I have a problem getting spamd and sendmail (both stock CentOS4 rpms) to work together on a couple of smtp relay machines. This is clearly a configuration issue and no doubt revolves around my lack of comprehension of how this is to work.
Basically, the setup consists of two frontend public smtp transports that redirect all email through a firewall to an internal imap server for final delivery. The firewall and sendmail access map prohibit connections to the imap server except for the local MX gateway. The external MX gateway is a fallback mx server that routes everything it queues through the primary gateway.
So:
MX 2 routes to MX 1 that routes to IMAP
MX 2 and MX 1 are running spamd.
the sendmail.m4 file has the following at its very end:
dnl # dnl # MAILERs are always last after all FEATURES are defined MAILER(smtp)dnl MAILER(procmail)dnl
The contents of /etc/procmailrc are:
:0fw | /usr/bin/spamassassin
Spamd is running on both.
There is a local configuration rule set in /etc/mail/spamassassin/local.cf
Passing a test message through spamc on MX 1 or MX 2 does not seem to pick up this rule even for messages constructed to trigger it. Passing spam messages through spamc -R identifies messages that have passed through the relays without any spam tags as being high scoring spam.
What am I doing wrong?
Regards, Jim
On Mon, 2005-06-27 at 11:55, James B. Byrne wrote:
I have a problem getting spamd and sendmail (both stock CentOS4 rpms) to work together on a couple of smtp relay machines. This is clearly a configuration issue and no doubt revolves around my lack of comprehension of how this is to work.
Basically, the setup consists of two frontend public smtp transports that redirect all email through a firewall to an internal imap server for final delivery. The firewall and sendmail access map prohibit connections to the imap server except for the local MX gateway. The external MX gateway is a fallback mx server that routes everything it queues through the primary gateway.
So:
MX 2 routes to MX 1 that routes to IMAP
MX 2 and MX 1 are running spamd.
the sendmail.m4 file has the following at its very end:
dnl # dnl # MAILERs are always last after all FEATURES are defined MAILER(smtp)dnl MAILER(procmail)dnl
The contents of /etc/procmailrc are:
:0fw | /usr/bin/spamassassin
Procmail only runs during local delivery to a mailbox. If you are relaying on to a 3rd IMAP machine it will go via the smtp mailer, not procmail.
A good approach for this is to run MimeDefang (http://www.mimedefang.org) with the sendmail milter interface and let it coordinate your virus and spam scans.
James B. Byrne wrote:
I have a problem getting spamd and sendmail (both stock CentOS4 rpms) to work together on a couple of smtp relay machines. This is clearly a configuration issue and no doubt revolves around my lack of comprehension of how this is to work.
Basically, the setup consists of two frontend public smtp transports that redirect all email through a firewall to an internal imap server for final delivery. The firewall and sendmail access map prohibit connections to the imap server except for the local MX gateway. The external MX gateway is a fallback mx server that routes everything it queues through the primary gateway.
So:
MX 2 routes to MX 1 that routes to IMAP
MX 2 and MX 1 are running spamd.
the sendmail.m4 file has the following at its very end:
dnl # dnl # MAILERs are always last after all FEATURES are defined MAILER(smtp)dnl MAILER(procmail)dnl
The contents of /etc/procmailrc are:
:0fw | /usr/bin/spamassassin
Spamd is running on both.
There is a local configuration rule set in /etc/mail/spamassassin/local.cf
Passing a test message through spamc on MX 1 or MX 2 does not seem to pick up this rule even for messages constructed to trigger it. Passing spam messages through spamc -R identifies messages that have passed through the relays without any spam tags as being high scoring spam.
What am I doing wrong?
Regards, Jim
Procmail can only take action on locally delivered mail. I suggest using MailScanner for a complete, free & open solution. http://www.mailscanner.info http://wiki.mailscanner.info
Other people will probably recommend Amavis, but I've never used it.
