ClamAV and Anti-Spam

benji · Unread post by **benji** » Tue Mar 18, 2008 6:19 pm

I also have Centos 5, with plesk 8.3

I have done all of this everything worked fine with exception of a brocken pipe:

Installing: dcc                          ####################### [ 6/11] 
  Installing: qmail-scanner                ####################### [ 7/11] 
grep: write error: Broken pipe

  Installing: pyzor                        ####################### [ 8/11]

Sould i worry about this brocken pipe during installation?

but, i've noticed that now i'm not allowed to manage spam assassin from Plesk.

Is there any way to allow this?

As far as I understand, with this setup, you can set global settings but not settings for a specific domain, am I right?

Galactic Zero · Tue Mar 18, 2008 11:38 pm

If you don't have psa-spamassassin setup (installed) you can still manage individual domains / users spamassassin settings, you just can't do it from the CP.

If you install Scott's squirrelmail package, you can manage those settings from that web client interface.

The only benefit to having psa-spamassassin installed is the ability for users to set their spamassassin settings from within the CP. I'd rather have a user tell me they are not getting mail from xyz and give them a different tolerance level for their mailbox(s).

Currently my spamassassin settings are at 4 and my sa-delete is set at 4 which means that anything scoring 8 or more gets rejected as I have sa-reject enabled.

Unread post by **scott** » Wed Mar 19, 2008 9:04 am

I think there is a horde spamassassin module too. I've been kind of holding off on any major anti-spam work until Plesk 8.4 comes out, which should have (hooray, throw a parade) postfix support.

benji · Unread post by **benji** » Thu Mar 20, 2008 4:21 am

Huy yeah! I hate Horde, so, will give a try to squirremail

Will it be accessible from webmail.domain.com right after install ?

Galactic Zero · Thu Mar 20, 2008 8:28 am

should be www.domainname.tld/mail.... I think.

breun · Unread post by **breun** » Thu Mar 20, 2008 9:18 am

There are ways to hack into Plesk's config (see the Plesk forums), but I usually setup a system-wide /webmail alias so people can choose between Horde and SquirrelMail.

benji · Unread post by **benji** » Sat Mar 29, 2008 9:56 am

Galactic Zero wrote: If you install Scott's squirrelmail package, you can manage those settings from that web client interface.

I'm trying to install that squirrelmail but when i do yum install squirrelmail the only packages that will install are from base repository, not from Scott (atomic?), where shoud i configure scotts repository so i can download scott's squirrelmail?

breun · Unread post by **breun** » Sat Mar 29, 2008 10:42 am

Scott's package is a bit old (and probably contains known security vulnerabilities), so yum will probably choose your distro's package over the ART one based on the version number. I wanted to suggest getting the rpm from the ART archive manually, but I can't find it at the moment.

I just use the CentOS package for squirrelmail (but that one doesn't have the SpamAssassin/MySQL-integration stuff that Scott did).

benji · Unread post by **benji** » Sat Mar 29, 2008 10:48 am

Ok, then, there's no way to set different configurations for spamassassin on diferent domains?

breun · Unread post by **breun** » Sat Mar 29, 2008 10:51 am

There is: http://toribio.apollinare.org/qmail-sca ... omain.html But if you're using qmail-scanner then the only GUI frontend is that old ART squirrelmail package I believe.

benji · Unread post by **benji** » Sat Mar 29, 2008 1:33 pm

Thanks very much for your help breun.

Now i have some more questions about this setup,

I have the file /etc/qmail-scanner.ini the part of spamassassin looks like this:

Code: Select all

# Spamassassin settings
SA_SETTINGS="-d -c -m5 -H"              # Default settings for spamd
SA_SQL="no"                             # [yes|no], runs spamassassin with the 'rcpt to' as option. Only use if mysql is enabled in SA
SA_DELTA="1"                            # [num]
SA_SUBJECT="****SPAM****"               # <"some text">
SA_QUARANTINE="0"                       # [num], required_hits + sa_quarantine  will go to SPAMDIR, 0 disables
SA_DELETE="0"                           # [num], required_hits + sa_delete will be deleted, 0 disables
SA_REJECT="no"                          # [yes|no], changes deletes to rejects
SA_ALT="no"                             # [yes|no], runs in *fast_spamassassin* mode and doesn't pass the '-u' optio
SA_DEBUG="no"                           # [yes|no], requires sa-alt: yes
SA_REPORT="no"                          # [yes|no], requires sa-alt: yes, sa-debug: yes
SA_FORWARD=""                           # <username@domain>, User to redirect quarantined spam mails, unmodified for sa-learn (not used)
SA_VERBOSE="no"                         # [yes|no], requires SA-FORWARD (not used)

And the file /etc/mail/spamassassin/local.cf wich looks like this:

Code: Select all

report_safe 0
rewrite_header  subject *****SPAM*****
required_score  7.00

If i want the mails that arrive with score more than 9 to be rejected server -wide i should setup on qmail-scanner.ini the parameters:
SA_DELETE="9"
SA_REJECT="yes"
And that's it right?

Also, if i want the mails with score 7 to 8, to be marked with the ****spam*** , wich parameter should i set up? may be:
SA_REPORT="7" ???

And what's local.cf for?, can i setup any other things on it?

Also, what's the parameter SA_ALT for?, and the SA_SQL? where can i read some good doc's about SpamAssassin configuration posibilities? have looked at spamasassin.apache.org, but habent found any quick reference about this...

Thanks in advance

benji · Unread post by **benji** » Wed Apr 02, 2008 3:40 am

Any clue anyone?

Kalimari · Unread post by **Kalimari** » Wed Apr 02, 2008 4:40 am

Benji, the clue to understanding the settings in /etc/qmail-scanner.ini is required_hits + the value entered for quarantine and/or deletion.

In /etc/mail/spamassassin/local.cf
Your current SA required_score is 7

Edit /etc/qmail-scanner.ini:
To quarantine message with a score of 10:
SA_QUARANTINE="3" (7+3)
To delete message with a score of 20:
SA_DELETE="13" (7+13)

Note: SA_DELETE value must be greater than SA_QUARANTINE.

Make sure your /etc/qmail-scanner.ini quarantine directory is correct if using the quarantine, mine needed to be altered as follows:
SPAMDIR="/var/spool/qscan/quarantine/spam" <- wrong
SPAMDIR="/spam" <- works

You can learn a lot more about SA and MySQL related settings at: http://wiki.apache.org/spamassassin/
Or google spamassassin + the value in the cf/ini file... there's a lot of information out there.

benji · Unread post by **benji** » Fri Apr 04, 2008 3:22 pm

Thank you very much , you helped me a lot.

I've put all parameters you said, plus activated REJECT instead of deleting.

Is it better to delete or to reject a mail with 20 score or more?

Also, wich permissions should i set to the /spam (quarantine) dir, i've put 777 since it's owned by root...

Thanks!

breun · Unread post by **breun** » Fri Apr 04, 2008 4:44 pm

20 is really, really high. It's probably not very useful to reject those messages. I'd just delete those.