Air's Blog
How to integrite SpamAssassin software to Messaging Server
#
# This is a technical memo.
# It will show you how to configure SpamAssassin spam software on
# Messaging Server.
#
# Author: Air Zhang
# Date: 4/3/2007
# Version: 1.0
#
#The following will show you how to install the SpamAssassin on
#your server.
<Installation of SpamAssassin>
At the first step, you need to download and install the SpamAssassin software
on your server. It can be downloaded from the homepage http://spamassassin.apache.org/.
The current version of it is: 3.8.1.
While the downloading completes, you should unpack it and check the INSTALL file
to find out how to install it. The following is an installation example on Solaris 9.
The best way to install it is to use perl, because you do not need to consider the
difference of the OS. Downloading the latest version of perl is recommanded.
And to install SpamAssassin, a lot of tools need to be installed at first.
The following is the tools I downloaded from the freeware website. http://sunfreeware.com/
bash-2.05# pwd
/data/tools/freeware
bash-2.05# ls -l
total 429190
-rw-r--r-- 1 root other 152377856 Apr 3 12:00 gcc-3.4.6-sol9-sparc-local
-rw-r--r-- 1 root other 2777600 Apr 3 11:59 libiconv-1.11-sol9-sparc-local
drwxr-xr-x 2 root other 512 Apr 3 09:29 lsof
-rw-r--r-- 1 root other 2760704 Apr 3 09:27 lynx-2.8.5-sol9-sparc-local
drwxr-xr-x 2 root other 512 Apr 3 09:29 make
-rw-r--r-- 1 root other 1409536 Apr 3 09:33 ncftp-3.1.9-sol9-sparc-local
-rw-r--r-- 1 root other 13451264 Apr 3 09:30 ncurses-5.6-sol9-sparc-local
drwxr-xr-x 2 root other 512 Apr 3 09:29 nmap
-rw-r--r-- 1 root other 45102080 Apr 3 09:47 perl-5.8.7-sol9-sparc-local
-rw-r--r-- 1 root other 1508864 Apr 3 09:32 wget-1.10.2-sol9-sparc-local
lsof and nmap are not necessary.
All of these tools can be installed using pkgadd -d <pkgname>.
For example, pkgadd -d perl-5.8.7-sol9-sparc-local
After all of these tools are installed, you can install SpamAssassin as following.
1. Because the installer will download some files from outside ftp server, you need
to set the ftp_proxy enviroment variable at first.
eg) export ftp_proxy=webcache.central.sun.com:8080
2. bash-2.05# perl -MCPAN -e shell [as root]
...
cpan> o conf prerequisites_policy ask
cpan> install Mail::SpamAssassin
...
cpan>quit
3. Because SpamAssassin depends on a couple of modules, so you should install these
modules at first. If you do not know which module needs to be installed at first,
you can run install Mail::SpamAssassin as step 2 mentioned, then you can check the
output, the madatory modules will report "Error", whilist the optional modules will
report "Notice". Then you can install the madatory module one by one to clear the
errors. eg) cpan> install Digital::Sha1
4. Then the SpamAssassin can be installed properly.
By default it is installed under /user/local.
eg) bash-2.05# which spamd
/usr/local/bin/spamd
5. Then you can start the spamd by typing "spamd -d", please check the listen socket.
By default, it is 783.
#The following will show you how to integrite the SpamAssassin to
#Messaging Server.
<Integrite it into Messaging Server>
Messaging Server supports SpamAssassin software, the configuration is easy.
Here is an example to set user-level spam filter.
1. You need to edit the SpamAssassin option file
Here is an example.
