Archive for the 'Spam' Category

An Anti-Spam gateway #11: amavisd-new and Postfix

Published
by
Pedro Timóteo
2 years, 3 months ago
in Email, Spam and Unix / Linux / *BSD software
. Comments

(NOTE: this is part of the “An Anti-Spam gateway” series)

Not much longer, now… :)

Add the following line to /etc/postfix/main.cf:

content_filter=smtp-amavis:[127.0.0.1]:10024

and the following lines to /etc/postfix/master.cf:

# amavisd-new
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes

127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o receive_override_options=no_header_body_checks

(re)Start postfix. It should be listening on two ports now: 25 and 10025.

An Anti-Spam gateway #10: amavisd-new

Published
by
Pedro Timóteo
2 years, 4 months ago
in Email, Spam and Unix / Linux / *BSD software
. Comments

(NOTE: this is part of the “An Anti-Spam gateway” series)

Go to the amavisd-new site and download the latest version (2.3.3 at the time of writing). Uncompress it somewhere, then copy amavisd to /usr/local/sbin (for instance), and amavisd.conf to /etc.

Edit the /etc/amavisd.conf file. Add the following lines to the end:

$daemon_user = ‘amavis’;
$daemon_group = ‘amavis’;
$mydomain = ‘YOURDOMAIN’; # replace with your own domain, of course
$virus_quarantine_method = ”;
$spam_quarantine_method = ”;
$banned_files_quarantine_method = ”;
$bad_header_quarantine_method = ”;
$sa_tag_level_deflt = -202.0;
$sa_tag2_level_deflt = 8.31;
$sa_kill_level_deflt = 50;
$sa_dsn_cutoff_level = 50;
$mailfrom_notify_admin = “YOUR EMAIL”; # add \ before the @, as in cats\@allyourbase.com
$mailfrom_notify_recip = “YOUR EMAIL”; # add \ before the @, as in cats\@allyourbase.com
$mailfrom_notify_spamadmin = “YOUR EMAIL”;# add \ before the @, as in cats\@allyourbase.com
$final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_DISCARD;
$final_spam_destiny = D_DISCARD;
$final_bad_header_destiny = D_PASS; # many badly configured servers out there
$warnvirusrecip = 1;
$warnbannedrecip = 1;

(a few lines may have wrapped around in the above. They all start with “$“)

Create the following directories, making sure they belong to user and group amavis:

/var/amavis/tmp
/var/amavis/var,
/var/amavis/db

Run amavisd, and check if it’s listening in port 10024. If not, there should be some error message telling you what the problem (in /etc/amavisd.conf) is.

We’re almost done, now. Next: configuring Postfix to work with amavisd-new.

An Anti-Spam gateway #9: ClamAV

Published
by
Pedro Timóteo
2 years, 4 months ago
in Email, Spam and Unix / Linux / *BSD software
. Comments

(NOTE: this is part of the “An Anti-Spam gateway” series)

Now for the anti-virus. Go to the ClamAV site, download the latest stable version, uncompress it, then compile and install it:

./configure --with-user=amavis --with-group=amavis --sysconfdir=/etc
make
make install

(note: 3 lines. The first one ends with “–sysconfdir=/etc”)

Edit the /etc/freshclam.conf file. At the end, add the following line:

DatabaseMirror db.XY.clamav.net

replacing the XX with your country code (e.g. “us”, “uk”, “pt”, etc.)

Now, edit the /etc/clamd.conf file.

Near the beginning, comment out or delete the “Example” line. Then, add the following lines at the end:

TCPAddr 127.0.0.1
User amavis

Test if ClamAV is able to update itself:

freshclam --log-verbose

If there are any problems, it should tell you.

Finally, make it so that

/usr/local/bin/freshclam -d

(note the “-d”)

and

/usr/local/sbin/clamd

are run when the system boots. That will depend on your Unix variant.

Spam Karma 2.2 final is out

Published
by
Pedro Timóteo
2 years, 5 months ago
in Blogging and Spam
. Comments

You can get it from the SK2 page. I’m using it now.

Spam Karma news

Published
by
Pedro Timóteo
2 years, 5 months ago
in Blogging and Spam
. Comment

Dr Dave of Spam Karma fame thanks everyone for the donations of $800 in a week (which I still think is way too little in return for one of the most useful WordPress plugins).

He also includes a link to the SK 2.2 beta, which I’ve just upgraded to. He says it should be more compatible with weird WordPress configurations, and should handle some recent breeds of spam bots (which were able to go through SK 2.1, sometimes) better.

An Anti-Spam gateway #8: MySQL and SpamAssassin

Published
by
Pedro Timóteo
2 years, 5 months ago
in Email, Spam and Unix / Linux / *BSD software
. Comments

(NOTE: this is part of the “An Anti-Spam gateway” series)

Thought I’d forgotten about this one, didn’t you? :)

Ready to make SpamAssassin actually use MySQL for the bayes database?

Start by creating the database itself:

mysql
CREATE DATABASE bayes;
GRANT ALL PRIVILEGES on bayes.* TO bayes@localhost IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES on bayes.* TO bayes@10.0.0.1 IDENTIFIED BY 'password';
EXIT

changing password to something else, of course

Next, I know you’ve already installed SpamAssassin using CPAN, but go to www.spamassassin.org and download it manually; you’ll be needing a file from the distribution, and while it should still be in /root/.CPAN, it’s simpler this way. Uncompress the .tar.gz and go to the sql/ directory. Then type:

mysql -u bayes -p < bayes_mysql.sql

It’ll ask for a password, which is the one you used when creating the database.

