{"id":6069,"date":"2016-07-27T08:34:24","date_gmt":"2016-07-27T00:34:24","guid":{"rendered":"http:\/\/rmohan.com\/?p=6069"},"modified":"2016-07-27T08:34:24","modified_gmt":"2016-07-27T00:34:24","slug":"spamdyke","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=6069","title":{"rendered":"spamdyke"},"content":{"rendered":"

Installing spamdyke is pretty simple.<\/p>\n

1) Have a working qmail installation that runs from tcpserver. If you can’t
\n send and receive email, stop and go to one of the following sites for help:
\n http:\/\/www.lifewithqmail.org\/
\n http:\/\/www.qmailrocks.org\/
\n http:\/\/www.qmailtoaster.org\/<\/p>\n

If you’re using QmailToaster, there’s no need to install spamdyke by hand.
\n Use the spamdyke installation script in QmailToaster Plus:
\n http:\/\/qtp.qmailtoaster.com\/<\/p>\n

2) Unpack the spamdyke tarball somewhere convenient, like \/usr\/local\/src:
\n cd \/some\/convenient\/path
\n tar -xzvf spamdyke-x.y.z.tgz<\/p>\n

3) The fastest way is to change to the “spamdyke” directory, run “configure”
\n and “make”. spamdyke will be compiled with the default options.
\n cd spamdyke-x.y.z\/spamdyke
\n .\/configure
\n make
\n You shouldn’t see any errors or warnings.<\/p>\n

On some older BSD and Solaris installations, the “configure” script will
\n stop with an error message if the getopt_long() function cannot be found
\n in a system library. This typically means the libgnugetopt package is
\n not available. After it has been installed, the “configure” script will
\n finish successfully.<\/p>\n

The “configure” script accepts several parameters to add or remove some
\n features from spamdyke:
\n –disable-tls: compiles spamdyke without TLS support. By default, the
\n “configure” script will include TLS support if it detects the OpenSSL
\n libraries are installed.
\n –without-debug-output: compiles spamdyke without the messages produced
\n when the “log-level” option is set to “debug”. This reduces the size of
\n the spamdyke binary. By default, the “configure” script will add the
\n debug messages to spamdyke.
\n –with-excessive-output: compiles spamdyke with extra debugging output
\n that is visible when the “log-level” option is set to “excessive”.
\n By default, the “configure” script will not add the excessive messages
\n to spamdyke.
\n –with-debug-symbols: compiles spamdyke with debugging symbols so it can
\n be debugged with a debugger like gdb. This option does not add any
\n visible output or features; it just increases the size of the spamdyke
\n binary. By default, the “configure” script will not add the debugging
\n symbols to spamdyke.
\n –with-address-sanitizer: compiles spamdyke with the “address sanitizer”
\n extension to catch illegal memory accesses and buffer overflows. This
\n requires a fairly new version of gcc and the “asan” libraries. It
\n makes spamdyke much bigger and much slower; it is really only useful
\n for developers to use during testing.<\/p>\n

4) Copy the spamdyke executable to \/usr\/local\/bin:
\n su
\n cp spamdyke \/usr\/local\/bin\/<\/p>\n

5) If you want spamdyke to perform recipient validation and reject invalid
\n recipient addresses, you’ll need to compile and install the spamdyke-qrv
\n command as well.<\/p>\n

If you’re using Plesk, skip this step. Plesk already does recipient
\n validation for you.<\/p>\n

Compiling is very easy:
\n cd spamdyke-x.y.z\/spamdyke-qrv
\n .\/configure
\n make<\/p>\n

Copy the spamdyke-qrv executable to \/usr\/local\/bin:
\n su
\n cp spamdyke-qrv \/usr\/local\/bin\/
\n chown root \/usr\/local\/bin\/spamdyke-qrv
\n chmod u+s \/usr\/local\/bin\/spamdyke-qrv<\/p>\n

The “configure” script accepts several parameters to add or remove some
\n features from spamdyke-qrv:
\n –with-excessive-output: compiles spamdyke-qrv with extra debugging output
\n that is visible when the “-v” flag is given twice. By default, the
\n “configure” script will not add the excessive messages to spamdyke-qrv.
\n –without-vpopmail-support: compiles spamdyke-qrv without extra logic for
\n supporting vpopmail installations. Without the vpopmail logic,
\n spamdyke-qrv will report every address within a local domain is valid,
\n even when they would otherwise bounce.
\n –with-debug-symbols: compiles spamdyke-qrv with debugging symbols so it
\n can be debugged with a debugger like gdb. This option does not add any
\n visible output or features; it just increases the size of the
\n spamdyke-qrv binary. By default, the “configure” script will not add
\n the debugging symbols to spamdyke-qrv.
\n –with-address-sanitizer: compiles spamdyke-qrv with the “address
\n sanitizer” extension to catch illegal memory accesses and buffer
\n overflows. This requires a fairly new version of gcc and the “asan”
\n libraries. It makes spamdyke-qrv much bigger and much slower; it is
\n really only useful for developers to use during testing.<\/p>\n

