spam-assassin sxs

Mon May 17 11:33:53 PDT 2004

sorry.. used the wrong file extension.

-- 
may the force, the farce and linux be with you.
See you in news://news.hkpcug.org and http://www.linux-sxs.org
-------------- next part --------------
<B>Configuration Procmail for SpamAssasin</B>

I would assumed you or your distribution installed
procmail and sendmail properly.

Fire up Perl's CPAN shell as per the README file in 
doc dinstall Mail::SpamAssassin

<pre>
# perl -MCPAN -e shell
cpan> o conf prerequisites_policy ask
cpan> install Mail::SpamAssassin
cpan> quit
</pre>

You may need to update your perl first. Just follow
the instructions and answer the questions with default
answer (press ENTER).

If everything went well, you should able to fire up
SpamAssassin. Let's check it's online help.

# spamassassin -h
# man spamassassin

By default (for my Caldear Openlinux 3.1), the config file
for SpamAssassin is /etc/mail/spamassassin/local.cf. But
you can always overide this with 

# spamassassin -a /path/to/local.cf

How does SpamAssassin work? When it was passed a message
from the stdin, it would make a call to a remote site
which contains a list called Realtime Black List (RBL)
with the sender's email address in the message. If the
sender's email address was in the RBL, it would add a 
RFC822 modifier to the message "X-Spam-Status:" and set
it to "Yes".

Now that the spamming messages was tagged, you can use
procmail or whatever mail processor  to remove it easily.

create /etc/procmailrc:

# you need a file ~/.forward with the following line:
# "|exec /usr/bin/procmail"
# user-specific procmailrc is ~/.procmailrc
#
# to run procmail for all users
# 1. create /etc/procmailrc
# 2. touch /var/log/procmail
# 3. chmod 666 /var/log/procmail
# 4. make sure that /var/log/junkmail is created 
#
# rferences:
# http://www.pegasus.rutgers.edu/~elflord/unix/procmail.html
# the link features a simplified how-to of Nanay, plus a link
# to grep tutorial
#
# Next may be needed if you invoke programs from your procmailrc
# Details in Check Your $SHELL and $PATH in Troubleshooting below
#
PATH="/usr/local/bin:/usr/bin:/usr/local/sbin:/bin:/sbin:/usr/sbin"
SHELL=/bin/sh

# Directory for storing procmail configuration and log files
# You can name the environment variable MDIR anything you like
# or, if you prefer, don't set it (but then don't refer to it!)
PMDIR=/tmp

# Put ## before LOGFILE if you want no logging (not recommended)
LOGFILE=/var/log/procmail
LOCKFILE=/tmp/procmail

# To insert a blank line between each message's log entry, 
# uncomment next two lines (this is helpful for debugging)
LOG="
"

# Set to yes when debugging
VERBOSE=no
# Remove ## when debugging; set to no if you want minimal logging
## LOGABSTRACT=all 

JUNKMAIL=/var/mail/nobody
NULL=/dev/null

# simplest rule for testing
:0
* ^Subject:.*test
{
	LOG="test: "
	:0
	$JUNKMAIL
}

# if you want to use your own conf file
# -c /etc/mail/spamassassin/local.cf
:0fw
| /usr/bin/spamassassin -P
:0
* ^X-Spam-Status: Yes
$JUNKMAIL

### general rules that indicated spam
:0
* ^X-Advertisement:
$JUNKMAIL

:0
* ^X-Advertisment:
$JUNKMAIL

:0
* ^From:.*(advertising|sales|offers|promotion|reply|request|theuseful)
$JUNKMAIL

