Gentoo – spamassassin with pyzor, razor and dcc
You will find a lot of documentation regarding those but almost nowhere is explaining you that by just un-commenting these in spamassasin config files will not have those working. In order to work you will need to install separate packages from different vendors.
In order to use the above for spamassassin you will install only the client version ( you don’t need server version as long your email server will not go above 100.000 emails per day)
Pyzor:
Unfortunately pyzor is the only one which is up-to-date in gentoo portage.
emergeĀ pyzor
After installing you can start reading some good documentation which can be found on the official site.
The important commands are:
Check if you have connectivity with pyzor server: pyzor ping
Check if message is spam: pyzor check < message.eml
Report message as spam: pyzor report < message.eml
Let’s see if it’s working.
Uncomment “loadplugin Mail::SpamAssassin::Plugin::Pyzor” from spamassassin config file.
Check configuration(you shoul not see any message returned) : spamassassin –lint
Restart spamassassin: /etc/init.d/spamd restart
Test if pyzor is active:
# spamassassin 2>&1 -D -t < /msg.1563818007.667538.23924 | grep -i pyzor
Jul 30 11:01:55.813 [5386] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC
Jul 30 11:01:55.817 [5386] dbg: pyzor: network tests on, attempting Pyzor
Jul 30 11:01:56.614 [5386] dbg: config: fixed relative path: /var/lib/spamassassin/3.004002/updates_spamassassin_org/25_pyzor.cf
Jul 30 11:01:56.614 [5386] dbg: config: using "/var/lib/spamassassin/3.004002/updates_spamassassin_org/25_pyzor.cf" for included file
Jul 30 11:01:56.614 [5386] dbg: config: read file /var/lib/spamassassin/3.004002/updates_spamassassin_org/25_pyzor.cf
Jul 30 11:02:00.057 [5386] dbg: util: executable for pyzor was found at /usr/bin/pyzor
Jul 30 11:02:00.057 [5386] dbg: pyzor: pyzor is available: /usr/bin/pyzor
Jul 30 11:02:00.057 [5386] dbg: pyzor: opening pipe: /usr/bin/pyzor check < /tmp/.spamassassin5386ua5Fe1tmp
Jul 30 11:02:00.230 [5386] dbg: pyzor: [5390] finished: exit 1
Jul 30 11:02:00.231 [5386] dbg: pyzor: got response: public.pyzor.org:24441 (200, 'OK') 0 0
Jul 30 11:02:00.232 [5386] dbg: check: tagrun - tag PYZOR is now ready, value: Reported 0 times.
Razor:
Unfortunately is not in the portage anymore so you need to download and install it manually.
Official documentation can be found here.
# perl Makefile.PL Checking if your kit is complete... Looks good Warning: NAME must be a package name Checking if your kit is complete... Looks good Generating a Unix-style Makefile Writing Makefile for Razor2::Preproc::deHTMLxs Writing MYMETA.yml and MYMETA.json Generating a Unix-style Makefile Writing Makefile for razor-agents Writing MYMETA.yml and MYMETA.json make && make install
Let’s create the razor account:
# razor-admin -create # razor-admin -discover # razor-admin -register Register successful. Identity stored in /root/.razor/identity-ruSiVo2Viv
As before let’s start and test this.
Uncomment loadplugin Mail::SpamAssassin::Plugin::Razor2 from spamssassin config.
