Blue Flower

Friday, 17 June 2016 16:46

Enabling SpamDyke for qmail

Written by
Rate this item
(0 votes)

Spamdyke is a filter for monitoring and intercepting SMTP connections between a remote host and a qmail server. Spam is blocked while the remote server (spammer) is still connected; no additional processing or storage is needed. In addition to all of its anti-spam filters, spamdyke also includes a number of features to enhance qmail. Best of all, using spamdyke does not require patching or recompiling qmail!

Lets install the port.


# cd /usr/ports/mail/spamdyke
# make install clean

Make sure the following boxes are checked:

DEBUG
DOCS
TLS

Now we need to edit the spamdyke.conf to enable logging.


# vi /usr/local/etc/spamdyke.conf

Now change the following values under logging.

log-level=verbose
log-target=stderr
full-log-dir=/var/log/spamdyke

Now lets create the directory and set permissions:


mkdir /var/log/qmail/spamdyke
chown -R qmaild:wheel /var/log/spamdyke


I have re-written the qmail-smtpd/run file as of 6/21/16. If you have downloaded that file before this date you will need to copy the new file over. To download it here is what you will need to do:


# cd ~root
# mkdir qmail
# cd qmail
# fetch http://freebsdrocks.net/qmail2/scripts4.tgz
# tar zxvf scripts4.tgz
# rm scripts4.tgz

Now you'll want to edit the new smtpd_run. Please pay attention to anything you have already enabled and uncomment the lines. For instance if you're using validrcptto you'll want to un-comment the appropriate validrcptto lines, etc.


# vi smtpd_run

Change the IP first

Under the RBL section uncomment the following line:

RBLCMD2="/usr/local/bin/spamdyke -f /usr/local/etc/spamdyke.conf"

exit the file then we will copy it over:


# cd /service/qmail-smtpd
# cp run bak.run
# cp ~root/qmail/smtpd_run run
# chmod 755 run

and then restart the qmail-smtpd service.


# svc -t /service/qmail-smtpd

Now check the service and make sure it's running.


# svstat /service/qmail-smtpd
/service/qmail-smtpd: up (pid 20708) 12 seconds

Optional: Adding Spamdyke recipient validation

Parts of this article were modified from this page:

http://www.spamdyke.org/documentation/README_spamdyke_qrv.html

It's impossible to overstate the complexity of qmail's recipient validation procedure. It is inexcusably complex, far beyond the point where anyone can be certain qmail's implementation is correct (and secure) in all cases. If you want to get a glimpse at how bad it is, take at look at the flowchart here. You'll see the flowchart is big, but the number of possible configurations is describes enormous: there are just under 165 thousand different paths through it (even more if the loops are followed multiple times). Fully testing spamdyke's reject-recipient filter requires checking every one of those paths -- this takes weeks to finish using spamdyke's test scripts. spamdyke-qrv begins its work at step 7 in the flowchart (steps 1, 2, 5 and 6 are assumed to have been performed by spamdyke before spamdyke-qrv was started).

spamdyke-qrv is intended to be run as root by marking the binary "setuid root". This is necessary because spamdyke typically runs as a non-root user and doesn't have access to all of the files needed to validate an address without root access.

Now lets start the installation:


# cd /usr/local/bin
# ln -s gcc46 gcc
# ln -s g++46 g++
# cd /usr/ports/distfiles/
# tar -xzvf spamdyke-5.0.1.tgz
# cd spamdyke-5.0.1/spamdyke-qrv
# ./configure --with-excessive-output --with-vpopmail-support VALIAS_PATH=/usr/home/vpopmail/bin/valias VUSERINFO_PATH=/usr/home/vpopmail/bin/vuserinfo
# Make
# make install

Check the install with:


spamdyke-qrv -v -v domain.com username

Read 984 times Last modified on Monday, 26 September 2016 14:34
More in this category: « Installing Simscan

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.