------------------------------------------------------------
revno: 3639
committer: Adam Sommer <[EMAIL PROTECTED]>
branch nick: ubuntu-hardy
timestamp: Fri 2007-12-07 15:59:45 -0500
message:
Mail Filtering section. Reviewd by Ante Karamatic.
modified:
generic/server/C/mail.xml
=== modified file 'generic/server/C/mail.xml'
--- a/generic/server/C/mail.xml 2007-11-29 14:13:52 +0000
+++ b/generic/server/C/mail.xml 2007-12-07 20:59:45 +0000
@@ -1110,5 +1110,377 @@
</para>
</sect2>
</sect1>
+ <sect1 id="mail-filtering" status="review">
+ <title>Mail Filtering</title>
+ <para>
+ One of the largest issues with email today is the problem of
Unsolicited Bulk Email (UBE).
+ Also known as SPAM, such messages may also carry viruses and other
forms of malware.
+ According to some reports these messages make up the bulk of all email
traffic on the Internet.
+ </para>
+ <para>
+ This section will cover integrating
<application>Amavisd-new</application>,
+ <application>Spamassassin</application>, and
<application>ClamAV</application> with the
+ <application>Postfix</application> Mail Transport Agent (MTA).
<application>Postfix</application> can also
+ check email validity by passing it through external content filters.
These filters can sometimes determine if
+ a message is spam without needing to process it with more resource
intensive applications. Two common filters are
+ <application>dkim-filter</application> and
<application>python-policyd-spf</application>.
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ <application>Amavisd-new</application> is a wrapper program that
can call any number of content filtering programs
+ for spam detection, antivirus, etc.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <application>Spamassassin</application> uses a variety of
mechanisms to filter email based on the message content.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <application>ClamAV</application> is an open source antivirus
appliction.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <application>dkim-filter</application> implements a Sendmail Mail
Filter (Milter) for the DomainKeys
+ Identified Mail (DKIM) standard.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <application>python-policyd-spf</application> enables Sender
Policy Framework (SPF) checking with <application>Postfix</application>.
+ </para>
+ </listitem>
+ </itemizedlist>
+ <para>
+ This is how the pieces fit together:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ An email message is accepted by <application>Postfix</application>.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ The message is passed through any external filters
<application>dkim-filter</application> and
+ <application>python-policyd-spf</application> in this case.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <application>Amavisd-new</application> then processes the message.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <application>ClamAV</application> is used to scan the message.
If the message contains a virus
+ <application>Postfix</application> will reject the message.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Clean messages will then be analyzed by
<application>Spamassassin</application> to find out if the message is spam.
+ <application>Spamassassin</application> will then add X-Header
lines allowing
+ <application>Amavisd-new</application> to further manipulate the
message.
+ </para>
+ </listitem>
+ </itemizedlist>
+ <para>
+ For example, if a message has a Spam score of over fifty the message
could be automatically dropped from
+ the queue without the recipient ever having to be bothered. Another,
way to handle flagged messages is to deliver
+ them to the Mail User Agent (MUA) allowing the user to deal with the
message as they see fit.
+ </para>
+ <sect2 id="mail-filter-installation" status="review">
+ <title>Installation</title>
+ <para>
+ See <xref linkend="postfix"/> for instructions on installing and
configuring Postfix.
+ </para>
+ <para>
+ To install the rest of the applications enter the following from a
terminal prompt:
+ </para>
+<screen>
+<command>sudo apt-get install amavisd-new</command>
+<command>sudo apt-get install spamassassin</command>
+<command>sudo apt-get install clamav-daemon</command>
+<command>sudo apt-get install dkim-filter</command>
+<command>sudo apt-get install python-policyd-spf</command>
+</screen>
+ <para>
+ There are some optional packages that integrate with
<application>Spamassassin</application> for better spam detection:
+ </para>
+<screen>
+<command>sudo apt-get install pyzor razor</command>
+</screen>
+ <para>
+ Along with the main filtering applications compression utilities are needed
to process some email attachements:
+ </para>
+<screen>
+<command>sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar
unzip unzoo zip zoo</command>
+</screen>
+ </sect2>
+ <sect2 id="mail-filter-configuration" status="review">
+ <title>Configuration</title>
+ <para>
+ Now configure everything to work together and filter email.
+ </para>
+ <sect3 id="clamav-configuration" status="review">
+ <title>ClamAV</title>
+ <para>
+ The default behaviour of <application>ClamAV</application> will
fit our needs.
+ For more Clamav configuration options, check the configuration
files in
+ <filename>/etc/clamav</filename>.
