Additional Email Tools

This section covers SpamAssassin, Webmail, and mailing lists. In addition, it discusses how to set up IMAP and POP3 servers and a KMail client.

SpamAssassin

Spamor more correctly, UCE (unsolicited commercial email)accounts for more than three-quarters of all email. SpamAssassin evaluates each piece of incoming email and assigns it a number that indicates the likelihood that the email is spam. The higher the number, the more likely that the email is spam. You can filter email based on its rating. SpamAssassin is effective as installed, but you can modify its configuration files to make it better fit your needs.

How SpamAssassin works

You can set up SpamAssassin (spamassassin package) on a mail server so that it rates all inbound email before it is sent to users. Alternatively, individual users can run it from their mail clients. Either way, you run the SpamAssassin spamd daemon and filter email through this daemon using the spamc client.

SpamAssassin uses several techniques to identify spam:

• Header analysis Checks for tricks that people who send spam use to make you think email is legitimate

• Text analysis Checks the body of an email for characteristics of spam

• Blacklists Checks various lists to see if the sender is known for sending spam

• Database Checks the signature of the message against Vipul's Razor (razor.sourceforge.net), a spam-tracking database

With spamd running, you can see how spamc works by sending a simple string to it:

$ echo "hi there" | spamc X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on pbnj X-Spam-Level: ***** X-Spam-Status: Yes, score=5.7 required=5.0 tests=EMPTY_MESSAGE,MISSING_HB_SEP,         MISSING_HEADERS,MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS,TO_CC_NONE         autolearn=no version=3.1.0 X-Spam-Report:         * -0.0 NO_RELAYS Informational: message was not relayed via SMTP         *  2.5 MISSING_HB_SEP Missing blank line between message header and body         *  0.2 MISSING_HEADERS Missing To: header         *  1.3 MISSING_SUBJECT Missing Subject: header         *  1.5 EMPTY_MESSAGE Message appears to be empty with no Subject: text         * -0.0 NO_RECEIVED Informational: message has no Received headers         *  0.1 TO_CC_NONE No To: or Cc: header hi there Subject: [SPAM] X-Spam-Prev-Subject: (nonexistent)

Of course, SpamAssassin complains because the string you gave it did not contain standard email headers. The logical line that starts with X-Spam-Status contains the heart of the report on the string hi there. First it says Yes (it considers the message to be spam). SpamAssassin uses a rating system that assigns a number of hits to a piece of email. If the email receives more than the required number of hits (5.0 by default), SpamAssassin marks it as spam. The string failed for many reasons that are enumerated on this status line. The reasons are detailed in the following X-Spam-Report. The following listing is from a real piece of spam processed by SpamAssassin. It received 24.5 hits, indicating that it is almost certainly spam.

X-Spam-Status: Yes, hits=24.5 required=5.0      tests=DATE_IN_FUTURE_06_12,INVALID_DATE_TZ_ABSURD,            MSGID_OE_SPAM_4ZERO,MSGID_OUTLOOK_TIME,            MSGID_SPAMSIGN_ZEROES,RCVD_IN_DSBL,RCVD_IN_NJABL,            RCVD_IN_UNCONFIRMED_DSBL,REMOVE_PAGE,VACATION_SCAM,            X_NJABL_OPEN_PROXY      version=2.55 X-Spam-Level: ************************ X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) X-Spam-Report:   This mail is probably spam.  The original message has been attached   along with this report, so you can recognize or block similar unwanted   mail in future.  See http://spamassassin.org/tag/ for more details.   Content preview:  Paradise SEX Island Awaits! Tropical 1 week vacations   where anything goes! We have lots of WOMEN, SEX, ALCOHOL, ETC! Every   man's dream awaits on this island of pleasure. [...]   Content analysis details:   (24.50 points, 5 required)   MSGID_SPAMSIGN_ZEROES (4.3 points)  Message-Id generated by spam tool (zeroes variant)   INVALID_DATE_TZ_ABSURD (4.3 points)  Invalid Date: header (timezone does not exist)   MSGID_OE_SPAM_4ZERO (3.5 points)  Message-Id generated by spam tool (4-zeroes variant)   VACATION_SCAM      (1.9 points)  BODY: Vacation Offers   REMOVE_PAGE        (0.3 points)  URI: URL of page called "remove"   MSGID_OUTLOOK_TIME (4.4 points)  Message-Id is fake (in Outlook Express format)   DATE_IN_FUTURE_06_12 (1.3 points)  Date: is 6 to 12 hours after Received: date   RCVD_IN_NJABL  (0.9 points)  RBL: Received via a relay in dnsbl.njabl.org   [RBL check: found 94.99.190.200.dnsbl.njabl.org.]   RCVD_IN_UNCONFIRMED_DSBL (0.5 points)  RBL: Received via a relay in unconfirmed.dsbl.org   [RBL check: found 94.99.190.200.unconfirmed.dsbl.org.]   X_NJABL_OPEN_PROXY (0.5 points)  RBL: NJABL: sender is proxy/relay/formmail/spam-source   RCVD_IN_DSBL       (2.6 points)  RBL: Received via a relay in list.dsbl.org   [RBL check: found 211.157.63.200.list.dsbl.org.] X-Spam-Flag: YES Subject: [SPAM] re: statement

Because SpamAssassin considered the preceding email to be spam, it modified the Subject line by adding [SPAM] at the beginning of the line.

Configuration

Edit /etc/mail/spamassassin/local.cf to configure SpamAssassin globally. Users can override the global options and add their own options in ~/.spamassassin/user_prefs. You can put the options discussed in this section in either of these files. Use perldoc to display the configuration document that lists all the options:

Documentation

$ perldoc Mail::SpamAssassin::Conf

As shown in the preceding example, SpamAssassin rewrites the Subject line of email that it rates as spam. The rewrite_subject keyword in the configuration files controls this behavior. A 1 following this keyword indicates that SpamAssassin will rewrite Subject lines. Change the 1 to a 0 (zero) to turn off this behavior:

rewrite_subject 0

The required_hits keyword specifies the minimum number of hits a piece of email must receive before SpamAssassin considers it to be spam. The default is 5.0. With a higher number, SpamAssassin marks fewer pieces of email as spam.

required_hits 5.00

Sometimes mail from addresses that should be marked as spam is not, or mail from addresses that should not be marked as spam is. Use the whitelist_from keyword to specify addresses that should never be marked as spam and blacklist_from to specify addresses that should always be marked as spam:

whitelist_from sams@tcorp.com blacklist_from spammer.net

You can specify multiple addresses, separated by SPACEs, on the whitelist_from and blacklist_from lines. Each address can include wildcards. You can also use multiple lines.

Using SpamAssassin with a Mail Server

To add SpamAssassin headers to each email that arrives on the system, you need to configure your MDA to pipe email through the spamc. The first step is to make sure you have procmail configured as your MDA. The first of the following lines in sendmail.mc specifies the procmail command, its path, and flags. The MAILER line defines procmail as the mailer. You should not have to change either of these lines.

FEATURE(local_procmail,'','procmail -t -Y -a $h -d $u')dnl MAILER(procmail)dnl

The procmail configuration file, /etc/procmailrc, may not exist on the server. If the file does not exist, create it so that it is owned by root and has 644 permissions and the following contents. If it does exist, append the last two lines from the following file to it:

$ cat /etc/procmailrc DROPPRIVS=yes :0 fw | /usr/bin/spamc

The first line of this file ensures that procmail runs with the least possible privileges. The next two lines implement a rule that pipes each user's incoming email through spamc. The :0 tells procmail that a rule follows. The f flag indicates a filter; the w flag causes procmail to wait for the filter to complete and check the exit code. The last line specifies the /usr/bin/spamc file as the filter.

With the preceding changes in place, all email that comes into the system passes through SpamAssassin, which rates it according to the options in the global configuration file. For users who have home directories on the server system, SpamAssassin allows users' configuration files to override the global file.

When you run SpamAssassin on a server, you typically want to rate the email more conservatively so that fewer pieces of good email are marked as spam. Setting required_hits in the range of 610 is generally appropriate. Also, you do not want to remove any email automatically because you could prevent a user from getting a piece of nonspam email. When the server marks email as possibly being spam, users can manually or automatically filter the spam and decide what to do with it.

Using SpamAssassin with a Mail Client

With the SpamAssassin (spamd) daemon running and the configuration files set up, you are ready to have SpamAssassin filter your email. To do so, you need to set up two rules in your mail client: The first passes each piece of email through SpamAssassin using spamc (page 640) and the second filters email based on whether the X-Spam-Flag line has a YES or NO on it.

In general, you do not want to pass very large pieces of email through SpamAssassin. The following example, which uses KMail, passes messages smaller than 200,000 bytes through SpamAssassin. The first filter rule (Figure 20-1) processes all messages where the size is less than 200,000 bytes. The rule pipes messages through /usr/bin/spamc. This rule uses nice to conserve system resources. The Advanced tab specifies that the rule is applied to incoming messages and filtering does not stop if the message matches this rule.

Figure 20-1. The first rule passes messages through SpamAssassin

The first rule adds an X-Spam-Flag line to each piece of email it processes. The second rule checks the value of the flag on this line. If the X-Spam-Flag line contains YES, the second rule moves the email to a folder named spam (Figure 20-2). Because the If this filter matches, stop processing here box is checked in the Advanced tab, KMail does not further process messages marked as spam. Messages not marked as spam can be processed by other rules.

Figure 20-2. The second rule checks the X-Spam-Flag

SELinux

When SELinux is set to use a targeted policy, the SpamAssassin daemon, spamd, is protected by SELinux. You can disable this protection if necessary. For more information refer to "Setting the Targeted Policy with system-config-securitylevel" on page 402.

Webmail

Traditionally you read email using a dedicated email client such as KMail. Recently it has become more common to use a Web application to read email. If you have an email account with a commercial provider such as Gmail, HotMail, or Yahoo! Mail, you use a Web browser to read email. Email read in this manner is called Webmail. Unlike email you read on a dedicated client, you can read Webmail from anywhere you can open a browser on the Internet: You can check your email from an Internet cafe or a friend's computer, for example.

SquirrelMail (squirrelmail package) provides Webmail services; the SquirrelMail files reside in /usr/share/squirrelmail. If you want to run SquirrelMail, you must run IMAP (page 647) because SquirrelMail uses IMAP to receive and authenticate email. You must also run Apache (Chapter 26) so a user can use a browser to connect to SquirrelMail.

SquirrelMail is modular: You can easily add functionality using plugins. There are plugins that allow you to share a calendar and plugins that give you the ability to change passwords using the Webmail interface. See the plugins section of the SquirrelMail Web site for more information.

Create the following link to make SquirrelMail accessible from the Web:

# ln -s /usr/share/squirrelmail /var/www/html/mail

With this link in place, you can point a Web browser at http://localhost/mail to display the SquirrelMail login page (Figure 20-3).

Figure 20-3. SquirrelMail login page

Next use the conf.pl script in /usr/share/squirrelmail/config to configure SquirrelMail:

# cd /usr/share/squirrelmail/config # ./conf.pl SquirrelMail Configuration : Read: config_default.php (1.4.0) --------------------------------------------------------- Main Menu -- 1.  Organization Preferences 2.  Server Settings 3.  Folder Defaults 4.  General Options 5.  Themes 6.  Address Books 7.  Message of the Day (MOTD) 8.  Plugins 9.  Database 10. Languages D.  Set pre-defined settings for specific IMAP servers C   Turn color on S   Save data Q   Quit Command >>

The only item that you must set to get SquirrelMail to work is the server's domain name (from the Server Settings page). SquirrelMail provides several themes; if you do not like the way SquirrelMail looks, choose another theme from the Themes page.

Mailing Lists

A mailing list can be an asset if you regularly send email to the same large group of people. A mailing list provides several advantages over listing numerous recipients in the To or Cc field of an email or sending the same email individually to many people:

• Anonymity None of the recipients of the email can see the addresses of the other recipients.

• Archiving Email sent to the list is stored in a central location where list members or the public, as specified by the list administrator, can browse through it.

• Access control You can easily specify who can send email to the list.

• Consistency When you send mail to a group of people using To or Cc, it is all too easy to leave people who want to be on the list off and to leave people who want to be off the list on.

• Efficiency A mailing list application spreads email transmissions over time so it does not overload the mail server.

Mailman provides mailing list support. The bulk of Mailman resides in /usr/lib/mailman. The configuration file is /etc/mailman/mm_cfg.py, which is a link to /usr/lib/mailman/Mailman/mm_cfg.py. Before you can use Mailman, you need to replace fqdn in the two following lines in mm_cfg.py with the name of the local domain enclosed within single quotation marks:

DEFAULT_URL_HOST   = fqdn DEFAULT_EMAIL_HOST = fqdn

After making these changes, create a new mailing list with the newlist utility:

# /usr/lib/mailman/bin/newlist Enter the name of the list: painting_class Enter the email of the person running the list: helen@tcorp.com Initial painting_class password: To finish creating your mailing list, you must edit your /etc/aliases (or equivalent) file by adding the following lines, and possibly running the 'newaliases' program: ## painting_class mailing list painting_class:               "|/usr/lib/mailman/mail/mailman post painting_class" painting_class-admin:         "|/usr/lib/mailman/mail/mailman admin painting_class" painting_class-bounces:       "|/usr/lib/mailman/mail/mailman bounces painting_class" painting_class-confirm:       "|/usr/lib/mailman/mail/mailman confirm painting_class" painting_class-join:          "|/usr/lib/mailman/mail/mailman join painting_class" painting_class-leave:         "|/usr/lib/mailman/mail/mailman leave painting_class" painting_class-owner:         "|/usr/lib/mailman/mail/mailman owner painting_class" painting_class-request:       "|/usr/lib/mailman/mail/mailman request painting_class" painting_class-subscribe:     "|/usr/lib/mailman/mail/mailman subscribe painting_class" painting_class-unsubscribe:   "|/usr/lib/mailman/mail/mailman unsubscribe painting_class" Hit enter to notify painting_class owner...

Before the list can receive email, you need to copy the lines generated by newlist to the end of /etc/aliases (page 633) and run newaliases.

Mailman includes a Web configuration interface that you can enable by configuring a Web server to run the scripts in /usr/lib/mailman/cgi-bin. Refer to the file /etc/httpd/conf.d/mailman.conf for a sample entry that you can put in /etc/httpd/conf/httpd.conf (page 794) to set up this interface (pipermail is the archive manager that Mailman uses).

Setting Up an IMAP or POP3 Server

Two protocols allow users to retrieve email remotely: IMAP (Internet Message Access Protocol) and POP (Post Office Protocol). The dovecot package (www.dovecot.org) includes the imap-login and pop3-login daemons that implement these protocols. Typically you do not have to modify the dovecot configuration file (/etc/dovecot.conf). See /usr/share/doc/dovecot* for more information.

The dovecot self-signed certificate

The following commands generate and install the self-signed certificates that dovecot requires:

FEDORA

# export SSLDIR=/etc/pki/dovecot # cd /etc/pki/dovecot # /usr/share/doc/dovecot-1.0/examples/mkcert.sh

RHEL

First edit /usr/share/doc/dovecot*/dovecot-openssl.cnf as necessary. Typically no changes are needed. Then give the following commands to generate and install the self-signed certificates that dovecot requires:

# mkdir -p /etc/ssl/certs /etc/ssl/private # cd/usr/share/doc/dovecot* # sh mkcert.sh

The mkcert.sh script writes the certificates to the directories you created with the first command.

RHEL+FEDORA

Run chkconfig to cause the dovecot daemons to start when the system enters multiuser mode:

# /sbin/chkconfig dovecot on

Start the daemons with the following command:

# /sbin/service dovecot start Starting Dovecot Imap:                                     [  OK  ]

Despite dovecot reporting that it started the IMAP server only, it also starts the POP3 server.

Setting Up KMail

KMail is the graphical email client for KDE that is compatible with the MIME, SMTP, POP3, and IMAP standards. To start KMail, give the command kmail from a terminal emulator window or from a Run Command window (press ALT-F2 to open this window). You can also choose Internet KMail from the KDE main menu. You can run KMail from any desktop environment, including GNOME. Figure 20-4 shows the initial KMail window.

Figure 20-4. The initial KMail window

When you start KMail for the first time, it takes you through the steps necessary to configure it. Alternatively, you can configure KMail by selecting Configure KMail from the Settings menu on the menubar to display the Configure KMail window (Figure 20-5). This window has buttons along the left side; click the buttons to display different configuration pages on the right.

Figure 20-5. The Configure KMail window

Identity

KMail sets up a minimal identity for you. Click the Identities button to display the Identities page. From this page you can create new identities and modify existing ones, such as the default identity that KMail created for you. You can specify your email address, a reply-to address (if it differs from your email address), a signature that KMail automatically appends to your outgoing email messages, and more.

Help

KMail provides help in setting up KMail to send and receive email. Click the Help button at the lower-left corner of any KMail window to display the appropriate page of the online Configure KMail manual (part of the KDE Help Center).

Accounts

Once you have an identity, you need to set up incoming and outgoing accounts. Click the Accounts button to display the Accounts page where you can set up accounts for sending and receiving messages. This page has two tabs: Sending and Receiving.

Outgoing account

Click the Sending tab on the Accounts page to display the outgoing accounts. The outgoing account defaults to sendmail on the local system. If you use the local sendmail, you need to configure it as explained in "JumpStart I: Configuring sendmail on a Client" on page 630. If you are using SMTP, you need to remove the sendmail account and add an SMTP account. To do so, highlight the sendmail account and click Remove; then click Add to display the Add Transport window where you can select sendmail or SMTP.

Incoming account

Click the Receiving tab on the Accounts page to display the incoming accounts; there is no default incoming account. Click Add to display the Add Account window where you can select a type of account such as Local mailbox, POP3, or IMAP. If you receive mail both locally and from an ISP, you need to set up two accounts. For a POP3 or IMAP account you need to specify the server (host) and your username and password on the server. If you want KMail to check for mail periodically, turn on Enable interval mail checking and specify how often KMail should check for mail.

You do not have to change any settings on other pages. Following is a summary of what you will find on each of the Configure KMail pages:

• Identities Specify one or more email identities including a name and email address in the General tab, a signature in the Signature tab, and use of PGP or GnuPG (page 992) and your OpenPGP key in the Cryptography tab.

• Accounts Specify outgoing and incoming email accounts.

• Appearance Specify how KMail looks, including fonts, colors, layout, and headers.

• Composer Specify what outgoing messages look like and which headers are included when you reply to or forward a message.

• Security Specify security features including whether you want to receive HTML messages in HTML or plain text. Receiving HTML messages in HTML can make a system less secure.

• Misc Specify KMail options including which warnings you receive, how messages you read are marked, and what happens when you exit from KMail.

KMail has a lot of options and features. Use the Help button to get assistance. It is easy to set up KMail for basic use. As you become more comfortable using it, you can configure KMail to a greater extent to take care of more tasks for you.