# spamassasin --lint # spamassassin 2>&1 -D -t < /1564471708.7590.message\,S\=1553\:2\, | grep -i razor Jul 30 11:54:58.359 [18439] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC Jul 30 11:54:58.441 [18439] dbg: razor2: razor2 is available, version 2.84 Jul 30 11:54:58.814 [18439] dbg: config: fixed relative path: /var/lib/spamassassin/3.004002/updates_spamassassin_org/25_razor2.cf Jul 30 11:54:58.814 [18439] dbg: config: using "/var/lib/spamassassin/3.004002/updates_spamassassin_org/25_razor2.cf" for included file Jul 30 11:54:58.814 [18439] dbg: config: read file /var/lib/spamassassin/3.004002/updates_spamassassin_org/25_razor2.cf Jul 30 11:55:03.396 [18439] dbg: razor2: part=0 engine=8 contested=0 confidence=0 Jul 30 11:55:03.397 [18439] dbg: razor2: results: spam? 0 Jul 30 11:55:03.397 [18439] dbg: razor2: results: engine 4, highest cf score: 0 Jul 30 11:55:03.397 [18439] dbg: razor2: results: engine 8, highest cf score: 0 Jul 30 11:55:03.741 [18439] dbg: timing: total 5413 ms - init: 2619 (48.4%), b_tie_ro: 13 (0.2%), parse: 0.86 (0.0%), extract_message_metadata: 36 (0.7%), get_uri_detail_list: 3.0 (0.1%), tests_pri_-1000: 37 (0.7%), compile_gen: 350 (6.5%), compile_eval: 31 (0.6%), tests_pri_-950: 4.3 (0.1%), tests_pri_-900: 5 (0.1%), tests_pri_-90: 15 (0.3%), check_bayes: 8 (0.2%), b_tokenize: 3.7 (0.1%), b_tok_get_all: 1.25 (0.0%), b_comp_prob: 0.59 (0.0%), b_tok_touch_all: 0.36 (0.0%), b_finish: 1.16 (0.0%), tests_pri_0: 625 (11.6%), dkim_load_modules: 24 (0.4%), check_dkim_signature: 0.49 (0.0%), check_spf: 65 (1.2%), poll_dns_idle: 1.51 (0.0%), check_dkim_adsp: 3.3 (0.1%), tests_pri_20: 1715 (31.7%), check_razor2: 1709 (31.6%), tests_pri_30: 197 (3.6%), check_pyzor: 188 (3.5%), tests_pri_500: 141 (2.6%)
DCC
There is a version of DCC in the portage but is quite old. I installed it and i found that is working ok so you have two choices:
1) either install dcc-1.3.158 from portage
echo ">=mail-filter/dcc-1.3.158 DCC" > /etc/portage/package.license emerge dcc
2) or the latest version(now is 2.3.167)
wget http://www.dcc-servers.net/dcc/source/dcc-dccproc.tar.Z tar xfvz dcc-dccproc.tar.Z cd dcc-dccproc-* ./configure && make && make install
Test the DCC connection:
# cdcc info
# 07/30/19 12:39:59 EEST /var/dcc/map
# Re-resolve names after 14:38:10 Check RTTs after 12:53:14
# 1250.76 ms threshold, 1247.20 ms average 12 total, 10 working servers
IPv6 off version=3
dcc1.dcc-servers.net,- RTT+1000 ms anon
# 74.92.232.243,-
# not answering
# 209.169.14.29,- x.dcc-servers ID 104
# 100% of 1 requests ok 252.40+1000 ms RTT 100 ms queue wait
# 209.169.14.30,- x.dcc-servers ID 104
# 100% of 1 requests ok 254.31+1000 ms RTT 100 ms queue wait
dcc2.dcc-servers.net,- RTT+1000 ms anon
# *136.199.199.160,- URT ID 1060
# 100% of 1 requests ok 147.20+1000 ms RTT 100 ms queue wait
# 157.131.0.46,- sonic ID 1255
# 100% of 1 requests ok 284.97+1000 ms RTT 100 ms queue wait
# 192.84.137.21,- INFN-TO ID 1233
# 100% of 1 requests ok 151.33+1000 ms RTT 100 ms queue wait
dcc3.dcc-servers.net,- RTT+1000 ms anon
# 184.23.168.46,- sonic ID 1254
# 100% of 1 requests ok 279.82+1000 ms RTT 100 ms queue wait
# 212.223.102.90,- ID 1480
# 100% of 1 requests ok 150.76+1000 ms RTT 100 ms queue wait
dcc4.dcc-servers.net,- RTT+1000 ms anon
# 192.135.10.194,- debian ID 1169
# 100% of 1 requests ok 163.44+1000 ms RTT 100 ms queue wait
dcc5.dcc-servers.net,- RTT+1000 ms anon
# 204.90.71.235,- MGTINTERNET ID 1170
# 100% of 1 requests ok 216.45+1000 ms RTT 100 ms queue wait
# 209.169.14.26,- x.dcc-servers ID 104
# 100% of 1 requests ok 254.30+1000 ms RTT 100 ms queue wait
@,- RTT-1000 ms 32768 secret11589268638y1057
# 127.0.0.1,-
# not answering
################
# 07/30/19 12:39:59 EEST greylist /var/dcc/map
# Re-resolve names after 14:38:14 Check RTTs after 12:53:24
# 1 total, 0 working servers
@,- Greylist 32768 secret11589268638y1057
# *127.0.0.1,6276
# not answering
Sometimes cdcc info may not return any server. Run cdcc RTT . If you still don’t have any luck check your firewalls.