Now, edit the file /etc/mail/spamassassin/local.cf. Add the following lines:

bayes_store_module Mail::SpamAssassin::BayesStore::MySQL
bayes_sql_dsn DBI:mysql:bayes:localhost
bayes_sql_username bayes
bayes_sql_password password

(again, replace password with the proper one.)

SpamAssassin is now configured to store bayes data on MySQL. Wasn’t too hard, was it? :)

Spam Karma and the War on Comment Spam

Published
by
Pedro Timóteo
2 years, 5 months ago
in Blogging and Spam
. Comments

“Dr Dave”, the author of the excellent Spam Karma WordPress plugin, has a long but (IMO) fascinating post about how the “war” against comment spam goes. I direct you to The State of Spam [Karma].

He’s also asking for donations, and for once I think he deserves it a lot - SK has already stopped a lot of spam comments in my blogs. So, I’ve already donated. I hope more people do the same…

SiteAdvisor

Published
by
Pedro Timóteo
2 years, 6 months ago
in Spam and World Wide Web
. Comments

SiteAdvisor looks intriguing.

It’s a system of bots which subscribe to websites with generated email addresses, and then monitor how many mails it starts receiving in those addresses - and how spammy those mails are.

Then it rates sites based on how much they spam you - the demo shows what’s probably a browser plugin, warning you when you are about to browse to a “dangerous” site.

It accepts testers, as of now. Maybe I’ll try it later.

WordPress 2.0 and Spam Karma

Published
by
Pedro Timóteo
2 years, 6 months ago
in Blogging and Spam
. Comment

Spoke too soon - compatibility isn’t perfect; some things were… weird about how the Spam Karma 2.0 plugin worked (for instance, once it moderated a comment (rightly) as spam, and yet it remained visible).

The author reccomends using the 2.1 beta, or waiting for the final 2.1 version. I’m using the beta now.

Spam Karma 2 plugin: initial impressions

Published
by
Pedro Timóteo
2 years, 7 months ago
in Blogging, Spam and The Tlog (site)
. Comments

It’s been working perfectly. It caught every single spam message in the last couple of days, and required no action from me. Instead of having 15 emails in the morning asking me to moderate spam comments, I just get a report telling me what was caught, and why.

I had expected some kind of bayesian filter, but this plugin does much, much more. Just look at the configuration panel in the WordPress administration section - it’s really well done.

I should have installed this much sooner.. but better late than never, right?

Spam Karma 2 plugin

Published
by
Pedro Timóteo
2 years, 7 months ago
in Blogging, Spam and The Tlog (site)
. Comments

Look at this blog’s posts, both old and new. Even the most successful posts. See any comment spam?

Nope, because moderation stops it. (as an aside, I consider “hi, nice blog” posts to be spam, though not of the “sleazy” kind.) Manual moderation… until now.

But it’s getting quite annoying, because I have observed a pattern in several of my blogs, where a bot tries to post a 3-line spam which starts by complimenting the post, or the entire blog, in a generic way (and in English, even in my Portuguese language blogs), and then posts 2 or 3 links, disguised as news or technical articles. This happens in quick succession (usually 15 or so posts in a couple of minutes), coming from different IP addresses (probably zombie machines).

I have experimented with the Bad Behavior plugin before, but ultimately I had to disable it, because it blocked traffic at the HTTP level, including some legitimate (but perhaps not as well-coded as they should be) bots or external tools - once I couldn’t even connect with Konqueror until I changed my id string!

So, for the last couple of days I had to be moderating 15 or so posts per day… per blog… as spam. Recieving an email for each one, of course.

No more. I’ve installed the Spam Karma 2 WordPress plugin. Let’s see how well it works… the administration interface is excellent, and the plugin seems very well comprehensive and documented. So far, so good.

Now, where are some spammers when we need them? :)

An Anti-Spam gateway #7: MySQL

Published
by
Pedro Timóteo
2 years, 9 months ago
in Email, Spam and Unix / Linux / *BSD software
. Comments

(NOTE: this is part of the “An Anti-Spam gateway” series)

Time for MySQL. We’ll be using it just for storing the bayes tokens, not for per-user configuration (because, in this case, there is none) or anything else.

Note: if you already have a working MySQL on the server, being used for something else (this isn’t Windows, you can use the same machine for several different things :)), just skip to the next part.

So, go to http://dev.mysql.com/downloads/, choose the General Availability Release (it’s the top one - at this moment, it’s version 5.0), then scroll down a lot until you find the Source Downloads. Get the .tar.gz file. Uncompress it, enter the directory, and then…

export CFLAGS="-O2"
export CXXFLAGS="-O2 -fno-exceptions -fno-rtti"
./configure --prefix=/usr/local --localstatedir=/var/mysql --sysconfdir=/etc --without-innodb

(note: your browser may have split the “./configure” line in two. It starts with “./configure”, and ends with “–without-innodb”.)

then do the usual

make
make install

If everything went well,

mysql_install_db

and start the server with:

mysqld_safe --user=mysql &

Then assign a password to the MySQL root account (which is not the OS’s root account!):

mysqladmin -u root password "newpwd"
mysqladmin -u root -h host_name password "newpwd"

Replace “host_name” with the correct one, and “newpwd” with something else, of course.

Now, for efficiency, you should have an /etc/my.cnf file with several options set manually. The MySQL sources include some examples in the support-files directory: my-small.cnf, my-medium.cnf, etc.. Copy one to /etc/my.cnf, edit it, then restart the server. Nope, I won’t give detailed instructions for that here… read the MySQL docs at http://www.mysql.com.

Next: how to create the bayes database, and how to configure SpamAssassin to use it.

Creative Commons Attribution-NonCommercial-NoDerivs 2.5 Portugal
Creative Commons Attribution-NonCommercial-NoDerivs 2.5 Portugal