6) Find the script that runs qmail when an incoming connection is established.<\/p>\n

If you followed the instructions at lifewithqmail.org or qmailrocks.org, look
\n for:
\n \/service\/qmail-smtpd\/run
\n If you installed qmail from the Debian packages, look for:
\n \/etc\/init.d\/qmail
\n If your qmail installation is part of Plesk, look for:
\n \/etc\/xinetd.d\/smtp_psa<\/p>\n

Insert the spamdyke command before the “\/var\/qmail\/bin\/qmail-smtpd” command.
\n Something like this:
\n——————————————————————————–
\n … \/usr\/local\/bin\/spamdyke -FLAGS \/var\/qmail\/bin\/qmail-smtpd 2>&1
\n——————————————————————————–
\n Sometimes, the spamdyke command should be placed within a variable that is
\n substituted into the command line. If the script includes the rblsmtpd
\n command, it can be replaced with the spamdyke command.<\/p>\n

Older installations of qmail may use the “softlimit” program as well. If you
\n see softlimit in the sequence of commands, REMOVE IT! softlimit causes many
\n more problems than it could ever possibly solve.<\/p>\n

Most spamdyke installations use a configuration file named
\n “\/etc\/spamdyke.conf”. This file is not part of the spamdyke installation; it
\n must be created by each administrator. There is a sample configuration file
\n in spamdyke’s “documentation” folder to help you get started.<\/p>\n

Special note for Plesk users: starting relaylock before spamdyke can cause
\n some (harmless) errors to be logged. If spamdyke is started before relaylock,
\n you shouldn’t see any errors:
\n——————————————————————————–
\n server_args = -Rt0 \/usr\/local\/bin\/spamdyke -FLAGS \/var\/qmail\/bin\/relaylock \/var\/qmail\/bin\/qmail-smtpd \/var\/qmail\/bin\/smtp_auth \/var\/qmail\/bin\/true \/var\/qmail\/bin\/cmd5checkpw \/var\/qmail\/bin\/true
\n——————————————————————————–
\n Plesk users can also use spamdyke for their SMTPS connections by adding it to
\n the \/etc\/xinetd.d\/smtps_psa file. spamdyke’s configuration in that file will
\n need to include the options “tls-level” (set to “smtps”) and
\n “tls-certificate-file”.<\/p>\n

Run the spamdyke command with the “-h” option to see the available options and
\n read the README.html file for full details. Please don’t enable a feature if
\n you don’t understand what it does!<\/p>\n

7) Restart qmail.<\/p>\n

If you followed the instructions at lifewithqmail.org or qmailrocks.org:
\n svc -d \/service\/qmail-smtpd
\n svc -u \/service\/qmail-smtpd
\n If you installed qmail from the Debian packages:
\n \/etc\/init.d\/qmail restart
\n If your qmail installation is part of Plesk:
\n killall -HUP xinetd<\/p>\n

8) That’s it! Watch syslog for any errors (usually \/var\/log\/maillog; Plesk
\n reconfigures syslog to save mail system logs in
\n \/usr\/local\/psa\/var\/log\/maillog).<\/p>\n

9) OPTIONAL: Copy the policy.php.example page from the “documentation” directory
\n to a website and change spamdyke’s “policy-url” option to give its URL.
\n Be sure to test the contact form to make sure it sends messages correctly.<\/p>\n

Good luck! If you have any issues or questions, please send a message to the
\nspamdyke-users mailing list (the subscription form is at www.spamdyke.org).<\/p>\n

The “utils” directory contains additional utilities that spamdyke does not
\nrequire. If you wish to compile them, change to the “utils” folder, then run
\n“configure” and “make”:
\n cd spamdyke-x.y.z\/utils
\n .\/configure
\n make
\nCopy the executables to appropriate locations as needed. None of them need to
\nbe in any specific directory to work. None of them require the presence of the
\nothers. spamdyke does not need any of them to function.<\/p>\n

