Installing spamdyke is pretty simple.
1) Have a working qmail installation that runs from tcpserver. If you can’t
send and receive email, stop and go to one of the following sites for help:
http://www.lifewithqmail.org/
http://www.qmailrocks.org/
http://www.qmailtoaster.org/
If you’re using QmailToaster, there’s no need to install spamdyke by hand.
Use the spamdyke installation script in QmailToaster Plus:
http://qtp.qmailtoaster.com/
2) Unpack the spamdyke tarball somewhere convenient, like /usr/local/src:
cd /some/convenient/path
tar -xzvf spamdyke-x.y.z.tgz
3) The fastest way is to change to the “spamdyke” directory, run “configure”
and “make”. spamdyke will be compiled with the default options.
cd spamdyke-x.y.z/spamdyke
./configure
make
You shouldn’t see any errors or warnings.
On some older BSD and Solaris installations, the “configure” script will
stop with an error message if the getopt_long() function cannot be found
in a system library. This typically means the libgnugetopt package is
not available. After it has been installed, the “configure” script will
finish successfully.
The “configure” script accepts several parameters to add or remove some
features from spamdyke:
–disable-tls: compiles spamdyke without TLS support. By default, the
“configure” script will include TLS support if it detects the OpenSSL
libraries are installed.
–without-debug-output: compiles spamdyke without the messages produced
when the “log-level” option is set to “debug”. This reduces the size of
the spamdyke binary. By default, the “configure” script will add the
debug messages to spamdyke.
–with-excessive-output: compiles spamdyke with extra debugging output
that is visible when the “log-level” option is set to “excessive”.
By default, the “configure” script will not add the excessive messages
to spamdyke.
–with-debug-symbols: compiles spamdyke with debugging symbols so it can
be debugged with a debugger like gdb. This option does not add any
visible output or features; it just increases the size of the spamdyke
binary. By default, the “configure” script will not add the debugging
symbols to spamdyke.
–with-address-sanitizer: compiles spamdyke with the “address sanitizer”
extension to catch illegal memory accesses and buffer overflows. This
requires a fairly new version of gcc and the “asan” libraries. It
makes spamdyke much bigger and much slower; it is really only useful
for developers to use during testing.
4) Copy the spamdyke executable to /usr/local/bin:
su
cp spamdyke /usr/local/bin/
5) If you want spamdyke to perform recipient validation and reject invalid
recipient addresses, you’ll need to compile and install the spamdyke-qrv
command as well.
If you’re using Plesk, skip this step. Plesk already does recipient
validation for you.
Compiling is very easy:
cd spamdyke-x.y.z/spamdyke-qrv
./configure
make
Copy the spamdyke-qrv executable to /usr/local/bin:
su
cp spamdyke-qrv /usr/local/bin/
chown root /usr/local/bin/spamdyke-qrv
chmod u+s /usr/local/bin/spamdyke-qrv
The “configure” script accepts several parameters to add or remove some
features from spamdyke-qrv:
–with-excessive-output: compiles spamdyke-qrv with extra debugging output
that is visible when the “-v” flag is given twice. By default, the
“configure” script will not add the excessive messages to spamdyke-qrv.
–without-vpopmail-support: compiles spamdyke-qrv without extra logic for
supporting vpopmail installations. Without the vpopmail logic,
spamdyke-qrv will report every address within a local domain is valid,
even when they would otherwise bounce.
–with-debug-symbols: compiles spamdyke-qrv with debugging symbols so it
can be debugged with a debugger like gdb. This option does not add any
visible output or features; it just increases the size of the
spamdyke-qrv binary. By default, the “configure” script will not add
the debugging symbols to spamdyke-qrv.
–with-address-sanitizer: compiles spamdyke-qrv with the “address
sanitizer” extension to catch illegal memory accesses and buffer
overflows. This requires a fairly new version of gcc and the “asan”
libraries. It makes spamdyke-qrv much bigger and much slower; it is
really only useful for developers to use during testing.
6) Find the script that runs qmail when an incoming connection is established.
If you followed the instructions at lifewithqmail.org or qmailrocks.org, look
for:
/service/qmail-smtpd/run
If you installed qmail from the Debian packages, look for:
/etc/init.d/qmail
If your qmail installation is part of Plesk, look for:
/etc/xinetd.d/smtp_psa
Insert the spamdyke command before the “/var/qmail/bin/qmail-smtpd” command.
Something like this:
——————————————————————————–
… /usr/local/bin/spamdyke -FLAGS /var/qmail/bin/qmail-smtpd 2>&1
——————————————————————————–
Sometimes, the spamdyke command should be placed within a variable that is
substituted into the command line. If the script includes the rblsmtpd
command, it can be replaced with the spamdyke command.
Older installations of qmail may use the “softlimit” program as well. If you
see softlimit in the sequence of commands, REMOVE IT! softlimit causes many
more problems than it could ever possibly solve.