--------------
host=127.0.0.1
port=783
mode=0
verdict=spam
debug=1
--------------
2. Then you need to config the option.dat, add the following lines:
!SpammAsassin
LDAP_OPTIN1=mailAntiUBEService
spamfilter1_config_file=/opt/SUNWmsgsr/config/spamassassin.opt
spamfilter1_library=/opt/SUNWmsgsr/lib/libspamass.so
spamfilter1_optional=1
spamfilter1_string_action=data:,require ["addheader"];addtag "[SPAM detected $U]";addheader "Spamscore: $U";
Note: The number behind the LDAP_OPTIN must match the "X" in the spamfilterX_... parameters.
eg) if you set LDAP_OPTIN1, then the spamfilterX_... parameters should be set as spamfilter1_...
But there is an exception, the LDAP_OPTIN without number can match the spamfilter1... and spamfilter...
So the above configuration is same with the following.
!SpammAsassin
LDAP_OPTIN=mailAntiUBEService
spamfilter1_config_file=/opt/SUNWmsgsr/config/spamassassin.opt
spamfilter1_library=/opt/SUNWmsgsr/lib/libspamass.so
spamfilter1_optional=1
spamfilter1_string_action=data:,require ["addheader"];addtag "[SPAM detected $U]";addheader "Spamscore: $U";
Both of them can work as expected.
But if you set LDAP_OPTIN2=mailAntiUBEService, and spamfilter1_..., when you send
mail to the user, SMTP error of failed to determine the filter will be displayed.
3. In order to let MTA do the spam filter at user level, you need to
add the value of LDAP_OPTIN<number> in option.dat to user ldif entry.
eg)
mailAntiUBEService: spam
4. Run ./imsimta cnbuild;./imsimta restart to let the setting take effect.
If the configuration is correct, you can test by sending a spam mail to the user who
set the mailAntiUBEService attribute. You can find a sample spam mail from the SpamAssassin
software, which name is sample-spam.txt.
And you can also check the tcp slave log to confirm whether the filter works well.
--------------
bash-2.05# tail tcp_local_slave.log-0JFW00A06QGZQG00
13:41:23.50: Reading SpamAssassin status
13:41:23.59: Status line: SPAMD/1.1 0 EX_OK
13:41:23.59: Reading SpamAssassin result
13:41:23.59: Result line: Spam: True ; 1000.6 / 5.0
13:41:23.59: Verdict line: Spam-Test: True ; 1000.6 / 5.0
13:41:23.59: Closing connection to SpamAssassin
13:41:23.59: Mode 0 verdict of spam
13:41:23.59: Mode 0 verdict of spam
13:41:23.59: Recipient for current verdict demo1-AT-prc.sun-DOT-com
13:41:23.63: Freeing SpamAssassin message context
--------------
If you want to set the channel level filter, you need to add "destinationspamfilter1optin spam"
to the channel you want to use spam filter. Please note, the number "1" in the destinationspamfilter1optin
must match the number of spamfilterX parameters in the option.dat.
eg) imta.cnf
!
! ims-ms
ims-ms defragment subdirs 20 multiple notices 1 7 14 21 28 backoff "pt5m" "pt10m" "pt30m" "pt1h" "pt2h" "pt4h"
maxjobs 2 pool IMS_POOL fileinto $U+$S@$D destinationspamfilter1optin spam
ims-ms-daemon
#How to use other attribute in the LDAP_OPTIN paramters.
<Extend the schema>
In the Messaging Server admin guide, schema guide and refercece guide, the
description of the value of LDAP_OPTIN is inconsistent. By default, there
is one attribute you can use: mailAntiUBEService, it is included in the schema
by default.
