medium_grade
asked on
Postifx Spam Solution/Problem
A former employee of my company developed a spam filtering solution with Postifx/spamassassin for our clients who chose to host their email on their own server. The solution, as best as I can understand it, works like this:
Postifx pipes incoming messages to a script called "spamfilter" which lies in /usr/local/bin/. This script sends the message to spamc for spam checks. Once this is done, it checks the number of *'s are in the header section marked "X-Spam-Level:" and uses that to determine if the message is then delievered or if it is routed to another email address.
As of now, the mail is being checked, spam is being correctly flagged, but instead of routing to an alternate email address, it is still being delivered to the users mailbox (with a clearly mared "*******SPAM*******" in the subject line). I need to know as soon as possible how to remedy this as my clients are now getting a lot of spam.
Here is the script:
# Variables
SENDMAIL="/usr/sbin/sendma il.postfix -i"
EGREP=/bin/egrep
# Directory to put high score spam into:
# (NOTE: Create this directory and give it same permissions as /var/tempfs)
SIDELINE_DIR=/var/spool/sp am
# Exit codes from <sysexits.h>
EX_UNAVAILABLE=69
# Number of *'s in X-Spam-level header needed to sideline message:
# (Eg. Score of 5.5 = "*****" )
SPAMLIMIT=6
# Clean up when done or when aborting.
trap "rm -f /var/tempfs/out.$$" 0 1 2 3 15
# Pipe message to spamc
cat | /usr/bin/spamc -u spamfilter > /var/tempfs/out.$$
if $EGREP -q "^X-Spam-Level: \*{$SPAMLIMIT,}" < /var/tempfs/out.$$
then
# Option 1: Move high scoring messages to sideline dir so a human can look at them later:
#cp /var/tempfs/out.$$ $SIDELINE_DIR/`date +%Y-%m-%d_%R`-$$
# Option 2: Change the Email address where you want your spam to get fwd to
$SENDMAIL spambox@example.com < /var/tempfs/out.$$
else
$SENDMAIL "$@" < /var/tempfs/out.$$
fi
# Postfix returns the exit status of the Postfix sendmail command.
exit $?
Here is my master.cf file from Postfix. I put comments on the lines which are important:
# ========================== ========== ========== ========== ========== ========
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ========================== ========== ========== ========== ========== ========
smtp inet n - n - - smtpd
-o content_filter=spamfilter: dummy #<----------IMPORTANT
-o smtpd_sasl_auth_enable=yes
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission inet n - n - - smtpd
# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o smtpd_etrn_restrictions=re ject
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
#tlsmgr fifo - - n 300 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
#
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# maildrop. See the Postfix MAILDROP_README file for details.
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildr op -d ${recipient}
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipien t_limit=1
cyrus unix - n n - - pipe
user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmai l -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
spamfilter unix - n n - - pipe #<----------IMPORTANT
flags=Rq user=spamfilter argv=/usr/local/bin/spamfi lter -f ${sender} -- ${recipient} #<----------IMPORTANT
Postifx pipes incoming messages to a script called "spamfilter" which lies in /usr/local/bin/. This script sends the message to spamc for spam checks. Once this is done, it checks the number of *'s are in the header section marked "X-Spam-Level:" and uses that to determine if the message is then delievered or if it is routed to another email address.
As of now, the mail is being checked, spam is being correctly flagged, but instead of routing to an alternate email address, it is still being delivered to the users mailbox (with a clearly mared "*******SPAM*******" in the subject line). I need to know as soon as possible how to remedy this as my clients are now getting a lot of spam.
Here is the script:
# Variables
SENDMAIL="/usr/sbin/sendma
EGREP=/bin/egrep
# Directory to put high score spam into:
# (NOTE: Create this directory and give it same permissions as /var/tempfs)
SIDELINE_DIR=/var/spool/sp
# Exit codes from <sysexits.h>
EX_UNAVAILABLE=69
# Number of *'s in X-Spam-level header needed to sideline message:
# (Eg. Score of 5.5 = "*****" )
SPAMLIMIT=6
# Clean up when done or when aborting.
trap "rm -f /var/tempfs/out.$$" 0 1 2 3 15
# Pipe message to spamc
cat | /usr/bin/spamc -u spamfilter > /var/tempfs/out.$$
if $EGREP -q "^X-Spam-Level: \*{$SPAMLIMIT,}" < /var/tempfs/out.$$
then
# Option 1: Move high scoring messages to sideline dir so a human can look at them later:
#cp /var/tempfs/out.$$ $SIDELINE_DIR/`date +%Y-%m-%d_%R`-$$
# Option 2: Change the Email address where you want your spam to get fwd to
$SENDMAIL spambox@example.com < /var/tempfs/out.$$
else
$SENDMAIL "$@" < /var/tempfs/out.$$
fi
# Postfix returns the exit status of the Postfix sendmail command.
exit $?
Here is my master.cf file from Postfix. I put comments on the lines which are important:
# ==========================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================
smtp inet n - n - - smtpd
-o content_filter=spamfilter:
-o smtpd_sasl_auth_enable=yes
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission inet n - n - - smtpd
# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
#tlsmgr fifo - - n 300 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
#
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# maildrop. See the Postfix MAILDROP_README file for details.
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildr
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipien
cyrus unix - n n - - pipe
user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmai
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp
spamfilter unix - n n - - pipe #<----------IMPORTANT
flags=Rq user=spamfilter argv=/usr/local/bin/spamfi
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.