------------------------------------------------------------ revno: 3639 committer: Adam Sommer <[EMAIL PROTECTED]> branch nick: ubuntu-hardy timestamp: Fri 2007-12-07 15:59:45 -0500 message: Mail Filtering section. Reviewd by Ante Karamatic. modified: generic/server/C/mail.xml
=== modified file 'generic/server/C/mail.xml' --- a/generic/server/C/mail.xml 2007-11-29 14:13:52 +0000 +++ b/generic/server/C/mail.xml 2007-12-07 20:59:45 +0000 @@ -1110,5 +1110,377 @@ </para> </sect2> </sect1> + <sect1 id="mail-filtering" status="review"> + <title>Mail Filtering</title> + <para> + One of the largest issues with email today is the problem of Unsolicited Bulk Email (UBE). + Also known as SPAM, such messages may also carry viruses and other forms of malware. + According to some reports these messages make up the bulk of all email traffic on the Internet. + </para> + <para> + This section will cover integrating <application>Amavisd-new</application>, + <application>Spamassassin</application>, and <application>ClamAV</application> with the + <application>Postfix</application> Mail Transport Agent (MTA). <application>Postfix</application> can also + check email validity by passing it through external content filters. These filters can sometimes determine if + a message is spam without needing to process it with more resource intensive applications. Two common filters are + <application>dkim-filter</application> and <application>python-policyd-spf</application>. + </para> + <itemizedlist> + <listitem> + <para> + <application>Amavisd-new</application> is a wrapper program that can call any number of content filtering programs + for spam detection, antivirus, etc. + </para> + </listitem> + <listitem> + <para> + <application>Spamassassin</application> uses a variety of mechanisms to filter email based on the message content. + </para> + </listitem> + <listitem> + <para> + <application>ClamAV</application> is an open source antivirus appliction. + </para> + </listitem> + <listitem> + <para> + <application>dkim-filter</application> implements a Sendmail Mail Filter (Milter) for the DomainKeys + Identified Mail (DKIM) standard. + </para> + </listitem> + <listitem> + <para> + <application>python-policyd-spf</application> enables Sender Policy Framework (SPF) checking with <application>Postfix</application>. + </para> + </listitem> + </itemizedlist> + <para> + This is how the pieces fit together: + </para> + <itemizedlist> + <listitem> + <para> + An email message is accepted by <application>Postfix</application>. + </para> + </listitem> + <listitem> + <para> + The message is passed through any external filters <application>dkim-filter</application> and + <application>python-policyd-spf</application> in this case. + </para> + </listitem> + <listitem> + <para> + <application>Amavisd-new</application> then processes the message. + </para> + </listitem> + <listitem> + <para> + <application>ClamAV</application> is used to scan the message. If the message contains a virus + <application>Postfix</application> will reject the message. + </para> + </listitem> + <listitem> + <para> + Clean messages will then be analyzed by <application>Spamassassin</application> to find out if the message is spam. + <application>Spamassassin</application> will then add X-Header lines allowing + <application>Amavisd-new</application> to further manipulate the message. + </para> + </listitem> + </itemizedlist> + <para> + For example, if a message has a Spam score of over fifty the message could be automatically dropped from + the queue without the recipient ever having to be bothered. Another, way to handle flagged messages is to deliver + them to the Mail User Agent (MUA) allowing the user to deal with the message as they see fit. + </para> + <sect2 id="mail-filter-installation" status="review"> + <title>Installation</title> + <para> + See <xref linkend="postfix"/> for instructions on installing and configuring Postfix. + </para> + <para> + To install the rest of the applications enter the following from a terminal prompt: + </para> +<screen> +<command>sudo apt-get install amavisd-new</command> +<command>sudo apt-get install spamassassin</command> +<command>sudo apt-get install clamav-daemon</command> +<command>sudo apt-get install dkim-filter</command> +<command>sudo apt-get install python-policyd-spf</command> +</screen> + <para> + There are some optional packages that integrate with <application>Spamassassin</application> for better spam detection: + </para> +<screen> +<command>sudo apt-get