Fighting SPAM Spamassassin • Statistical based on factors such as banned words and acronyms • None plane text or strange ascii coding in mail header • HTML body with pictures and links. • Sending/Recieving User exists • File attachement, extra inspection by external program for viruses and trojans • Black DNS, blacklisted domains/IP/hosts • E-Mails per second, DOS/SPAM • Email Relaying and hops • Help from external databases like: Pyzor Razor • Spamassassin does not delete mail, it marks mail as SPAM and classify the severity
21
Embed
Fighting SPAM Spamassassin Statistical based on factors such as banned words and acronyms None plane text or strange ascii coding in mail header HTML body.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Fighting SPAM Spamassassin
• Statistical based on factors such as
banned words and acronyms
• None plane text or strange ascii coding in mail header
• HTML body with pictures and links.
• Sending/Recieving User exists
• File attachement, extra inspection by external program for viruses and trojans
• Black DNS, blacklisted domains/IP/hosts
• E-Mails per second, DOS/SPAM
• Email Relaying and hops • Help from external databases like: Pyzor Razor • Spamassassin does not delete mail, it marks mail as SPAM and
classify the severity
Downloading And Installing Spamassassin RPM
• From sources: http://spamassassin.apache.org/
• From rpm:
• Starting Spamassassin at boot
• Startup Spamassassin
• Spamassassin configuration sit in /etc/mail/spamassassin and /usr/share/spamassassin/
local.cf and init.pre
• Spamassassin comes preconfigured
• If you install from sources, dont install from RPM first!
Installing Rules du Jour1) Download the rules_du_jour script with the wget command, make it
executable and place it in the /usr/local/bin directory. The script is available here: http://sandgnat.com/rdj/rules_du_jour and it is intended to be run from a cron job on daily basis.
2) Create and edit your /etc/rulesdujour/config configuration file.
3) Run the rules_du_jour script, and then run spamassassin in lint mode to test for errors. There should be none.
4) The final step is to add /usr/local/bin/rules_du_jour to your cron table. In this case, crontab –e
Configuring milter-greylist, contined• The /var/log/mail* files should be used to determine what is
happening to your mail
• A request is sent to the sender to resend the email in five minutes
• Here email from a source is autowhitelisted for 24 hours
• We are now done with milter greylist setup!
Dec 24 00:32:31 mail sendmail[28847]: jBO8WVnG028847: Milter: to=<[email protected]>, reject=451 4.7.1 Greylisting in action, please come back in 00:05:00
Dec 24 00:32:31 mail sendmail[28847]: jBO8WVnG028847: Milter: to=<[email protected]>, reject=451 4.7.1 Greylisting in action, please come back in 00:05:00
Dec 23 20:40:21 mail milter-greylist: jBO4eF2m027418: addr 211.115.216.225 from <[email protected]> rcpt <[email protected]>: autowhitelisted for 24:00:00
Dec 23 20:40:21 mail milter-greylist: jBO4eF2m027418: addr 211.115.216.225 from <[email protected]> rcpt <[email protected]>: autowhitelisted for 24:00:00
Installing Your POP/IMAP Server • There are several much more powerful IMAP/POP servers than the
one we install. This is for demonstration only. Usally we install UW-IMAP or similar.
• Install the dovecot IMAP/POP server
• Activate dovecot at boot
• Start dovecot now
• Pop and Imap is purposed to serve users and clients with centralized email in a comfortable way.
• Pop and Imap can be both run as cleartext and cryptated
Aug 11 23:20:33 bigboy ipop3d[18693]: pop3s SSL service init from 172.16.1.103 Aug 11 23:20:40 bigboy ipop3d[18693]: Login user=labmanager host=172-16-1-103.my-site.com [172.16.1.103] nmsgs=0/0 Aug 11 23:20:40 bigboy ipop3d[18693]: Logout user=labmanager host=172-16-1-103.my-site.com [172.16.1.103] nmsgs=0 ndele=0 Aug 11 23:20:52 bigboy ipop3d[18694]: pop3s SSL service init from 172.16.1.103 Aug 11 23:20:52 bigboy ipop3d[18694]: Login user=labmanager host=172-16-1-103.my-site.com [172.16.1.103] nmsgs=0/0 Aug 11 23:20:52 bigboy ipop3d[18694]: Logout user=labmanager host=172-16-1-103.my-site.com [172.16.1.103] nmsgs=0 ndele=0
Aug 11 23:20:33 bigboy ipop3d[18693]: pop3s SSL service init from 172.16.1.103 Aug 11 23:20:40 bigboy ipop3d[18693]: Login user=labmanager host=172-16-1-103.my-site.com [172.16.1.103] nmsgs=0/0 Aug 11 23:20:40 bigboy ipop3d[18693]: Logout user=labmanager host=172-16-1-103.my-site.com [172.16.1.103] nmsgs=0 ndele=0 Aug 11 23:20:52 bigboy ipop3d[18694]: pop3s SSL service init from 172.16.1.103 Aug 11 23:20:52 bigboy ipop3d[18694]: Login user=labmanager host=172-16-1-103.my-site.com [172.16.1.103] nmsgs=0/0 Aug 11 23:20:52 bigboy ipop3d[18694]: Logout user=labmanager host=172-16-1-103.my-site.com [172.16.1.103] nmsgs=0 ndele=0
How To Configure Your Windows Mail Programs • All your POP e-mail accounts are really only regular Linux user
accounts in which sendmail has deposited mail.
• You can now configure your e-mail client such as Outlook Express to use your use your new POP/SMTP mail server quite easily.
• To configure POP Mail, set your POP mail server to be the IP address of your Linux mail server.
• Use your Linux user username and password when prompted.
• Next, set your SMTP mail server to be the IP address/domain name of your Linux mail server.
• You can use similar setup for IMAP
• For secure IMAP/POP you have to select SSL in advanced settings for incoming e-mail.
Conclusions • Sendmail is the most used mailserver• The macrofile sendmail.mc is used togeather with m4 to make
sendmail.cf• Sendmail configuration lives in /etc/mail• The mailserver keep all users inboxes in /var/spool/mail• To prevent SPAM and unauthorized access RELAY is used for
allowed sites in /etc/access• You have to type make and newaliases after editing sendmail
configuration• Sendmail can use dns blacklists to prevent spam directly• Spamassassin can be used to wash mail from SPAM, but
Spamassassin does only MARK and classify mail.• Rules Du Jour can update Spamassassin filters automatically• Procmail is used to process the mail, like dropping, moving,
trunctating and is driven by regular expressions• Greylisting is a complementing SPAM blocking mechanism based
on email resend due to heavy load messages.• IMAP/POP can be used to server users with centralized e-mail in a