Thursday, August 23, 2007

Spam and Plesk

I have been reinstalling a server of mine and voted for the latest and greatest Plesk version (8.2).

I still have a licence for Spam Guardian from 4psa, so I opted to install that too. For optimisation purposes, I did some digging and attempted to optomise my setup. Here's what I did:

Download the installer from the 4psa client area. On debian systems (which mine is) also download SafeCat from the client download area. Move the tarred installers to /usr/local/src.
unzip the installers - [tar -zxf]
chmod 777 sguardian_directory
sudo dpkg -i safecat*.deb
sudo apt-get install spamassassin
Change to the sguardian direction and execute: sudo ./install.sh - follow instructions
  • Ensure that domain and client creation and modification works
  • Check the service restart works
  • Install the license and perform the server checks again
apt-get install libnet-ip-perl libnet-dns-perl
If you want to install Pyzor, Razor, SPF and DCC, follow these instructions:
sudo -s

apt-get install python-gdbm python2.3-gdbm pyzor libdigest-hmac-perl libdigest-nilsimsa-perl libnet-dns-perl razor libmail-spf-query-perl libnet-cidr-lite-perl libsys-hostname-long-perl dcc-client

/usr/bin/pyzor --homedir /etc/mail/spamassassin/.pyzor discover
chown popuser.popuser -R /etc/mail/spamassassin/.pyzor
/usr/bin/razor-admin -create -home /etc/mail/spamassassin/.razor -conf=/etc/mail/spamassassin/.razor/razor-agent.conf
/usr/bin/razor-admin -discover -home /etc/mail/spamassassin/.razor
/usr/bin/razor-admin -register -home /etc/mail/spamassassin/.razor
If you get "Error 202 while performing register, aborting.", just re-execute the register command until the operation is successful.

Put the following in "/etc/spamassassin/local.cf" at the top of the file
loadplugin Mail::SpamAssassin::Plugin::Pyzor
loadplugin Mail::SpamAssassin::Plugin::SPF
loadplugin Mail::SpamAssassin::Plugin::DCC
#loadplugin Mail::SpamAssassin::Plugin::TextCat

pyzor_options --homedir /etc/mail/spamassassin/.pyzor
razor_config /etc/mail/spamassassin/.razor/razor-agent.conf
Then restart the server
/etc/init.d/spamassassin restart
spamassassin --lint
N.B.
The first time I tried this, I forgot to add the LoadModule directive for DCC. By default, it is not loaded because it isn't opensource. When I did a "spamassassin --lint", I got this, but all was fixed by adding the LoadModule... and restarting it again:
[26699] warn: config: failed to parse line, skipping: dcc_timeout 5
[26699] warn: config: failed to parse line, skipping: use_dcc 1
[26699] warn: config: failed to parse, now a plugin, skipping: ok_languages all
[26699] warn: lint: 2 issues detected, please rerun with debug enabled for more information
Finally, get those extra rule sets from SARE using RulesDuJour.
Copy the rules_du_jour script to /usr/local/sbin/
Copy the RDJ config file to /etc/rulesdujour/
Run RulesDuJour and watch the rules get updated.
Add a cron to run the script at a random time in the morning:
crontab -e
04 4 * * * /usr/local/sbin/rules_du_jour
The following, is an example of the RDJ config file: don't add too many directives!
#!/bin/bash
# Version 1.21

# IMPORTANT! Edit the TRUSTED_RULESETS line to choose your RuleSets
TRUSTED_RULESETS="
SARE_REDIRECT
SARE_EVILNUMBERS0
SARE_EVILNUMBERS1
SARE_BAYES_POISON_NXM
SARE_HTML0
SARE_HTML1
SARE_HEADER
SARE_SPECIFIC
SARE_ADULT
SARE_BML
SARE_FRAUD
SARE_SPOOF
SARE_RANDOM
SARE_SPAMCOP_TOP200
SARE_OEM
SARE_GENLSUBJ0
SARE_GENLSUBJ1
SARE_UNSUB
SARE_URI0
SARE_URI1
SARE_OBFU
SARE_STOCKS
SARE_CODING
";

# Variable penetrance
# SARE_EVILNUMBERS
# SARE_HTML
# SARE_HEADER
# SARE_GENLSUBJ
# SARE_URI


# Left out
# SARE_HIGHRISK

SA_DIR="/etc/mail/spamassassin";
MAIL_ADDRESS="support@humblehosting.co.uk";
SINGLE_EMAIL_ONLY="true";
SA_LINT="spamassassin --lint";
SA_RESTART="/etc/init.d/spamassassin";
WGET="wget -N";
PERL="perl";
MAILCMD="mail";
GREP="grep";
RULES_DU_JOUR_SCRIPT="/usr/local/sbin/rules_du_jour";

#### End Local Settings ####

2 comments:

Michael said...

Have you also looked at MagicSpam for Plesk? http://www.magicspam.com. This stops mot of the Spam during the SMTP phase, (PRE_DATA) which not only reduces a lot of load on your Spam Assassin, but also helps stop back scatter problems.

Jeremy said...

I hadn't seen this, but will take a look and may well use it - thanks,
J