DæmonNews: News and views for the BSD community
Daemon News Ezine BSD News BSD Mall BSD Support Forum BSD Advocacy BSD Updates

Postfix and SpamAssassin

Grzegorz Czapliñski <gregory@prioris.mini.pw.edu.pl>

A few months ago I wrote an article titled "Setting Up Sophos + Amavis for Postfix". In that article I described how to implement an effective anti-virus protection for your site. In the configuration details presented there, I was relaying on Sophos anti-virus, Postfix, amavis-perl and amavisd. This time I would like to introduce a more advanced configuration - Sophos anti-virus, Postfix and Amavisd-new with SpamAssassin.

Why such a configuration?

Because I am fed up with spammers and their spam, I am fed up with viruses which travel all around the Internet. With this configuration I am able to stop spam and protect my site against viruses.

What is amavisd-new?

Amavisd-new is a high-performance interface between mailer (MTA) and content checkers: virus scanners, and/or SpamAssassin. It is written in Perl for maintainability, without paying a significant price for speed. It talks to MTA via (E)SMTP or LMTP, or by using helper programs. Best with Postfix, fine with dual-sendmail setup and Exim v4, works with sendmail/milter, or with any MTA as a SMTP relay. The best thing in Amavisd-new is that it has SpamAssassin integrated. In the case of Postfix you can only have one additional transport method defined. If you used this method only for anti-virus filtering with amavisd (or amavis-perl) you could implement anti-spam filtering as "Simple content filtering" described in FILTER_README file. From a performance standpoint this is a rather poor approach as Postfix pipes every message sent to it through Anomy Sanitizer, then through SpamAssassin. At the end, Postfix queues filtered messages for final delivery. Having Amavisd-new integrated with SpamAssasin we use it as Postfix's single transport method and we gain on performance.

What is SpamAssassin?

SpamAssassin(tm) is a mail filter to identify spam.

The spam-identification tactics used include:

  • header analysis: spammers use a number of tricks to mask their identities, to fool you into thinking they've sent a valid mail, or to fool you into thinking you must have subscribed at some stage. SpamAssassin tries to spot these.
  • text analysis: again, spam mails often have a characteristic style (to put it politely), and some characteristic disclaimers and CYA text. SpamAssassin can spot these, too.
  • blacklists: SpamAssassin supports many useful existing blacklists, such as mail-abuse.org, ordb.org or others.
  • Razor: Vipul's Razor is a collaborative spam-tracking database, which works by taking a signature of spam messages. Since spam typically operates by sending an identical message to hundreds of people, Razor short-circuits this by allowing the first person to receive a spam to add it to the database -- at which point everyone else will automatically block it.

  • SpamAssassin uses a scoring system: messages are tagged as spam only when they have enough spam characteristics in total. This results in very few false positives and a properly configured SpamAssassin installation correctly identifies spam in 90% to 95% with less than 1% false positives.

    Additionally you can configure SpamAssassin with DCC. I will include the installation and configuration for Distributed Checksum Clearinghouse.

The very nice thing in this config is that in the case of viruses all mail is checked by Sophos. By "all" I mean: incoming, outgoing and in transit - relayed.

Postfix installation

Start with postfix installation. This topic has been covered by me and many others. You may want to have a look at one of my previous articles "Postfix with SASL Authentication over TLS" or simply go to www.postfix.org for further information.

Amavisd-new installation

After postfix installation and proper configuration go to: /usr/ports/security/amavisd-new/; type "make" and then "make install". The installation will take some time so sit back and relax or go help your mum. The Amavisd-new port installs a lot of perl modules, SpamAssassin and Razor-Agents.

Distributed Checksum Clearinghouse installation

	# cd /usr/ports/mail/dcc-dccd
	# make all install

To check DCC if it's working: 

	# /usr/local/bin/cdcc 'info'

You will see DCC connecting to its servers.

Sophos installation

Install Sophos, or any other anti-virus software you have a license for. Sophos installation has been covered in "Setting Up Sophos + Amavis for Postfix".

