2-dcc.pyzor.razor

Centos 7

[root@mail ~]# vi /etc/mail/spamassassin/local.cf

# These values can be overridden by editing ~/.spamassassin/user_prefs.cf

# (see spamassassin(1) for details)

# These should be safe assumptions and allow for simple visual sifting

# without risking lost emails.

required_hits 5

report_safe 0

rewrite_header Subject [***SPAM***]

ok_languages en

score UNWANTED_LANGUAGE_BODY 8.0

# dcc

use_dcc 1

dcc_home /var/dcc

dcc_path /usr/local/bin/dccproc

dcc_timeout     10

add_header all  DCC _DCCB_: _DCCR_

# pyzor

use_pyzor 1

pyzor_path /usr/bin/pyzor

# razor

use_razor2 1

razor_config /var/spool/amavisd/razor-agent.conf

score RAZOR2_CHECK 2.500

score PYZOR_CHECK 2.500

score DCC_CHECK 4.000

whitelist_from *@worldcm.net

whitelist_from *@xyz.com.bd

# spam.dnsbl.anonmails.de header RCVD_IN_ANONMAILS        eval:check_rbl('anonmails-lastexternal', 'spam.dnsbl.anonmails.de.') describe RCVD_IN_ANONMAILS      Relay is listed in spam.dnsbl.anonmails.de tflags RCVD_IN_ANONMAILS        net 

score RCVD_IN_ANONMAILS 3.0 

                  ---------------------------------X------------------------------------------

To utilize the DNSBL in SpamAssasin, add the following ruleset to your local configuration file /etc/mail/spamassassin/local.cf.

# spam.dnsbl.anonmails.de header RCVD_IN_ANONMAILS        eval:check_rbl('anonmails-lastexternal', 'spam.dnsbl.anonmails.de.') describe RCVD_IN_ANONMAILS      Relay is listed in spam.dnsbl.anonmails.de tflags RCVD_IN_ANONMAILS        net score RCVD_IN_ANONMAILS         3.0

                                                ---------------------------------------------X--------------------------------------------------

razor2+pyzor

Make sure youre using the local DNS server first in /etc/resolv.conf:

nameserver 127.0.0.1

2.0 is probably overly aggressive for tagging spam, I use 4.0 myself. For improvements on overall spam detection I'd also add razor, dcc and pyzor to the system, and if you can afford the occational delayed message, add in greylisting.

If you're running a CentOS/RHEL/Fedora system, Ive got all of these components in my yum archive, which you can add with:

wget -q -O - http://www.atomicorp.com/installers/atomic.sh |sh

To install razor, dcc, and pyzor:

yum install razor-agents dcc pyzor

service spamassassin restart

To install greylisting:

yum install qgreylist

service xinetd restart

Download Razor

https://drive.google.com/file/d/0B8kTAu8SZaHwbDVoZmNjaUJsU2s/view?usp=sharing

########################################################

To enable DCC:

1. Execute:

Code:

wget http://www.dcc-servers.net/dcc/source/dcc-dccproc.tar.Z tar xzvf dcc-dccproc.tar.Z cd dcc-dccproc-* ./configure \             --bindir=$(PREFIX)/bin \             --libexecdir=$(PREFIX)/lib/dcc \             --mandir=$(PREFIX)/man \             --homedir=/var/lib/dcc \             --with-uid=mail \             --with-gid=mail make make install chown -R mail:mail /var/lib/dcc

2. Modify /etc/mail/spamassassin/local.cf, add:

Code:

# dcc use_dcc 1 dcc_home /var/lib/dcc dcc_path /usr/bin/dccproc dcc_timeout     10 add_header all  DCC _DCCB_: _DCCR_ score DCC_CHECK 4.000

3. Modify /etc/mail/spamassassin/v310.pre, add:

Code:

loadplugin Mail::SpamAssassin::Plugin::DCC

4. Open UDP_OUT port 6277 in firewall.

shorewall Rules

##SpamAssassin

ACCEPT          net               $FW     tcp     6277

ACCEPT          loc               $FW     tcp     6277

ACCEPT          net               $FW     tcp     24441

ACCEPT          loc               $FW     tcp     24441

ACCEPT          net               $FW     udp     24441

ACCEPT          loc               $FW     udp     24441

ACCEPT          net               $FW     tcp     2703

ACCEPT          loc               $FW     tcp     2703

                    ------------------------

TCP 2703 Outgoing : Razor2

UDP 24441 Outgoing : Pyzor

TCP 24441 Incomming : Pyzor

To install Razor/Pyzor:

1. Execute the following to install razor-agents:

Code:

cd /root wget -O razor-agents-2.82.tar.bz2 http://www.pccc.com/downloads/SpamAssassin/razor-agents-2.82.tar.bz2 tar xjf razor-agents-2.82.tar.bz2 cd razor-agents-2.82 perl Makefile.PL make make install

2. Execute the following to install pyzor:

Code:

cd /rootwget -O pyzor-1.0.0.tar.gz "https://pypi.python.org/packages/source/p/pyzor/pyzor-1.0.0.tar.gz#md5=e77b1cd0afd3884e6f2aa585cb423b46" tar xzf pyzor-1.0.0.tar.gz cd pyzor-1.0.0 python setup.py build python setup.py install

3. Open UDP/TCP IN and OUT port 24441 in firewall, open TCP_OUT 2703.

4. Configure razor:

Code:

mkdir /etc/mail/spamassassin/.razor razor-admin -home=/etc/mail/spamassassin/.razor -register razor-admin -home=/etc/mail/spamassassin/.razor -create razor-admin -home=/etc/mail/spamassassin/.razor -discover chown -R mail:mail /etc/mail/spamassassin/.razor

5. Add the following to /etc/mail/spamassassin/local.cf:

Code:

# pyzor use_pyzor 1 pyzor_path /usr/bin/pyzor score PYZOR_CHECK 3.000 # razor use_razor2 1 razor_config /etc/mail/spamassassin/.razor/razor-agent.conf score RAZOR2_CHECK 3.000

6. Add to /etc/mail/spamassassin/.razor/razor-agent.conf:

Code:

razorhome = /etc/mail/spamassassin/.razor

7. Add the following path to /etc/logrotate.d/exim:

Code:

/etc/mail/spamassassin/.razor/razor-agent.log

█ Martynas Bendorius

Spamassassin Plugins

With plugins, Spamassassin can detect spam and bulk email better with online resources.

First, I need open some ports on iptables needed by DCC, pyzor and razor. Add these rules to /etc/sysconfig/iptables in the INPUT chain and reload iptables:

### razor DCC pyzor ###

-A INPUT -p tcp --dport 2703 -j ACCEPT

-A INPUT -p udp --dport 24441 -j ACCEPT

-A INPUT -p udp -m udp --dport 1024:65535 --sport 6277 -j ACCEPT

###End of razor DCC pyzor ###

Edit /etc/mail/spamassassin/mailscanner.cf

# paths to utilities

ifplugin Mail::SpamAssassin::Plugin::Pyzor

pyzor_path /usr/bin/pyzor

endif

ifplugin Mail::SpamAssassin::Plugin::DCC

dcc_path /usr/bin/dccproc

dcc_home /etc/dcc

endif

ifplugin Mail::SpamAssassin::Plugin::Razor2

razor_config  /etc/mail/spamassassin/razor/razor-agent.conf

endif

Enable these in spamassassin. Edit /etc/mail/spamassassin/v310.pre

loadplugin Mail::SpamAssassin::Plugin::DCC

loadplugin Mail::SpamAssassin::Plugin::Pyzor

loadplugin Mail::SpamAssassin::Plugin::Razor2

DCC

Install DCC

Test

Pyzor

Add a line in /etc/mail/spamassassin/local.cf

Install Pyzor:

Test

Razor

Edit /etc/mail/spamassassin/razor/razor-agent.conf

Test Razor2

Test

Check MailScanner configration again:

Also check for SpamAssassin:

Now restart services and check maillog to see if any error

yum install sendmail-milter

rpm -Uvh  https://www.mirrorservice.org/sites/dl.atrpms.net/el7-x86_64/atrpms/stable/DCC-1.3.145-25.el7.x86_64.rpm

cdcc info

razorhome       = /etc/mail/spamassassin/razor

pyzor_options --homedir /etc/mail/spamassassin/.pyzor

rpm -Uvh ftp://mirror.switch.ch/pool/4/mirror/fedora/linux/releases/22/Everything/x86_64/os/Packages/p/pyzor-0.5.0-10.fc21.noarch.rpm

pyzor --homedir /etc/mail/spamassassin discover

spamassassin -t -D pyzor < /usr/share/doc/spamassassin-3.4.0/sample-spam.txt

mkdir  /etc/mail/spamassassin/razor

razor-admin -create -home=/etc/mail/spamassassin/razor

razor-admin -register

spamassassin -t -D razor2 < /usr/share/doc/spamassassin-3.4.0/sample-spam.txt

MailScanner --lint

spamassassin -D --lint

systemctl restart clamd@scan

systemctl restart spamassassin

systemctl restart MailScanner

Now I can send some spam test email then check the maillog to see if it has need catched. Here are some test site:

[http://www.emailsecuritycheck.net/]

[https://www.mail-tester.com/]

MailWatch

--