freebsd.munk.me.uk - Email

Installing Exim, SASLAuthd, ClamAV and SpamAssassin on FreeBSD 6.2

nospam@example.com (munk) — Wed, 17 Jan 2007 20:19:00 +0000

Introduction
This article describes the steps necessary to install and configure Exim on FreeBSD 6.2 with support for the following:

authenticated SMTP (asmtp) using SASLAuthd
spam detection and quarantine using SpamAssassin
malware detection and quarantine using ClamAV

Each of the required 'dependencies' or components will be installed and configured, Exim will be installed and configured and finally we will test to check each component is working as required.

With regards to spam and malware scanning, the system described will quarantine any files/messages that it finds classified as spam or malware. In this way the quarantined files can be checked over by the admin at a later date and various stats gathering can be done if required.

Installing and Configuring SASLAuthd
SASLAuthd is an authentication daemon that can handle authentication requests from 3rd party applications such as Exim - generally for any application that can't directly access a system password database because of permission restrictions. In this case running Exim MTA as 'root' is a potential security risk, so exim runs as the 'mailnull' user on FreeBSD. Unfortunately this means Exim can't easily read the system password database to authenticate users who want to send mail via the server, which is where SASLAuthd comes in. Any requests for authentication with Exim are passed on to the SASLAuthd daemon which will then verify whether the user credentials are valid - if so, the email is delivered, if not, it's rejected.

Install SASLAuthd from the FreeBSD ports tree:

CODE:
root@win /root# cd /usr/ports/security/cyrus-sasl2-saslauthd/
root@win /usr/ports/security/cyrus-sasl2-saslauthd# make install
...
root@win /usr/ports/security/cyrus-sasl2-saslauthd# rehash
Configure SASLAuthd to run at boot.

Edit /etc/rc.conf to include the following:

CODE:
saslauthd_enable="YES"
saslauthd_flags="-a getpwent"

Note:
SASLAuthd will run using the 'getpwent' authentication mechanism with the flag above. This method uses the passwd file directly instead of using other means like kerberos or PAM. If you require another method, check the manpage for saslauthd.
Start the SASLAuthd daemon running:

CODE:
root@win /usr/ports/security/cyrus-sasl2-saslauthd# cd /usr/local/etc/rc.d
root@win /usr/local/etc/rc.d# ./saslauthd start
(Optional) Test the SASLAuthd daemon:

Substitute 'user' and 'pass' for the username and password of a user
account on your system:

CODE:
root@win /usr/local/etc/rc.d# testsaslauthd -u user -p pass
0: OK "Success."

Installing and Configuring SpamAssassin
SpamAssassin (SA) is one solution to the problem of spam. SA can run as a daemon (spamd) in the background and accept requests from an MTA such as Exim to check whether an email message should be classified as spam.

Spamd looks at the message and checks for various factors that make the message more or less likely to be spam and assigns the message a score based on what it finds. Spamd will then reply to the MTA, telling it the spam score that it gave that message. The MTA can then decide - based on that score - whether to accept/reject the message - or in the case of this guide whether to instead quarantine the message.

Install SA from the FreeBSD ports.

Note:
There are various installation options you can choose when installing SA which you should see when you first run 'make install' in the SA port directory. To see the options after already configuring them you can run 'make config'.

In turn, each of SA's dependencies may also have options you can configure at install time.

To write this guide I'm only using the single option 'AS_ROOT' in the SA install configuation and for the other items generally just choose the
defaults.

CODE:
root@win /root# cd /usr/ports/mail/p5-Mail-SpamAssassin/
root@win /usr/ports/mail/p5-Mail-SpamAssassin# make install

Once complete, you should see:

CODE:
*************************************************************************
*           _  _____ _____ _____ _   _ _____ ___ ___  _   _             *
*          / \|_   _|_   _| ____| \ | |_   _|_ _/ _ \| \ | |            *
*         / _ \ | |   | | |  _| |  \| | | |  | | | | |  \| |            *
*        / ___ \| |   | | | |___| |\  | | |  | | |_| | |\  |            *
*       /_/   \_\_|   |_| |_____|_| \_| |_| |___\___/|_| \_|            *
*                                                                       *
*       See /usr/local/share/doc/p5-Mail-SpamAssassin/INSTALL,          *
*       and /usr/local/share/doc/p5-Mail-SpamAssassin/UPGRADE,          *
*       or http://spamassassin.org/dist/INSTALL and                     *
*       http://spamassassin.org/dist/UPGRADE BEFORE enabling            *
*       this version of SpamAssassin for important information          *
*       regarding changes in this version.                              *
*************************************************************************

It's a good idea to read the files listed in the banner above. SA has a large number of options that can be configured; a good place to start configuring options on FreeBSD is in /usr/local/etc/mail/spamassassin/.
Configure SA to run at boot.

Edit /etc/rc.conf to include the following:

CODE:
spamd_enable="YES"
Start SA spamd.

We can now go on to actually start spamd running as a daemon and verify spamd started ok:

CODE:
root@win /root# cd /usr/local/etc/rc.d
root@win /usr/local/etc/rc.d# rehash
root@win /usr/local/etc/rc.d# ./sa
sa-spamd* saslauthd*
root@win /usr/local/etc/rc.d# ./sa-spamd start
Starting spamd.
munk@win /usr/local/etc/rc.d# ./sa-spamd status
spamd is running as pid 754.

This tells us spamd is running ok in the background.

Installing and Configuring ClamAV
ClamAV is an anti-virus suite and includes a daemon clamd (runs in the background to check for requests to test for virii), another daemon freshclam (updates the virus definition database) and a couple of clients to run on the commandline if you need them for local virus scanning.

Exim will send requests to the clamd server in much the same was as spamd does - if clamd classifies a message as containing a virus, Exim will reject delivery of the message and instaed quarantine it.

Install ClamAV from the FreeBSD ports tree:

CODE:
root@win /root# cd /usr/ports/security/clamav
root@win /usr/ports/security/clamav# make install
Configure ClamAV to start at boot time.

Edit /etc/rc.conf to include:

CODE:
clamav_clamd_enable="YES"
clamav_freshclam_enable="YES"
Configure clamd.

Edit /usr/local/etc/clamd.conf to include the following:

CODE:
LogFile /var/log/clamav/clamd.log
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /var/db/clamav
LocalSocket /var/run/clamav/clamd
FixStaleSocket
User clamav
AllowSupplementaryGroups
ScanMail
ScanArchive
Start clamd and freshclam.

CODE:
root@win /root# cd /usr/local/etc/rc.d
root@win /usr/local/etc/rc.d# ./clamav-clamd start
Starting clamav_clamd.
root@win /usr/local/etc/rc.d# ./clamav-freshclam start
Starting clamav_freshclam.

Note:
You may see the following message on first running clamd:

CODE:
LibClamAV Warning: **************************************************
LibClamAV Warning: *** The virus database is older than 7 days. ***
LibClamAV Warning: *** Please update it IMMEDIATELY! ***
LibClamAV Warning: **************************************************

As long as you're running freshclam, you can safely ignore this message. Freshclam should update your definitions automatically. Be sure to configure freshclam to update the virus definitions regularly.

ClamAV should be configured now and ready to accept request to check for malware from the Exim MTA.

We can now move on finally to install and configure Exim.

Installing and Configuring Exim
Exim configuration can be very complicated. This guide will only deal with the configuration of Exim so it accepts mail on a domain 'mail.example.com', scans the mail for malware/spam - quarantining anything it finds as malware/spam and accepts authentication requests correctly.

Important:
Ensure your mail server's DNS is configured correctly and preferably has a reverse DNS record (rDNS) set up. Many mail servers will not deliver mail correctly to/from your mail server without rDNS.

Install Exim from the FreeBSD ports tree:

CODE:
[12:10:57] root@win /root# cd /usr/ports/mail/exim
[12:12:30] root@win /usr/ports/mail/exim# make -DWITH_CONTENT_SCAN -DWITH_SASLAUTHD install
Stop the Sendmail daemon if it's already running:

CODE:
root@win /root# cd /etc/rc.d
root@win /etc/rc.d# ./sendmail stop
Configure Exim to run at boot time.

Edit /etc/rc.conf to include:

CODE:
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
exim_enable="YES"

This has the effect of disabling sendmail at boot time - the default FreeBSD MTA - and running Exim instead.
Configure mailer.conf to use Exim as the default MTA.

