG="*** Dropped F off From_ header! Fixing up. "

:0 fhw
| sed -e 'ls/^/F/'
}
You will also need to add the path to SPAMC at the top of your recipe (again I'm assuming a default installation here.
SPAMC=/usr/bin/spamc
Configure your whitelists, rbl and scoring and then restart SPAMD (service spamassassin restart).
I wouldn't route mail tagged by spamassassin to /dev/null just in case you ever need to look at it. Route it to a dummy mailbox that you can look at /var/spool/mail/spam.
Good Luck.

Cogito Ergo Sum - Non Compos Mentis

 

[Rhinokiller]

typo:
blushore rbl & default scoring configured in /etc/mail/spamassassin/local.cf
NOT
/etc/mail/local.cf

Cogito Ergo Sum - Non Compos Mentis

 

[dougtran]

I did what you are asking to do with a Redhat 9.0+Spamassassin+MIMEDefang+UVScan box set up as a gateway for my Exchange 5.5 server. Read the MIMEDefang HOWTO, follow verbatim!

In this setup, Spamassassin just tags the emails while MIMDEEFang is the filter that will decide what to do with it. Generally, you will just want to pass it through and let the client decide what they want to do with it based on the SPAM score. However, you could probably safely bounce any emails with a SPAM score of 10 or higher. Personally, I've set my Outlook client to move all SPAM that is marked 3 or higher into my SPAM folder.

Doug