Changelog
Close this window to continue.
15 MAR 2009
Since we should actually do not quarantine bad headers, we can't release them either, so there is no point in seeing them in the MailZu interface:
sed -i "s/'allowBadHeaders'] = 1/'allowBadHeaders'] = 0/" /var/www/mailzu/config/config.php
We need to apply one small patch:
cd /var/www/mailzu/lib/
cp AmavisdEngine.class.php AmavisdEngine.class.php.original
wget http://verchick.com/mecham/public_html/spam/AmavisdEngine.patch1.txt
patch -p0 < AmavisdEngine.patch1.txt
01 FEB 2009
New virus_name_to_spam_score_maps (included with amavisd-new 2.6.2) for use with amavisd-new 2.5.2 - 2.6.1
@virus_name_to_spam_score_maps =
(new_RE( # the order matters!
[ qr'^Phishing\.' => 0.1 ],
[ qr'^(Email|HTML)\.Phishing\.(?!.*Sanesecurity)' => 0.1 ],
[ qr'^Sanesecurity\.(Malware|Rogue|Trojan)\.' => undef ],# keep as infected
[ qr'^Sanesecurity(\.[^., ]*)*\.' => 0.1 ],
[ qr'^Sanesecurity_PhishBar_' => 0 ],
[ qr'^Email\.Spam\.Bounce(\.[^., ]*)*\.Sanesecurity\.' => 0 ],
[ qr'^(MSRBL-Images\b|MSRBL-SPAM\.)' => 0.1 ],
[ qr'^VX\.Honeypot-SecuriteInfo\.com\.Joke' => 0.1 ],
[ qr'^VX\.not-virus_(Hoax|Joke)\..*-SecuriteInfo\.com(\.|\z)' => 0.1 ],
[ qr'^Email\.Spam.*-SecuriteInfo\.com(\.|\z)' => 0.1 ],
[ qr'-SecuriteInfo\.com(\.|\z)' => undef ], # keep as infected
[ qr'^MBL_' => undef ], # keep as infected
));
# Sanesecurity http://www.sanesecurity.co.uk/
# MSRBL- http://www.msrbl.com/site/contact
# MBL http://www.malware.com.br/index.shtml
# -SecuriteInfo.com http://clamav.securiteinfo.com/malwares.html
Please read: http://www.freespamfilter.org/forum/viewtopic.php?f=14&t=1205
06 JAN 2009
The server at http://www.sanesecurity.com is overloaded and is not serving files. For now it would
be best if we do not try to connect to this server. Download a new script that does not
attempt to grab signatures from SaneSecurity:
cd /usr/sbin
mv UpdateSaneSecurity.sh UpdateSaneSecurity.sh.old
wget http://verchick.com/mecham/public_html/spam/NoUpdateSaneSecurity.sh.txt
mv NoUpdateSaneSecurity.sh.txt UpdateSaneSecurity.sh
chmod +x UpdateSaneSecurity.sh
04 JAN 2009
Need to tighten security on a file (if you have it):
chmod 0750 /usr/sbin/trim-awl
Then either edit /etc/cron.weekly/trim-sql-awl-weekly and remove 'su - amavis', or
get an updated copy of this file from me:
cd /etc/cron.weekly/
wget http://verchick.com/mecham/public_html/spam/trim-sql-awl-weekly.txt
mv trim-sql-awl-weekly.txt trim-sql-awl-weekly
chmod +x trim-sql-awl-weekly
Run it to make sure it still works:
./trim-sql-awl-weekly
06 DEC 2008
I completely replaced the instructions for Upgrading SpamAssassin due to
the problems encountered when upgrading using the unstable sources.
The instructions now use backports.org as the source.
01 NOV 2008
Since Volatile became an official archive, SpamAssassin (3.2.x) and Clamav are now installed from
Volatile. Because of this change, I removed the ImageInfo plugin installation instructions
(it comes with SpamAssassin 3.2.x). Because installing SpamAssassin from unstable causes
a great number of system changes, I no longer recommend upgrading from unstable.