James B. Byrne napsal(a):
I have a problem getting spamd and sendmail (both stock CentOS4 rpms) to work together on a couple of smtp relay machines. This is clearly a configuration issue and no doubt revolves around my lack of comprehension of how this is to work.
Basically, the setup consists of two frontend public smtp transports that redirect all email through a firewall to an internal imap server for final delivery. The firewall and sendmail access map prohibit connections to the imap server except for the local MX gateway. The external MX gateway is a fallback mx server that routes everything it queues through the primary gateway.
So:
MX 2 routes to MX 1 that routes to IMAP
MX 2 and MX 1 are running spamd.
the sendmail.m4 file has the following at its very end:
dnl # dnl # MAILERs are always last after all FEATURES are defined MAILER(smtp)dnl MAILER(procmail)dnl
The contents of /etc/procmailrc are:
:0fw | /usr/bin/spamassassin
Spamd is running on both.
There is a local configuration rule set in /etc/mail/spamassassin/local.cf
You need an milter interface instead of just procmail (it is local delivery program)
My solution ==================================================================== Instalace +++++++++ Milan Kerslager repository ftp://ftp.linux.cz/pub/linux/people/milan_kerslager/RHEL-4/stable/ ----------------------------------------------- yum install clamav-milter clamav cvgfilter spamass-milter spamassassin sendmail-cf -----------------------------------------------
přidej do startu systemu ----------------------------------------------- /sbin/chkconfig clamd on /sbin/chkconfig freshclam on /sbin/chkconfig clamav-milter on /sbin/chkconfig cvgfilter on /sbin/chkconfig spamassassin on /sbin/chkconfig spamass-milter on /sbin/chkconfig sendmail on -----------------------------------------------
Make helper scripts ----------------------------------------------- echo '#!/bin/bash /sbin/service freshclam start /sbin/service clamd start /sbin/service clamav-milter start /sbin/service cvgfilter start /sbin/service spamassassin start /sbin/service spamass-milter start /sbin/service sendmail start ' |cat >/root/bin/mail.start
echo '#!/bin/bash /sbin/service sendmail stop /sbin/service spamass-milter stop /sbin/service spamassassin stop /sbin/service cvgfilter stop /sbin/service clamav-milter stop /sbin/service clamd stop /sbin/service freshclam stop ' | cat >/root/bin/mail.stop
echo '#!/bin/bash /root/bin/mail.stop /root/bin/mail.start ' | cat >/root/bin/mail.restart
chmod 700 /root/bin/mail.* -----------------------------------------------
Configuration +++++++++++++
Changes in /etc/mail/sendmail.mc ----------------------------------------------- dnl # ven jde jen PEPA dnl define(`SMART_HOST',`smtp.your.provider') define(`SMART_HOST',`XXXXX')
dnl # Prilohy do 20M dnl define(`UUCP_MAILER_MAX', `2000000')dnl define(`UUCP_MAILER_MAX', `20000000')dnl
dnl # Trochu pozmenim chovani pri nedorucitelnosti dnl define(`confTO_QUEUEWARN', `4h')dnl dnl define(`confTO_QUEUERETURN', `5d')dnl dnl define(`confQUEUE_LA', `12')dnl dnl define(`confREFUSE_LA', `18')dnl define(`confTO_QUEUEWARN', `6h')dnl define(`confTO_QUEUERETURN', `2d')dnl define(`confQUEUE_LA', `12')dnl define(`confREFUSE_LA', `18')dnl
dnl # Not sure dnl dnl FEATURE(always_add_domain)dnl dnl FEATURE(always_add_domain)dnl