Configuration

Postfix configuration

Before configuring additional transport make sure your configuration is working fine - your mail is going out and incoming mail is accepted. This will save you problems with our anti-(spam,virus) configuration.

Edit /usr/local/etc/postfix/master.cf file, go to the very end and add: 

	smtp-amavis unix -      -       -     -       2  smtp
	    -o smtp_data_done_timeout=1200
	    -o disable_dns_lookups=yes
	127.0.0.1:10025 inet n  -       -     -       -  smtpd
	    -o content_filter=
	    -o local_recipient_maps=
	    -o relay_recipient_maps=
	    -o smtpd_restriction_classes=
	    -o smtpd_client_restrictions=
	    -o smtpd_helo_restrictions=
	    -o smtpd_sender_restrictions=
	    -o smtpd_recipient_restrictions=permit_mynetworks,reject
	    -o mynetworks=127.0.0.0/8
	    -o strict_rfc821_envelopes=yes

Now we have to tell Postfix to use this transport. Edit /usr/local/etc/postfix/main.cf and add only this line: 

	content_filter = smtp-amavis:[127.0.0.1]:10024

For the configuration time, you may comment it out. We will take care of it later on.

Issue these commands: 

	# postfix reload
	# sockstat -l4 | grep 25
	root     master     24727 11 tcp4   *:25                  *:*
	root     master     24727 75 tcp4   127.0.0.1:10025       *:*

Postfix should be listening on two ports now - 25 and 10025. Check to ensure it's connecting to those ports: 

	# telnet localhost 25
	Trying 127.0.0.1...
	Connected to localhost.
	Escape character is '^]'.
	220 idealan.pl ESMTP Postfix
	^]
	telnet> quit
	Connection closed.
	
	# telnet localhost 10025
	Trying 127.0.0.1...
	Connected to localhost.
	Escape character is '^]'.
	220 idealan.pl ESMTP Postfix
	^]
	telnet> quit
	Connection closed.

Fine, all is fine now.

Edit your Postfix aliases file and add: 

	virusalert: root

and then issue a command newaliases(1).

Amavisd-new configuration

Amavisd-new installs its sample configuration file amavisd.conf-dist in /usr/local/etc. Rename it to amavisd.conf: 

	# mv /usr/local/etc/amavisd.conf-dist /usr/local/etc/amavisd.conf

or 

	# cp -p /usr/local/etc/amavisd.conf-dist /usr/local/etc/amavisd.conf

to preserve a copy of the original file.

Now edit /usr/local/etc/amavisd.conf. The file is divided into seven sections.

Section I - Essential daemon and MTA settings.

What you want to change or set is: 

	$mydomain = 'your.domain.here';
	$TEMPBASE = "$MYHOME/tmp"; which will default to /var/amavis/tmp .

Must be: 

	$forward_method = 'smtp:127.0.0.1:10025'; # where to forward checked mail
	$notify_method = $forward_method;         # where to submit notifications
	
	$max_servers  =  2;

This should match the width of your MTA pipe feeding amavisd. In other words, it must match the maxproc parameter defined in the master.cf file. Default is 2: 

	smtp-amavis unix -      -       -     -       2  smtp

I would suggest setting it to at least 10 on busy servers.

Beware of these: 

	@bypass_virus_checks_acl = qw( . ); 
	@bypass_spam_checks_acl  = qw( . );

They are commented out by default. Uncomment to DISABLE anti-virus or anti-spam code respectively.

Also check @local_domains_acl, it's well documented.

Section II - MTA specific (defaults should be ok)

Must be: $inet_socket_port = 10024;

Check @inet_acl, it's well documented.

Section III - Logging.

Nothing to change.

Section IV - Notifications/DSN, BOUNCE/REJECT/DROP/PASS destiny, quarantine.