I added some additional logcheck ignore rules:
echo "^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[ls]mtp\[[0-9]+\]: [[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* relay=[^[:space:]]+,( conn_use=[[:digit:]]+,)? delay=[.0-9]+,( delays=[.0-9/]+, dsn=[0-9.]+,)? status=sent \(250 [0-9.]+ Ok, id=[-0-9]+, BOUNCE\)$" >>/etc/logcheck/ignore.d.server/postfix
echo "^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[ls]mtp\[[0-9]+\]: [[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* relay=[^[:space:]]+,( conn_use=[[:digit:]]+,)? delay=[.0-9]+,( delays=[.0-9/]+, dsn=[0-9.]+,)? status=sent \(250 [0-9.]+ Ok, id=[-0-9]+, DISCARD\(bounce.suppressed\)\)$" >>/etc/logcheck/ignore.d.server/postfix
echo "Vacation: Orig-To: [^[:space:]]+ From:" >>/etc/logcheck/ignore.d.server/postfix
echo "Vacation: Orig-To: [^[:space:]]+ From:" >>/etc/logcheck/violations.ignore.d/logcheck-postfix
echo "^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[ls]mtp\[[0-9]+\]: [[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* relay=[^[:space:]]+,( conn_use=[[:digit:]]+,)? delay=[.0-9]+,( delays=[.0-9/]+, dsn=[0-9.]+,)? status=sent \(250 [0-9.]+ Ok, discarded, .*\)$" >>/etc/logcheck/ignore.d.server/postfix
There have been changes to SaneSecurity. You should download a new script:
cd /usr/sbin
wget http://verchick.com/mecham/public_html/spam/UpdateSaneSecurity.sh.txt
mv UpdateSaneSecurity.sh.txt UpdateSaneSecurity.sh
chmod +x UpdateSaneSecurity.sh
UpdateSaneSecurity.sh
Add an entry to suppress logcheck messages:
echo "UpdateSaneSecurity" >>/etc/logcheck/ignore.d.server/amavisd-new
If you are using Amavisd-new 2.5.2 or newer: get a new set of SaneSecurity SA rules:
cd /etc/spamassassin
mv amavis-sanesecurity.cf amavis-sanesecurity.cf.old
wget http://verchick.com/mecham/public_html/spam/amavis-sanesecurity_v2.cf
spamassassin --lint
amavisd-new reload
If you are using Amavisd-new 2.5.2 or newer: add this entry to /etc/amavis/amavisd.conf
# SaneSecurity stuff
@virus_name_to_spam_score_maps =
(new_RE( # the order matters!
[ qr'^Sanesecurity\.(Malware|Rogue|Trojan)\.' => undef ],# keep as infected
[ qr'^Sanesecurity(\.[^., ]*)*\.' => 0.1 ],
[ qr'^Sanesecurity_PhishBar_' => 0 ],
[ qr'^Email\.Spam\.Bounce(\.[^., ]*)*\.Sanesecurity\.' => 0 ],
[ qr'^(MSRBL-(Images|SPAM)\.)' => 0.1 ],
[ qr'^MBL_' => undef ], # keep as infected
[ qr'^VX\.Honeypot-SecuriteInfo\.com\.Joke' => 0.1 ],
[ qr'^VX\.not-virus_(Hoax|Joke)\..*-SecuriteInfo\.com(\.|\z)' => 0.1 ],
[ qr'^Email\.Spam.*-SecuriteInfo\.com(\.|\z)' => 0.1 ],
[ qr'-SecuriteInfo\.com(\.|\z)' => undef ], # keep as infected
));
# Sanesecurity http://www.sanesecurity.co.uk/
# MSRBL- http://www.msrbl.com/site/contact
# MBL http://www.malware.com.br/index.shtml
# -SecuriteInfo.com http://clamav.securiteinfo.com/malwares.html
During an edit about a month or two ago I accidentally left the functions.php portion of the
amavisnewsql.patch1.txt patch out. Take a look at your SpamAssassin page in
SquirrellMail (Options, SpamAssassin). If it looks very different from
this
then it's likely that /usr/share/squirrelmail/plugins/amavisnewsql/functions.php has
not been patched. If functions.php is 18696 bytes, then it has not been patched.
As a matter of convenience, I have broken out that portion of the patch and you could
wget it from
http://verchick.com/mecham/public_html/spam/amavisnewsql.functions.patch.txt but you would need to edit
the patch before applying it, replacing host.domain.tld with your host name.
18 APR 2008
Forgot to rotate mailzu.log:
cd /etc/logrotate.d
wget http://verchick.com/mecham/public_html/spam/mailzu.logrotate.txt
mv mailzu.logrotate.txt mailzu
12 MAR 2008
Updated for amavisd-new 2.5.4
12 DEC 2007
Updated for amavisd-new 2.5.3
11 DEC 2007
The amavisnewsql plugin stores the whitelist/blacklist sender addresses in the
wblist table as opposed to a separate table (which would avoid duplication and be a more
efficient way to do it). As a result, the index for that table will not allow
adding more than one entry per recipient. To fix this, log into MySQL and index on the appropriate fields.