Most spamdyke installations use a configuration file named
“/etc/spamdyke.conf”. This file is not part of the spamdyke installation; it
must be created by each administrator. There is a sample configuration file
in spamdyke’s “documentation” folder to help you get started.
Special note for Plesk users: starting relaylock before spamdyke can cause
some (harmless) errors to be logged. If spamdyke is started before relaylock,
you shouldn’t see any errors:
——————————————————————————–
server_args = -Rt0 /usr/local/bin/spamdyke -FLAGS /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
——————————————————————————–
Plesk users can also use spamdyke for their SMTPS connections by adding it to
the /etc/xinetd.d/smtps_psa file. spamdyke’s configuration in that file will
need to include the options “tls-level” (set to “smtps”) and
“tls-certificate-file”.
Run the spamdyke command with the “-h” option to see the available options and
read the README.html file for full details. Please don’t enable a feature if
you don’t understand what it does!
7) Restart qmail.
If you followed the instructions at lifewithqmail.org or qmailrocks.org:
svc -d /service/qmail-smtpd
svc -u /service/qmail-smtpd
If you installed qmail from the Debian packages:
/etc/init.d/qmail restart
If your qmail installation is part of Plesk:
killall -HUP xinetd
8) That’s it! Watch syslog for any errors (usually /var/log/maillog; Plesk
reconfigures syslog to save mail system logs in
/usr/local/psa/var/log/maillog).
9) OPTIONAL: Copy the policy.php.example page from the “documentation” directory
to a website and change spamdyke’s “policy-url” option to give its URL.
Be sure to test the contact form to make sure it sends messages correctly.
Good luck! If you have any issues or questions, please send a message to the
spamdyke-users mailing list (the subscription form is at www.spamdyke.org).
The “utils” directory contains additional utilities that spamdyke does not
require. If you wish to compile them, change to the “utils” folder, then run
“configure” and “make”:
cd spamdyke-x.y.z/utils
./configure
make
Copy the executables to appropriate locations as needed. None of them need to
be in any specific directory to work. None of them require the presence of the
others. spamdyke does not need any of them to function.
EXAMPLE:
My server runs netqmail-1.05+TLS+viruscan and vpopmail, installed using the
instructions from lifewithqmail.org. I put the whitelist, blacklist and
graylist files in the /home/vpopmail directory. This is not required, I just
put them there because the qmaild user already owns all the files there.
Other good locations for them might be /etc/spamdyke or /var/qmail/spamdyke.
My entire /service/qmail-smtpd/run file is:
——————————————————————————–
#!/bin/sh
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`
if [ -z “$QMAILDUID” -o -z “$NOFILESGID” -o -z “$MAXSMTPD” -o -z “$LOCAL” ]; then
echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi
if [ ! -f /var/qmail/control/rcpthosts ]; then
echo “No /var/qmail/control/rcpthosts!”
echo “Refusing to start SMTP listener because it’ll create an open relay”
exit 1
fi
exec /usr/local/bin/tcpserver -v -R -l “$LOCAL” -x /etc/tcp.smtp.cdb -c “$MAXSMTPD” -u “$QMAILDUID” -g “$NOFILESGID” 0 smtp \
/usr/local/bin/spamdyke -f /etc/spamdyke.conf \
/var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true \
2>&1
——————————————————————————–
My /etc/spamdyke.conf file contains:
——————————————————————————–
log-level=info
max-recipients=5
idle-timeout-secs=300
graylist-dir=/home/vpopmail/graylist
graylist-level=always
graylist-min-secs=300
graylist-max-secs=1814400
policy-url=http://my.policy.explanation.url/
reject-empty-rdns
reject-unresolvable-rdns
reject-ip-in-cc-rdns
rdns-whitelist-file=/home/vpopmail/whitelist_rdns
ip-whitelist-file=/home/vpopmail/whitelist_ip
greeting-delay-secs=5
dns-blacklist-entry=b.barracudacentral.org
dns-blacklist-entry=zen.spamhaus.org
rhs-blacklist-entry=fresh.spameatingmonkey.com
reject-sender=no-mx
reject-recipient=same-as-sender
tls-certificate-file=/var/qmail/control/servercert.pem
config-dir=/etc/spamdyke.d
config-dir=/etc/spamdyke.d2
sender-blacklist-file=/home/vpopmail/blacklist_senders
sender-whitelist-file=/home/vpopmail/whitelist_senders
recipient-blacklist-file=/home/vpopmail/blacklist_recipients
recipient-whitelist-file=/home/vpopmail/whitelist_recipients
ip-in-rdns-keyword-blacklist-file=/home/vpopmail/blacklist_keywords
ip-blacklist-file=/home/vpopmail/blacklist_ip
rdns-blacklist-dir=/home/vpopmail/blacklist_rdns.d
header-blacklist-file=/home/vpopmail/blacklist_headers
——————————————————————————–
Recent Comments