You may want to set these variables: 

	$notify_sender_templ 
	$notify_virus_sender_templ
	$notify_virus_admin_templ
	$notify_virus_recips_templ
	$notify_spam_sender_templ
	$notify_spam_admin_templ

A very nice notify_spam_sender_templ can be found at http://lawmonkey.org/anti-spam.html.

Check values of: 

	$final_virus_destiny  = D_BOUNCE;  # (defaults to D_BOUNCE)
	$final_banned_destiny = D_BOUNCE;  # (defaults to D_BOUNCE)
	$final_spam_destiny   = D_BOUNCE;  # (defaults to D_REJECT)

If $final_spam_destiny = D_BOUNCE, then a sender will receive a $notify_spam_sender_templ notice.

There is a variable called $QUARANTINEDIR and is defined as: 

	$QUARANTINEDIR = '/var/virusmails';

This is the place where all the viruses will be quarantined. If you are under very heavy load of viruses, your /var may get full. In such case remove all the viruses quaranteened in /var/virusmails and set the $QUARANTINEDIR to empty string, undef - $QUARANTINEDIR = ' ';

Check: 

	$X_HEADER_TAG = 'X-Virus-Scanned';
	$X_HEADER_LINE = "by amavisd-new at $mydomain";

You may change "by amavisd-new at $mydomain" to anything you like.

Section V - Per-recipient and per-sender handling, whitelisting, etc.

In this section the following three lines are important: 

	read_hash(\%whitelist_sender, '/var/amavis/whitelist');
	read_hash(\%blacklist_sender, '/var/amavis/blacklist');
	read_hash(\%spam_lovers, '/var/amavis/spam_lovers');

With %whitelist_sender hash you whitelist good senders, and with %blacklist_sender hash you blacklist bad senders. %spam_lovers hash hold all who like receiving spam.

If you or other users are subscribed to mailing lists, you can specify mailing list addresses between "map { $whitelist_sender{lc($_)}=1 } (qw(" and "));".

Must look like: 

	map { $whitelist_sender{lc($_)}=1 } (qw(
	freebsd-questions@freebsd.org
	cert-advisory-owner@cert.org
	bugtraq@securityfocus.com
	owner-postfix-users@postfix.org
	));

Section VI - Resource limits

Nothing to change here.

Section VII - External programs, virus scanners

As we will user Razor, set $sa_local_tests_only to 0. 

	$sa_local_tests_only = 0;
	$sa_auto_whitelist = 1;

I use Sophos as my only anti-virus software so I commented out the code referencing other anti-virus software. 

	@av_scanners = (
	# ### http://www.sophos.com/
	 ['Sophos Anti Virus (sweep)', 'sweep',
	   '-nb -f -all -rec -ss -sc -archive {}',
	   [0,2], qr/Virus .*? found/,
	   qr/^>>> Virus(?:(?: fragment)? '?(.+?)'? found)/,
	   sub {$ENV{SAV_IDE}='/usr/local/sav'},
	 ],
	
	);

Now do: 

	# su - vscan
	$ touch blacklist whitelist spam_lovers
	$ mkdir tmp

SpamAssassin configuration

SpamAssassin has its configuration file in /usr/local/etc/mail/spamassassin/. In this directory you will find a file called local.cf. Don't bother too much with it, just create a new one. Here is the one I use from http://lawmonkey.org/anti-spam.html: 

	rewrite_subject 1
	# Tells SpamAssassin to change the subject on SPAM messages to include
	# The subject_tag (valuses 0 or 1).
	
	report_safe 0
	# Setting it to 0 tells SpamAssassin to put the report into the headers.
	# 1 puts the report in main email and the original one goes as an attachemnt.
	# 2 is as 1 + attachment is converted into text.
	
	use_terse_report 0
	# 0 gives terse report; 1 gives even shorter one.
	
	use_bayes 1
	# This turns Bayesean Learning on. 0 turns it off.
	
	bayes_path /var/amavis/.spamassassin/bayes
	# Bayesean database location.
	
