Posts filed under ‘Linux’

How to reject emails that tagged as SPAM by spamassassin

Hi Guys,

I have wrote a seperate blog post on how to configure spamassassin ,spamass-milter & sendmail to combat SPAM. But this article focus on how to reject emails that are tagged as SPAM by spamassassin. By default  the emails will not be rejected , and it will be delivered to the MTA as it is.

In order to achieve this , you need to modify the spamass-milter configuration file in  /etc/sysconfig/spamass-milter , and uncomment the line

EXTRA_FLAGS=”-m -r 15″

and modify the -r value to based on your needs, and leave the -m as it is, this will prevent the spamass-milter modifying the header. In my case I have set the -r value to 5 . Do not forget to restart the spamassassin , spamass-milter & sendmail services.

That’s it.

Advertisements

April 8, 2019 at 11:33 am Leave a comment

How to Configure Sendmail & SpamAssassin for SPF Check

We had a Sendmail Server (8.14.7) running on CentOS Server, The server acts as a Secondary MX and SMART hosts for many domains. In this scenario we decided to install the SpamAssassin to force the Sendmail server to validate SPF records prior to accepting the email. I have written the below post to explain the whole process with few notes on troubleshooting I had to perform during the installation & configuration stages.

-Sendmail (already installed and running)

-SpamAssassin v. 3.4.0 (already installed with CentOS , use spamassassin -V to check the version)

– Spam-ass milter

So let’s start with the process;

+ Install spam-ass milter

# yum install perl-Mail-SPF perl-Mail-DKIM perl-Razor-Agent pyzor poppler-utils re2c ( These are the prerequisites)

# Download the RPM  from https://centos.pkgs.org/7/epel-x86_64/spamass-milter-0.4.0-7.el7.x86_64.rpm.html and install by rpm -i “rpm name”

+ Start the spamassassin & spamass-milter services

# systemctl start spamassassin

# systemctl start spamass-milter.service

Now we need to force sendmail daemon to use the milter for antispam processing. Add the below lines in sendmail.mc (** do not forget to backup the files before modifying it)

======================================================================================

dnl #
dnl # SPAMASSASSIN dnl
dnl **
dnl ** enable spamassassin-milter to scan for spam using spamassassin **
dnl **
INPUT_MAIL_FILTER(`spamassassin’, `S=unix:/var/run/spamass-milter/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m’)dnl
define(`confMILTER_MACROS_CONNECT’,`t, b, j, _, {daemon_name}, {if_name}, {if_addr}’)dnl
define(`confMILTER_MACROS_HELO’,`s, {tls_version}, {cipher}, {cipher_bits}, {cert_subject}, {cert_issuer}’)dnl
dnl # END LOCAL ADDITIONS
dnl #

======================================================================================

+ save the file & quit it

+ Compile the Sendmail configuration & restart the sendmail services.

# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf ( or you could simply type make)

# systemctl restart sendmail

To confirm whether all these components are working fine with the relevant SPF check you need to run ,

# spamassassin -D < /usr/share/doc/spamassassin-3.4.0/sample-spam.txt 2>&1 |grep -i spf

Thereafter we could analyze whether the email are being filtered properly with the SPF Check, to check that run

# grep spf /var/log/maillog

if it is not functioning well you should look for the errors & start troubleshooting it.  In my case it was throwing the below error;

“Mar 4 15:34:20 mail spamd[11685]: spf: lookup failed: addr is not a string at /usr/share/perl5/vendor_perl/IO/Socket/IP.pm line 662.”

After few  minutes of googling , we found out that , it was a bug in the perl-socket module in CentOS 7 , thus you need to

# yum install epel

# yum update perl-Socket –enablerepo=cr

You need to restart the sendmail , spamassassin & spamass-milter services for the changes to take effect and review the log again for any errors.

+ A new cron.d job will be created automatically for the spamassassin update in the /etc/cron.d/sa-update file.

Few advice, do not modify any files in /usr/share/spamassassin , since these files will be overwritten with spamassassin updates. Thus always modify the /etc/mail/local.cf for any customizations and it is a system wide configuration.

Secondly you could refer the below samples , that you could use for any customization and whitelisting stuff with in spamassassin.

