Copyright 2006-2008
Patrick R. McDonald <marlowe@antagonism.org> (GPG key)This document last modified Friday, 30-May-2008 17:50:24 PDT
One of the largest problems today with fighting spam is people treat spam as if they are fighting it in a vacuum. A common approach involves moving spam to a particular folder and then simply deleting it. This approach makes little to no sense. To provide an everyday example, every night criminals vandalize your automobile. The above approach would be the equivalent of removing the damage without notifying the proper authorities, warning neighbors and waiting for the same criminal to repeat the same action. Fortunately SpamAssassin provides you an opportunity to notify the "proper authorities" (SpamCop) and "warn your neighbors" (Razor and Pyzor).
Spam does not occur in a vacuum. If you receive a spam, chances are someone else has received this exact same message. Since spammers try maximize their reach (number of users receiving a message) while minimizing their effort, they send the same message out to hundreds, perhaps thousands of different mail addresses. There is a flaw in this type of approach. Any file when put through a one-way hash will produce a unique checksum. If two files are put through the same one-way hash and their checksums match it means they have the exact same contents. If the files differ by even one character, the checksums will not match. So Razor and Pyzor generate checksums of messages and compare them against checksums of known spam messages. If there is a match, there is a good certainity the message is spam. They also allow users to submit checksums for spam on their systems. Thus by using Razor and Pyzor you help to ensure that your neighbor does not get bit by the same spam that you did. This forces spammers to work that much harder. After all, a message which is known and blocked does the spammer no good. If he is busy changing his message, the spammer can not be sending spam.
SpamCop is a free service which provides two essential services, 1) it allows spam recipients to report spam to the sender's Internet Service Provider (ISP) and 2) provides a real-time blackhole list (RBL) of offending IP addresses based on these reports. Reporting spam to the appropriate ISP is very important. It allows the ISP to take action against machines which are violating their terms of service. Not to make excuses for system admins, but monitoring a network is a full time job, so having an extra set of eyes never hurt. Once notified of the offending machine, an ISP can take the necessary steps to remedy the situation. This reduces the spammer's means of sending spam.
Next, by adding these IP addresses addresses to their RBL, SpamCop helps to ensure that additional users do not receive email from the offending IP until the situation as been remedied by the ISP. The message also provides SpamCop with evidence for its listing of a particular IP address. This also limits the spammer as even though the offending IP address may still be used, the range of machines it can spam is reduced by those using the RBL.
Install SpamAssassin according to your preferred method. The following page describes various means of installation. This page covers creating an RPM from the tar file and installing the RPM.
Install Razor according to the instructions. The rest of this document assumes the razor config has been created in /etc/mail/spamassassin/.razor. Please adjust accordingly.
Install Pyzor according its instructions. The rest of this document assumes that Pyzor has been installed in /etc/mail/spamassassin. Please adjust accordingly.
Create your reporting address for SpamCop by following these instructions.
Add the below line to /etc/mail/spamassassin/.razor/razor-agent.conf to tell Razor where it lives.
razorhome = /etc/mail/spamassassin/.razor/
Add the Pyzor servers to the /etc/mail/spamassassin directory by running the following command.
# pyzor --homedir /etc/mail/spamassassin discover
Next, tell SpamAssassin where Razor and Pyzor are located and the appropriate addresses to use when reporting to SpamCop. Add the following lines to /etc/mail/spamassassin/local.cf. "spamcop_from_address" should be the address which SpamCop expects you to send reports. "spamcop_to_address" is the reporting address SpamCop provided you.
razor_config /etc/mail/spamassassin/.razor/razor-agent.conf
pyzor_options --homedir /etc/mail/spamassassin/
spamcop_from_address you@domain.xyz
spamcop_to_address your_address@spamcop.net
The "-H" option in spamd will set all helpers applications' (Razor and Pyzor) home directories to /etc/mail/spamassassin.
In the /etc/mail/spamassassin/v310.pre file ensure the following lines are uncommented to load the appropriate plugins.
loadplugin Mail::SpamAssassin::Plugin::Razor2
loadplugin Mail::SpamAssassin::Plugin::Pyzor
loadplugin Mail::SpamAssassin::Plugin::SpamCop
Restart spamd as appropriate for your start mechanism (init.d, daemontools, etc).
To report a message as spam to Razor, Pyzor and SpamCop, run the following command. Please substitute the full pathname of the message for the word FILE
# spamassassin -r < FILE
Reporting each spam by hand is painful. Scripting the process is an exercise left to the reader.
Copyright 2006-2008
Patrick R. McDonald <marlowe@antagonism.org> (GPG key)