	#timelog_path /var/amavis/.spamassassin/assassin.log
	# Timelog path (commented out).
	
	auto_learn 1
	# Auto learning lets SpamAssassin classify spam as SPAM.
	
	skip_rbl_checks 1
	# By default SpamAssassin runs the Realtime Blackhole List checks. 
	# It's better to turn this option off.
	
	use_razor2 1
	# Tells SA that we want to use Razor version 2
	
	use_dcc 1
	# In case you want DCC.
	
	use_pyzor 0
	# Tells SA that we don't want to use Pyzor
	
	dcc_add_header 1
	# DCC header in case you want it.
	
	dns_available yes
	# If you are sure you have DNS access set it to "yes".
	
	header LOCAL_RCVD Received =~ /\S+\.domain\.com\s+\(.*\[.*\]\)/
	score LOCAL_RCVD -50
	# This checks "Received: from...." lines in the message header.
	# Set .domain.com to your domain so outgoing mail will not be tagged as
	# spam. Unless you are a spammer of course. In case you are I strongly urge
	# you to use this option.
	
	## Optional Score Increases
	score DCC_CHECK 4.000
	score RAZOR2_CHECK 2.500
	score BAYES_99 4.300
	score BAYES_90 3.500
	score BAYES_80 3.000
	# For scores have a look at /usr/local/share/spamassassin/50_scores.cf
	# file.

At the end create this file: 

	$ touch /var/amavis/.spamassassin/user_prefs

If you don't create user_prefs SpamaSsassin will complain - must be there.

Razor configuration

This is simple and fast, just follow the commands: 

	# su - vscan
	$ razor-admin -create
	$ $ razor-admin -register -user postmaster@example.com
	Register successful.  Identity stored in /var/amavis/.razor/identity-postmaster@example.com

Just change example.com to your domain name. You may now view Razor's log file: 

	# more /var/amavis/.razor/razor-agent.log
	...

Bayesian Learning

You may want to set up an auto-learning system for SpamAssassin. This way SpamAssassin will tag and add messages as SPAM and NOT-SPAM to the Bayesian database. In this mode, SPAM will not be blocked! The first thing is to create two accounts - spam and notspam. 

	# pw useradd -c "Spam Account" -d /home/spam -m -s /bin/sh -h - -n spam
	# pw useradd -c "NOT-Spam Account" -d /home/notspam -m -s /bin/sh -h - -n notspam

If your users get a message which in fact is spam ask them to forward it to "spam@domain.com". In case they get a message tagged as spam which is not spam ask them to forward it to "notspam@domain.com". This is very important to forward messages with full headers!

Add spam@domain.com and notspam@domain.com to /var/amavis/spam_lovers file - one by line.

Use this script for Bayesian Learning: 

	#!/bin/sh -
	
	/usr/local/bin/sa-learn --spam -p /var/amavis/.spamassassin/user_prefs --dir ~spam/Maildir/new/
	
	rm `ls -l ~spam/Maildir/new/ | awk '{ print $9}' | xargs` 2> /dev/null
	echo -n "spam done."
	
	/usr/local/bin/sa-learn --ham -p /var/amavis/.spamassassin/user_prefs --dir ~nospam/Maildir/new/
	
	rm `ls -l ~nospam/Maildir/new/ | awk '{ print $9}' | xargs` 2> /dev/null
	echo -n "nospam done."
	
	/usr/local/bin/sa-learn --rebuild -p /var/amavis/.spamassassin/user_prefs

From my previous articles, you may know that I use Maildirs. If you use mbox format, change the lines where you call sa-learn to: 

	/usr/bin/sa-learn --spam -p /var/amavisd/.spamassassin/user_prefs --mbox /var/mail/spam
	/usr/bin/sa-learn --ham -p /var/amavisd/.spamassassin/user_prefs --mbox /var/mail/notspam

then simply remove /var/mail/spam and /var/mail/notspam files

Run this script manually or from cron. Anytime you run this script, it will connect to the Razor servers - check /var/amavis/.razor/razor-agent.log.