+ </para>
+ <para>
+ Add the <emphasis>clamav</emphasis> user to the
<emphasis>amavis</emphasis> group in order for
<application>Amavisd-new</application>
+ to have the appropriate access to scan files:
+ </para>
+<screen>
+<command>sudo adduser clamav amavis</command>
+</screen>
+ </sect3>
+ <sect3 id="spamassassin-configuration" status="review">
+ <title>Spamassassin</title>
+ <para>
+ Spamasssassin automatically detects optional components and will
use them if they are present. This means that there is no need to
+ configure <application>pyzor</application> and
<application>razor</application>.
+ </para>
+ <para>
+ Edit <filename>/etc/default/spamassassin</filename> to activate
the <application>Spamassassin</application> daemon.
+ Change <emphasis>ENABLED=0</emphasis> to:
+ </para>
+<programlisting>
+ENABLED=1
+</programlisting>
+ <para>
+ Now start the daemon:
+ </para>
+<screen>
+<command>sudo /etc/init.d/spamassassin start</command>
+</screen>
+ </sect3>
+ <sect3 id="amavisd-new-configuration" status="review">
+ <title>Amavisd-new</title>
+ <para>
+ First activate spam and antivirus detection in
<application>Amavisd-new</application> by editing
+ <filename>/etc/amavis/conf.d/15-content_filter_mode</filename>:
+ </para>
+<programlisting>
+use strict;
+
+# You can modify this file to re-enable SPAM checking through spamassassin
+# and to re-enable antivirus checking.
+
+#
+# Default antivirus checking mode
+# Uncomment the two lines below to enable it
+#
+
[EMAIL PROTECTED] = (
+ \%bypass_virus_checks, [EMAIL PROTECTED], \$bypass_virus_checks_re);
+
+
+#
+# Default SPAM checking mode
+# Uncomment the two lines below to enable it
+#
+
[EMAIL PROTECTED] = (
+ \%bypass_spam_checks, [EMAIL PROTECTED], \$bypass_spam_checks_re);
+
+1; # insure a defined return
+</programlisting>
+ <para>
+ Bouncing spam can be a bad idea as the return address is often
faked. Consider editing
+ <filename>/etc/amavis/conf.d/20-debian_defaults</filename> to set
<emphasis>$final_spam_destiny</emphasis> to D_DISCARD
+ rather than D_BOUNCE, as follows:
+ </para>
+<programlisting>
+$final_spam_destiny = D_DISCARD;
+</programlisting>
+ <para>
+ After configuration <application>Amavisd-new</application> needs
to be restarted:
+ </para>
+<screen>
+<command>sudo /etc/init.d/amavis restart</command>
+</screen>
+ </sect3>
+ <sect3 id="postfix-mail-filtering-configuration" status="review">
+ <title>Postfix</title>
+ <para>
+ For <application>Postfix</application> integration, enter the
following from a terminal prompt:
+ </para>
+<screen>
+<command>sudo postconf -e 'content_filter =
smtp-amavis:[127.0.0.1]:10024'</command>
+</screen>
+ <para>
+ Next edit <filename>/etc/postfix/master.cf</filename> and add the
following to the end of the file:
+ </para>
+<programlisting>
+smtp-amavis unix 2 smtp
+ -o smtp_data_done_timeout=1200
+ -o smtp_send_xforward_command=yes
+ -o disable_dns_lookups=yes
+ -o max_use=20
+
+127.0.0.1:10025 inet n smtpd
+ -o content_filter=
+ -o local_recipient_maps=
+ -o relay_recipient_maps=
+ -o smtpd_restriction_classes=
+ -o smtpd_delay_reject=no
+ -o smtpd_client_restrictions=permit_mynetworks,reject
+ -o smtpd_helo_restrictions=
+ -o smtpd_sender_restrictions=
+ -o smtpd_recipient_restrictions=permit_mynetworks,reject
+ -o smtpd_data_restrictions=reject_unauth_pipelining
+ -o smtpd_end_of_data_restrictions=
+ -o mynetworks=127.0.0.0/8
+ -o smtpd_error_sleep_time=0
+ -o smtpd_soft_error_limit=1001
+ -o smtpd_hard_error_limit=1000
+ -o smtpd_client_connection_count_limit=0
+ -o smtpd_client_connection_rate_limit=0
+ -o
receive_override_options=no_header_body_checks,no_unknown_recipient_checks
+</programlisting>
+ <para>
+ Also add the following two lines immediately below the
<emphasis>"pickup"</emphasis> transport service:
+ </para>
+<programlisting>
+ -o content_filter=
+ -o receive_override_options=no_header_body_checks
+</programlisting>
+ <para>
+ This will prevent messages that are generated to report on spam
from being classified as spam.
