Postfix and Spamassassin: How to filter spam Using spamassassin as a standalone daemon

Setting up spamassassin

so you installed spamassassin from debian repository, on default settings, spamassassin runs as root user and is not started. To avoid that, we are going to create a specific user and group for spamassassin. As root user, run the following commands:

#groupadd -g 5001 spamd
#useradd -u 5001 -g spamd -s /sbin/nologin -d /var/lib/spamassassin spamd
#mkdir /var/lib/spamassassin
#chown spamd:spamd /var/lib/spamassassin

Now, we need to change some settings in/etc/default/spamassassin and make sure you get the following values:

ENABLED=1
SAHOME="/var/lib/spamassassin/"
OPTIONS="--create-prefs --max-children 5 --username spamd --helper-home-dir ${SAHOME} -s ${SAHOME}spamd.log"
PIDFILE="${SAHOME}spamd.pid"

What happen here, is that we are going to run spamd daemon as user spamd and make it use its own home dir (/var/lib/spamassassin/) and is going to output its logs in/var/lib/spamassassin/spamd.log

Configuring spamassassin

Now, we need to give spamassassin some rules. The default settings are quite fine, but you might tweak them up a bit. So let’s edit /etc/spamassassin/local.cf and make it looks like that:

rewrite_header Subject [***** SPAM _SCORE_ *****]
required_score           5.0(Default 5.0)
#to be able to use _SCORE_ we need report_safe set to 0
#If this option is set to 0, incoming spam is only modified by adding some "X-Spam-" headers and no changes will be made to the body.
report_safe     0

# Enable the Bayes system
use_bayes               1
use_bayes_rules         1
# Enable Bayes auto-learning
bayes_auto_learn        1

# Enable or disable network checks
skip_rbl_checks         0
use_razor2              0
use_dcc                 0
use_pyzor               0

Here, we set spamassassin’ spamd default settings to rewrite email subject to [***** SPAM _SCORE_ *****], where _SCORE_ is the score attributed to the email by spamassassin after running different tests, only if the actual score is greater or equal to 2.0. So email with a score lower than 2 won’t be modified.

To be able to use the _SCORE_ in the rewrite_header directive, we need to set report_safe to 0.

In the next section, we tell spamassassin to use bayes classifierand to improve itself by auto-learning from the messages it will analyze.

In the last section, we disable collaborative network such as pyzor, razor2 and dcc. Those collaborative network keep an up-to-date catalogue of know mail checksum to be recognized as spam. Those might be interesting to use, but I’m not going to use them here as I found it took long enough to spamassassin to deal with spams only using it rules.

Now, start spamd with the following command line:

#/etc/init.d/spamassassin start

We are almost done, we still need to configure postfix in such a way that it will pass all mails delivered to local mailboxes to spamassassin.

Postfix and Spamassassin: How to filter spam — page 2

3. Make Postfix call Spamassassin

Now, we need to tell postfix to use spamassassin. In our case,spamassassin will be invoked only once postfix has finished with the email.

To tell postfix to use spamassassin, we are going to edit/etc/postfix/master.cf and change the line:

smtp      inet  n       -       -       -       -       smtpd

to:

smtp      inet  n       -       -       -       -       smtpd
        -o content_filter=spamassassin

and then, at the end of master.cf, let’s add:

spamassassin unix -     n       n       -       -       pipe
        user=spamd argv=/usr/bin/spamc -f -e    
        /usr/sbin/sendmail -oi -f ${sender} ${recipient}

and here we go, our spam filter is setted up, we need to reload postfix settings and everything should be ready.

#/etc/init.d/postfix reload

Published in: on February 27, 2010 at 7:14 pm  Comments Off on Postfix and Spamassassin: How to filter spam Using spamassassin as a standalone daemon  

Postfix Mail Server Configuration

http://beginlinux.com/server_training/mail-server/1041-postfix-mail-server-set-up

1.Change the MTA

2. Configure the Hostname in the smtpd Banner

3. Edit /etc/postfix/main.cf

4. Configure Relays

5 .Configure Outgoing Domain

6. Changes Necessary for Network Connections

7. root Mail Configuration

8. Testing the Current Configuration

Postfix, designed by Wietse Venema, is a mail server built with security in mind and specifically designed to replace Sendmail. The project began development in a security sensitive atmosphere. This secure focus has had a major advantage over a product like Sendmail that was created in a non-hostile environment and then had to be adapted to protect users form the evils of the common day.  Postfix simplicity and focus on security are both major reasons why it is selected over Sendmail.

This tutorial will show you how to configure a basic Postfix Mail server for CentOS,OpenSuse and Ubuntu:

Postfix Server Training

SPAM and Virus Control

Configuration

Postfix Configuration Control SPAM Postfix Mailbox
Postfix  Design Postfix Gateway
MobileUsers Postfix Statistics
Attack Protection

1.Change the MTA


The default MTA may be Sendmail or another MTA that has been already set up.  In order to make sure that Postfix is the default you can use the alternatives program with Centos or uninstall Sendmail.

To select an alternative from those MTAs available use this command:

alternatives –config mta

You will see this output which will allow you to choose an MTA using a number.

alternatives –config mta

There are 2 programs which provide ‘mta’.

Selection Command

———————————————–

* 1 /usr/sbin/sendmail.sendmail

+ 2 /usr/sbin/sendmail.postfix

Enter to keep the current selection[+], or type selection number:

2. Configure the Hostname in the smtpd Banner


When your mail server connects to another mail server to transfer messages it performs a HELO which sends it’s hostname to the other server. This is one of the reasons your hostname is so important. In fact, many servers in order to verify the integrity of mail exchanges will do a DNS lookup to verify the FQDN (Fully Qualified Domain Name) matches what if provided in the HELO

myhostname

Postfix requires a fully qualified domain name or FQDN. A FQDN includes the hostname of the server as well as the domain name like this:

mail.example.com

This includes the hostname “mail” and the domain name “example.com”.

The command hostname will give you the hostname for the server. It is important that this be a canonical name, in other words if the server hostname is mail and the domain is bigstrike.org the canonical hostname would be mail.bigstrike.org.

To find the hostname of the server type this command:

hostname

To change the hostname of the server add the hostname after the command:

hostname mail.example.com

Hostname is important for Postfix because it uses a parameter myhostname which in turn determines a parameter mydomain. These are two necessary parameters for starting Postfix.

Creating a Fully Qualified Domain Name
Postfix provides a utility that enables you to change the hostname into a FQDN. Use the command postconf with the -e option for editing Here is an example:

postconf -e myhostname=mail.bigstrike.org

Setting myhostname is important because a Fully Qualified Domain Name will also change the setting for mydomain. If your FQDN is mail.example.com then the parameter form mydomain is automatically example.com.

3. Edit /etc/postfix/main.cf
First, make a backup of your files located in the /etc/postfix directory. This will provide a reference of changes you have made as well as give you a rescue file so you can start over after a mistake. Now edit the myhostname parameter to provide the FQDN.

myhostname = mail.example.com

Postfix is smart enough to understand that the domain listed in myhostname is the domain for the server. You can also set the mydomain parameter.

mydomain = example.com

Set your inet_interfaces to all.

inet_interfaces = all

4. Configure Relays

Postfix will not allow any relaying of mail for any domains by default. It will relay mail for the localhost but all other relays must be explicitly set. In the initial configuration for a one domain server, this setting for allowing your domain to relay mail is found in the mydestination parameter.

mydestination = $mydomain

If you would like to also accept mail for your hostname you may also add this information to the configuration.

mydestination = $mydomain, $myhostname

If you have created CNAMEs in your DNS settings for your domain that would also need to be added here. A CNAME (Canonical Name) is like an alias, www for example. If you want to accept mail for these they must be entered as well. If they do not fit on one line you can enter a new one on each line with a space in front of them as Postfix will not recognize them without a space.

mydestination =

$mydomain,

$myhostname,

http://www.$mydomain,

tech.$mydomain

Each line ends with a comma and starts with a space.

5 .Configure Outgoing Domain
The outgoing domain parameter provides a way to verify where mail came from. This parameter setting will be used by Postfix whenever mail is sent for an address that is not fully qualified. Again,this setting is located in the main.cf file.

myorigin = $mydomain

This parameter is a way for Postfix to set a domain name when the user sends an email and no domain name is specified in the envelope or header address. The default value of myorigin is the value of myhostname, again another reason myhostname is important to set up.

Here is how this all works. If the myhostname is:
mail.example.com

And if the user who sends mail is mike, then the resulting mail return address is:

mike@mail.example.com

This e-mail address is being protected from spambots. You need JavaScript enabled to view it

username@myhostname(FQDN)

If users do not want the hostname of the server in the return address then set the myorigin to this parameter:

myorigin = $mydomain

Now using the example above the return address for the user mike will be:

mike@example.com

This e-mail address is being protected from spambots. You need JavaScript enabled to view it

username@domain

The last example is usually what people like.

6. Changes Necessary for Network Connections

Just like Sendmail, Postfix will not accept connections from other computers until you take a few steps to enable it. There are several lines that must be uncommented and then your configuration placed in it. The example will assume that your domain is bigstrike.org and the FQDM is mail.bigstrike.org. Be sure to put in the correct network for your settings.

mydomain = example.com
myorigin = $mydomain
myhostname = mail.example.com
mydestination = $myhostname, localhost, localhost.$mydomain
mynetworks = 192.168.3.0/24
inet_interfaces = all

Now restart Postfix.

service postfix restart
or
/etc/init.d/postfix restart

7. root Mail Configuration
Postfix has a focus on security, especially when it comes to running programs as root. As a result, Postfix will deliver mail to root locally but it will not allow other programs to run as root. This means that programs like procmail cannot be used to deliver mail to the root user. Therefore you will need to create an alias for the root user so that mail that is intended for root will be delivered to a non-privileged user.

Edit /etc/aliases and create a line like this:

root: mike

Whatever user you choose make sure that it is an account that is on the system. Do not use the admin account as it is tied to other things on the system.

Once you have added the username run the command:

newaliases

8. Testing the Current Configuration

It is important to test Postfix in stages so that you can confirm you current work before you go further.

Verify that Postfix is running:

/etc/init.d/postfix start

/etc/init.d/postfix stop

/etc/init.d/postfix reload

Now send a test message to root. Note the sendmail binary is provided by Postfix as a way to make migration from Sendmail to Postfix easier.

For Centos use this command:

# echo test | /usr/sbin/sendmail -f root root

tail -f /var/log/maillog

For Suse and Ubuntu use this command:

# echo test | /usr/sbin/sendmail -f root root

tail /var/log/mail.log

When you view the log file, you should see similar information to this. Remember, in the example the user who will receive root mail is mike, be sure you check the user that you create.

Feb 17 18:29:21 mail sendmail[17437]: m1I2TLAf017437: from=root, size=5,, nrcpts=1, msgid=<

200802180229.m1I2TLAf017437@mail.example.com

This e-mail address is being protected from spambots. You need JavaScript enabled to view it

>, relay=root@localhost

Feb 17 18:29:21 mail postfix/smtpd[17438]: connect from mail.example.com[127.0.0.1]

Feb 17 18:29:21 mail postfix/smtpd[17438]: A11F7724374: client=mail.example.com[127.0.0.1]

Feb 17 18:29:21 mail postfix/cleanup[17441]: A11F7724374: message-id=<

200802180229.m1I2TLAf017437@mail.example.com

This e-mail address is being protected from spambots. You need JavaScript enabled to view it

>

Feb 17 18:29:21 mail postfix/qmgr[17433]: A11F7724374: from=<

root@mail.example.com

This e-mail address is being protected from spambots. You need JavaScript enabled to view it

>, size=504, nrcpt=1 (queue active)

Feb 17 18:29:21 mail sendmail[17437]: m1I2TLAf017437: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30005, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (Ok: queued as A11F7724374)

Feb 17 18:29:21 mail postfix/smtpd[17438]: disconnect from mail.example.com[127.0.0.1]

Feb 17 18:29:21 mail postfix/local[17442]: A11F7724374: to=<

mike@example.com

This e-mail address is being protected from spambots. You need JavaScript enabled to view it

>, orig_to=<

root@mail.example.com

This e-mail address is being protected from spambots. You need JavaScript enabled to view it

>, relay=local, delay=0.06, delays=0.05/0/0/0, dsn=2.0.0, status=sent (delivered to mailbox)

Feb 17 18:29:21 mail postfix/qmgr[17433]: A11F7724374: removed

This shows the process of how the mail moves from one module of postfix to the next.

If you do this command you should see your mail:

less /var/mail/mike

From

root@mail.example.com

This e-mail address is being protected from spambots. You need JavaScript enabled to view it

Sun Feb 17 18:29:21 2008

Return-Path: <

root@mail.example.com

This e-mail address is being protected from spambots. You need JavaScript enabled to view it

>

X-Original-To:

root@mail.example.com

This e-mail address is being protected from spambots. You need JavaScript enabled to view it

Delivered-To:

root@mail.example.com

This e-mail address is being protected from spambots. You need JavaScript enabled to view it

Received: from mail.example.com (mail.example.com [127.0.0.1])

by mail.example.com (Postfix) with ESMTP id A11F7724374

for <

root@mail.example.com

This e-mail address is being protected from spambots. You need JavaScript enabled to view it

>; Sun, 17 Feb 2008 18:29:21 -0800 (PST)

Received: (from root@localhost)

by mail.example.com (8.13.8/8.13.8/Submit) id m1I2TLAf017437

for root; Sun, 17 Feb 2008 18:29:21 -0800

Date: Sun, 17 Feb 2008 18:29:21 -0800

From: root <

root@mail.example.com

This e-mail address is being protected from spambots. You need JavaScript enabled to view it

>

Message-Id: <

200802180229.m1I2TLAf017437@mail.example.com

This e-mail address is being protected from spambots. You need JavaScript enabled to view it

>

To: undisclosed-recipients:;

test

There it is a working Postfix.