If the logs are getting too big, change: 

	debuglevel = 3

to 

	debuglevel = 0

which is defined in /var/amavis/.razor/razor-agent.conf file.

If you want to turn off Bayesian Learning, edit /usr/local/etc/mail/spamassassin/local.cf and change: 

	use_bayes 1

to read 

	use_bayes 0

Now the SPAM will be blocked!

Whenever you run the sa-learn script you will notice that the size of /var/amavis/.spamassassin/bayes_msgcount file increases by one whenever it processes a new email-file (Maildir) or mail (mbox). Bayesian Learning will never learn from the same message twice.

Ready to go?

In case you have commented the content_filter line out in main.cf file, uncomment it and issue the postfix reload command. Start amavis in debug mode: 

	# /usr/local/sbin/amavisd debug

See if everything is fine and no errors are reported. In /usr/ports/security/amavisd-new/work/amavisd-new-20030616/test-messages/ directory you can find sample messages. While in debug mode, try to send sample-spam.txt, or sample-virus-simple.txt from a remote host: 

	remote-host$ cat sample-spam.txt | mail user@doman.com
	remote-host$ cat sample-virus-simple.txt | mail user@doman.com

Addidtional notes

  • If in trouble, comment content_filter line in main.cf file. You will also probably have to requeue Postfix' mailqueue with this command: 

    	# postsuper -r ALL
	# postfix reload

  • Usually spammers send spam from nonexisting accounts. Because of that, your queue may be overloaded with unsent mail. Your system will try to send this out in the future. If you want to get rid of these messages from the queue use the following script witten by Monte Ohrt. 

    	#!/bin/sh
	TMPFILE=/tmp/clean.queue.$$
	DEFERDIR=/var/spool/postfix/deferred
	
	# collect the filenames
	mailq |grep MAILER-DAEMON | cut -f1 -d ' ' > $TMPFILE
	
	for DEFERFILE in `cat $TMPFILE`
	do
	   FILEPATH=`find $DEFERDIR -name $DEFERFILE`
	   egrep -i 'spamassassin|hits\=[0-9]{1,2}\.[0-9]' $FILEPATH > /dev/null
	   if [ $? -eq 0 ]
	   then
	       # deferred message is most likely spam
	       postsuper -d $DEFERFILE deferred
	   fi
	done
	
	rm -f $TMPFILE > /dev/null

  • The /var/virusmails and /var/amavis/tmp directories are used by amavis as temporary directories. You will notice a lot of files and subdirectories created there. Some of them will not get removed so you will have to remember to clean it periodically. /var/virusmails directory is used by anti-virus code only. If you don't check for viruses you don't have to worry about it.

    This simple command can give you a clue on how to remove directories that are 30 days old: 

    	find . -type d -atime +30 -exec rm -r {} \;

    This one shows how to remove files that are 30 days old: 

    	find . -type f -atime +30 -exec rm -r {} \;

  • If you need a more verbose log output, edit amavis.conf file and change: 

    	$log_level = 0; # (0-5)

    to 

    	$log_level = 5; # (0-5)

    Then watch the logs go by with: 

    	# tail -f /var/log/maillog

  • I have just realized that there is also free anti-virus software called MkS_Vir. My friend asked me to help him with the installation so I include it here. MkS_Vir is for FreeBSD 4.X. If you run one of the 5.X releases, add to your kernel config: 

    	options         COMPAT_43               #Compatible with BSD 4.3 
	options         COMPAT_FREEBSD4         #Compatible with FreeBSD4

    You must have the compatibility, so add: 

    	COMPAT1X=      yes
	COMPAT20=      yes
	COMPAT21=      yes
	COMPAT22=      yes
	COMPAT3X=      yes
	COMPAT4X=      yes

    to /etc/make.conf. Recompile, install your system and the kernel; then reboot.

