Thursday, August 23, 2007

Spam and Plesk

I have been reinstalling a server of mine and voted for the latest and greatest Plesk version (8.2).

I still have a licence for Spam Guardian from 4psa, so I opted to install that too. For optimisation purposes, I did some digging and attempted to optomise my setup. Here's what I did:

Download the installer from the 4psa client area. On debian systems (which mine is) also download SafeCat from the client download area. Move the tarred installers to /usr/local/src.
unzip the installers - [tar -zxf]
chmod 777 sguardian_directory
sudo dpkg -i safecat*.deb
sudo apt-get install spamassassin
Change to the sguardian direction and execute: sudo ./install.sh - follow instructions
  • Ensure that domain and client creation and modification works
  • Check the service restart works
  • Install the license and perform the server checks again
apt-get install libnet-ip-perl libnet-dns-perl
If you want to install Pyzor, Razor, SPF and DCC, follow these instructions:
sudo -s

apt-get install python-gdbm python2.3-gdbm pyzor libdigest-hmac-perl libdigest-nilsimsa-perl libnet-dns-perl razor libmail-spf-query-perl libnet-cidr-lite-perl libsys-hostname-long-perl dcc-client

/usr/bin/pyzor --homedir /etc/mail/spamassassin/.pyzor discover
chown popuser.popuser -R /etc/mail/spamassassin/.pyzor
/usr/bin/razor-admin -create -home /etc/mail/spamassassin/.razor -conf=/etc/mail/spamassassin/.razor/razor-agent.conf
/usr/bin/razor-admin -discover -home /etc/mail/spamassassin/.razor
/usr/bin/razor-admin -register -home /etc/mail/spamassassin/.razor
If you get "Error 202 while performing register, aborting.", just re-execute the register command until the operation is successful.

Put the following in "/etc/spamassassin/local.cf" at the top of the file
loadplugin Mail::SpamAssassin::Plugin::Pyzor
loadplugin Mail::SpamAssassin::Plugin::SPF
loadplugin Mail::SpamAssassin::Plugin::DCC
#loadplugin Mail::SpamAssassin::Plugin::TextCat

pyzor_options --homedir /etc/mail/spamassassin/.pyzor
razor_config /etc/mail/spamassassin/.razor/razor-agent.conf
Then restart the server
/etc/init.d/spamassassin restart
spamassassin --lint
N.B.
The first time I tried this, I forgot to add the LoadModule directive for DCC. By default, it is not loaded because it isn't opensource. When I did a "spamassassin --lint", I got this, but all was fixed by adding the LoadModule... and restarting it again:
[26699] warn: config: failed to parse line, skipping: dcc_timeout 5
[26699] warn: config: failed to parse line, skipping: use_dcc 1
[26699] warn: config: failed to parse, now a plugin, skipping: ok_languages all
[26699] warn: lint: 2 issues detected, please rerun with debug enabled for more information
Finally, get those extra rule sets from SARE using RulesDuJour.
Copy the rules_du_jour script to /usr/local/sbin/
Copy the RDJ config file to /etc/rulesdujour/
Run RulesDuJour and watch the rules get updated.
Add a cron to run the script at a random time in the morning:
crontab -e
04 4 * * * /usr/local/sbin/rules_du_jour
The following, is an example of the RDJ config file: don't add too many directives!
#!/bin/bash
# Version 1.21

# IMPORTANT! Edit the TRUSTED_RULESETS line to choose your RuleSets
TRUSTED_RULESETS="
SARE_REDIRECT
SARE_EVILNUMBERS0
SARE_EVILNUMBERS1
SARE_BAYES_POISON_NXM
SARE_HTML0
SARE_HTML1
SARE_HEADER
SARE_SPECIFIC
SARE_ADULT
SARE_BML
SARE_FRAUD
SARE_SPOOF
SARE_RANDOM
SARE_SPAMCOP_TOP200
SARE_OEM
SARE_GENLSUBJ0
SARE_GENLSUBJ1
SARE_UNSUB
SARE_URI0
SARE_URI1
SARE_OBFU
SARE_STOCKS
SARE_CODING
";

# Variable penetrance
# SARE_EVILNUMBERS
# SARE_HTML
# SARE_HEADER
# SARE_GENLSUBJ
# SARE_URI


# Left out
# SARE_HIGHRISK

SA_DIR="/etc/mail/spamassassin";
MAIL_ADDRESS="support@humblehosting.co.uk";
SINGLE_EMAIL_ONLY="true";
SA_LINT="spamassassin --lint";
SA_RESTART="/etc/init.d/spamassassin";
WGET="wget -N";
PERL="perl";
MAILCMD="mail";
GREP="grep";
RULES_DU_JOUR_SCRIPT="/usr/local/sbin/rules_du_jour";

#### End Local Settings ####

Friday, August 10, 2007

Gutsy testing

Gutsy (Ubuntu 7.10) has reached Tribe 4 (the 4th alpha release), so I reckon it's time to try it out on my local machine. And, I'm going to go back to the old trusty i386 version. And, after reading the feature in last month's Ubuntu newsletter about the badness of Automatix, that won't be on my list of things to install either.

Like usual, it's a fresh install using the live CD - which works out of the box.

Once the install is done, get the latests updates, add the restricted drivers for my nVidia dual head graphics card and restart. Thankfully, unlike a Windows install, that is the only restart I'll need for a while... and, I'm quite impressed at how quickly the shutodwn and restart is too.

Get the panels fixed and start the process of copying the backup files.

Add the medibuntu repro for some extra interesting stuff (like googleearth and skype), and perform a quick apt-get install to get the things I like that aren't on a default install.
echo "deb http://packages.medibuntu.org/ gutsy free non-free" | sudo tee -a /etc/apt/sources.list
wget -q http://packages.medibuntu.org/medibuntu-key.gpg -O- | sudo apt-key add - && sudo apt-get update

sudo apt-get install unison unison-gtk openssh-server joe easytag thunderbird googleearth skype msttcorefonts
Now, set the hostname and copy the hosts file from the backup folder. Setup keys:
ssh-keygen -t rsa
Finally, setup unison, copy 'backup' into the .unison directory and run "unision-gtk backup"
All done!