install pyzor razor</command> +</screen> + <para> + Along with the main filtering applications compression utilities are needed to process some email attachements: + </para> +<screen> +<command>sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip unzoo zip zoo</command> +</screen> + </sect2> + <sect2 id="mail-filter-configuration" status="review"> + <title>Configuration</title> + <para> + Now configure everything to work together and filter email. + </para> + <sect3 id="clamav-configuration" status="review"> + <title>ClamAV</title> + <para> + The default behaviour of <application>ClamAV</application> will fit our needs. + For more Clamav configuration options, check the configuration files in + <filename>/etc/clamav</filename>. + </para> + <para> + Add the <emphasis>clamav</emphasis> user to the <emphasis>amavis</emphasis> group in order for <application>Amavisd-new</application> + to have the appropriate access to scan files: + </para> +<screen> +<command>sudo adduser clamav amavis</command> +</screen> + </sect3> + <sect3 id="spamassassin-configuration" status="review"> + <title>Spamassassin</title> + <para> + Spamasssassin automatically detects optional components and will use them if they are present. This means that there is no need to + configure <application>pyzor</application> and <application>razor</application>. + </para> + <para> + Edit <filename>/etc/default/spamassassin</filename> to activate the <application>Spamassassin</application> daemon. + Change <emphasis>ENABLED=0</emphasis> to: + </para> +<programlisting> +ENABLED=1 +</programlisting> + <para> + Now start the daemon: + </para> +<screen> +<command>sudo /etc/init.d/spamassassin start</command> +</screen> + </sect3> + <sect3 id="amavisd-new-configuration" status="review"> + <title>Amavisd-new</title> + <para> + First activate spam and antivirus detection in <application>Amavisd-new</application> by editing + <filename>/etc/amavis/conf.d/15-content_filter_mode</filename>: + </para> +<programlisting> +use strict; + +# You can modify this file to re-enable SPAM checking through spamassassin +# and to re-enable antivirus checking. + +# +# Default antivirus checking mode +# Uncomment the two lines below to enable it +# + [EMAIL PROTECTED] = ( + \%bypass_virus_checks, [EMAIL PROTECTED], \$bypass_virus_checks_re); + + +# +# Default SPAM checking mode +# Uncomment the two lines below to enable it +# + [EMAIL PROTECTED] = ( + \%bypass_spam_checks, [EMAIL PROTECTED], \$bypass_spam_checks_re); + +1; # insure a defined return +</programlisting> + <para> + Bouncing spam can be a bad idea as the return address is often faked. Consider editing + <filename>/etc/amavis/conf.d/20-debian_defaults</filename> to set <emphasis>$final_spam_destiny</emphasis> to D_DISCARD + rather than D_BOUNCE, as follows: + </para> +<programlisting> +$final_spam_destiny = D_DISCARD; +</programlisting> + <para> + After configuration <application>Amavisd-new</application> needs to be restarted: + </para> +<screen> +<command>sudo /etc/init.d/amavis restart</command> +</screen> + </sect3> + <sect3 id="postfix-mail-filtering-configuration" status="review"> + <title>Postfix</title> + <para> + For <application>Postfix</application> integration, enter the following from a terminal prompt: + </para> +<screen> +<command>sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'</command> +</screen> + <para> + Next edit <filename>/etc/postfix/master.cf</filename> and add the following to the end of the file: + </para> +<programlisting> +smtp-amavis unix 2 smtp + -o smtp_data_done_timeout=1200 + -o smtp_send_xforward_command=yes + -o disable_dns_lookups=yes + -o max_use=20 + +127.0.0.1:10025 inet n smtpd + -o content_filter= + -o local_recipient_maps= + -o relay_recipient_maps= + -o smtpd_restriction_classes= + -o smtpd_delay_reject=no + -o smtpd_client_restrictions=permit_mynetworks,reject + -o smtpd_helo_restrictions= + -o smtpd_sender_restrictions= + -o smtpd_recipient_restrictions=permit_mynetworks,reject + -o smtpd_data_restrictions=reject_unauth_pipelining + -o smtpd_end_of_data_restrictions= + -o mynetworks=127.0.0.0/8 + -o smtpd_error_sleep_time=0 + -o smtpd_soft_error_limit=1001 + -o smtpd_hard_error_limit=1000 + -o smtpd_client_connection_count_limit=0 + -o smtpd_client_connection_rate_limit=0 + -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks +</programlisting> + <para> + Also add the following two lines immediately below the <emphasis>"pickup"</emphasis> transport service: + </para> +<programlisting> + -o