    Go to http://linux.mks.com.pl/ and get a copy of MkS_Vir for FreeBSD - get both versions - standalone and the daemonised one. I have: mks32-1-9-1-FreeBSD-i386.tgz and mksdFreeBSD-1.14.2.tgz.

    Now do: 

    	$ gunzip -c mks32-1-9-1-FreeBSD-i386.tgz | tar xvf -
	$ gunzip -c mksdFreeBSD-1.14.2.tgz | tar xvf -
	$ cd mksd-1.14

    There are few files and executables inside.The LICENCJA file is the license. It simply says:

    Mks_vir for Linux is free of charge for all users of Linux, FreeBSD, NetBSD, OpenBSD, for ISPs, SMTP server integration, SAMBA, and so on. (it says "and so on" ;)
    We do not guarantee any usability and we are not responsible for any damage.

    The rest is on the software distribution. If someone is interested I can translate more.

    After unpacking you will find the following exacutables: in mksd-1.14 - mksd, mkschkin, mksscan, mksfiltr (compiled dynamically) and their copies ending with ".static" compiled statically; in mks32-1-9-1-FreeBSD-i386 - mks32 and mks32.static

    Copy executables to /usr/local/bin: 

    	# cp mkschkin mksd mksfiltr mksscan /usr/local/bin
	# cp ../mks32-1-9-1-FreeBSD-i386/mks32 /usr/local/bin
	# chown root:wheel /usr/local/bin/mks*
	# chmod 555 /usr/local/bin/mks*

    The inne directory consists of source code and example files.

    Now add a MkS_Vir group and user - mks: 

    	# pw groupadd mks
	# pw useradd -c "MkS_Vir user" -d /var/run/mksd -m -s /bin/sh -n mks -h -

    The directory must be /var/run/mksd - no choice here, owner mks, group vscan (the same group amavisd belongs to): 

    	# ls -ld /var/run/mksd
	drwx--x---  2 mks  vscan  512 Jul 30 22:11 /var/run/mksd

    MkS_Vir should be called with: 

    	mksd [-u <user>] [-g <group>[,...]] [scan|cure] [<number of processes>]

    Now, create a configuration file called mks_vir.cfg. Put it into /etc and the only line in the config file is: 

    	--mks-vir-dat-path=/usr/local/mks/bazy4/

    The path must end with "/". Now, create the /usr/local/mks/ directory and download virus bases from: http://download.mks.com.pl/download/linux/base4.tgz 

    	$ wget http://download.mks.com.pl/download/linux/bazy4.tgz

    Copy it into /usr/local/mks/ and unpack: 

    	# cp bazy4.tgz /usr/local/mks/
	# gunzip -c bazy4.tgz | tar xvf -
	# cd /usr/local/mks/bazy4
	# chmod 644 *

    Now start the mksd daemon: 

    	# mksd -u mks -g mks scan 4

    Errors are logged via syslogd(8), look for them in /var/log/messages.

    Now create a startup script: 

    	#!/bin/sh -
	
	if ! PREFIX=$(expr $0 : "\(/.*\)/etc/rc\.d/$(basename $0)\$"); then
	    echo "$0: Cannot determine the PREFIX" >&2
	    exit 1
	fi
	
	case "$1" in
	start)
		[ -x ${PREFIX}/bin/mksd ] && ${PREFIX}/bin/mksd -u mks -g mks,vscan scan 4 && echo -n ' mksd'
		;;
	stop)
		kill -TERM `cat /var/run/mksd/mksd.pid` && echo -n ' mksd'
		;;
	*)
		echo "Usage: `basename $0` {start|stop}" >&2
		;;
	esac
	
	exit 0

    	# /usr/local/etc/rc.d/mks.sh start
	mksd v1.14.2  (c) MkS Sp. z o.o. 2002,2003
	tryb pracy: scan, liczba procesow: 4
	inicjalizuje mks_vir'a...
	mks_vir w tle gotowy do pracy

    If you see something like the lines shown above, it means mksd is working fine. You should see 4 processes with ps(1): 

