Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Simplistic mail filtering (antivirus, antispam) with DisSpam
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
dsd
Developer
Developer


Joined: 30 Mar 2003
Posts: 2162
Location: nr London

PostPosted: Fri Dec 05, 2003 5:00 pm    Post subject: Simplistic mail filtering (antivirus, antispam) with DisSpam Reply with quote

Well, I know there is no lack of mail filtering techniques around here, but here's another.

This one is fairly simple, I noticed how many of these approaches involve fetchmail, getmail, sendmail, qmail, procmail, thismail and thatmail.... but this one only involves one perl script (DisSpam), plus a perl module for antispam (SpamAssassin), plus a package for antivirus (ClamAV).

To put it simply:
DisSpam connects to your POP3 mailserver regularly, deletes all the mails it thinks are spam and/or viruses, and disconncts.

Based on a page I wrote on my website, here


Installing perl modules
Some of what we need is in portage, some isn't. It's simple to obtain other perl modules through CPAN.

As root,

Firstly:
Code:
emerge Net-DNS Mail-SpamAssassin MIME-tools clamav


Next, for the other perl modules:
Code:
perl -MCPAN -e shell
# answer the questions if you have never been into CPAN before (defaults are usually safe)
install Inline::MakeMaker
force install Mail::ClamAV
exit



Updating virus definitions
To update to the latest virus definitions, as root, execute:
Code:
freshclam



Downloading and patching DisSpam
DisSpam 0.12 vanilla supports spam filtering. I recently wrote a patch to add anti-virus mail filtering, which is currently being reviewed by the author. So for now, we will have to patch the DisSpam source manually.

It is recommended that you use a non-root user to set up and configure disspam. From a shell:

Code:
wget http://freshmeat.net/redir/disspam/22053/url_tgz/disspam-0.12.tar.gz
tar xzvf disspam-0.12.tar.gz
cd disspam
wget http://www.reactivated.net/patches/disspam-0.12/disspam-virus-checking.patch
patch -p1 < disspam-virus-checking.patch



DisSpam configuration
Copy the file sample.conf to disspam.conf and open disspam.conf in your favourite text editor, i.e.:

Code:
cp sample.conf disspam.conf
nano disspam.conf


At the end of [GLOBAL] section, you will find these four lines:

Code:
# spamassassin=yes
# clamav=yes
# avtemporary=/tmp/clamav.temp
# mimestore=/tmp/mimestore


Uncomment all four by removing the # and the space before each setting.
The [RBL] section may be left alone, as we are using SpamAssassin for spam filtering.

Now you must configure a mailbox that DisSpam will filter. You will see a section in the config file marked "Your custom mailbox section(s) start here". Below that, there are some sample values. You need to change the email, host, username, and password keys to your personal values.

Personally, I like to set the backupfile option to store any mails that are filtered and deleted. I have been using SpamAssassin for over a year and it has only turned up one "false positive" that I know about. This option will store all the "spam" mails, and that may be helpful, if you ever lose an important mail!

I also like to enable the sendbounceback option. This option will "bounce" any mails that are filtered out by DisSpam. This informs the senders of any mails that become "false positives" that I have *not* read their mail, and also acts as a spam-the-spammer measure!

If you are interested in the configuration, you should read configuration.txt included in the distribution.


Test run
When you are happy with the configuration, run DisSpam to check that it works as expected:
Code:
./disspam.pl disspam.conf


DisSpam should work through all your mails successfully.


Automation with cron
Assuming all is working well, you now want to schedule DisSpam to run regularly, and it may also be useful to keep ClamAV up to date automatically.

We will use cron here to automate these tasks. As the user that you wish to filter the spam with, run:
Code:
crontab -e


We will add a line at the bottom of this file to schedule DisSpam to be run regularly. Mine looks like this:
Code:
0 * * * * /home/spam/disspam.pl /home/spam/disspam.conf > /home/spam/spamlog &


Here is a brief explanation of what each part means:

  • 0 * * * * - This is cron notation which means "run every hour, on the hour". Tutorials such as this one do a good job at explaining this notation.
  • /home/spam/disspam.pl - This is the absolute location of my disspam.pl file from the DisSpam distribution.
  • /home/spam/disspam.conf - This is the absolute location of my disspam.conf file which we created in step 4.
  • /home/spam/spamlog - This is a file where I log the output of DisSpam's most recent run. If you don't want to log this, then use /dev/null here.


You may also want to automate the updating of ClamAV's virus definitions. su to root, run crontab -e and add the following line, to make ClamAV update every night at midnight:

Code:
0 0 * * * freshclam > /dev/null



and thats it :)
let me know if you have any problems/questions, and i'll do my best to help.

dsd
_________________
http://dev.gentoo.org/~dsd
Back to top
View user's profile Send private message
floam
Veteran
Veteran


Joined: 27 Oct 2002
Posts: 1067
Location: Vancouver, WA USA

PostPosted: Sat Dec 06, 2003 4:03 am    Post subject: Reply with quote

Wow, never though of doing it that way (Deleting the mail before it gets to you) nice!
_________________
Think about your breathing.
http://floam.sh.nu
Back to top
View user's profile Send private message
leifbk
Guru
Guru


Joined: 05 Jan 2004
Posts: 379
Location: Bærum, Norway

PostPosted: Thu Apr 15, 2004 3:44 pm    Post subject: Reply with quote

Mail::ClamAV won't install at all, no matter:

ClamAV.xs: In function `clamav_perl_constant':
ClamAV.xs:274: error: `CL_OLE2' undeclared (first use in this function)
ClamAV.xs:274: error: (Each undeclared identifier is reported only once
ClamAV.xs:274: error: for each function it appears in.)
ClamAV.xs:275: error: `CL_ENCRYPTED' undeclared (first use in this function)
make[1]: *** [ClamAV.o] Error 1
make[1]: Leaving directory `/root/.cpan/build/Mail-ClamAV-0.08/_Inline/build/Mail/ClamAV'

A problem was encountered while attempting to compile and install your Inline
C code. The command that failed was:
make

The build directory was:
/root/.cpan/build/Mail-ClamAV-0.08/_Inline/build/Mail/ClamAV

To debug the problem, cd to the build directory, and inspect the output files.

at /root/.cpan/build/Mail-ClamAV-0.08/blib/lib/Mail/ClamAV.pm line 150
BEGIN failed--compilation aborted at /root/.cpan/build/Mail-ClamAV-0.08/blib/lib/Mail/ClamAV.pm line 429.
Compilation failed in require.
BEGIN failed--compilation aborted.
make: *** [ClamAV.inl] Error 2
/usr/bin/make -- NOT OK
Running make test
Can't test without successful make
Running make install
make had returned bad status, install seems impossible

--
regards, Leif.
Back to top
View user's profile Send private message
scootersmk
Apprentice
Apprentice


Joined: 17 May 2003
Posts: 186
Location: Knoxville, TN

PostPosted: Mon Apr 26, 2004 11:33 pm    Post subject: Reply with quote

I am trying to come up with a way to filter spam for about 40+ email accounts on windows boxes at work. Would this be able to handle that many users. I am thinking about using a gentoo box to go into each account on the server maybe 2 or 3 times a day and delete spam for each account. It is an outsourced email server so this looks like one of the better solutions that would not require any changes on the user's side. What do you think?
_________________
Long live the gentoo forums!!!!!
Back to top
View user's profile Send private message
dextur
n00b
n00b


Joined: 26 Jul 2003
Posts: 44
Location: Stockholm

PostPosted: Tue May 11, 2004 4:54 pm    Post subject: Score Reply with quote

I use Disspam with spamassassin but it does not seem to detect all spam messages. I'd like to lower the score for messages that get deleted. How do I do that?

Added ---

OK it seems i lower the score in my user_prefs file for spamassassin. However when I use disspam as a cron job it runs as root. Therefor i made /root/.spamassassin a symlink to /home/myuser/.spamassassin
When i then run disspam as root manually it uses the settings fine. But when i let the cronjob run the same command it does not seem to use the user_prefs file.

Any Ideas?
Back to top
View user's profile Send private message
alexbuell
Guru
Guru


Joined: 18 Jul 2002
Posts: 482
Location: "Hemp"shire, UK

PostPosted: Mon Jan 03, 2005 4:58 am    Post subject: Re: Simplistic mail filtering (antivirus, antispam) with Dis Reply with quote

dsd wrote:
HOWTO


I've just updated disspam.pl to work with spamassassin 3.0.2, and here's the patch, it applies to your patched disspam.pl. Just thought I'd contribute seeing as yours only work with spamassassin 2.*.

http://www.munted.org.uk/programming/disspam-spamassassin-3.0.2.patch
_________________
Cheers,
Alex.

Linux - the best text adventure game ever.
Back to top
View user's profile Send private message
alexbuell
Guru
Guru


Joined: 18 Jul 2002
Posts: 482
Location: "Hemp"shire, UK

PostPosted: Sat Jan 08, 2005 3:07 pm    Post subject: Re: Simplistic mail filtering (antivirus, antispam) with Dis Reply with quote

alexbuell wrote:
dsd wrote:
HOWTO


I've just updated disspam.pl to work with spamassassin 3.0.2, and here's the patch, it applies to your patched disspam.pl. Just thought I'd contribute seeing as yours only work with spamassassin 2.*.

http://www.munted.org.uk/programming/disspam-spamassassin-3.0.2.patch


Actually, it's far better using milters in Sendmail with SpamAssassin and ClamAV to do the same thing. Changed over to this over the last few days, and it's working remarkably well.
_________________
Cheers,
Alex.

Linux - the best text adventure game ever.
Back to top
View user's profile Send private message
krani1
Tux's lil' helper
Tux's lil' helper


Joined: 21 Jun 2004
Posts: 76

PostPosted: Fri Dec 16, 2005 10:44 am    Post subject: Reply with quote

hi there! sorry to ressurect this thread, but disspam seems very very good! but currently the latest version is 0.14 and your patch doesn't apply anymore, any hint about this?

TIA
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum