diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2013-12-09 08:11:16 +0100 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:51:17 +0200 |
commit | 7c089f71667a1a14cc508772ca289d4d1d2edd27 (patch) | |
tree | 2858164a1015603ebb8f2478b920e84a7dd62dd6 /roles/IMAP/files/etc | |
parent | 185cf14065554038820c696e7d35f47017b43783 (diff) |
Configure the content filter.
Antispam & antivirus, using ClamAV and SpamAssassin through Amavisd-new.
Each user has his/her amavis preferences, and own Bayes filter (to
maximize privacy).
One question remains, though: how to set spamassassin's trusted_networks
/ internal_networks / msa_networks? It seems not obivious to get it
write with IPSec and dynamic IPs.
(Cf. https://wiki.apache.org/spamassassin/AwlWrongWay)
Diffstat (limited to 'roles/IMAP/files/etc')
-rw-r--r-- | roles/IMAP/files/etc/amavis/conf.d/05-domain_id | 20 | ||||
-rw-r--r-- | roles/IMAP/files/etc/postfix/virtual/transport_content_filter_maps.cf | 4 | ||||
-rw-r--r-- | roles/IMAP/files/etc/spamassassin/local.cf | 118 | ||||
-rw-r--r-- | roles/IMAP/files/etc/spamassassin/v310.pre | 78 |
4 files changed, 218 insertions, 2 deletions
diff --git a/roles/IMAP/files/etc/amavis/conf.d/05-domain_id b/roles/IMAP/files/etc/amavis/conf.d/05-domain_id new file mode 100644 index 0000000..19f10ed --- /dev/null +++ b/roles/IMAP/files/etc/amavis/conf.d/05-domain_id @@ -0,0 +1,20 @@ +use strict; + +# $mydomain is used just for convenience in the config files and it is not +# used internally by amavisd-new except in the default X_HEADER_LINE (which +# Debian overrides by default anyway). + +$mydomain = "fripost.org"; + +# amavisd-new needs to know which email domains are to be considered local +# to the administrative domain. Only emails to "local" domains are subject +# to certain functionality, such as the addition of spam tags. +# +# Default local domains to $mydomain and all subdomains. Remember to +# override or redefine this if $mydomain is changed later in the config +# sequence. + +@local_domains_acl = ( ".$mydomain" ); +@local_domains_maps = ( ".$mydomain" ); + +1; # ensure a defined return diff --git a/roles/IMAP/files/etc/postfix/virtual/transport_content_filter_maps.cf b/roles/IMAP/files/etc/postfix/virtual/transport_content_filter_maps.cf index 6ea944f..3a97841 100644 --- a/roles/IMAP/files/etc/postfix/virtual/transport_content_filter_maps.cf +++ b/roles/IMAP/files/etc/postfix/virtual/transport_content_filter_maps.cf @@ -3,6 +3,6 @@ version = 3 search_base = fvl=%u,fvd=%d,ou=virtual,o=mailHosting,dc=fripost,dc=org scope = base bind = none -query_filter = (&(ObjectClass=AmavisAccount)(fvl=%u)) +query_filter = (&(objectClass=FripostVirtualUser)(objectClass=AmavisAccount)(fvl=%u)) result_attribute = fvl -result_format = amavisfeed:unix:public/amavisfeed-contentfilter +result_format = amavisfeed:[127.0.0.1]:10041 diff --git a/roles/IMAP/files/etc/spamassassin/local.cf b/roles/IMAP/files/etc/spamassassin/local.cf new file mode 100644 index 0000000..8ae4a4b --- /dev/null +++ b/roles/IMAP/files/etc/spamassassin/local.cf @@ -0,0 +1,118 @@ +# This is the right place to customize your installation of SpamAssassin. +# +# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be +# tweaked. +# +# Only a small subset of options are listed below +# +########################################################################### + +# Add *****SPAM***** to the Subject header of spam e-mails +# +rewrite_header Subject [*****SPAM*****] + + +# Save spam messages as a message/rfc822 MIME attachment instead of +# modifying the original message (0: off, 2: use text/plain instead) +# +report_safe 0 + + +# Set which networks or hosts are considered 'trusted' by your mail +# server (i.e. not spammers) +# +# TODO: Unclear how to do with IPSec and dynamic IPs. +clear_trusted_networks +trusted_networks 192.168.122.2 192.168.122.3 + +clear_internal_networks +internal_networks 192.168.122.2 192.168.122.3 + + +# Set file-locking method (flock is not safe over NFS, but is faster) +# +lock_method flock + + +# Set the threshold at which a message is considered spam (default: 5.0) +# +required_score 5.0 + + +# Use Bayesian classifier (default: 1) +# +use_bayes 1 + + +# Bayesian classifier auto-learning (default: 1) +# +bayes_auto_learn 1 +bayes_auto_expire 0 + + +# Enable or disable network checks +# +# http://en.linuxreviews.org/Spam_blacklists +# The best bets are zen.spamhaus.org and bl.spamcop.net . +skip_rbl_checks 0 +use_razor2 1 +use_pyzor 0 +use_auto_whitelist 1 + +# http://www.spamtips.org/2011/01/disable-dnsfromahblrhsbl.html +score DNS_FROM_AHBL_RHSBL 0 +# http://www.spamtips.org/2011/01/disable-rfc-ignorantorg-rules.html +score __RFC_IGNORANT_ENVFROM 0 +score DNS_FROM_RFC_DSN 0 +score DNS_FROM_RFC_BOGUSMX 0 +score __DNS_FROM_RFC_POST 0 +score __DNS_FROM_RFC_ABUSE 0 +score __DNS_FROM_RFC_WHOIS 0 + +# Set headers which may provide inappropriate cues to the Bayesian +# classifier +# +# bayes_ignore_header X-Bogosity +# bayes_ignore_header X-Spam-Flag +# bayes_ignore_header X-Spam-Status + + +# Some shortcircuiting, if the plugin is enabled +# +ifplugin Mail::SpamAssassin::Plugin::Shortcircuit +# +# default: strongly-whitelisted mails are *really* whitelisted now, if the +# shortcircuiting plugin is active, causing early exit to save CPU load. +# Uncomment to turn this on +# +# shortcircuit USER_IN_WHITELIST on +# shortcircuit USER_IN_DEF_WHITELIST on +# shortcircuit USER_IN_ALL_SPAM_TO on +# shortcircuit SUBJECT_IN_WHITELIST on + +# the opposite; blacklisted mails can also save CPU +# +# shortcircuit USER_IN_BLACKLIST on +# shortcircuit USER_IN_BLACKLIST_TO on +# shortcircuit SUBJECT_IN_BLACKLIST on + +# if you have taken the time to correctly specify your "trusted_networks", +# this is another good way to save CPU +# +# shortcircuit ALL_TRUSTED on + +# and a well-trained bayes DB can save running rules, too +# +# shortcircuit BAYES_99 spam +# shortcircuit BAYES_00 ham + +endif # Mail::SpamAssassin::Plugin::Shortcircuit + + +bayes_store_module Mail::SpamAssassin::BayesStore::MySQL +bayes_sql_dsn DBI:mysql:spamassassin +bayes_sql_username amavis + +auto_whitelist_factory Mail::SpamAssassin::SQLBasedAddrList +user_awl_dsn DBI:mysql:spamassassin +user_awl_sql_username amavis diff --git a/roles/IMAP/files/etc/spamassassin/v310.pre b/roles/IMAP/files/etc/spamassassin/v310.pre new file mode 100644 index 0000000..bff0bbf --- /dev/null +++ b/roles/IMAP/files/etc/spamassassin/v310.pre @@ -0,0 +1,78 @@ +# This is the right place to customize your installation of SpamAssassin. +# +# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be +# tweaked. +# +# This file was installed during the installation of SpamAssassin 3.1.0, +# and contains plugin loading commands for the new plugins added in that +# release. It will not be overwritten during future SpamAssassin installs, +# so you can modify it to enable some disabled-by-default plugins below, +# if you so wish. +# +# There are now multiple files read to enable plugins in the +# /etc/mail/spamassassin directory; previously only one, "init.pre" was +# read. Now both "init.pre", "v310.pre", and any other files ending in +# ".pre" will be read. As future releases are made, new plugins will be +# added to new files, named according to the release they're added in. +########################################################################### + +# DCC - perform DCC message checks. +# +# DCC is disabled here because it is not open source. See the DCC +# license for more details. +# +#loadplugin Mail::SpamAssassin::Plugin::DCC + +# Pyzor - perform Pyzor message checks. +# +loadplugin Mail::SpamAssassin::Plugin::Pyzor + +# Razor2 - perform Razor2 message checks. +# +loadplugin Mail::SpamAssassin::Plugin::Razor2 + +# SpamCop - perform SpamCop message reporting +# +loadplugin Mail::SpamAssassin::Plugin::SpamCop + +# AntiVirus - some simple anti-virus checks, this is not a replacement +# for an anti-virus filter like Clam AntiVirus +# +#loadplugin Mail::SpamAssassin::Plugin::AntiVirus + +# AWL - do auto-whitelist checks +# +loadplugin Mail::SpamAssassin::Plugin::AWL + +# AutoLearnThreshold - threshold-based discriminator for Bayes auto-learning +# +loadplugin Mail::SpamAssassin::Plugin::AutoLearnThreshold + +# TextCat - language guesser +# +#loadplugin Mail::SpamAssassin::Plugin::TextCat + +# AccessDB - lookup from-addresses in access database +# +#loadplugin Mail::SpamAssassin::Plugin::AccessDB + +# WhitelistSubject - Whitelist/Blacklist certain subject regular expressions +# +loadplugin Mail::SpamAssassin::Plugin::WhiteListSubject + +########################################################################### +# experimental plugins + +# DomainKeys - perform DomainKeys verification +# +# This plugin has been removed as of v3.3.0. Use the DKIM plugin instead, +# which supports both Domain Keys and DKIM. + +# MIMEHeader - apply regexp rules against MIME headers in the message +# +loadplugin Mail::SpamAssassin::Plugin::MIMEHeader + +# ReplaceTags +# +loadplugin Mail::SpamAssassin::Plugin::ReplaceTags + |