|
In the never ending fight against Spam there are a few programs that
can help. This how-to is here to work with my how-to's on SpamAssassin.
It tells you how to add on more features to SpamAssassin to help block
spam.
Name: Rules Du Jour
HomePage: http://www.rulesemporium.com/
Function:
RulesDuJour is a bash script intended to automatically download new
versions of SpamAssassin rulesets as the authors release new versions.
Name: DCC (Distributed Checksum Clearinghouse)
HomePage: http://www.rhyolite.com/anti-spam/dcc/
Function: Distributed Checksum Clearinghouse is an anti-spam content filter.
Name: Razor
HomePage: http://razor.sourceforge.net/
Function: Vipul's Razor is a distributed, collaborative, spam detection and filtering network.
Name: Pyzor
HomePage: http://pyzor.sourceforge.net/
Function: Pyzor is a collaborative, networked system to detect and block spam using identifying digests of messages.
click here to setup Rules Du Jour
click here to go to DCC
click here to install Razor
click here to configure Pyzor
click here to read Information on checksumming image spam
click here to read Information on DCC License
click here to read Information on the Razor License Rules Du Jour
1. Firstly make sure you have SpamAssassin setup and working with one of the following how-to's
http://www.opensourcehowto.org/how-to/postfix/postfix-spamassassin-procmail...squirrelmail.html
http://www.opensourcehowto.org/how-to/procmail/winbind...spamassassin...dovecot.html
2. Now lets get Rules Du Jour updating everyday and working with SpamAssassin.
3. Download the Rules Du Jour script
http://sandgnat.com/rdj/rules_du_jour
4. put it in /usr/local/bin
cp rules_du_jour /usr/local/bin/
5. Make the Rules Du Jour directory.
mkdir /etc/rulesdujour
6. Create the Rules Du Jour configuration file at /etc/rulesdujour/config
nano /etc/rulesdujour/config config:
SA_DIR="/etc/mail/spamassassin"
MAIL_ADDRESS="
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
This email address is being protected from spam bots, you need Javascript enabled to view it "
SA_RESTART="killall -HUP spamd"
TRUSTED_RULESETS="SARE_ADULT SARE_BAYES_POISON_NXM SARE_BML
SARE_BML_PRE25X SARE_CODING SARE_FRAUD SARE_FRAUD_PRE25X SARE_HEADER
SARE_OEM SARE_RANDOM SARE_SPECIFIC SARE_SPOOF SARE_EVILNUMBERS
SARE_GENLSUBJ SARE_HIGHRISK SARE_HTML SARE_OBFU SARE_REDIRECT
SARE_SPAMCOP_TOP200 SARE_STOCKS SARE_UNSUB SARE_URI SARE_WHITELIST"
|
7. Now set cron to run the script when ever you want
crontab -e
28 4 * * * /usr/local/bin/rules_du_jour
8. There are a list of the rules that can be used and a brief explaination here, just add them in the /etc/rulesdujour/config file after the TRUSTED_RULESETS="RULES" and leave a space between each one.
http://www.psoft.net/HSdocumentation/sysadmin/rulesdujour.html
9. Now run the script for the first time.
/usr/local/bin/rules_du_jour
10. Once you have sorted that out just restart SpamAssassin
/etc/init.d/spamassassin restart
11. You'll notice all new files in your /etc/mail/spamassassin folder ending in .cf SpamAssassin uses all files in that folder ending in .cf as it's configuration files.