Edit /etc/mail/mailer.conf to read:

CODE:
sendmail          /usr/local/sbin/exim
send-mail         /usr/local/sbin/exim
mailq             /usr/local/sbin/exim -bp
newaliases        /usr/bin/true

This will allow any FreeBSD base system mail related commands to use Exim instead of Sendmail.

Configuring Exim
We now move on to configuring Exim.

Set the primary hostname.

Edit /usr/local/etc/exim/configure.

Find and edit the 'primary_hostname' line for your domain:

CODE:
primary_hostname = example.com

This configures Exim to accept mail primarily for the 'example.com' domain - ie foobar@example.com.
Find and edit the following lines to read:

CODE:
av_scanner = clamd:/var/run/clamav/clamd
spamd_address = 127.0.0.1 783
Configure the malware and spam Access Control Lists (ACLs).

How malware/spam checking works in this system:
We add a check in the acl_check_data ACL for spam and malware. Exim will request each email is checked for spam/malware by the relevant daemon - spamd for spam, clamd for malware. If the message is classified as spam/malware by the relevant daemons, Exim will add a header to the message 'X-Quarantine-Me-Spam' (similar for malware).

Later on when it comes to actually delivering (termed 'routing' in Exim terminology), we add two routers to test for the existence of the headers that are added in the acl_check_data ACL if a message is found to be spam/malware. If the headers are found by the malware/spam routers, the message is not delivered but instead copied to a quarantine location on disk.

This quarantine location can then be checked later by an admin to check if anything is amiss - ie regular non spam/malware mail that should really have been delivered.

Once you're satisfied the configuration is working as it should - ie after a few months of operation - and not finding false positives, you can change the malware/spam acl checks to just deny instead of adding the quarantine headers. Having said that, I still opt to just quarantine malware/spam and remove it at a later date.

On to configuring the data ACL:

Modify the acl_check_data ACL to read/include:

CODE:
acl_check_data:

  # Deny if the message contains a virus. Before enabling this check, you
  # must install a virus scanner and set the av_scanner option above.
  #
  # defer_ok - pass this message if scanner is down etc:
  warn  message         = X-Quarantine-Me-Malware: $malware_name
        log_message     = malware: $malware_name
        demime          = *
        malware         = */defer_ok

  # Add headers to a message if it is judged to be spam. Before enabling this,
  # you must install SpamAssassin. You may also need to set the spamd_address
  # option above.
  #
  warn    message       = X-Quarantine-Me-Spam: SA score $spam_score\n\
                          X-SA-Report: $spam_report
          log_message   = Spam score $spam_score > 5
          spam          = spamd/defer_ok
          condition     = ${if >{$spam_score_int}{50}{1}{0}}

  # Accept the message.

  accept

At the top of the routers section, modify to read/include:

CODE:
begin routers

check_malware:
  driver                = redirect
  condition             = ${if def:h_X-Quarantine-Me-Malware: {1}{0}}
  headers_add           = X-Quarantined-Malware: $h_X-Quarantine-Me-Malware:
  headers_remove        = X-Quarantine-Me-Malware
  data                  = /var/quarantine/malware/malware.$tod_logfile
  file_transport        = address_file

check_spam:
  driver                = redirect
  condition             = ${if def:h_X-Quarantine-Me-Spam: {1}{0}}
  headers_add           = X-Quarantined-Spam: $h_X-Quarantine-Me-Spam:
  headers_remove        = X-Quarantine-Me-Spam
  data                  = /var/quarantine/spam/spam.$tod_logfile
  file_transport        = address_file

no_more

Modify the authenticators section to read:

CODE:
begin authenticators
plain:
driver = plaintext
public_name = PLAIN
server_condition = ${if saslauthd{{$2}{$3}}{1}{0}}

login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = ${if saslauthd{{$1}{$2}}{1}{0}}

Save the /usr/local/etc/exim/configuration file.
Create the quarantine directories and change ownership to mailnull:mail:

CODE:
root@win /root# mkdir -p /var/quarantine/{malware,spam}
root@win /root# chown mailnull:mail /var/quarantine/{malware,spam}
Restart Exim to suck in the new config options:

CODE:
root@win /root# /usr/local/etc/rc.d/exim restart
Stopping exim.
Starting exim.

Exim should now be set to check for malware/spam and to authenticate users.

Testing Exim configuration
Finally we can move on to test that our config works correctly for spam/malware checking and for authenticating users.

