How to Fight Spam Using Spamassassin, Dnsbl, and Procmail
12495 Views, 7 Favorites, 0 Comments
How to Fight Spam Using Spamassassin, Dnsbl, and Procmail
I run my own mail server, and I check my email most of the time using pine. Over the years I had set up spam filters in pine to weed out spam. But I have also been known to use my blackberry to check email using squirrelmail. Well my pine filters did not work on squirrelmail. Plus more spam had been coming through lately.
This instructable will show you how to set up spamassassin on Fedora using procmail to move messages marked as spam to a spam folder automatically.
This instructable will show you how to set up spamassassin on Fedora using procmail to move messages marked as spam to a spam folder automatically.
Install Prerequisites
You'll want to install your prerequisites:
joe@fletcher ~$ sudo yum install sendmail-cf sendmail procmail spamassassin spammass-milter
joe@fletcher ~$ sudo yum install sendmail-cf sendmail procmail spamassassin spammass-milter
Sendmail Configuration
You want to check that sendmail is using the DNS Blacklist.
Edit sendmail.mc and add the lines below
joe@fletcher ~$ vi /etc/mail/sendmail.mc
FEATURE(`dnsbl', `bl.spamcop.net', `"Spam blocked see: http://spamcop.net/bl.shtml?"$&{client_addr}')dnl
FEATURE(`dnsbl', `cbl.abuseat.org', `"Spam blocked see: http://cbl.abuseat.org/lookup.cgi?ip="$&{client_addr}')dnl
FEATURE(`dnsbl', `sbl.spamhaus.org', `"Spam blocked see: http://spamhaus.org/query/bl?ip="$&{client_addr}')dnl
FEATURE(`dnsbl', `list.dsbl.org', `"Spam blocked see: http://dsbl.org/listing?"$&{client_addr}')dnl
While you have that open, add procmail as the default mailer:
MAILER(procmail)dnl
Edit sendmail.mc and add the lines below
joe@fletcher ~$ vi /etc/mail/sendmail.mc
FEATURE(`dnsbl', `bl.spamcop.net', `"Spam blocked see: http://spamcop.net/bl.shtml?"$&{client_addr}')dnl
FEATURE(`dnsbl', `cbl.abuseat.org', `"Spam blocked see: http://cbl.abuseat.org/lookup.cgi?ip="$&{client_addr}')dnl
FEATURE(`dnsbl', `sbl.spamhaus.org', `"Spam blocked see: http://spamhaus.org/query/bl?ip="$&{client_addr}')dnl
FEATURE(`dnsbl', `list.dsbl.org', `"Spam blocked see: http://dsbl.org/listing?"$&{client_addr}')dnl
While you have that open, add procmail as the default mailer:
MAILER(procmail)dnl
Sendmail Restart
After you have made your changes to sendmails mc file you should restart the sendmail service to rebuild the config file (sendmail.cf)
joe@fletcher ~$ sudo service sendmail restart
joe@fletcher ~$ sudo service sendmail restart
Set Up Procmail Logging
joe@fletcher ~$ sudo vi /etc/procmailrc
LOGFILE=/var/log/procmail.log
#Uncomment below for troubleshooting
#VERBOSE=YES
#LOGABSTRACT=YES
You can check procmail now by tailing the log file under /var/log
joe@fletcher ~$ tail /var/log/procmail
LOGFILE=/var/log/procmail.log
#Uncomment below for troubleshooting
#VERBOSE=YES
#LOGABSTRACT=YES
You can check procmail now by tailing the log file under /var/log
joe@fletcher ~$ tail /var/log/procmail
Local Procmail Config
Create a .procmailrc in your home directory
joe@fletcher ~$ vi .~/procmailrc
:0:
joe@fletcher ~$ vi .~/procmailrc
:0:
- X-Spam-Status: Yes
Custom Milters
You will want to create a set of custom filters/miters.
Apache.org has a great write up on creating your own custom rules here:
Wiki Page
I am sure you have noticed that spam is follows patterns. For instance I get the same spam about candy deals with similar subject lines for a few months at a time. You could write a rule looking for a few of these things.
joe@fletcher ~$ sudo vi /etc/mail/spamassassin/local.cf
header CANDY_1 From =~ /hard/i
header CANDY_2 From =~ /candy/i
header CANDY_3 Subject =~ /hard/i
header CANDY_4 Subject =~ /candy/i
header CANDY_5 Subject =~ /urban decay/i
meta CANDY_MULTI_TEST ((CANDY_1 + CANDY_2 + CANDY_3 + CANDY_5) > 1.0 )
score CANDY_MULTI_TEST 5.0
If any two of the above conditions are met, then mark it as spam.
Another option is to blacklist certain domains:
blacklist_from *@citylinenews.com
Or if you know the subject you do not want to receive:
header WARRANTY_CHECK Subject =~ /Home Warranty/i
score WARRANTY_CHECK 5.0
Apache.org has a great write up on creating your own custom rules here:
Wiki Page
I am sure you have noticed that spam is follows patterns. For instance I get the same spam about candy deals with similar subject lines for a few months at a time. You could write a rule looking for a few of these things.
joe@fletcher ~$ sudo vi /etc/mail/spamassassin/local.cf
header CANDY_1 From =~ /hard/i
header CANDY_2 From =~ /candy/i
header CANDY_3 Subject =~ /hard/i
header CANDY_4 Subject =~ /candy/i
header CANDY_5 Subject =~ /urban decay/i
meta CANDY_MULTI_TEST ((CANDY_1 + CANDY_2 + CANDY_3 + CANDY_5) > 1.0 )
score CANDY_MULTI_TEST 5.0
If any two of the above conditions are met, then mark it as spam.
Another option is to blacklist certain domains:
blacklist_from *@citylinenews.com
Or if you know the subject you do not want to receive:
header WARRANTY_CHECK Subject =~ /Home Warranty/i
score WARRANTY_CHECK 5.0
Check Rules
Check the rules you have created:
joe@fletcher ~$ spamassassin --lint -D
If it has no errors, restart spamassassin:
joe@fletcher ~$ sudo service spamassassin restart
joe@fletcher ~$ spamassassin --lint -D
If it has no errors, restart spamassassin:
joe@fletcher ~$ sudo service spamassassin restart
Bayes
You can train spamassassin to identify spam using bayesian filters.
First point it at your spam folder:
joe@fletcher ~$ sa-learn --mbox --spam /home/joe/mail/spam
Then your inbox:
joe@fletcher ~$ sa-learn --mbox --nonspam /var/mail/joe
It will begin using the filters when you have > 200 spams and hams.
First point it at your spam folder:
joe@fletcher ~$ sa-learn --mbox --spam /home/joe/mail/spam
Then your inbox:
joe@fletcher ~$ sa-learn --mbox --nonspam /var/mail/joe
It will begin using the filters when you have > 200 spams and hams.
Done.
At this point you have completed your first step towards a spam free inbox.
You'll have to keep looking in your spam folder for the first week or so to see if everything marked as spam is in fact spam. If spam is getting through be sure to look at the headers and see if there is anything you can identify as a pattern and write a new rule for it.
I usually just tail /var/log/procmail and check to see if any non spam has been incorrectly marked.
Good luck!
-Joe
You'll have to keep looking in your spam folder for the first week or so to see if everything marked as spam is in fact spam. If spam is getting through be sure to look at the headers and see if there is anything you can identify as a pattern and write a new rule for it.
I usually just tail /var/log/procmail and check to see if any non spam has been incorrectly marked.
Good luck!
-Joe