DCC
1. Now it's time to setup dcc (Distributed Checksum Clearinghouse) & Spamassassin
2. download the source from
http://www.rhyolite.com/anti-spam/dcc/
or directly from
http://www.rhyolite.com/anti-spam/dcc/source/dcc.tar.Z
3. Next we unzip it
tar -zxvf dcc.tar.Z
4. Now we install it
./configure
make
make install
5. Once it has installed change the local.cf configuration file
nano /etc/mail/spamassassin/local.cf local.cf:
dcc_path /usr/local/bin/dccproc
dcc_body_max 999999
dcc_timeout 10
dcc_fuz1_max 999999
dcc_fuz2_max 999999
|
6. Once everything is done restart SpamAssassin
/etc/init.d/spamassassin restart
7. Now lets setup the start init file for dcc and set it to start on boot
download the script from here
cp dcc.txt /etc/init.d/dcc
chmod +x /etc/init.d/dcc
chkconfig --add dcc
chkconfig dcc on
/etc/init.d/dcc start
8. edit the /var/dcc/dcc_conf file
nano /var/dcc/dcc_conf Find the line that reads: dcc_conf:
and change it to:
dcc_conf:
9. Lets link the cron job to the /usr/bin directory
ln -s /var/dcc/libexec/cron-dccd /usr/bin/cron-dccd
10. Now, we’ll tell cron to run it every morning, at 5:00 am:
crontab -e
0 5 * * * /usr/bin/cron-dccd
11. comming soon ...
Razor
1. Now it's time to setup Razor & Spamassassin, We need to make sure we have the right perl modules installed.
perl -MCPAN -e "install Time::HiRes"
perl -MCPAN -e "install Digest::SHA1"
perl -MCPAN -e "install MIME::Base64"
perl -MCPAN -e "install Test::Simple"
perl -MCPAN -e "install Test::Harness"
perl -MCPAN -e "install Getopt::Long"
perl -MCPAN -e "install File::Copy"
perl -MCPAN -e "install URI::Escape"
2. Firstly we need to download the sdk source from
http://razor.sourceforge.net/
3. Next we need to unzip it
bunzip2 razor-agents-sdk-2.07.tar.bz2
tar -xvf razor-agents-sdk-2.07.tar
4. Now we need to install it
cd razor-agents-sdk-2.07
perl Makefile.PL
make
make test
make install
5. Now it's time to install razor, Download it the source from from
http://razor.sourceforge.net/
6. Now we need to unzip it
bunzip2 razor-agents-2.81.tar.bz2
tar -xvf razor-agents-2.81.tar
7. Now we need to install it
cd razor-agents-2.07
perl Makefile.PL
make
make test
make install
8. Next make a razor user
useradd -d /bin/null -s /bin/bash razor
9. now change into the razor user and
su razor
razor-admin -create
exit
10. Register your Razor install with the Razor servers. Replace the address with your admin’s e-mail address:
razor-admin -register -user=
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
This email address is being protected from spam bots, you need Javascript enabled to view it
11. comming soon ...
xx. To check that Razor is being used with SpamAssassin run this command.
spamassassin -t -D < /tmp/spam
xx. After that has run it's course check the /tmp/spam file for the following information
debug: Razor is available
debug: Razor Agents 1.20, protocol version 2.
debug: Read server list from /home/jgb/.razor.lst
debug: 72636 seconds before closest server discovery
debug: Closest server is 209.204.62.150
debug: Connecting to 209.204.62.150...
debug: Connection established
debug: Signature: 48e74b8496877ba45072b201b41eebed7038186b
debug: Server version: 1.11, protocol version 2
debug: Server response: Negative
48e74b8496877ba45072b201b41eebed7038186b
debug: Message 1 NOT found in the catalogue.
Pyzor
1. Now it's time to setup Pyzor & Spamassassin, Firstly make sure you have python installed
2. Firstly we Need to download the sdk source from
http://pyzor.sourceforge.net/
3. Now we need to unzip it
bunzip2 pyzor-0.4.0.tar.bz2
tar -xvf pyzor-0.4.0.tar
4. Now we need to install it
cd pyzor-0.4.0
python setup.py build
python setup.py install
5. The install may mess up some of the permissions. We can fix it by issuing this command:
chmod -R a+rx /usr/share/doc/pyzor
chmod -R a+rx /usr/lib/python2.3/site-packages/pyzor
chmod -R a+rx /usr/bin/pyzor
chmod -R a+rx /usr/bin/pyzord
6. The gdbm module is required for Pyzor’s operation as well. You can check if it’s installed by running:
python -c 'import gdbm' && echo 'gdbm found'
7. If you get a “gdbm found”, you’re all set. If not, run:
yum install gdbm
8. We’ll now tell Pyzor to find the Pyzor server(s):
pyzor discover
9. comming soon ...