 

========================================================================

# How many hits before a message is considered spam.
required_hits 5.0

# Text to prepend to subject if rewrite_subject is used
rewrite_header Subject [*****SPAM*****]

# Encapsulate spam in an attachment
report_safe 1

# Enable the Bayes system
use_bayes 1

# Enable Bayes auto-learning
bayes_auto_learn 1
bayes_path /home/spamd/
bayes_file_mode 0666

# Enable or disable network checks
skip_rbl_checks 0
use_razor2 0
use_dcc 0
use_pyzor 0

# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
# ok_languages all

# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
# ok_locales all

# Whitelist important senders
whitelist_from *@xyz.xx

========================================================================

 

That’s it , but during this process i came across useful blog  sites and forums posts that helped me to work on this task and they are listed below for your reference as well.

https://blesseddlo.wordpress.com/2010/04/01/sendmail-spamassassin-spamass-milter-milter-greylist/

https://www.rosehosting.com/blog/how-to-install-spamassassin-on-a-virtual-server-with-centos-6/

https://www.jethrocarr.com/2013/10/26/spf-with-spamassassin/

http://forums.sentora.org/showthread.php?tid=1118

https://it.megocollector.com/linux/install-spamassassin-on-centos-6/

http://forum.icewarp.com/forum/showthread.php?1809-Spamassassin-SPF-and-spoofing

https://centos.org/forums/viewtopic.php?t=60477

https://vamsoft.com/support/tools/spf-policy-tester (This will validate you SPF check in the email server)

http://spamassassin.1065346.n5.nabble.com/return-path-test-td1869.html

https://www.howtoforge.com/community/threads/spamassassin-version.74/

 

Update1:

In  January 2018  , barracuda removed the RBL from the SA ruleset (it was under 72_active.cf in /usr/share/spamassassin)

To add this rule , you need to register via the below URL;

http://barracudacentral.org/account/register

and then  you need to manually edit  the local.cf  file add the below texts and restart the services

ifplugin Mail::SpamAssassin::Plugin::DNSEval

header __RCVD_IN_BRBL eval:check_rbl(‘brbl’,’bb.barracudacentral.org’)
tflags __RCVD_IN_BRBL net

header __RCVD_IN_BRBL_2 eval:check_rbl_sub(‘brbl’, ‘127.0.0.2’)
meta RCVD_IN_BRBL __RCVD_IN_BRBL_2 && !RCVD_IN_BRBL_LASTEXT
describe RCVD_IN_BRBL Received is listed in Barracuda RBL bb.barracudacentral.org
score RCVD_IN_BRBL 1.2
tflags RCVD_IN_BRBL net

header RCVD_IN_BRBL_LASTEXT
eval:check_rbl(‘brbl-lastexternal’, ‘bb.barracudacentral.org’)
describe RCVD_IN_BRBL_LASTEXT Last external is listed in Barracuda RBL bb.barracudacentral.org
score RCVD_IN_BRBL_LASTEXT 2.2
tflags RCVD_IN_BRBL_LASTEXT net

endif

Source: http://mail-archives.apache.org/mod_mbox/spamassassin-users/201802.mbox/%3C34073266-bd1c-174c-76e2-d862cc96f007@ena.com%3E

Update 2:

Recently we were blacklisted by backscatter and the reason for listing was , sending out NDR for non valid emails. Thus we  have add  the below line in the local.cf configuration file

whitelist_bounce_relays myrelay.mydomain.net (Replace it with your outgoing email server name)

If you have multiple servers , you could add them all here in multiple lines .

Once the above is added and the spamassassin is restarted , issue the below command to verify for any config errors

#spamassassin --lint

The below URL contains additional information to test the backscatter rule via sample bounce messages.

https://wiki.apache.org/spamassassin/VBounceRuleset
https://forums.untangle.com/feedback/11356-backscatter-spamassassin.html

 

Update 3:

After some time we realized the above settings , does not fulfill our requirement and had to modify the sendmail.mc as below

Original Config

define(confPRIVACY_FLAGS',authwarnings,novrfy,noexpn,restrictqrun’)dnl

Change it to

define(confPRIVACY_FLAGS',authwarnings,nobodyreturn’)dnl#

Compile the sendmail and restart the sendmail services.

March 5, 2019 at 11:39 am Leave a comment

Using RHEL Subscription in Virtual Data Center.

Hi All

Recently I got an opportunity to work in a project that involved with RHEL 7.4 Deployment. This projects required several VM’s as it was intended to use Kubernetes on RHEL. In this post I am focusing on how to register the RHEL VM’s using the  RHEL Virtual DataCenter Subscription licenses. In my case VMware was being used as the Hypervisor.

Once you procure the required license and RH Customer portal access is ready. You need to configure virt-who on one of the VM’s(This VM does not need to be the production VM , as I prefered in my case). Below steps will outline the process.