EXAMPLE:
\n My server runs netqmail-1.05+TLS+viruscan and vpopmail, installed using the
\n instructions from lifewithqmail.org. I put the whitelist, blacklist and
\n graylist files in the \/home\/vpopmail directory. This is not required, I just
\n put them there because the qmaild user already owns all the files there.
\n Other good locations for them might be \/etc\/spamdyke or \/var\/qmail\/spamdyke.<\/p>\n

My entire \/service\/qmail-smtpd\/run file is:
\n——————————————————————————–
\n#!\/bin\/sh<\/p>\n

QMAILDUID=`id -u qmaild`
\nNOFILESGID=`id -g qmaild`
\nMAXSMTPD=`cat \/var\/qmail\/control\/concurrencyincoming`
\nLOCAL=`head -1 \/var\/qmail\/control\/me`<\/p>\n

if [ -z “$QMAILDUID” -o -z “$NOFILESGID” -o -z “$MAXSMTPD” -o -z “$LOCAL” ]; then
\necho QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
\necho \/var\/qmail\/supervise\/qmail-smtpd\/run
\nexit 1
\nfi<\/p>\n

if [ ! -f \/var\/qmail\/control\/rcpthosts ]; then
\necho “No \/var\/qmail\/control\/rcpthosts!”
\necho “Refusing to start SMTP listener because it’ll create an open relay”
\nexit 1
\nfi<\/p>\n

exec \/usr\/local\/bin\/tcpserver -v -R -l “$LOCAL” -x \/etc\/tcp.smtp.cdb -c “$MAXSMTPD” -u “$QMAILDUID” -g “$NOFILESGID” 0 smtp \\
\n \/usr\/local\/bin\/spamdyke -f \/etc\/spamdyke.conf \\
\n \/var\/qmail\/bin\/qmail-smtpd \/home\/vpopmail\/bin\/vchkpw \/bin\/true \\
\n 2>&1
\n——————————————————————————–<\/p>\n

My \/etc\/spamdyke.conf file contains:
\n——————————————————————————–
\nlog-level=info
\nmax-recipients=5
\nidle-timeout-secs=300
\ngraylist-dir=\/home\/vpopmail\/graylist
\ngraylist-level=always
\ngraylist-min-secs=300
\ngraylist-max-secs=1814400
\npolicy-url=http:\/\/my.policy.explanation.url\/
\nreject-empty-rdns
\nreject-unresolvable-rdns
\nreject-ip-in-cc-rdns
\nrdns-whitelist-file=\/home\/vpopmail\/whitelist_rdns
\nip-whitelist-file=\/home\/vpopmail\/whitelist_ip
\ngreeting-delay-secs=5
\ndns-blacklist-entry=b.barracudacentral.org
\ndns-blacklist-entry=zen.spamhaus.org
\nrhs-blacklist-entry=fresh.spameatingmonkey.com
\nreject-sender=no-mx
\nreject-recipient=same-as-sender
\ntls-certificate-file=\/var\/qmail\/control\/servercert.pem
\nconfig-dir=\/etc\/spamdyke.d
\nconfig-dir=\/etc\/spamdyke.d2
\nsender-blacklist-file=\/home\/vpopmail\/blacklist_senders
\nsender-whitelist-file=\/home\/vpopmail\/whitelist_senders
\nrecipient-blacklist-file=\/home\/vpopmail\/blacklist_recipients
\nrecipient-whitelist-file=\/home\/vpopmail\/whitelist_recipients
\nip-in-rdns-keyword-blacklist-file=\/home\/vpopmail\/blacklist_keywords
\nip-blacklist-file=\/home\/vpopmail\/blacklist_ip
\nrdns-blacklist-dir=\/home\/vpopmail\/blacklist_rdns.d
\nheader-blacklist-file=\/home\/vpopmail\/blacklist_headers
\n——————————————————————————–<\/p>\n","protected":false},"excerpt":{"rendered":"

Installing spamdyke is pretty simple.<\/p>\n

1) Have a working qmail installation that runs from tcpserver. If you can’t send and receive email, stop and go to one of the following sites for help: http:\/\/www.lifewithqmail.org\/ http:\/\/www.qmailrocks.org\/ http:\/\/www.qmailtoaster.org\/<\/p>\n

If you’re using QmailToaster, there’s no need to install spamdyke by hand. Use the spamdyke installation script in […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[32],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/6069"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6069"}],"version-history":[{"count":1,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/6069\/revisions"}],"predecessor-version":[{"id":6070,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/6069\/revisions\/6070"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6069"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6069"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6069"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}