[Esd-l] Looking for pointers RE: SpamAssassin and ESD

BugTraq . zone-x bugtraq at zone-x.com
Thu Jul 31 07:30:26 PDT 2003 

-----Original Message-----
From: esd-l-bounces at spconnect.com [mailto:esd-l-bounces at spconnect.com] On
Behalf Of Mark Wendt
Sent: Thursday, July 31, 2003 6:53 AM
To: esd-l at spconnect.com
Subject: [Esd-l] Looking for pointers RE: SpamAssassin and ESD

         Looking for pointers and/or web sites that can help me bring 
SpamAssassin on line with our mail server, and making it play well in the 
sandbox with the Sanitizer.


Piece of cake...  I am (however) using Spambouncer, SpamAssassin and the
Sanitizer - plus an access.db file for blocking mail and DNSBL
(relays.osirusoft.com & dsbl.org and others).

Here's how I've done it:

Global Procmailrc (/etc/procmailrc)
PATH="/usr/bin:$PATH:/usr/local/bin"
SHELL=/bin/sh

MANGLE_EXTENSIONS='html?|exe|com|cmd|bat|pif|sc[rt]|lnk|dll|ocx|do[t]|xl[wt]
|pot|vb[se]?|hta|p[lm]|sh[bs]|hlp|chm|eml|ws[cf
h]|ad[ep]|jse?|md[abew]|ms[ip]|reg|as[dfx]|c[ip]l|wm[szd]|vcf|nws|wsz|\{[-0-
9a-f]+\}' 
POISONED_EXECUTABLES=/etc/procmail/poisoned
# STRIPPED_EXECUTABLES=/etc/procmail/stripped
SECURITY_NOTIFY="postmaster"
# SECURITY_NOTIFY_VERBOSE="virus-checker"
# SECURITY_NOTIFY_SENDER=/etc/procmail/local-email-security-policy.txt
SECURITY_POISON_WINEXE=YES
DEFANG_WEBBUGS=YES 
SECURITY_MSGID_LOG="/etc/procmail/poisoned.log" 

# This file must already exist, with proper permissions (rw--w--w-):
SECURITY_QUARANTINE=/var/spool/mail/quarantine

# Alternatively, use per-user quarantines:
# SECURITY_QUARANTINE=$HOME/quarantine

POISONED_SCORE=25
# This file must already exist, with proper permissions (rw--w--w-):
SCORE_HISTORY=/var/log/macro-scanner-scores

# Alternatively, use per-user score logs:
SCORE_HISTORY=/etc/procmail/macro-scanner-scores

DROPPRIVS=YES
# This file must already exist, with proper permissions (rw--w--w-):
LOGFILE=/etc/procmail/procmail.log

# Alternatively, use per-user log files:
# LOGFILE=$HOME/procmail.log

# Additional Blast SPAM
:0
* ^Subject: (ADV|UCE|SPAM):
/dev/null

# Finished setting up, now run the sanitizer...
INCLUDERC=/etc/procmail/html-trap.procmail

User Procemailrc (~username/.procmailrc)
DEFAULT=/var/mail/username
ALTFROM=abuse at domain.com
LOGFILE=${HOME}/spambouncer.log
GLOBALNOBOUNCE=/etc/nobounce
FORMAIL=/usr/bin/formail 
SBDIR=/usr/local/bin/spambouncer
BLOCKFOLDER=/var/mail/spambounce
SPAMFOLDER=/dev/null
BLOCKREPLY=SILENT
PATTERNMATCHING=SILENT
NSLOOKUP=host
SPAMREPLY=COMPLAIN
VIRUSFOLDER=/dev/null
INCLUDERC=${SBDIR}/sb.rc

# Spam Assassin
:0fw: spamassassin.lock
* < 256000
| spamassassin

Everything is running on a sendmail box, and it works cleanly.  Typical junk
mail is either /dev/null'd by the DNSBL's, SpamBouncer, SpamAssassin or the
Sanitizer (in that order).

Let me know!

tmp

More information about the esd-l mailing list