7.3 Spam-Checking All Incoming Mail

‚  < ‚  Day Day Up ‚  > ‚  

If you want to set up a spam-checking gateway for all recipients, local or not, you need a way to perform spam-checking as mail is received, before final delivery. qmail provides this capability through the QMAILQUEUE patch, which is included in the netqmail distribution of qmail (and most packaged qmail distributions).

You can find out if your qmail installation has the QMAILQUEUE patch applied by executing the following commands:

 #  cd /var/qmail/bin  #  strings qmail-smtpd  grep QMAILQUEUE  QMAILQUEUE 

If you don't see QMAILQUEUE in response to the strings command, the patch has not been applied. You will have to recompile qmail from the netqmail source code.


With the QMAILQUEUE patch applied, the qmail-smtpd daemon checks to see if the environment variable QMAILQUEUE has been set. If so, qmail-smtpd hands the message off to the program specified in that variable instead of to the default qmail-queue program. The new program can call SpamAssassin and then pass the (possibly tagged) message to qmail-queue . Figure 7-2 illustrates this arrangement.

Figure 7-2. qmail configuration to check all incoming email for spam

SpamAssassin includes a small C program called qmail- spamc by John Peacock, with its source code (in the qmail subdirectory in SpamAssassin 2.63, and in the spamc subdirectory in SpamAssassin 3.0). When compiled, qmail-spamc is suitable for use as a QMAILQUEUE program; it invokes spamc on an incoming message and pipes the result to qmail-queue . Because it's written in C and is a very simple program, it runs quickly. To set up qmail-spamc , perform the following steps:

  1. Compile qmail-spamc.c . On most systems, issue a command like the following in the directory containing qmail-spamc.c :

      cc -O -o qmail-spamc qmail-spamc.c  

  2. As root , install qmail-spamc in an appropriate location on your system (e.g., /var/qmail/bin or /usr/local/bin ). Make it executable. For example:

      install -m 755 qmail-spamc     /var/qmail/bin    

  3. Ensure that qmail-queue is on the system's default path . The easiest way to do so is usually to create a symbolic link from /var/qmail/bin/qmail-queue to /usr/bin/qmail-queue . Do the same for spamc if it is not already installed in /usr/bin . For example:

     ln -s /var/qmail/bin/qmail-queue /usr/bin/qmail-queue 

  4. Ensure that spamd is running.

  5. Ensure that qmail-smtpd has enough memory available to allow it to run qmail-spamc and spamc . Edit /var/qmail/supervise/qmail-smtpd/run and modify the -m and/or -a arguments of softlimit to increase the number of bytes available to qmail-smtpd and its child processes to an amount sufficient to allow all of the processes to execute completely on a large message. A setting of 10MB ( roughly 10,000,000) is usually sufficient, but you may have to vary the setting and keep an eye on your logs to find the right amount. If the setting is too low, you will see errors such as the following at the end of the DATA step during SMTP transactions:

     fatal: qq temporary problem (#4.3.0) 

  6. Edit /etc/tcp.smtp . This file controls access to the SMTP service when you're using ucspi-tcp . Add or modify the line shown in bold:

     127.:allow,RELAYCLIENT=""  :allow,QMAILQUEUE="/var/qmail/bin/qmail-spamc  " 

    This change causes the QMAILQUEUE environment variable to be set when qmail-smtpd is invoked by a connection from hosts outside the 127 . network (i.e., spam-checking will be performed on email from remote hosts, but not from the local host).

    With the version of qmail-spamc distributed with SpamAssassin 3.0, you can customize the way spamc is invoked by adding additional environment variables to the list in /etc/tcp.smtp , including:


    SPAMDSOCK= " /path/to/socket "

    Direct spamc to use the given path to a Unix socket for connecting to spamd .


    SPAMDHOST= " hostname "

    Direct spamc to connect to spamd at the given host.


    SPAMDPORT= " port-number "

    Direct spamc to connect to spamd at the given TCP port number.


    SPAMDSSL="1 "

    Direct spamc to connect to spamd using SSL.


    SPAMDSIZE= " number-of-bytes "

    Direct spamc not to perform spam-checking on messages that exceed number-of-bytes in size .


    SPAMDUSER= " username "

    Direct spamc to supply the given username to spamd .

  7. Update the TCP rules database by running the command qmailctl cdb , which is found in your /var/qmail/bin/ directory. At this point, all incoming remote SMTP connections should have their messages passed through qmail-spamc .

You can emulate the QMAILQUEUE approach without the QMAILQUEUE patch by renaming qmail-queue to qmail-queue.orig and writing a new qmail-queue script that pipes the message through SpamAssassin and then to qmail-queue.orig , like this:

 #!/bin/sh PATH=/var/qmail/bin:$PATH  spamc  qmail-queue.orig 

However, this approach is less flexible than using QMAILQUEUE and more prone to causing trouble later when you want to queue messages without spam-checking them.


‚  < ‚  Day Day Up ‚  > ‚  


SpamAssassin
SpamAssassin
ISBN: 0596007078
EAN: 2147483647
Year: 2004
Pages: 88

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net