Edit whiteclnt and whitecommon and add your own IP as “trusted”.
# List statically allocated IP addresses that you trust to never send # or forward unsolicited bulk email #ok ip 10.1.2.0/24
Uncomment loadplugin Mail::SpamAssassin::Plugin::DCC from the config file and let’s check it.
# spamassassin 2>&1 -D -t </1563847269.8759.sphere\,S\=1032387\:2\,S | grep -i DCC Jul 30 13:13:41.829 [17645] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC Jul 30 13:13:41.841 [17645] dbg: dcc: network tests on, registering DCC Jul 30 13:13:42.290 [17645] dbg: config: fixed relative path: /var/lib/spamassassin/3.004002/updates_spamassassin_org/25_dcc.cf Jul 30 13:13:42.290 [17645] dbg: config: using "/var/lib/spamassassin/3.004002/updates_spamassassin_org/25_dcc.cf" for included file Jul 30 13:13:42.290 [17645] dbg: config: read file /var/lib/spamassassin/3.004002/updates_spamassassin_org/25_dcc.cf Jul 30 13:13:46.406 [17645] dbg: util: executable for cdcc was found at /usr/bin/cdcc Jul 30 13:13:46.406 [17645] dbg: dcc: dcc_pgm_path, found cdcc in env.path: /usr/bin/cdcc Jul 30 13:13:46.414 [17645] dbg: dcc: `/usr/bin/cdcc -qV homedir libexecdir` reports '1.3.158 homedir=/var/dcc libexecdir=/usr/sbin ' Jul 30 13:13:46.414 [17645] dbg: dcc: use 'dcc_libexec /usr/sbin' from cdcc Jul 30 13:13:46.414 [17645] dbg: dcc: use 'dcc_home /var/dcc' from cdcc Jul 30 13:13:46.414 [17645] dbg: dcc: dccifd is not available; no r/w socket at /var/dcc/dccifd Jul 30 13:13:46.414 [17645] dbg: util: executable for dccproc was found at /usr/bin/dccproc Jul 30 13:13:46.414 [17645] dbg: dcc: dcc_pgm_path, found dccproc in env.path: /usr/bin/dccproc Jul 30 13:13:46.414 [17645] dbg: dcc: /usr/bin/dccproc is available Jul 30 13:13:46.416 [17645] dbg: dcc: opening pipe to /usr/bin/dccproc -C -x 0 -h /var/dcc -a 5.189.178.220 -w whiteclnt </tmp/.spamassassin17645LOazawtmp Jul 30 13:13:46.573 [17645] dbg: dcc: dccproc responded with 'X-DCC-EATSERVER-Metrics: sphere 1166; Body=1 Fuz1=28 Fuz2=many' Jul 30 13:13:46.574 [17645] dbg: check: tagrun - tag DCCB is now ready, value: EATSERVER Jul 30 13:13:46.575 [17645] dbg: check: tagrun - tag DCCR is now ready, value: sphere 1166; Body=1 Fuz1=28 Fuz2=many Jul 30 13:13:46.575 [17645] dbg: dcc: listed: BODY=1/999999 FUZ1=28/999999 FUZ2=999999/999999 REP=0/90 Jul 30 13:13:46.576 [17645] dbg: rules: ran eval rule DCC_CHECK ======> got hit (1) Jul 30 13:13:48.992 [17645] dbg: plugin: Mail::SpamAssassin::Plugin::DCC=HASH(0x55db68f00d38) implements 'check_post_learn', priority 0 Jul 30 13:13:48.993 [17645] dbg: dcc: DCC learning not enabled by dcc_learn_score Jul 30 13:13:48.994 [17645] dbg: check: tests=BAYES_50,DCC_CHECK,FSL_BULK_SIG,HTML_IMAGE_ONLY_32,HTML_MESSAGE,RDNS_NONE,SPF_FAIL,SPF_HELO_PASS
Now restart your spamd daemon and that’s it.
TIPS:
- Most probably you will ask soon how you report a spam message towards pyzor, razor, dcc. Simple answer is spamassassin –report < message.
- Are those effective? I didn’t though so but it seems even if people are using all of them and new spams are reported quite fast. The simple answer is YES, use them.