  •  On the newly created VM , you need to install the virt-who (using the RHEL Media as the REPO. This VM will be the virt-who host).
  • Run the command subscription-managaer register
  • Run the command subscription-manager idenetity.(Note down the value for Org ID as you will use it in the below steps)
  •  Browse to /etc/virt-who.d .
  • In order to create the configuration file you could use the URL https://access.redhat.com/labs/virtwhoconfig/ as it provide a step-by-step wizard to create the required entries.
  • Copy the the contents to a file in the folder mentioned in step-4
  • name of the file should match with the configuration name in the file created by the wizard.(File extension should be .conf)
  • Edit the virt-who file /etc/sysconfig/virt-who and add the below
    VIRTWHO_INTERVAL=300
    VIRTWHO_BACKGROUND=1
    VIRTWHO_DEBUG=1
  • Run the command virt-who  –one-shot(This will verify the configuration parameter’s are correct)
  • Then start the virt-who services(systemctl start virt-who)
  • Run the command on the virt-who VM
    subscription-manager attach –auto
  • On the remaining VM’s run
    subscription-manager register
    subscription-manager  attach –auto. (You don’t need to configure virt-who services on the other VM’s)

    That’s it login to RHEL portal and verify that you could see the Hypervisor and the VM’s

NOTE1: When creating the virt-who.conf you need to provide a username & password who have access to your VCenter server .This user needs only a Read-Only Permission

NOTE2: For best practices you could configure 2 VM’s with virt-who services.

NOTE3: You should be able to see the ESXi host and the VM’s in the URL -https://access.redhat.com/management/systems. You need to ensure that the proper subscription has been entitled to both.

 

April 8, 2018 at 3:03 pm Leave a comment

How to use the RHEL / CentOS Media as the Repository.

When you don’t have an active subscription with RHN , you will not be ale to install any packages via yum command. In that case the only way to overcome this situation is to use your installation CD or the binary CD you have downloaded from the RHEL website.

1.
#mount /dev/sr0 /mnt

2.Copy the media.repo file from the root of the mounted directory to /etc/yum.repos.d/ and set the permissions to something sane,

#cp /mnt/media.repo /etc/yum.repos.d/rhel7dvd.repo
#chmod 644 /etc/yum.repos.d/rhel7dvd.repo

3.Edit the new repo file, changing the gpgcheck=0 setting to 1 and adding the following 3 lines

enabled=1
baseurl=file:///mnt/  –> Here provide the mount point you used in Step1—>
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

4.

# yum clean all
# subscription-manager clean

5. Once the above steps are completed you could begin with your familiar yum installation.

NOTE: I have not tried these steps in CentOS , but I believe it is portable and applicable.

 

March 6, 2018 at 10:39 am Leave a comment

How to check the Physical Status of Network Card in Linux

On Linux servers the status of NIC cards cannot be determined via the ipconfig command alone , in that case you could use one of the below commands to get the required infromation

# mii-tool eth0

# cat /sys/class/net/eth0/operatestate

# ethtool eth0

# ip link ls dev eth0

 

Source:https://linuxsupporttips.wordpress.com/2011/08/01/how-to-check-physical-network-link-status-on-linux-rhelcentos/

Good Luck .

 

 

 

 

March 14, 2017 at 12:53 pm Leave a comment

Cannot retreive metalink for repository epel

Hi

If some body receive the above error first you should check the connectivity and firewall issues and still if the problem persist.

Sample Error

metalink_error_1You should edit the  /etc/yum/repos.d/CentOS-base.repo or epel.repo

and change all the URL’s that pointing to https  to  http  save the file

Restart the yum process.

Hint –  Always start the yum process with debug switch ,which helps us in troubleshooting –  ( yum -d6 update)

 

 

 

December 17, 2013 at 9:02 am Leave a comment

CentOS yum error 14: PCYURL ERROR 7 – “Failed to connect to 2a02:2498:1:3d:5054:ff:fed3:e9

Dear Folks

When you are trying to update the system with yum , you may come with the above error , In which the yum tool is trying to resolve the mirrorlist url’s via IPv6 Address.

update_error_1What happens here is that when the yum is unable to resolve and reach the IPv4 address it end up trying the IPv6.

Hence if you face the similar issue , I would advice you to go through the below steps and identify the real cause.

Step 1 –  Check whether you could resolve the URL  (mirrorlist.centos.org) via nslookup or dig and get an IPV6 address.

If  you fail at the above step check for the DNS configurations in /etc/resolv.conf

Step 2 –   Check with the firewall team that they have allowed the ports 80 , 443 ,21   from the linux server.

In my case it was the firewall blockage.

I have been googling  regarding the same issue and found out that several articles pointing to IPV6   saying that to disable it. Hence you could try that as a  last resort , if the above steps did not succeed.

– edit  the  /etc/sysconfig/network and the /etc/sysconfig/network-scripts/ifcfg-eth* files  to  disable any entries pointing to IPv6

– edit /etc/sysctl.conf and put the below entries and reboot the server

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 =

– disable the ip6tables.

Good Luck

December 17, 2013 at 8:50 am Leave a comment

Older Posts


Archives

Categories

Follow Hope you like it.. on WordPress.com

Blog Stats

  • 18,530 hits

%d bloggers like this: