On Sunday 06 July 2003 14:38, Cowles, Steve wrote: > > Your setup is very similar to what I have setup here. I too, frontend > an exchange server with sendmail/spamass-milter/spamassassin. Your > document is not a bad start for people wanting to frontend another > mail server using SA. i.e. procmail is NOT called by the frontend > system to filter e-mail.
We should have many similarities since I built this test system based on many of the comments you've made in the archives. Good work and thanks for the many valuable tips! > > So that we are on the same page with regards to RH-9.0, I thought I > would add a few of my notes. > > 1) In the spamassassin section, I downloaded the latest spamassassin > src RPM (2.55) and then issued the following to install spamassassin: > # rpmbuild --rebuild spamassassin-<version>.src.rpm > # cd /usr/src/redhat/RPMS/i386 > # rpm -i spamassassin-<version>.rpm > > NOTE: I also had to download/install the dependencies for the > spamassassin rpm. This included: > perl-Mail-Spamassassin-<version>.src.rpm and > spamassassin-tools-<version>.src.rpm. If I remember correctly, I > issued the same rpmbuild sequence against these packages too so the > dependencies were properly loaded. > > As for your instructions regarding configuring SA on a per user > (local) basis, I have had zero luck with this. Mainly because list > server e-mail is not addressed to me directly. i.e. To: So I > configured SA to work in a site-wide basis by editing > /etc/mail/spamassassin/local.cf. I'm using the distributed tarball for version 2.55 on my test box. For the puposes of this test the "local" entry in my notes was just to indicate that I should get Spamassassin up and running, check it out for proper operation on local accounts before moving on to the "frontend" aspects. For the users on the Exchange Server I too used the site-wide configurations for spamassassin but I also found that I had to copy the /etc/mail/spamassassin files to /root/.spamassassin in order to get everything to work right. I meant to look into this but forgot about that until just now. > > 2) In the spamass-milter section, I downloaded the latest > spamass-milter src RPM (0.2.0) and then issued the following to > install spamass-milter: # rpmbuild --rebuild > spamass-milter-<version>.src.rpm > # cd /usr/src/redhat/RPMS/i386 > # rpm -i spamass-milter-<version>.rpm > > 3) In the sendmail section, I agree with all of your notes with the > exception of the access file entries. Personally, I do not see how > your system accepts e-mail for your domain when you include: > exDomain.com REJECT > > I tried your exmaple on a test server I have setup here and all > e-mail was rejected for [EMAIL PROTECTED] Even if I included a > validuser as you have shown. Maybe you could clarify (off the list) > how your system accepts e-mail for your domain while using the access > file format you have specified. If I followed your instructions for > the access section of your document, all e-mail would be rejected at > my end. > This was important to me, building a "whitelist" of valid users, and I couldn't see how sendmail would do it. It's certainly not obvious, at least to me, from reading the /usr/share/sendmail.cf/README file that this would work. In fact, I thought surely this would reject all mail for the domain but someone on the sendmail newsgroup suggested it and lo-and-behold it worked beautifullly as soon as I tried it. I use this test box to relay mail for three other domains now and all are using this "whitelist" mechanism to great effect. Since this past Monday I have blocked over 3500 attempts to send mail to old or non-existant accounts. Here is my sendmail.mc file, perhaps there's something there that may have an impact on how this aspect works but I just don't realize because I certainly can't explain why it would work for me and not for you. divert(-1)dnl include(`/usr/share/sendmail-cf/m4/cf.m4')dnl VERSIONID(`setup for Red Hat Linux')dnl OSTYPE(`linux')dnl define(`confDEF_USER_ID',``8:12'')dnl define(`confTRUSTED_USER', `smmsp')dnl define(`confTO_CONNECT', `1m')dnl define(`confTRY_NULL_MX_LIST',true)dnl define(`confDONT_PROBE_INTERFACES',true)dnl define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl define(`ALIAS_FILE', `/etc/aliases')dnl define(`STATUS_FILE', `/etc/mail/statistics')dnl define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl define(`confAUTH_OPTIONS', `A')dnl define(`confTO_IDENT', `0')dnl define(`confDOMAIN_NAME', `<test.mail.server.FQDN>')dnl FEATURE(`no_default_msa',`dnl')dnl FEATURE(`smrsh',`/usr/sbin/smrsh')dnl FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl FEATURE(always_add_domain)dnl FEATURE(use_cw_file)dnl FEATURE(use_ct_file)dnl FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl FEATURE(`blacklist_recipients')dnl FEATURE(`dnsbl',`sbl.spamhaus.org',`Rejected ( http://spamhaus.org/ )')dnl EXPOSED_USER(`root')dnl INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/sendmail/spamass.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl MAILER(smtp)dnl MAILER(procmail)dnl One question that came to mind while doing this, but I haven't tried to find the answer yet, is will it work the same when the RELAY statements are done in the /etc/mail/access as opposed to the /etc/mail/relay-domains file which I am using. Regards, Mike Klinke -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