Testing Exim's malware/spam scanning.

The easiest option is to send an email to your mailserver with specially crafted malware/spam signatures included in the body of the message. When spamd/clamd see these signature strings in the body of the messages, they should classify the message as spam/malware and Exim in turn will quarantine the messages.

The official EICAR malware/virus testing signature is as follows:

CODE:
X5O%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILEspamcH+H*

See here for the official string:

http://www.eicar.org/anti_virus_test_file.htm

The official GTUBE spam testing signature is as follows:

CODE:
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

See here for the official string:

http://spamassassin.apache.org/gtube/

Note:
Another option for testing spam/malware scanning is to run exim from the commandline using the command 'exim -bh 127.0.0.1'. This will run an SMTP session from the commandline (think telnet) and allow you to inject your own specially crafted message using the signatures above. This requires you enter a valid SMTP session, something like:

CODE:
HELO example.com
MAIL FROM:foo@example.com
RCPT TO:foo@example.com
DATA
X5O%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILEspamcH+H*
.

This would simulate the injection of a mail message with a virus in it and in 'exim -bh' mode you can see a lot of useful debugging info to verify everything works ok.
Testing Exim's Authentication configuration.

We can now test that ASMTP is working. For this you can either run exim in one of it's many excellent debugging modes or you can simply configure a remote email client to use ASMTP. This guide will use the commandline to test ASMTP.

Important:
Before attempting this method please read the exim documentation on how ASMTP works. The following assumes you have read and understood that text.

First create a simple perl script called 'encode' in /usr/local/etc/exim/ and make sure it is executable:

CODE:
root@win /usr/local/etc/exim# cat encode
#!/usr/bin/perl
use MIME::Base64;
printf ("%s", encode_base64(eval ""$ARGV[0]""));
root@darkstar /usr/local/etc/exim# chmod +x encode
root@darkstar /usr/local/etc/exim# ls -al encode
-rwxr-xr-x  1 root  wheel  85 Apr 23 12:25 encode

Now decide which user account on your server you wish to test ASMTP with. It must be an account you know the password for obviously. I created an account called 'dummy' and set the password to 'dummy' as well - if you do this remember to remove the account or disable it as soon as you've finished testing.

Encode the user:password pair into base64 MIME using the 'encode' script we created above:

CODE:
root@darkstar /usr/local/etc/exim# ./encode "\0dummy\0dummy"
AGR1bW15AGR1bW15

Now enter into Exim's fake SMTP session command-line mode and just for good measure do it in authentication debug mode as well:

CODE:
root@win /root#  exim -d+auth -bh 127.0.0.1
Exim version 4.66 (FreeBSD 6.1) uid=0 gid=0 pid=3056 D=fbb95cfd
Probably Berkeley DB version 1.8x (native mode)
Support for: crypteq iconv() IPv6 use_setclassresources PAM Perl OpenSSL Content_Scanning Old_Demime
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch nis nis0 passwd
Authenticators: cram_md5 plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
changed uid/gid: forcing real = effective
  uid=0 gid=0 pid=3056
  auxiliary group list: 0
seeking password data for user "mailnull": using cached result
getpwnam() succeeded uid=26 gid=26
seeking password data for user "root": cache not available
getpwnam() succeeded uid=0 gid=0
configuration file is /usr/local/etc/exim/configure
log selectors = 00000ffc 00089001
trusted user
admin user
changed uid/gid: privilege not needed
  uid=26 gid=6 pid=3056
  auxiliary group list: 6 6
seeking password data for user "mailnull": cache not available
getpwnam() succeeded uid=26 gid=26
originator: uid=0 gid=0 login=root name=Charlie Root
sender address = root@win.munk.me.uk
sender_fullhost = [127.0.0.1]
sender_rcvhost = [127.0.0.1]

**** SMTP testing session as if from host 127.0.0.1
**** but without any ident (RFC 1413) callback.
**** This is not for real!

