Blue Flower

Sunday, 26 July 2015 00:52

Optimizing the system to catch spams

Written by
Rate this item
(0 votes)

Post Install configuration tips for Qmail-Scanner

Although Qmail-Scanner should work pretty much "out of the box" so to speak, you can make some customization to it's configuration by editing the script located at /var/qmail/bin/ The script controls a lot of the functionality of both Clam AV and Spamassassin. Check it out for yourself and you will see that there are quite a few items you have control over. I wouldn't recommend touching most of them. In fact, the only setting that I changed in mine is in the Spamassassin section:

You can delete certain emails over a certain Spamassassin threshold. Edit the /var/qmail/bin/ l file and find the following line:

my $sa_delete='0';

Now replace the '0' with a number that represents how far above your SpamAssassin "required_hits" variable that Qmail-scanner should start deleting messages at. For example, if you SpamAssassin required_hits variable is set to "5" and you set the "sa_delete" variable to "1.0", then any message that has a spam score of 1.0 over the "5" mark would be deleted. In other words, any mail with a score of 6 or more would be trashed automatically. So for this example, you would change the "sa_delete" variable as follows:

my $sa_delete='1.0';

Spamassassin has been tested to have up to a 99% accuracy rating in terms of detecting real spam and leaving legitimate e-mail alone. I've been using it for over a year now and have never gotten a false positive. Therefore, I feel safe in telling it to just delete the stuff.

There are a host of other Spam and Virus handling directives that can be customized with the file.

Post Install configuration tips for Qmail

There are a majority of ways to thwart spam on the smtp level; RBL's, Greylisting and Greetdelay.

Greetdelay is by far the easiest to get working. Just open up /service/qmail-smtpd/run and look for GREETDELAY. Give it a setting anywhere between 0 and 30 seconds. Most people find that 15 seconds is sufficient enough to thwart most spam.

To have qmail start using RBLs just edit the following settings under /service/qmail-smtpd/run.


Greylisting in detail

When a server receives an incoming connection from a client, it checks the client's IP address against a list. Depending on what it finds...

    If the IP address has never been seen before, a record is created for the IP address and the client is given the "soft error" message, which tells it that the message will not be accepted right now, but the client should try again later.

    If the IP address was first seen very recently (usually within the past three to five minutes), the client will be given the same "soft error" message and no mail will be accepted.

    Otherwise, the message will be accepted normally.

The other consideration is that the database of when each IP address was first seen can eventually grow large enough to fill up the storage space available on the system. In order to prevent this from happening, a second timer is kept- one which is updated every time the client connects. Every so often the server will "clean" the database by deleting all record of any IP which has not been seen in a long time (usually 30 days or more.)

Edit /var/qmail/supervise/qmail-smtpd/run and change the following lines


Now run the following commands:

# mkdir /root/scripts/
# fetch
# fetch
# cp jgreylist /var/qmail/bin
# cp jgreylist-clean /usr/local/sbin
# chown root:vchkpw /var/qmail/bin/jgreylist
# chmod 0750 /var/qmail/bin/jgreylist
# chown root:wheel /usr/local/sbin/jgreylist-clean
# chmod 0755 /usr/local/sbin/jgreylist-clean
# mkdir -m 0700 /var/qmail/jgreylist
# chown vpopmail:vchkpw /var/qmail/jgreylist

Now we need to add the jgreylist clean to cron. Run crontab -e and add the following line to run at 6PM everyday:

0 18 * * * /usr/local/sbin/jgreylist-clean 2>&1 > /dev/null

Now restart qmail.

# qmailctl restart

The following articles are optional:

How to teach Bayes your users' Spams

How to add additional rules to SpamAssassin

Read 2285 times Last modified on Thursday, 29 September 2016 02:39

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.