Hi All!
I've read a number of articles about a FreeBSD + Postfix + Dovecot + Amavisd +
Clamav + SpamAssassin + MySQL system. And with these materials I set up a mail
server.
====================================================
OS: FreeBSD dom.local 8.4-STABLE FreeBSD 8.4-STABLE #0: Sun Jul 7 09:55:27
MSK 2013 me...@bsd-fsu.fsu.local:/usr/obj/usr/src/sys/BSDSERV amd64
SA: p5-Mail-SpamAssassin-3.3.2_8
AMAVISD: amavisd-new-2.8.0_2,1
postfix: postfix-2.10.0,1
dovecot: dovecot-1.2.17
And I have two mailboxes (which I fill manually with IMAP). I just copy spam
and ham mails from users mailboxes to relevant (spam@ or clean@) mailbox:
s...@dom.ru (about 600 mails)
cl...@dom.ru (about 1000 mails).
And every week I teach SpamAssassin with those mailboxes with script:
====================================================
#!/bin/sh
DIR=/var/spool/mail/prem-ekb.ru
sa-learn --clear
sa-learn --spam ${DIR}/s...@prem-ekb.ru/cur/*S{a,}
sa-learn --ham ${DIR}/n.pole...@prem-ekb.ru/cur/*S{a,}
sa-learn --ham ${DIR}/g.borovinsk...@prem-ekb.ru/cur/*S{a,}
sa-learn --ham ${DIR}/sum...@prem-ekb.ru/cur/*S{a,}
sa-learn --ham ${DIR}/a.roma...@prem-ekb.ru/cur/*S{a,}
sa-update
But as I see SpamAssassin does not check mail with rules from learned mails. I
think that because:
All new similar messages which I move into the spam@ box and teach SA with it,
are not being marked as spam. They just come again and again to users. Where I
have a mistake on my antispam so;ution?
In spamalert-mails (to that address amavisd sends reports) I have not found
any BAYES_xx header, only standard statistical, online and RBL checks like
these (I see many alerts and have not see any BAYES_ header):
===================================================
3.5 HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname (Split IP)
0.0 TVD_RCVD_IP TVD_RCVD_IP
3.3 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
[85.136.177.149 listed in zen.spamhaus.org]
0.4 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[85.136.177.149 listed in bl.score.senderscore.com]
1.4 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT
[85.136.177.149 listed in bb.barracudacentral.org]
1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see
<http://www.spamcop.net/bl.shtml?85.136.177.149>]
1.4 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
0.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
[85.136.177.149 listed in dnsbl.sorbs.net]
0.8 RCVD_IN_SORBS_WEB RBL: SORBS: sender is an abusable web server
1.0 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
So, here are my config files:
cat /usr/local/etc/postfix/master.cf | grep -v "^#"
===================================================
smtp inet n - n - - smtpd
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o content_filter=smtp-amavis:[127.0.0.1]:10026
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o smtp_fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
dovecot unix - n n - - pipe
flags=DRhu user=virtual:virtual argv=/usr/local/libexec/dovecot/deliver -d
${recipient}
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o
receive_override_options=no_header_body_checks,no_unknown_recipient_checks
grep -v "^#" /usr/local/etc/amavisd.conf
==============================================================
use strict;
$MYHOME = '/var/amavis';
$mydomain = 'dom.ru';
$daemon_user = 'vscan';
$daemon_group = 'vscan';
$TEMPBASE = "$MYHOME/tmp";