:0
* ^Subject.*(\|<\pornography\>)
$JUNKMAIL

:0 B
* ^.*(\|<\pornography\>)
$JUNKMAIL

:0
* ^Message-ID: <>
$JUNKMAIL

# Mass mailing, no "To:"
:0
* !^To:
$JUNKMAIL

:0
* !^From:
$JUNKMAIL

:0
* !^Subject:
$JUNKMAIL

:0
* ^Received: from --- unknown host ---
$JUNKMAIL

:0
* ^X-Mailer: RM-Super
* REMOVELIST:
$JUNKMAIL

# hosts that I didn't have accounts
:0
* ^To:.*@(mail-response|msn|aol|public|hotmail|webavenues|netcom|ix.netcom)\.com
* !^(To|Cc):.*(koos|kh)@
$JUNKMAIL

:0
* ^To:.*@(mts|usa)\.net
* !^(To|Cc):.*(koos|kh)@
$JUNKMAIL

### spam relay
:0
* ^Received: from .*(mail.mymail.net|tsf-industries|spamrelay|flash.net|freemanchester.com|ultramax.net)
$JUNKMAIL

# Catch purely numeric addresses
# ditto
:0
* ^From:.*( |<)[0-9]+@
$JUNKMAIL

# Bogus Pegasus header
#ditto
:0
* ^Comment: Authenticated sender is
* ! ^X-Mailer: Pegasus
$JUNKMAIL

# Bad message ids
# ditto
:0
* ^Message-Id:.*<[^@]*>
$JUNKMAIL

# "Our research indicates" crap
# ditto
:0 B
* (our|my) research indicates
$JUNKMAIL

# Multi-level marketing scams
# throw these away
:0 B
* multi(-| )?level marketing
$JUNKMAIL

# 2 dollar signs in the subject
# review these later
:0
* ^Subject:.*(\$\$)
$JUNKMAIL

# SirCam
:0 B
* > 100000
* mDmcOaA5pDmoOaw5sDnAOeA56DnsOfA59Dn4Ofw5ADoEOgg6HDo8OkQ6SD
{
        LOG="SirCam "
        :0
	$JUNKMAIL
}

# our own spam rules need to use formail to chop the message into parts
FORMAIL=/usr/bin/formail
# Grab the To: and From: headers
To=`$FORMAIL -zx To:`
CC=`$FORMAIL -zx Cc:`
FROM=`$FORMAIL -zX From: | $FORMAIL -zrx To:`

# Catch mail with no To: and no Cc:
:0
* TO??^S
* CC??^$
$JUNKMAIL

# check every email that comes in against the msgid.cache file
# and if it is a duplicate, through it out.
# if it's not, add the message id to the cache file
# also, keep the cache file limited to 16k
# :0 Wh $LOCKFILE/msgid.lock
#| $FORMAIL -D 16384 $LOCKFILE/msgid.cache
## this rule only gets run if the immeditately prceding rule is true
#:0 a
#$JUNKMAIL

# filter dangerous attachments
# if you send us email with an attachment of type
# 'exe,vbs,shs,com,pif,bat,src' it gets trashed and sender get a notice
:0 HB
* !^FROM_DAEMON
* !^X-Loop: foo\@bar\.com
* ^Content-Disposition: attachment;
*filename=".*\.(exe|vbs|shs|com|pif|bat|src)"
| ( \
$FORMAIL -r \
-A 'From: "Douglas J. Hunley" <doug at hunley.homeip.net>' \
-i "Subject: Your message (Auto-Reply)" \
-A "X-Loop: foo at bar.com" ; \
echo "Your message contained some form of M$ Window$ executable " \
&& " and was automatically deleted (unread). " \
) \
| /usr/sbin/sendmail -oi -t
:0 a:
$JUNKMAIL

# Fix subjects so they don't have all those 'Re: re: RE:'
# and 'Fwd: Fw: Fwd:' things in them cause it's damn annoying 
# to not be able to see the real subject
# SUBJECT=`$FORMAIL -xSubject: |/bin/sed s/.R\[eE\]://g`
# :0fhw
# |$FORMAIL -I"Subject: $SUBJECT"

/var/mail/toylet