    	# ps -auxw | grep mks
	mks     24210  0.0  0.8  1204  516  ??  Ss    9:29PM   0:00.01
	/usr/local/bin/mksd -u mks -g mks scan 4
	mks     24211  0.0 16.7 12644 10280  ??  S     9:29PM   0:00.95
	/usr/local/bin/mks32 --daemonscan 6 8 10 12
	mks     24212  0.0 16.7 12644 10280  ??  S     9:29PM   0:00.00
	/usr/local/bin/mks32 --daemonscan 6 8 10 12
	mks     24213  0.0 16.7 12644 10280  ??  S     9:29PM   0:00.00
	/usr/local/bin/mks32 --daemonscan 6 8 10 12
	mks     24214  0.0 16.7 12644 10280  ??  S     9:29PM   0:00.00
	/usr/local/bin/mks32 --daemonscan 6 8 10 12

    Now edit /usr/local/etc/amavis.conf and go to section VII. As before, comment out all the code referencing other anti-virus software and leave only MkS_Vir uncommented to read like: 

    	@av_scanners = (
	  ['MkS_Vir daemon',
	    'mksscan', '-s -q {}', [0], [1..7],
	    qr/^... (\S+)/ ],
	);

    If you already use another anty-virus (i.e. sophos) you can add MkS_Vir as a backup scanner. Go further down and after @av_scanners add: 

    	@av_scanners_backup = (
	  ['MkS_Vir daemon',
	    'mksscan', '-s -q {}', [0], [1..7],
	    qr/^... (\S+)/ ],
	);

    Save /usr/local/etc/amavis.conf and issue: 

    	# /usr/local/etc/rc.d/amavisd.sh stop
	# /usr/local/bin/amavisd debug

    and if you see a line: "Found primary av scanner MkS_Vir daemon at /usr/local/bin/mksscan", you are done. Now, stop amavisd with ^C (control-C) and start it again: 

    	# /usr/local/etc/rc.d/amavisd.sh start
	# postfix reload (- just for sanity check)

    From the README:

    If you have dual cpu system, add '-n2' option to amavisd.conf file. To stop scanning after the very first virus found change '-q' to '-Q'

    This is not the end. Remember to update your virus database on a regular basis. You can use this script to get it done: 

    	#!/bin/sh -
	
	cd /usr/local/mks
	wget http://download.mks.com.pl/download/linux/bazy4.tgz
	rm -rf /usr/local/mks/bazy4
	gunzip -c bazy4.tgz | tar xvf -
	
	chown -R root:wheel bazy4
	chmod 755 /usr/local/mks/bazy4
	chmod 644 /usr/local/mks/bazy4/*
	
	/usr/bin/logger -f /var/log/messages -t MkS_Vir -p local0.notice UPDATED

I must admit, this setup is very difficult and time consuming although when you fully understand the mechanisms behind Amavisd-new and SpamAssassin you will only benefit.

The EU is just working on the suitable law to protect people against spammers and their junk mail. Remember that spammers don't pay for the distribution. The only one who pays for this is your ISP, you and your users. Don't let spammers spam you - apply anti-spam and UCE controls!

Links:

Google
Web daemonnews.org

More Articles
  • Interview with Jan Schaumann
  • Interview with Theo de Raadt
  • Book Review: Virtualization with VMware ESX Server
  • Editorial: Not Quite Dead Yet
  • The Design of OpenBGPd
  • Interview with der Mouse
  • Letter to Steve Jobs
  • Interview with Manuel Bouyer on Xen
  • Apple and Open Source
  • BSDCan 2006
  • BSD Certification Survey Results
  • Lab in a Box
  • Ike Notes on BSDCan 2005
  • BSDCan 2005 Photos
  • FreeBSD Developer Summit Pictures

    • Advertisements



    Author maintains all copyrights on this article.
    Images and layout Copyright © 1998-2006 Dæmon News. All Rights Reserved.