$db_home = "$MYHOME/db";
$helpers_home = $MYHOME;
$pid_file = "$MYHOME/amavisd.pid";
$lock_file = "$MYHOME/amavisd.lock";
$ENV{TMPDIR} = $TEMPBASE;
$enable_db = 1;
$enable_global_cache = 1;
$forward_method = 'smtp:[127.0.0.1]:10025';
$notify_method = $forward_method;
$max_servers = 2;
$max_requests = 10;
$child_timeout= 20*60;
@local_domains_acl = (".");
$insert_received_line = 1;
$unix_socketname = "$MYHOME/amavisd.sock";
$inet_socket_port = [10024,10026];
@inet_acl = qw(127.0.0.1);
$DO_SYSLOG = 0;
$LOGFILE = "/var/log/amavis.log";
$log_level = 0;
$log_recip_templ = undef;
$hdr_encoding = 'koi8-r';
$bdy_encoding = 'koi8-r';
$final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_DISCARD;
$final_spam_destiny = D_DISCARD;
$final_bad_header_destiny = D_PASS;
$warnvirussender = 0;
$warnspamsender = 0;
$warnbannedsender = 0;
$warnbadhsender = 0;
$warnvirusrecip = 0;
$warnbannedrecip = 0;
$warnbadhrecip = 0;
$warn_offsite = 0;
$virus_admin = "virusalert\@$mydomain";
$spam_admin = "spamalert\@$mydomain";
$mailfrom_notify_admin = "virusalert\@$mydomain";
$mailfrom_notify_recip = "virusalert\@$mydomain";
$mailfrom_notify_spamadmin = "spamalert\@$mydomain";
$mailfrom_to_quarantine = 'virus or spam';
$QUARANTINEDIR = '/var/virusmails';
$virus_quarantine_method = 'local:virus-%i-%n';
$spam_quarantine_method = 'local:spam-%i-%n';
$virus_quarantine_to = 'virus-quarantine';
$spam_quarantine_to = 'spam-quarantine';
$X_HEADER_TAG = 'X-Virus-Scanned';
$X_HEADER_LINE = "by Amavisd-New and ClamAV at dom.ru";
$remove_existing_x_scanned_headers = 1;
$remove_existing_spam_headers = 1;
$sql_select_white_black_list = undef;
$recipient_delimiter = '+';
$localpart_is_case_sensitive = 0;
$MAXLEVELS = 14;
$MAXFILES = 1500;
$MIN_EXPANSION_QUOTA = 100*1024;
$MAX_EXPANSION_QUOTA = 300*1024*1024;
$MIN_EXPANSION_FACTOR = 5;
$MAX_EXPANSION_FACTOR = 500;
$virus_check_negative_ttl = 3*60;
$virus_check_positive_ttl = 30*60;
$spam_check_negative_ttl = 30*60;
$spam_check_positive_ttl = 30*60;
$bypass_decode_parts = 1;
$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
$file = 'file';
$dspam = 'dspam';
@decoders = (
.....various decoders (short it for post not exceeds 12500 signs)
);
$sa_local_tests_only = 0;
$sa_mail_body_size_limit = 512*1024;
$sa_spam_modifies_subj = 1;
$sa_spam_subject_tag = '***SPAM*** ';
$sa_tag_level_deflt = 2;
$sa_tag2_level_deflt = 6;
$sa_kill_level_deflt = 8;
@av_scanners = (
['ClamAV-Clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
);
@av_scanners_backup = (
['ClamAV-ClamScan', 'clamscan',
"--stdout --disable-summary -r --tempdir=$TEMPBASE {}", [0], [1],
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
);
@debug_sender_acl = ( "root\@$mydomain" );
$sa_debug = 1;
1;
dkim_key('dom.ru','default','/var/db/dkim/dom.ru-default.key.pem',g=>'*',h=>'sha256',
k=>'rsa');
$enable_dkim_verification = 1;
$enable_dkim_signing = 1;
$interface_policy{'10026'} = 'ORIGINATING';
$policy_bank{'ORIGINATING'} = {
originating => 1,
smtpd_discard_ehlo_keywords => ['8BITMIME'],
os_fingerprint_method => undef,
bypass_banned_checks_maps => [1],
bypass_header_checks_maps => [1],
bypass_spam_checks_maps => [1],
virus_admin_maps => ["virusalert\@$mydomain"],
};
grep -v "^#" /usr/local/etc/mail/spamassassin/local.cf
=====================================================================
report_safe 0
ok_locales en ru
trusted_networks 127. 192.168.3. 192.168.4. 192.168.5. 192.168.6.