I fixed the schema to reflect this change:
USE amavis;
ALTER TABLE `wblist` DROP PRIMARY KEY;
ALTER TABLE `wblist` ADD PRIMARY KEY ( `rid` , `email` );
29 OCT 2007
Added a new section "The alias issue" on page 1. As a result, I also
changed the "Acting as a relay server" section to reflect this change in the setup.
23 SEP 07
And apply a second small patch to amavisd-new (2.4.x through 2.5.2):
cd /usr/sbin
wget http://verchick.com/mecham/public_html/spam/amavisd-new-trim-whitespace.patch2.txt
patch amavisd-new <amavisd-new-trim-whitespace.patch2.txt
rm amavisd-new-trim-whitespace.patch2.txt
09 SEP 07
And apply a small patch to amavisd-new (2.4.x through 2.5.2):
cd /usr/sbin
wget http://verchick.com/mecham/public_html/spam/amavisd-new-trim-whitespace.patch.txt
patch amavisd-new <amavisd-new-trim-whitespace.patch.txt
rm amavisd-new-trim-whitespace.patch.txt
28 AUG 07
I commented out each occurrence of:
-o receive_override_options=no_address_mappings
in master.cf. If address rewriting in disabled before amavisd-new, the alias
will not be found in the amavis MySQL database. If not found, default amavisd-new
settings are used. This could create confusion for the end user. Ideally, aliases
should either direct mail to an email address in the amavis MySQL database, or to an
address external to the server. Don't create aliases that point to other aliases.
If one needs to rewrite user+spam@example.com style
addresses to user@domain.tld style addresses, then address rewriting cannot be
disabled after amavisd-new either. Any time address rewriting is enabled both before
and after the content_filter, there is a possibility of duplicate messages. Avoid
the use of always_bcc, recipient_bcc_maps or similar, as this would create one
bcc before and one bcc after the content_filter.
See http://www.postfix.org/postconf.5.html#receive_override_options
27 AUG 07
I renamed a number of files dealing with SSL certificates. No changes are required for
existing installations. Instead of using the date for naming certificate files I now
use the host name. This makes it easier for those that create more than one set of certificates.
I also now configure apache-ssl, courier imap-ssl and courier pop3-ssl to use the renamed
files instead of the default names the were using. The renamed files are simply more descriptive.
Added this note referring to SASL AUTH:
There is an issue with Mozilla Thunderbird. It tries to use CRAM-MD5 before it
tries PLAIN. This will result in a "SASL authentication failure: empty secret"
warning unless you enter a cleartext password for these clients. If you don't
wish to do that, you can either fix Thunderbird, or not use CRAM-MD5. To fix
Thunderbird, go to Tools->Options->Advanced->General->Config Editor and then
double click on mail.smtpserver.default.trySecAuth (which is set to true by
default) in order to set it to false.
20 AUG 07
Added a %banned_rules section to the 50-user file which defines a custom set of banned rules called
'BLOCK_EXE' which is used in both policy banks.
Also added: spam_dsn_cutoff_level_bysender_maps => [9999], to both policy banks. This is needed (only) when
one has upgraded to a newer version of amavisd-new and wishes to continue to bounce spam back to trusted senders.
18 AUG 07
Added this:
Quiet down logcheck:
echo "amavis\[[0-9]+\]: \(rel-.{12}\) Quarantined message release:" >>/etc/logcheck/ignore.d.server/amavisd-new
echo "amavis\[[0-9]+\]: \(rel-.{12}\) Quarantine release" >> /etc/logcheck/ignore.d.server/amavisd-new
Corrected the mistake in the command "cp Botnet.pm cp Botnet.pm~"
06 AUG 07
Botnet 0.8 was released. You may want to reinstall it:
cd /usr/local/src
mkdir Botnet-0.8
cd Botnet-0.8
wget http://people.ucsc.edu/~jrudd/spamassassin/Botnet-0.8.tar
tar -xf Botnet-0.8.tar
wget http://verchick.com/mecham/public_html/spam/botnet8patch.txt
cp Botnet.pm cp Botnet.pm~
patch -p0 <botnet8patch.txt
cp Botnet.pm /etc/spamassassin/
cp Botnet.cf /etc/spamassassin/
cd /etc/spamassassin/
sed -i 's/5.0/2.0/' Botnet.cf
amavisd-new reload
spamassassin --lint
If you are running amavisd-new 2.5.2 or newer and the sanesecurity ClamAV signatures:
cd /etc/spamassassin
wget http://verchick.com/mecham/public_html/spam/amavis-sanesecurity.cf
spamassassin --lint
04 AUG 07
Initial release.
http://verchick.com/mecham/public_html/spam/virtual.html