+ </para>
+ <para>
+ Now restart <application>Postfix</application>:
+ </para>
+<screen>
+<command>sudo /etc/init.d/postfix restart</command>
+</screen>
+ <para>
+ Content filtering with spam and virus detection is now enabled.
+ </para>
+ </sect3>
+ </sect2>
+ <sect2 id="mail-filter-testing" status="review">
+ <title>Testing</title>
+ <para>
+ First, test that the <application>Amavisd-new</application> SMTP is
listening:
+ </para>
+<programlisting>
+telnet localhost 10024
+Trying 127.0.0.1...
+Connected to localhost.
+Escape character is '^]'.
+220 [127.0.0.1] ESMTP amavisd-new service ready
+^]
+</programlisting>
+ <para>
+ In the Header of messages that go through the content filter you
should see:
+ </para>
+<programlisting>
+X-Spam-Level:
+X-Virus-Scanned: Debian amavisd-new at example.com
+X-Spam-Status: No, hits=-2.3 tagged_above=-1000.0 required=5.0 tests=AWL,
BAYES_00
+X-Spam-Level:
+</programlisting>
+ <note>
+ <para>
+ Your output will vary, but the important thing is that there are
<emphasis>X-Virus-Scanned</emphasis> and
+ <emphasis>X-Spam-Status</emphasis> entries.
+ </para>
+ </note>
+ </sect2>
+ <sect2 id="mail-filter-troubleshooting" status="review">
+ <title>Troubleshooting</title>
+ <para>
+ The best way to figure out why something is going wrong is to check
the log files.
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ For instructions on <application>Postfix</application> logging
see the
+ <xref linkend="postfix-troubleshooting"/> section.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <application>Amavisd-new</application> uses
<application>Syslog</application> to send messages to
+ <filename>/var/log/mail.log</filename>. The amount of detail
can be increased by adding the
+ <emphasis>$log_level</emphasis> option to
<filename>/etc/amavis/conf.d/50-user</filename>, and setting the value from 1
to 5.
+ </para>
+<programlisting>
+$log_level = 2;
+</programlisting>
+ <note>
+ <para>
+ When the <application>Amavisd-new</application> log output is
increased <application>Spamassassin</application> log ouput is also
+ increased.
+ </para>
+ </note>
+ </listitem>
+ <listitem>
+ <para>
+ The <application>ClamAV</application> log level can be increased
by editing <filename>/etc/clamav/clamd.conf</filename>
+ and setting the following option:
+ </para>
+<programlisting>
+LogVerbose true
+</programlisting>
+ <para>
+ By default <application>ClamAV</application> will send log
messages to <filename>/var/log/clamav/clamav.log</filename>.
+ </para>
+ </listitem>
+ </itemizedlist>
+ <note>
+ <para>
+ After changing an applications log settings remember to restart the
service for the new settings to take affect. Also,
+ once the issue you are troubleshooting is resolved it is a good idea
to change the log settings back to normal.
+ </para>
+ </note>
+ </sect2>
+ <sect2 id="mail-filter-references" status="review">
+ <title>References</title>
+ <para>
+ For more information on filtering mail see the following links:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ <ulink
url="http://www.ijs.si/software/amavisd/amavisd-new-docs.html";>Amavisd-new
Documentation</ulink>
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <ulink url="http://www.clamav.org/doc/latest/html/";>ClamAV
Documentation</ulink> and
+ <ulink url="http://wiki.clamav.net/Main/WebHome";>ClamAV
Wiki</ulink>
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <ulink url="http://wiki.apache.org/spamassassin/";>Spamassassin
Wiki</ulink>
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <ulink url="http://pyzor.sourceforge.net/";>Pyzor
Homepage</ulink>
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <ulink url="http://razor.sourceforge.net/";>Razor
Homepage</ulink>
+ </para>
+ </listitem>
+ </itemizedlist>
+ <para>
+ Also, feel free to ask questions in the
<emphasis>#ubuntu-server</emphasis> IRC channel on
+ <ulink url="http://freenode.net";>freenode</ulink>.
+ </para>
+ </sect2>
+ </sect1>
</chapter>
--
https://code.launchpad.net/~ubuntu-core-doc/ubuntu-doc/ubuntu-hardy
You are receiving this branch notification because you are subscribed to it.
To unsubscribe from this branch go to
https://code.launchpad.net/~ubuntu-core-doc/ubuntu-doc/ubuntu-hardy/+subscription/ubuntu-core-doc.
--
ubuntu-doc-commits mailing list
ubuntu-doc-commits@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-doc-commits