content_filter= + -o receive_override_options=no_header_body_checks +</programlisting> + <para> + This will prevent messages that are generated to report on spam from being classified as spam. + </para> + <para> + Now restart <application>Postfix</application>: + </para> +<screen> +<command>sudo /etc/init.d/postfix restart</command> +</screen> + <para> + Content filtering with spam and virus detection is now enabled. + </para> + </sect3> + </sect2> + <sect2 id="mail-filter-testing" status="review"> + <title>Testing</title> + <para> + First, test that the <application>Amavisd-new</application> SMTP is listening: + </para> +<programlisting> +telnet localhost 10024 +Trying 127.0.0.1... +Connected to localhost. +Escape character is '^]'. +220 [127.0.0.1] ESMTP amavisd-new service ready +^] +</programlisting> + <para> + In the Header of messages that go through the content filter you should see: + </para> +<programlisting> +X-Spam-Level: +X-Virus-Scanned: Debian amavisd-new at example.com +X-Spam-Status: No, hits=-2.3 tagged_above=-1000.0 required=5.0 tests=AWL, BAYES_00 +X-Spam-Level: +</programlisting> + <note> + <para> + Your output will vary, but the important thing is that there are <emphasis>X-Virus-Scanned</emphasis> and + <emphasis>X-Spam-Status</emphasis> entries. + </para> + </note> + </sect2> + <sect2 id="mail-filter-troubleshooting" status="review"> + <title>Troubleshooting</title> + <para> + The best way to figure out why something is going wrong is to check the log files. + </para> + <itemizedlist> + <listitem> + <para> + For instructions on <application>Postfix</application> logging see the + <xref linkend="postfix-troubleshooting"/> section. + </para> + </listitem> + <listitem> + <para> + <application>Amavisd-new</application> uses <application>Syslog</application> to send messages to + <filename>/var/log/mail.log</filename>. The amount of detail can be increased by adding the + <emphasis>$log_level</emphasis> option to <filename>/etc/amavis/conf.d/50-user</filename>, and setting the value from 1 to 5. + </para> +<programlisting> +$log_level = 2; +</programlisting> + <note> + <para> + When the <application>Amavisd-new</application> log output is increased <application>Spamassassin</application> log ouput is also + increased. + </para> + </note> + </listitem> + <listitem> + <para> + The <application>ClamAV</application> log level can be increased by editing <filename>/etc/clamav/clamd.conf</filename> + and setting the following option: + </para> +<programlisting> +LogVerbose true +</programlisting> + <para> + By default <application>ClamAV</application> will send log messages to <filename>/var/log/clamav/clamav.log</filename>. + </para> + </listitem> + </itemizedlist> + <note> + <para> + After changing an applications log settings remember to restart the service for the new settings to take affect. Also, + once the issue you are troubleshooting is resolved it is a good idea to change the log settings back to normal. + </para> + </note> + </sect2> + <sect2 id="mail-filter-references" status="review"> + <title>References</title> + <para> + For more information on filtering mail see the following links: + </para> + <itemizedlist> + <listitem> + <para> + <ulink url="http://www.ijs.si/software/amavisd/amavisd-new-docs.html">Amavisd-new Documentation</ulink> + </para> + </listitem> + <listitem> + <para> + <ulink url="http://www.clamav.org/doc/latest/html/">ClamAV Documentation</ulink> and + <ulink url="http://wiki.clamav.net/Main/WebHome">ClamAV Wiki</ulink> + </para> + </listitem> + <listitem> + <para> + <ulink url="http://wiki.apache.org/spamassassin/">Spamassassin Wiki</ulink> + </para> + </listitem> + <listitem> + <para> + <ulink url="http://pyzor.sourceforge.net/">Pyzor Homepage</ulink> + </para> + </listitem> + <listitem> + <para> + <ulink url="http://razor.sourceforge.net/">Razor Homepage</ulink> + </para> + </listitem> + </itemizedlist> + <para> + Also, feel free to ask questions in the <emphasis>#ubuntu-server</emphasis> IRC channel on + <ulink url="http://freenode.net">freenode</ulink>. + </para> + </sect2> + </sect1> </chapter> -- https://code.launchpad.net/~ubuntu-core-doc/ubuntu-doc/ubuntu-hardy You are receiving this branch notification because you are subscribed to it. To unsubscribe from this branch go to https://code.launchpad.net/~ubuntu-core-doc/ubuntu-doc/ubuntu-hardy/+subscription/ubuntu-core-doc. -- ubuntu-doc-commits mailing list ubuntu-doc-commits@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-doc-commits