Search:  
Gentoo Wiki

Complete_Virtual_Mail_Server/Distributed_and_Collaborative_Networks


Please format this article according to the guidelines and Wikification suggestions, then remove this notice {{Wikify}} from the article


Complete Virtual Mail Server


Getting Started


Basic Mail Setup


Enhanced Mail Services


Anti-Spam Configuration


Anti-Virus Configuration


Log Analyzer


Wrapping it Up

edit

Distributed and Collaborative Networks

As we are trying to setup a pretty secure mail server here, no solution would be complete without offering connections to the various anti-spam networks that are available out there. Of course, as this is an open source solution, we will not be connecting to the fee-based services. If you really want them, you can go find those on your own.


Razor2, Pyzor and DCC

These are all very straight forward to install, so we are going to do this as one big hurrah. We will emerge all of the packages, set a few configuration settings a quick test and we are done.

Before we install and test, we will need to poke a few holes in the firewall if you are running one. This is to allow the network checks to communicate with the servers as well as supporting Razor which pings the servers to find out which is closest. You will need to open the following ports:

	  Application		Protocol	Port
	     DCC		   UDP		6277
	     Razor		   TCP		7
	     Razor		   TCP          2703

We can now emerge the packages we will need.

Warning: Warning! Razor isn't entirly free and is disabled per default when installed. This all because of their licensing. DCC isn't open source and therefore disabled by default. The source IS available however. Decide for yourself wether you really need their protection or boycott them.


Code: emerging Packages
 
# emerge dcc razor pyzor
  

Of course after saying how easy it was, I then ran into a problem with emerging dcc due to jpeg-6b-r5 failing to compile. To overcome this, I had to re-emerge my libtool (to 1.5.18-r1) and then everything compiled as expected.

Next we will create the configuration file for razor using the razor-admin utility. We will not be going in and editing the config, but instead will use the default settings provided.

Code Listing 2.12: Creating the required configuration files


Code: Creating Config Files
 
# razor-admin -create
  

The final step is to let spamassassin know that it should be using all of the network checks available to it. These changes are made in the /etc/mail/spamassassin/local.cf file.


Code: /etc/mail/spamassassin/local.cf
 
# nano /etc/mail/spamassassin/local.cf

# This is the right place to customize your installation of SpamAssassin.
#
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
#
###########################################################################
#

#Enable network checks
use_razor2              1
use_dcc                 1
use_pyzor               1
  

Also edit /etc/mail/spamassassin/<current spammassassin version>.pre and if desired re-enable DCC and Razor2.

Code: /etc/mail/spamassassin/v310.pre
 

# nano /etc/mail/spamassassin/v310.pre
# DCC - perform DCC message checks.
#
# DCC is disabled here because it is not open source.  See the DCC
# license for more details.
#
loadplugin Mail::SpamAssassin::Plugin::DCC

# Razor2 - perform Razor2 message checks.
#
# Razor2 is disabled here because it is not available for unlimited free
# use.  It is currently free for personal use, subject to capacity
# constraints.  See the Cloudmark SpamNet Service Policy for more details.
#
loadplugin Mail::SpamAssassin::Plugin::Razor2

 

Testing

The easiest way to test this is all working is to run-up spamassassin in debug mode. You will get a mitt-full of debug messages of which many will be telling you the availability of DCC, Razor and Pyzor. Scroll back through the output to look for the messages indicated below that indicate these elements are up and running:


Code: Testing Networks
 
# spamassassin -D --lint

...
debug: Razor2 is available
debug: Pyzor is available: /usr/bin/pyzor
debug: DCC is available: /usr/bin/dccproc
...
  

Some Extra Rules

One last thing before we finally move on from spamassassin. There are additional rules provided by the SARE Ninjas at the SpamAssassin Rules Emporium you can easily add and update them using mail-filter/spamassassin-ruledujour:


Code: Getting rulesdujour
 
# emerge spamassassin-ruledujour
  
Warning:

spamassassin-ruledujour was removed from portage. Use sa-update instead it --Quadrik 17:46, 29 January 2008 (UTC)

With it installed, we now need to edit the config file to tell it that it should be restarting amavisd and not spamd. Of course this change goes just below the line that says #do NOT change anything below this line … don’t worry about it, the change is safe. Code Listing 4.2: Modifying /etc/rulesdujour/config


Code: /etc/rulesdujour/config
 
#nano /etc/rulesdujour/config

# do NOT change anything below this point
TAIL="tail -n1"
HEAD="head -n1"
SA_RESTART="/etc/init.d/amavisd restart"
# read in extra rulesets
[ -s /etc/rulesdujour/rulesets ] && source /etc/rulesdujour/rulesets
  

Finally, the last thing we need to do is setup a cron job to run the rules_du_jour script each night so that we have the latest and greatest. Portage will tell you to chmod +x /etc/cron.daily/rulesdujour if you want to have it run daily. It isn't known wether this is a good idea since the servers will be pretty slammed by all gentoo users. Optionally you can run this manually if you want, however I decided to setup a cron job.


Code: cron Update
 
#crontab -u amavis -e

# Get latest SpamAssassin rules. Runs at 4:28AM every day.
28 4 * * *                /var/lib/spamassassin/rules_du_jour


crontab: installing new crontab
  
Warning: Ensure that you do not run this script more than once per day. They do check and you will error out if you attempt. Secondly, the time of 4:28 given above. This is only an example and again,if everybody uses it, their servers will be swamped.

/* Thinking about it, all gentoo users should run it as cron.daily. There's 24 hrs in a day, what, 24 timezones? If everybody runs it in the same hour, but in their timezone, this itself should distribute the load somewhat over the 24 zones. */

Because cronjob is being run by amavis, need to ensure amavis and write to /etc/mail/spamassassin directory. I will change owner of this directory so amavis can write in it.


Code: Granting Access
 
#chown -R amavis:amavis /etc/mail/spamassassin  

It is recommended that you clean out the rulesets in /etc/mail/spamassassin occasionally to ensure you are not using old rulesets.

Retrieved from "http://www.gentoo-wiki.info/Complete_Virtual_Mail_Server/Distributed_and_Collaborative_Networks"

Last modified: Sun, 18 May 2008 07:07:00 +0000 Hits: 11,273