dnl # nebezpecne , spamoidni dnl dnl dnl FEATURE(`accept_unresolvable_domains')dnl dnl FEATURE(`accept_unresolvable_domains')dnl
dnl # Musime prijimat na vsech interfacech ... dnl DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl -----------------------------------------------
and before mailers in /etc/mail/sendmail.mc ----------------------------------------------- dnl # OPEN RELAY Check ... dnl FEATURE(`dnsbl', `relays.ordb.org', `"550 Email rejected due to sending server misconfiguration - see http://www.ordb.org/faq/%5C#why_rejected%22%27)dnl
dnl # clamav-milter - z README ... dnl INPUT_MAIL_FILTER(`clamav-milter',`S=local:/var/run/clamav/clamav-milter.sock, F=,T=S:4m;R:4m;E:10m')dnl
dnl # CVGFILTER - z README ... dnl define(`_FFR_MILTER', `1')dnl INPUT_MAIL_FILTER(`cvgfilter', `S=unix:/var/run/cvgfilter.sock, F=T')dnl
dnl # SPAMASSASSIN dnl INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl define(`confMILTER_MACROS_CONNECT',`b, j, _, {daemon_name}, {if_name}, {if_addr}')dnl -----------------------------------------------
/etc/sysconfig/clamav-milter ----------------------------------------------- CLAMAV_FLAGS="--max-children=80 --force-scan -HP -p viry@madeta.cz --server=localhost local:/var/run/clamav/clamav-milter.sock" -----------------------------------------------
/etc/mail/spamassassin/local.cf ----------------------------------------------- # These values can be overridden by editing ~/.spamassassin/user_prefs.cf # (see spamassassin(1) for details)
# These should be safe assumptions and allow for simple visual sifting # without risking lost emails.
required_hits 5 report_safe 0 rewrite_header Subject [SPAM]
# additional rewrite_subject 1 subject_tag [SPAM]
fold_headers 0
#clear_headers remove_header all Report #remove_header all Status #remove_header all Level #remove_header all Flag
#add_header all Status _YESNOCAPS_ , _STARS(*)_, hits=_HITS_ required=_REQD_ -----------------------------------------------
========================================================================
/root/bin/mail.restart and enjoy the show ...
I would highly recommend you use MailScanner. http://www.mailscanner.info You could be up and running in a matter of minutes with SpamAssassin AND ClamAV.
Mike
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Petr Klíma Sent: Tuesday, June 28, 2005 12:35 AM To: CentOS mailing list Subject: Re: [CentOS] sendmail and spamassassin
James B. Byrne napsal(a):
I have a problem getting spamd and sendmail (both stock CentOS4 rpms) to work together on a couple of smtp relay machines. This is clearly a configuration issue and no doubt revolves around my lack of comprehension of how this is to work.
Basically, the setup consists of two frontend public smtp transports that redirect all email through a firewall to an internal imap server for final delivery. The firewall and sendmail access map prohibit connections to the imap server except for the local MX gateway. The external MX gateway is a fallback mx server that routes everything it queues through the primary gateway.
So:
MX 2 routes to MX 1 that routes to IMAP
MX 2 and MX 1 are running spamd.
the sendmail.m4 file has the following at its very end:
dnl # dnl # MAILERs are always last after all FEATURES are defined MAILER(smtp)dnl MAILER(procmail)dnl
The contents of /etc/procmailrc are:
:0fw | /usr/bin/spamassassin
Spamd is running on both.