--------------
bash-2.05# pwd
/opt/DSServers/slapd-b2500/config/schema
bash-2.05# grep mailAntiUBEService *.ldif
56ims-schema.ldif:attributeTypes: ( mailantiubeservice-oid NAME ( 'mailAntiUBEService' ) DESC 'Sun ONE Messaging Server
defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Sun ONE Messaging Server' )
56ims-schema.ldif:objectclasses: ( 2.16.840.1.113730.3.2.151 NAME 'mailDomain' DESC 'auxiliary class for a messaging ser
ver hosted domain' SUP top AUXILIARY MAY ( mailRoutingHosts $ mailRoutingSmartHost $ preferredMailHost $ preferredMailMe
ssageStore $ mailAccessProxyReplay $ mailDomainAllowedServiceAccess $ mailDomainWelcomeMessage $ mailDomainDiskQuota $ m
ailDomainMsgQuota $ mailClientAttachmentQuota $ mailQuota $ mailAccessProxyPreAuth $ mailDomainStatus $ preferredLanguag
e $ mailDomainReportAddress $ mailDomainMsgMaxBlocks $ mailDomainSieveRuleSource $ mailDomainConversionTag $ mailDomainC
atchAllAddress $ mailAntiUBEService $ mailFolderDefaultAcl ) X-ORIGIN 'Sun ONE Messaging Server' )
56ims-schema.ldif:objectclasses: ( 2.16.840.1.113730.3.2.146 NAME 'inetMailUser' DESC 'auxiliary class for a messaging s
erver user' SUP top AUXILIARY MUST ( ) MAY ( mailAutoReplyTimeout $ mailAutoReplySubject $ mailAutoReplyText $ mailAutoR
eplyTextInternal $ mailAutoReplyMode $ mailDeliveryOption $ mailForwardingAddress $ mailMessageStore $ mailProgramDelive
ryInfo $ mailQuota $ mailMsgQuota $ mailSieveRuleSource $ mailSMTPSubmitChannel $ nswmExtendedUserPrefs $ mailAllowedSer
viceAccess $ mailUserStatus $ cn $ dataSource $ mailEquivalentAddress $ mailMsgMaxBlocks $ mailConversionTag $ mailDefer
Processing $ mailAntiUBEService $ mailFolderDefaultAcl $ aclGroupAddr $ mailParentalControl $ mailSieveRuleRef $ SpamAss
assin ) X-ORIGIN 'Sun ONE Messaging Server' )
bash-2.05#
--------------
As you can see, the mailAntiUBEService attribute is defined in the 56ims-schema.ldif,
and it is a optinal attribute of inetMailUser objectclass.
So if you want to use other attribute name, you need to add one new attribute like
mailAntiUBEService. It must belong to inetMailUser objectclass.
Because the inetMailUser is not user defined object class, you can not change it via
Directory Server admin console. You need to edit the 56ims-schema.ldif manually, and
restart the Directory Server instance to take effect.
eg)
bash-2.05# grep SpamAssassin *.ldif
56ims-schema.ldif:attributeTypes: ( SpamAssassin-oid NAME ( 'SpamAssassin' ) DESC 'Sun ONE Messaging Server defined attr
ibute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Sun ONE Messaging Server' )
56ims-schema.ldif:objectclasses: ( 2.16.840.1.113730.3.2.146 NAME 'inetMailUser' DESC 'auxiliary class for a messaging s
erver user' SUP top AUXILIARY MUST ( ) MAY ( mailAutoReplyTimeout $ mailAutoReplySubject $ mailAutoReplyText $ mailAutoR
eplyTextInternal $ mailAutoReplyMode $ mailDeliveryOption $ mailForwardingAddress $ mailMessageStore $ mailProgramDelive
ryInfo $ mailQuota $ mailMsgQuota $ mailSieveRuleSource $ mailSMTPSubmitChannel $ nswmExtendedUserPrefs $ mailAllowedSer
viceAccess $ mailUserStatus $ cn $ dataSource $ mailEquivalentAddress $ mailMsgMaxBlocks $ mailConversionTag $ mailDefer
Processing $ mailAntiUBEService $ mailFolderDefaultAcl $ aclGroupAddr $ mailParentalControl $ mailSieveRuleRef $ SpamAss
assin ) X-ORIGIN 'Sun ONE Messaging Server' )
Then you can set the LDAP_OPTIN as LDAP_OPTIN=SpamAssassin, and add this attribute
to the user ldap entry.
eg) SpamAssassin: spam
end.
Posted at 05:51下午 四月 03, 2007 by Lei Air Zhang in Technical | 评论[0]