Notice: Undefined variable: ip2location_redirection in /var/www/hosting/hostdata/zadmin/public_html/random_sphere_ro/wp-content/plugins/ip2location-country-blocker/ip2location-country-blocker.php on line 32
Gentoo - spamassassin with pyzor, razor and dcc - Random thoughts
Gentoo – spamassassin with pyzor, razor and dcc

Gentoo – spamassassin with pyzor, razor and dcc

You will find a lot of documentation regarding those but almost nowhere is explaining you that by just un-commenting these in spamassasin config files will not have those working. In order to work you will need to install separate packages from different vendors.

In order to use the above for spamassassin you will install only the client version ( you don’t need server version as long your email server will not go above 100.000 emails per day)

Pyzor:

Unfortunately pyzor is the only one which is up-to-date in gentoo portage.

emergeĀ  pyzor

After installing you can start reading some good documentation which can be found on the official site.

The important commands are:

Check if you have connectivity with pyzor server: pyzor ping

Check if message is spam: pyzor check < message.eml

Report message as spam: pyzor report < message.eml

Let’s see if it’s working.

Uncomment “loadplugin Mail::SpamAssassin::Plugin::Pyzor” from spamassassin config file.

Check configuration(you shoul not see any message returned) : spamassassin –lint

Restart spamassassin: /etc/init.d/spamd restart

Test if pyzor is active:

# spamassassin 2>&1 -D -t < /msg.1563818007.667538.23924 | grep -i pyzor 
Jul 30 11:01:55.813 [5386] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC 
Jul 30 11:01:55.817 [5386] dbg: pyzor: network tests on, attempting Pyzor 
Jul 30 11:01:56.614 [5386] dbg: config: fixed relative path: /var/lib/spamassassin/3.004002/updates_spamassassin_org/25_pyzor.cf 
Jul 30 11:01:56.614 [5386] dbg: config: using "/var/lib/spamassassin/3.004002/updates_spamassassin_org/25_pyzor.cf" for included file 
Jul 30 11:01:56.614 [5386] dbg: config: read file /var/lib/spamassassin/3.004002/updates_spamassassin_org/25_pyzor.cf 
Jul 30 11:02:00.057 [5386] dbg: util: executable for pyzor was found at /usr/bin/pyzor 
Jul 30 11:02:00.057 [5386] dbg: pyzor: pyzor is available: /usr/bin/pyzor 
Jul 30 11:02:00.057 [5386] dbg: pyzor: opening pipe: /usr/bin/pyzor check < /tmp/.spamassassin5386ua5Fe1tmp 
Jul 30 11:02:00.230 [5386] dbg: pyzor: [5390] finished: exit 1 
Jul 30 11:02:00.231 [5386] dbg: pyzor: got response: public.pyzor.org:24441 (200, 'OK') 0 0 
Jul 30 11:02:00.232 [5386] dbg: check: tagrun - tag PYZOR is now ready, value: Reported 0 times. 

 

Razor:

Unfortunately is not in the portage anymore so you need to download and install it manually.

Official documentation can be found here.

# perl Makefile.PL

Checking if your kit is complete...
Looks good
Warning: NAME must be a package name
Checking if your kit is complete...
Looks good
Generating a Unix-style Makefile
Writing Makefile for Razor2::Preproc::deHTMLxs
Writing MYMETA.yml and MYMETA.json
Generating a Unix-style Makefile
Writing Makefile for razor-agents
Writing MYMETA.yml and MYMETA.json

make && make install

Let’s create the razor account:

# razor-admin -create
# razor-admin -discover
# razor-admin -register
Register successful. Identity stored in /root/.razor/identity-ruSiVo2Viv

As before let’s start and test this.

Uncomment loadplugin Mail::SpamAssassin::Plugin::Razor2 from spamssassin config.

# spamassasin --lint
# spamassassin 2>&1 -D -t < /1564471708.7590.message\,S\=1553\:2\, | grep -i razor
Jul 30 11:54:58.359 [18439] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC
Jul 30 11:54:58.441 [18439] dbg: razor2: razor2 is available, version 2.84
Jul 30 11:54:58.814 [18439] dbg: config: fixed relative path: /var/lib/spamassassin/3.004002/updates_spamassassin_org/25_razor2.cf
Jul 30 11:54:58.814 [18439] dbg: config: using "/var/lib/spamassassin/3.004002/updates_spamassassin_org/25_razor2.cf" for included file
Jul 30 11:54:58.814 [18439] dbg: config: read file /var/lib/spamassassin/3.004002/updates_spamassassin_org/25_razor2.cf
Jul 30 11:55:03.396 [18439] dbg: razor2: part=0 engine=8 contested=0 confidence=0
Jul 30 11:55:03.397 [18439] dbg: razor2: results: spam? 0
Jul 30 11:55:03.397 [18439] dbg: razor2: results: engine 4, highest cf score: 0
Jul 30 11:55:03.397 [18439] dbg: razor2: results: engine 8, highest cf score: 0
Jul 30 11:55:03.741 [18439] dbg: timing: total 5413 ms - init: 2619 (48.4%), b_tie_ro: 13 (0.2%), parse: 0.86 (0.0%), extract_message_metadata: 36 (0.7%), get_uri_detail_list: 3.0 (0.1%), tests_pri_-1000: 37 (0.7%), compile_gen: 350 (6.5%), compile_eval: 31 (0.6%), tests_pri_-950: 4.3 (0.1%), tests_pri_-900: 5 (0.1%), tests_pri_-90: 15 (0.3%), check_bayes: 8 (0.2%), b_tokenize: 3.7 (0.1%), b_tok_get_all: 1.25 (0.0%), b_comp_prob: 0.59 (0.0%), b_tok_touch_all: 0.36 (0.0%), b_finish: 1.16 (0.0%), tests_pri_0: 625 (11.6%), dkim_load_modules: 24 (0.4%), check_dkim_signature: 0.49 (0.0%), check_spf: 65 (1.2%), poll_dns_idle: 1.51 (0.0%), check_dkim_adsp: 3.3 (0.1%), tests_pri_20: 1715 (31.7%), check_razor2: 1709 (31.6%), tests_pri_30: 197 (3.6%), check_pyzor: 188 (3.5%), tests_pri_500: 141 (2.6%)

 

DCC

There is a version of DCC in the portage but is quite old. I installed it and i found that is working ok so you have two choices:

1) either install dcc-1.3.158 from portage

echo ">=mail-filter/dcc-1.3.158 DCC" > /etc/portage/package.license
emerge dcc

2) or the latest version(now is 2.3.167)

wget http://www.dcc-servers.net/dcc/source/dcc-dccproc.tar.Z
tar xfvz dcc-dccproc.tar.Z  
cd dcc-dccproc-*
./configure && make && make install

Test the DCC connection:

# cdcc info
# 07/30/19 12:39:59 EEST /var/dcc/map
# Re-resolve names after 14:38:10 Check RTTs after 12:53:14
# 1250.76 ms threshold, 1247.20 ms average 12 total, 10 working servers
IPv6 off version=3

dcc1.dcc-servers.net,- RTT+1000 ms anon
# 74.92.232.243,-
# not answering
# 209.169.14.29,- x.dcc-servers ID 104
# 100% of 1 requests ok 252.40+1000 ms RTT 100 ms queue wait
# 209.169.14.30,- x.dcc-servers ID 104
# 100% of 1 requests ok 254.31+1000 ms RTT 100 ms queue wait

dcc2.dcc-servers.net,- RTT+1000 ms anon
# *136.199.199.160,- URT ID 1060
# 100% of 1 requests ok 147.20+1000 ms RTT 100 ms queue wait
# 157.131.0.46,- sonic ID 1255
# 100% of 1 requests ok 284.97+1000 ms RTT 100 ms queue wait
# 192.84.137.21,- INFN-TO ID 1233
# 100% of 1 requests ok 151.33+1000 ms RTT 100 ms queue wait

dcc3.dcc-servers.net,- RTT+1000 ms anon
# 184.23.168.46,- sonic ID 1254
# 100% of 1 requests ok 279.82+1000 ms RTT 100 ms queue wait
# 212.223.102.90,- ID 1480
# 100% of 1 requests ok 150.76+1000 ms RTT 100 ms queue wait

dcc4.dcc-servers.net,- RTT+1000 ms anon
# 192.135.10.194,- debian ID 1169
# 100% of 1 requests ok 163.44+1000 ms RTT 100 ms queue wait

dcc5.dcc-servers.net,- RTT+1000 ms anon
# 204.90.71.235,- MGTINTERNET ID 1170
# 100% of 1 requests ok 216.45+1000 ms RTT 100 ms queue wait
# 209.169.14.26,- x.dcc-servers ID 104
# 100% of 1 requests ok 254.30+1000 ms RTT 100 ms queue wait

@,- RTT-1000 ms 32768 secret11589268638y1057
# 127.0.0.1,-
# not answering

################
# 07/30/19 12:39:59 EEST greylist /var/dcc/map
# Re-resolve names after 14:38:14 Check RTTs after 12:53:24
# 1 total, 0 working servers

@,- Greylist 32768 secret11589268638y1057
# *127.0.0.1,6276
# not answering

Sometimes cdcc info may not return any server. Run cdcc RTT . If you still don’t have any luck check your firewalls.