Information on checksumming image spam
http://www.nytimes.com/2006/05/21/business/yourmoney/21spam.html
Matt Sergeant (of MessageLabs, and one of the early SpamAssassin
committers too!) is interviewed about spam, with a bit of relevance
regarding image checksumming (which we've been talking about recently):
The spammers were trying to circumvent the world's junk-mail filters by
embedding their messages -- whether peddling something called China
Digital Media for $1.71 a share, or a "Hot Pick!" company called GroFeed
for just 10 cents -- into images.
It worked, but only briefly. Antispam developers at MessageLabs, one of
several companies that essentially reroute their clients' e-mail traffic
through proprietary spam-scrubbing servers before delivering it, quickly
developed a "checksum," or fingerprint, for the images, and created a
filter to block them. [...]
Shortly after MessageLabs created a filter to catch the stock spams, the
images they contained changed again.
They were now arriving with what looked to the naked eye like a gray
border. Zooming in, however, the MessageLabs team discovered that the
border was made up of thousands of randomly ordered dots. Indeed, every
message in that particular spam campaign was generated with a new image
of the border -- each with its own random array of dots. [...]
"We actually developed some technology to detect borders in images and
figure out the entropy -- that is, to figure out if the border was
random," Mr. Sergeant said. "So that was fine." Of course, shortly
afterward, "they decided to stop using the borders," he added.
From there, the senders began placing a small number of barely
perceptible and, again, randomly placed dots -- a pink one here, a blue
one there, a green one near the bottom -- throughout the images. Then
they shifted to multiple images, with words spelled partially in plain
text and partially as images, so that the content, when viewed on a
common e-mail reader like Outlook or AOL, would look like an ordinary
message.
Information on DCC license
http://www.rhyolite.com/anti-spam/dcc/
The Distributed Checksum Clearinghouse source carries a license that is
free to organizations that do not sell filtering devices or services
except to their own users and that participate in the global DCC network.
(I.e. ISPs that use the DCC to filter mail for their own users are
intended to be covered in the free license.) You also can't call it your
own or blame anyone for using it.
Information the Razor License
http://sourceforge.net/mailarchive/forum.php?thread_id=10079360&forum_id=4258
Folks,
I am pleased to announce that with the release of razor-agents
2.81[1] a new service policy has been introduced, that makes the
use of Razor2 service completely open and free. A license
introduced in 2003 restricted usage by third party integrators,
but the new license unencumbers all usage, commercial or
otherwise.
My company, Cloudmark, hosts and manages the backend
infrastructure that Razor2 agents use for reporting spam and
checking fingerprints. Cloudmark retains the right to deny
service to anyone abusing the backend, but will not, under
normal circumstances, restrict usage in any way.
Share and Enjoy!
vipul
BookMarking:
cell1
|
|
cell3 |
|
cell4
|
|
Trouble Shooting:
Go to the wiki page
Go to the 'Contact Us ' Forum
Go to the how-to's Support Forum
External Links:
http://www.rhyolite.com/anti-spam/dcc/
http://pyzor.sourceforge.net/
http://razor.sourceforge.net/
http://www.exit0.us/index.php?pagename=RulesDuJour
http://www.psoft.net/HSdocumentation/sysadmin/rulesdujour.html
http://wiki.apache.org/spamassassin/CustomRulesets
http://www.freespamfilter.org/FC4.html
http://opensourceheaven.net/?page_id=98 |
