5
May

spamassassin + fail2ban

   Posted by: admin   in Mẹo vặt của hiếu râu

yum install spamassassin spamass-milter
yum install perl-Mail-SPF perl-Mail-DKIM perl-Razor-Agent pyzor poppler-utils re2c
chkconfig spamassassin on
chkconfig spamass-milter on
service spamassassin start
service spamass-milter start
vi sendmail.mc
INPUT_MAIL_FILTER(`spamassassin', `S=unix:/var/run/spamass-milter/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl
define(`confMILTER_MACROS_CONNECT',`t, b, j, _, {daemon_name}, {if_name}, {if_addr}')dnl
define(`confMILTER_MACROS_HELO',`s, {tls_version}, {cipher}, {cipher_bits}, {cert_subject}, {cert_issuer}')dnl
make
/etc/init.d/sendmail restart
spamassassin -D < /usr/share/doc/spamassassin-3.3.1/sample-spam.txt 2>&1|grep -i spf
$ diff -u spamd.org /usr/sbin/spamd
--- spamd.org	2011-04-21 23:35:10.000000000 +0000
+++ /usr/sbin/spamd	2011-04-22 00:11:17.000000000 +0000
@@ -1593,7 +1593,10 @@

   my $scantime = sprintf( "%.1f", time - $start_time );

-  info("spamd: $was_it_spam ($msg_score/$msg_threshold) for\
  $current_user:$> in"
+  my @from_addrs = $mail->get_pristine_header("Received");
+  join("\n",@from_addrs) =~ m/(\[\d+\.\d+\.\d+\.\d+\])/;
+  my $from_addr = $1;
+  info("spamd: $was_it_spam ($msg_score/$msg_threshold) from\
  $from_addr for $current_user:$> in"
        . " $scantime seconds, $actual_length bytes." );

   # add a summary "result:" line, based on mass-check format
# Fail2Ban filter for spamass-filter failures
#

[INCLUDES]

before = common.conf

[Definition]

failregex = spamd: identified spam .* from \[<HOST>\]

ignoreregex =

# DEV Notes:
#
# Author:
cat /etc/sysconfig/spamass-milter
### Standard parameters for spamass-milter are:
### -f -P /var/run/spamass-milter.pid
### These run the milter as a daemon and have it write a PID file
###
### You may add another parameters here, see spamass-milter(1)
EXTRA_FLAGS="-r 6"
This entry was posted on Thursday, May 5th, 2016 at 11:49 am and is filed under Mẹo vặt của hiếu râu. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed at this time.