192.168.7. 192.168.12.
use_pyzor 1
use_razor2 1
skip_rbl_checks 0
dns_available yes
use_bayes 1
use_bayes_rules 1
bayes_auto_learn 0
auto_whitelist_factory Mail::SpamAssassin::SQLBasedAddrList
user_awl_dsn DBI:mysql:spamass:localhost
user_awl_sql_username spamass
user_awl_sql_password PASS_PASS_PASS
bayes_store_module Mail::SpamAssassin::BayesStore::SQL
bayes_sql_dsn DBI:mysql:spamass:localhost
bayes_sql_username spamass
bayes_sql_password PASS_PASS_PASS
user_scores_dsn DBI:mysql:spamass:localhost
user_scores_sql_username spamass
user_scores_sql_password PASS_PASS_PASS
grep -v "^#" /usr/local/etc/mail/spamassassin/init.pre
===================================================================
loadplugin Mail::SpamAssassin::Plugin::URIDNSBL
loadplugin Mail::SpamAssassin::Plugin::Hashcash
grep -v "^#" /usr/local/etc/mail/spamassassin/v310.pre
===================================================================
loadplugin Mail::SpamAssassin::Plugin::DCC
loadplugin Mail::SpamAssassin::Plugin::Pyzor
loadplugin Mail::SpamAssassin::Plugin::Razor2
loadplugin Mail::SpamAssassin::Plugin::SpamCop
loadplugin Mail::SpamAssassin::Plugin::AWL
loadplugin Mail::SpamAssassin::Plugin::AutoLearnThreshold
loadplugin Mail::SpamAssassin::Plugin::WhiteListSubject
loadplugin Mail::SpamAssassin::Plugin::MIMEHeader
loadplugin Mail::SpamAssassin::Plugin::ReplaceTags
grep -v "^#" /usr/local/etc/mail/spamassassin/v320.pre
===================================================================
loadplugin Mail::SpamAssassin::Plugin::Check
loadplugin Mail::SpamAssassin::Plugin::HTTPSMismatch
loadplugin Mail::SpamAssassin::Plugin::URIDetail
loadplugin Mail::SpamAssassin::Plugin::Bayes
loadplugin Mail::SpamAssassin::Plugin::BodyEval
loadplugin Mail::SpamAssassin::Plugin::DNSEval
loadplugin Mail::SpamAssassin::Plugin::HTMLEval
loadplugin Mail::SpamAssassin::Plugin::HeaderEval
loadplugin Mail::SpamAssassin::Plugin::MIMEEval
loadplugin Mail::SpamAssassin::Plugin::RelayEval
loadplugin Mail::SpamAssassin::Plugin::URIEval
loadplugin Mail::SpamAssassin::Plugin::WLBLEval
loadplugin Mail::SpamAssassin::Plugin::VBounce
loadplugin Mail::SpamAssassin::Plugin::ImageInfo
grep -v "^#" /usr/local/etc/mail/spamassassin/v330.pre
===================================================================
loadplugin Mail::SpamAssassin::Plugin::FreeMail
sa-learn --dump magic
===================================================================
netset: cannot include 127.0.0.0/8 as it has already been included
0.000 0 3 0 non-token data: bayes db version
0.000 0 697 0 non-token data: nspam
0.000 0 1877 0 non-token data: nham
0.000 0 138647 0 non-token data: ntokens
0.000 0 1292224411 0 non-token data: oldest atime
0.000 0 1383840374 0 non-token data: newest atime
0.000 0 0 0 non-token data: last journal sync atime
0.000 0 0 0 non-token data: last expiry atime
0.000 0 0 0 non-token data: last expire atime delta
0.000 0 0 0 non-token data: last expire reduction
count