There is a local configuration rule set in /etc/mail/spamassassin/local.cf
You need an milter interface instead of just procmail (it is local delivery program)
My solution ==================================================================== Instalace +++++++++ Milan Kerslager repository ftp://ftp.linux.cz/pub/linux/people/milan_kerslager/RHEL-4/stable/ ----------------------------------------------- yum install clamav-milter clamav cvgfilter spamass-milter spamassassin sendmail-cf -----------------------------------------------
přidej do startu systemu ----------------------------------------------- /sbin/chkconfig clamd on /sbin/chkconfig freshclam on /sbin/chkconfig clamav-milter on /sbin/chkconfig cvgfilter on /sbin/chkconfig spamassassin on /sbin/chkconfig spamass-milter on /sbin/chkconfig sendmail on -----------------------------------------------
Make helper scripts ----------------------------------------------- echo '#!/bin/bash /sbin/service freshclam start /sbin/service clamd start /sbin/service clamav-milter start /sbin/service cvgfilter start /sbin/service spamassassin start /sbin/service spamass-milter start /sbin/service sendmail start ' |cat >/root/bin/mail.start
echo '#!/bin/bash /sbin/service sendmail stop /sbin/service spamass-milter stop /sbin/service spamassassin stop /sbin/service cvgfilter stop /sbin/service clamav-milter stop /sbin/service clamd stop /sbin/service freshclam stop ' | cat >/root/bin/mail.stop
echo '#!/bin/bash /root/bin/mail.stop /root/bin/mail.start ' | cat >/root/bin/mail.restart
chmod 700 /root/bin/mail.* -----------------------------------------------
Configuration +++++++++++++
Changes in /etc/mail/sendmail.mc ----------------------------------------------- dnl # ven jde jen PEPA dnl define(`SMART_HOST',`smtp.your.provider') define(`SMART_HOST',`XXXXX')
dnl # Prilohy do 20M dnl define(`UUCP_MAILER_MAX', `2000000')dnl define(`UUCP_MAILER_MAX', `20000000')dnl
dnl # Trochu pozmenim chovani pri nedorucitelnosti dnl define(`confTO_QUEUEWARN', `4h')dnl dnl define(`confTO_QUEUERETURN', `5d')dnl dnl define(`confQUEUE_LA', `12')dnl dnl define(`confREFUSE_LA', `18')dnl define(`confTO_QUEUEWARN', `6h')dnl define(`confTO_QUEUERETURN', `2d')dnl define(`confQUEUE_LA', `12')dnl define(`confREFUSE_LA', `18')dnl
dnl # Not sure dnl dnl FEATURE(always_add_domain)dnl dnl FEATURE(always_add_domain)dnl
dnl # nebezpecne , spamoidni dnl dnl dnl FEATURE(`accept_unresolvable_domains')dnl dnl FEATURE(`accept_unresolvable_domains')dnl
dnl # Musime prijimat na vsech interfacech ... dnl DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl -----------------------------------------------
and before mailers in /etc/mail/sendmail.mc ----------------------------------------------- dnl # OPEN RELAY Check ... dnl FEATURE(`dnsbl', `relays.ordb.org', `"550 Email rejected due to sending server misconfiguration - see http://www.ordb.org/faq/%5C#why_rejected%22%27)dnl
dnl # clamav-milter - z README ... dnl INPUT_MAIL_FILTER(`clamav-milter',`S=local:/var/run/clamav/clamav-milter.soc k, F=,T=S:4m;R:4m;E:10m')dnl
dnl # CVGFILTER - z README ... dnl define(`_FFR_MILTER', `1')dnl INPUT_MAIL_FILTER(`cvgfilter', `S=unix:/var/run/cvgfilter.sock, F=T')dnl
dnl # SPAMASSASSIN dnl INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl define(`confMILTER_MACROS_CONNECT',`b, j, _, {daemon_name}, {if_name}, {if_addr}')dnl -----------------------------------------------
/etc/sysconfig/clamav-milter ----------------------------------------------- CLAMAV_FLAGS="--max-children=80 --force-scan -HP -p viry@madeta.cz --server=localhost local:/var/run/clamav/clamav-milter.sock" -----------------------------------------------
/etc/mail/spamassassin/local.cf ----------------------------------------------- # These values can be overridden by editing ~/.spamassassin/user_prefs.cf # (see spamassassin(1) for details)
# These should be safe assumptions and allow for simple visual sifting # without risking lost emails.
required_hits 5 report_safe 0 rewrite_header Subject [SPAM]
# additional rewrite_subject 1 subject_tag [SPAM]
fold_headers 0
#clear_headers remove_header all Report #remove_header all Status #remove_header all Level #remove_header all Flag
#add_header all Status _YESNOCAPS_ , _STARS(*)_, hits=_HITS_ required=_REQD_ -----------------------------------------------
========================================================================
/root/bin/mail.restart and enjoy the show ...
-
James B. Byrne -
Les Mikesell -
Mike Kercher -
Petr Klíma -
Ugo Bellavance