Jun 122013
 

SpamAssassin is a Perl-based application used for e-mail spam filtering based on content-matching rules. SpamAssassin comes with a large set of rules which are applied to determine whether an email is spam or not. Most rules are based on regular expressions that are matched against the body or header fields of the message.

SpamAssassin supports several optional components to increase accuracy, its set of ‘network tests’ is key if you want to improve your hit-rate. In testing, it typically halves the false negative rate — in other words, it means that users will see half as many missed spams.

Network based spam detection

SpamAssassin includes support for three different Hash-based Network Tests, which compare fingerprints for received messages against shared lists of previously-seen spam messages.

  • Razor2 database http://razor.sourceforge.net by Vipul Ved Prakash and Jordan Ritter allow Unix clients to work out of the same database used by the commercial customers of the Cloudmark system.
  • Pyzor, a completely free database and software system, written by Frank Tobin, visit http://pyzor.sourceforge.net for more information.
  • DCC, the Distributed Checksum Clearinghouse http://www.rhyolite.com/anti-spam/dcc/. The idea of DCC is that if mail recipients could compare the mail they receive, they could recognize unsolicited bulk mail.

Network based filtering methods Razor2, Pyzor. DCC firewall ports:

Razor2 port 2307 TCP

Pyzor port 24441 UDP

DCC port 6277 UDP

Razor2

# yum install perl-Razor-Agent

Pyzor

# yum install pyzor

DCC

# wget http://www.dcc-servers.net/dcc/source/dcc.tar.Z

# tar xzvf dcc.tar.Z

# cd dcc*

# ./configure --with-uid=amavis

# make

# make install

# chown -R amavis:amavis /var/dcc

# ln -s /var/dcc/libexec/dccifd /usr/local/bin/dccifd

SpamAssassin configuration

Add the following to /etc/mail/spamassassin/local.cf

# razor

use_razor2 1

# pyzor

use_pyzor 1

# dcc

use_dcc 1

dcc_home /var/dcc

dcc_path /usr/local/bin/dccproc

dcc_timeout 10

add_header all DCC _DCCB_: _DCCR_

Enable the DCC plugin in /etc/mail/spamassassin/v310.pre

# DCC - perform DCC message checks.

loadplugin Mail::SpamAssassin::Plugin::DCC

SpamAssassin configuration check

# spamassassin --lint

SpamAssassin testing

# spamassassin -t -D razor2 < /usr/share/doc/spamassassin-*/sample-spam.txt

# spamassassin -t -D pyzor < /usr/share/doc/spamassassin-*/sample-spam.txt

# cdcc info

Most implementations of SpamAssassin will trigger on the GTUBE, a 68-byte string similar to the antivirus EICAR test file. If this string is inserted in a message and passed through the SpamAssassin engine, SpamAssassin will trigger with a weight of 1000.

Source: http://www.iredmail.org/forum/topic481-iredmail-support-install-pyzor-razor2-and- dcc-on-your-centosrhel-iredmail-server.html

10,634 total views, 2 views today

 Leave a Reply

*

© 2011 Indimon Internet Services

Site last updated March 11, 2017 @ 9:57 am; This content last updated June 12, 2013 @ 9:01 am

Return to Top ▲Return to Top ▲