Edit whiteclnt and whitecommon and add your own IP as “trusted”.

# List statically allocated IP addresses that you trust to never send
# or forward unsolicited bulk email
#ok ip 10.1.2.0/24

Uncomment loadplugin Mail::SpamAssassin::Plugin::DCC from the config file and let’s check it.

# spamassassin 2>&1 -D -t </1563847269.8759.sphere\,S\=1032387\:2\,S | grep -i DCC
Jul 30 13:13:41.829 [17645] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC
Jul 30 13:13:41.841 [17645] dbg: dcc: network tests on, registering DCC
Jul 30 13:13:42.290 [17645] dbg: config: fixed relative path: /var/lib/spamassassin/3.004002/updates_spamassassin_org/25_dcc.cf
Jul 30 13:13:42.290 [17645] dbg: config: using "/var/lib/spamassassin/3.004002/updates_spamassassin_org/25_dcc.cf" for included file
Jul 30 13:13:42.290 [17645] dbg: config: read file /var/lib/spamassassin/3.004002/updates_spamassassin_org/25_dcc.cf
Jul 30 13:13:46.406 [17645] dbg: util: executable for cdcc was found at /usr/bin/cdcc
Jul 30 13:13:46.406 [17645] dbg: dcc: dcc_pgm_path, found cdcc in env.path: /usr/bin/cdcc
Jul 30 13:13:46.414 [17645] dbg: dcc: `/usr/bin/cdcc -qV homedir libexecdir` reports '1.3.158 homedir=/var/dcc libexecdir=/usr/sbin '
Jul 30 13:13:46.414 [17645] dbg: dcc: use 'dcc_libexec /usr/sbin' from cdcc
Jul 30 13:13:46.414 [17645] dbg: dcc: use 'dcc_home /var/dcc' from cdcc
Jul 30 13:13:46.414 [17645] dbg: dcc: dccifd is not available; no r/w socket at /var/dcc/dccifd
Jul 30 13:13:46.414 [17645] dbg: util: executable for dccproc was found at /usr/bin/dccproc
Jul 30 13:13:46.414 [17645] dbg: dcc: dcc_pgm_path, found dccproc in env.path: /usr/bin/dccproc
Jul 30 13:13:46.414 [17645] dbg: dcc: /usr/bin/dccproc is available
Jul 30 13:13:46.416 [17645] dbg: dcc: opening pipe to /usr/bin/dccproc -C -x 0 -h /var/dcc -a 5.189.178.220 -w whiteclnt </tmp/.spamassassin17645LOazawtmp
Jul 30 13:13:46.573 [17645] dbg: dcc: dccproc responded with 'X-DCC-EATSERVER-Metrics: sphere 1166; Body=1 Fuz1=28 Fuz2=many'
Jul 30 13:13:46.574 [17645] dbg: check: tagrun - tag DCCB is now ready, value: EATSERVER
Jul 30 13:13:46.575 [17645] dbg: check: tagrun - tag DCCR is now ready, value: sphere 1166; Body=1 Fuz1=28 Fuz2=many
Jul 30 13:13:46.575 [17645] dbg: dcc: listed: BODY=1/999999 FUZ1=28/999999 FUZ2=999999/999999 REP=0/90
Jul 30 13:13:46.576 [17645] dbg: rules: ran eval rule DCC_CHECK ======> got hit (1)
Jul 30 13:13:48.992 [17645] dbg: plugin: Mail::SpamAssassin::Plugin::DCC=HASH(0x55db68f00d38) implements 'check_post_learn', priority 0
Jul 30 13:13:48.993 [17645] dbg: dcc: DCC learning not enabled by dcc_learn_score
Jul 30 13:13:48.994 [17645] dbg: check: tests=BAYES_50,DCC_CHECK,FSL_BULK_SIG,HTML_IMAGE_ONLY_32,HTML_MESSAGE,RDNS_NONE,SPF_FAIL,SPF_HELO_PASS

Now restart your spamd daemon and that’s it.

 

TIPS:

  • Most probably you will ask soon how you report a spam message towards pyzor, razor, dcc. Simple answer is spamassassin –report < message.
  • Are those effective? I didn’t though so but it seems even if people are using all of them and new spams are reported quite fast. The simple answer is YES, use them.

Leave a Reply

Your email address will not be published. Required fields are marked *