Complete Virtual Mail Server/Distributed and Collaborative Networks
From Gentoo Linux Wiki
Please format this article according to the guidelines and Wikification suggestions, then remove this notice {{Wikify}} from the article
|
|
|
Getting Started Basic Mail Setup Enhanced Mail Services
Anti-Spam Configuration
Anti-Virus Configuration Log Analyzer Wrapping it Up |
| edit |
[edit] Distributed and Collaborative Networks
As we are trying to setup a pretty secure mail server here, no solution would be complete without offering connections to the various anti-spam networks that are available out there. Of course, as this is an open source solution, we will not be connecting to the fee-based services. If you really want them, you can go find those on your own.
[edit] Razor2, Pyzor and DCC
These are all very straight forward to install, so we are going to do this as one big hurrah. We will emerge all of the packages, set a few configuration settings a quick test and we are done.
Before we install and test, we will need to poke a few holes in the firewall if you are running one. This is to allow the network checks to communicate with the servers as well as supporting Razor which pings the servers to find out which is closest. You will need to open the following ports:
Application Protocol Port DCC UDP 6277 Razor TCP 7 Razor TCP 2703
We can now emerge the packages we will need.
| Code: emerging Packages |
# emerge dcc razor pyzor |
Of course after saying how easy it was, I then ran into a problem with emerging dcc due to jpeg-6b-r5 failing to compile. To overcome this, I had to re-emerge my libtool (to 1.5.18-r1) and then everything compiled as expected.
Next we will create the configuration file for razor using the razor-admin utility. We will not be going in and editing the config, but instead will use the default settings provided.
Code Listing 2.12: Creating the required configuration files
| Code: Creating Config Files |
# razor-admin -create |
The final step is to let spamassassin know that it should be using all of the network checks available to it. These changes are made in the /etc/mail/spamassassin/local.cf file.
| Code: /etc/mail/spamassassin/local.cf |
# nano /etc/mail/spamassassin/local.cf # This is the right place to customize your installation of SpamAssassin. # # See 'perldoc Mail::SpamAssassin::Conf' for details of what can be # tweaked. # ########################################################################### # #Enable network checks use_razor2 1 use_dcc 1 use_pyzor 1 |
Also edit /etc/mail/spamassassin/<current spammassassin version>.pre and if desired re-enable DCC and Razor2.
| Code: /etc/mail/spamassassin/v310.pre |
# nano /etc/mail/spamassassin/v310.pre # DCC - perform DCC message checks. # # DCC is disabled here because it is not open source. See the DCC # license for more details. # loadplugin Mail::SpamAssassin::Plugin::DCC # Razor2 - perform Razor2 message checks. # # Razor2 is disabled here because it is not available for unlimited free # use. It is currently free for personal use, subject to capacity # constraints. See the Cloudmark SpamNet Service Policy for more details. # loadplugin Mail::SpamAssassin::Plugin::Razor2 |
[edit] Testing
The easiest way to test this is all working is to run-up spamassassin in debug mode. You will get a mitt-full of debug messages of which many will be telling you the availability of DCC, Razor and Pyzor. Scroll back through the output to look for the messages indicated below that indicate these elements are up and running:
| Code: Testing Networks |
# spamassassin -D --lint ... debug: Razor2 is available debug: Pyzor is available: /usr/bin/pyzor debug: DCC is available: /usr/bin/dccproc ... |
[edit] Some Extra Rules
One last thing before we finally move on from spamassassin. There are additional rules provided by the SARE Ninjas at the SpamAssassin Rules Emporium you can easily add and update them using mail-filter/spamassassin-ruledujour:
| Code: Getting rulesdujour |
# emerge spamassassin-ruledujour |
spamassassin-ruledujour was removed from portage. Use sa-update instead it --Quadrik 17:46, 29 January 2008 (UTC)
With it installed, we now need to edit the config file to tell it that it should be restarting amavisd and not spamd. Of course this change goes just below the line that says #do NOT change anything below this line … don’t worry about it, the change is safe. Code Listing 4.2: Modifying /etc/rulesdujour/config
| Code: /etc/rulesdujour/config |
#nano /etc/rulesdujour/config # do NOT change anything below this point TAIL="tail -n1" HEAD="head -n1" SA_RESTART="/etc/init.d/amavisd restart" # read in extra rulesets [ -s /etc/rulesdujour/rulesets ] && source /etc/rulesdujour/rulesets |
Finally, the last thing we need to do is setup a cron job to run the rules_du_jour script each night so that we have the latest and greatest. Portage will tell you to chmod +x /etc/cron.daily/rulesdujour if you want to have it run daily. It isn't known wether this is a good idea since the servers will be pretty slammed by all gentoo users. Optionally you can run this manually if you want, however I decided to setup a cron job.
| Code: cron Update |
#crontab -u amavis -e # Get latest SpamAssassin rules. Runs at 4:28AM every day. 28 4 * * * /var/lib/spamassassin/rules_du_jour crontab: installing new crontab |
/* Thinking about it, all gentoo users should run it as cron.daily. There's 24 hrs in a day, what, 24 timezones? If everybody runs it in the same hour, but in their timezone, this itself should distribute the load somewhat over the 24 zones. */
Because cronjob is being run by amavis, need to ensure amavis and write to /etc/mail/spamassassin directory. I will change owner of this directory so amavis can write in it.
| Code: Granting Access |
#chown -R amavis:amavis /etc/mail/spamassassin |
It is recommended that you clean out the rulesets in /etc/mail/spamassassin occasionally to ensure you are not using old rulesets.