You may also want to test from a telnet session. First, install telnet if it is not installed:

Centos Command:

yum install telnet

Ubuntu Command:

sudo apt-get install telnet

Use the commands in blue, be sure to place a “.” on a line by itself after your message. So it should look like this:

This is a test email from telnet.

.

Note the “.” is on a line by itself.

# telnet localhost 25

or

# telnet mail.example.com 25

Trying 127.0.0.1…

Connected to mail.example.com.

Escape character is ‘^]’.

220 mail.example.com ESMTP Postfix

HELO mike.example.com

250 mail.example.com

MAIL FROM: <

root@example.com

This e-mail address is being protected from spambots. You need JavaScript enabled to view it

>

250 Ok

RCPT TO: <mike@localhost>

250 Ok

DATA

354 End data with <CR><LF>.<CR><LF>

This is a test mail from telnet.

250 Ok: queued as 276E1794BF1

QUIT

221 Bye

Connection closed by foreign host.

Now check the mail for mike (or whatever user).

less /var/mail/mike

From

root.example.com@example.com

This e-mail address is being protected from spambots. You need JavaScript enabled to view it

Sun Feb 17 18:42:49 2008

Return-Path: <

root.example.com@example.com

This e-mail address is being protected from spambots. You need JavaScript enabled to view it

>

X-Original-To:

mike@example.com

This e-mail address is being protected from spambots. You need JavaScript enabled to view it

Delivered-To:

mike@example.com

This e-mail address is being protected from spambots. You need JavaScript enabled to view it

Received: from root.example.com (mail.example.com [127.0.0.1])

by mail.example.com (Postfix) with SMTP id 1B4BB724372

for <

mike@example.com

This e-mail address is being protected from spambots. You need JavaScript enabled to view it

>; Sun, 17 Feb 2008 18:41:15 -0800 (PST)

Message-Id: <

20080218024135.1B4BB724372@mail.example.com

This e-mail address is being protected from spambots. You need JavaScript enabled to view it

>

Date: Sun, 17 Feb 2008 18:41:15 -0800 (PST)

From:

root.example.com@example.com

This e-mail address is being protected from spambots. You need JavaScript enabled to view it

To: undisclosed-recipients:;

This is a test mail from telnet.

Now mail has been confirmed working two different ways.

Published in: on February 16, 2010 at 11:38 am  Comments Off on Postfix Mail Server Configuration  

PHP UPGRADE IN PLESK

wget -q -O – http://www.atomicorp.com/installers/atomic.sh | sh

accept the default configuration….

yum remove php-sqlite2
yum install -y php-xml nano
yum update -y php* mysql*
mv /etc/php.ini.rpmnew /etc/php.ini
mv /etc/httpd/conf.d/php.conf.rpmnew /etc/httpd/conf.d/php.conf
rm -rf /etc/php.d/ioncube-loader.ini
mysql_fix_privilege_tables –user=admin –password=`cat /etc/psa/.psa.shadow`
/etc/init.d/httpd restart
php -v

Published in: on February 7, 2010 at 11:58 pm  Comments Off on PHP UPGRADE IN PLESK  

Linux : Upload the files and directory tree to remote ftp server

When you host your web site remotely and use the open source software’s like wiki, phpbb etc uploading them is pain from UNIX or Linux based computer, especially when these software releases new security fixes you need to upload bunch of files and subdirectories. ncftpget client program is neat handy utility for recursive remote ftp server uploading purpose.
Try ncftpput as follows:
$ ncftpput –R –v –u “username” ftp.nixcraft.biz /nixcraft/forum /tmp/phpbb
-u “username” : Ftp server username
-v : Verbose i.e. show upload progress
-R : Recursive mode; copy whole directory trees.
ftp.nixcraft.biz : Remote ftp server
/nixcraft/forum : Remote ftp server directory where all files and subdirectories will be uploaded
/tmp/phpbb : Local directory (or list of files) to upload remote ftp server directory /nixcraft/forum
1) See ftptreeupload.bash script to copy all files and subdirectories recursively and upload them to remote FTP server (copy local all directories/tree to remote ftp server)
2) ncftpput can be downloaded from http://www.ncftp.com/ncftp/ and works with FreeBSD, Solaris and all most all UNIX variant

Published in: on February 4, 2010 at 6:56 pm  Comments Off on Linux : Upload the files and directory tree to remote ftp server