host in hosts_connection_nolog? no (option unset)
LOG: smtp_connection MAIN
  SMTP connection from [127.0.0.1]
host in host_lookup? yes (matched "*")
looking up host name for 127.0.0.1
DNS lookup of 1.0.0.127.in-addr.arpa (PTR) succeeded
IP address lookup yielded localhost.munk.me.uk
gethostbyname2 looked up these IP addresses:
  name=localhost.munk.me.uk address=::1
  name=localhost.munk.me.uk address=127.0.0.1
checking addresses for localhost.munk.me.uk
  ::1
  127.0.0.1 OK
sender_fullhost = localhost.munk.me.uk [127.0.0.1]
sender_rcvhost = localhost.munk.me.uk ([127.0.0.1])
set_process_info:  3056 handling incoming connection from localhost.munk.me.uk [127.0.0.1]
host in host_reject_connection? no (option unset)
host in sender_unqualified_hosts? no (option unset)
host in recipient_unqualified_hosts? no (option unset)
host in helo_verify_hosts? no (option unset)
host in helo_try_verify_hosts? no (option unset)
host in helo_accept_junk_hosts? no (option unset)
SMTP>> 220 win.munk.me.uk ESMTP Exim 4.66 Wed, 17 Jan 2007 19:24:22 +0000
220 win.munk.me.uk ESMTP Exim 4.66 Wed, 17 Jan 2007 19:24:22 +0000
smtp_setup_msg entered

When you get to this point you are ready to start an SMTP 'conversation' with Exim. First introduce yourself to Exim using the SMTP 'EHLO localhost' command:

CODE:
EHLO localhost
SMTP<< EHLO localhost
sender_fullhost = localhost.munk.me.uk (localhost) [127.0.0.1]
sender_rcvhost = localhost.munk.me.uk ([127.0.0.1] helo=localhost)
set_process_info:  3103 handling incoming connection from localhost.munk.me.uk (localhost) [127.0.0.1]
host in pipelining_advertise_hosts? yes (matched "*")
host in auth_advertise_hosts? yes (matched "*")
host in tls_advertise_hosts? no (option unset)
250-win.munk.me.uk Hello localhost.munk.me.uk [127.0.0.1]
250-SIZE 52428800
250-PIPELINING
250-AUTH PLAIN LOGIN
250 HELP
SMTP>> 250-win.munk.me.uk Hello localhost.munk.me.uk [127.0.0.1]
250-SIZE 52428800
250-PIPELINING
250-AUTH PLAIN LOGIN
250 HELP

In response to your 'EHLO localhost' command, Exim returns more debug information but most importantly for us it also indicates what authentication options it offers in this line:

CODE:
250-AUTH PLAIN LOGIN

This indicates that currently acceptable AUTH methods are PLAIN and LOGIN.

We can then test the PLAIN login method using the "\0dummy\0dummy" user:password pair we encoded above:

CODE:
AUTH PLAIN AGR1bW15AGR1bW15
SMTP<< AUTH PLAIN AGR1bW15AGR1bW15
Running pwcheck authentication for user "dummy"
pwcheck: success (NULL)
plain authenticator:
  $1 =
  $2 = dummy
  $3 = dummy
expanded string: 1
SMTP>> 235 Authentication succeeded
235 Authentication succeeded

This indicates that authentication for 'dummy:dummy' would succeed and mail would be relayed (pending further conditional checks by Exim).

So we now have a working Exim with support for spam/malware checking and authentication over SMTP.

Mutt Auto Save Hooks

nospam@example.com (munk) — Wed, 13 Sep 2006 17:51:02 +0000

UPDATE:
I've updated the perl script to allow user input of the save hook.
Also importantly I forgot to mention in the article originally that you must add the string '#SAVE AND FCC HOOKS' at the place in your ~/.muttrc file where you want the save hooks to be saved!

This is a recipe for automatically creating save-hooks in the Mutt mail client. The recipe allows you to bind the function to a key - I use 'esc H' - so when you receive mail say from 'munk @ munk.me.uk', you hit 'esc H' and mutt will create a save-hook that saves any mail from that address to 'munk.me.uk'. That way when you hit 's' to save the mail to a folder, mutt will automatically prompt you to save the mail to 'munk.me.uk'.

The recipe involves editing the ~/.muttrc file and the creation of a perl script to do the work. It also requires formail (part of procmail iirc). The script is based on an original script by Eric Smith on the mutt mailing list.

First add this to your ~/.muttrc file:

CODE:

# Notes:
#
# Modify the paths to the 'hookgen.pl' script as needed
# - it should be the location you decide to save the perl script as.
#
# Modify the temp file path if you want.
# /tmp should be fine though unless you have a busy server and don't want to
# risk others seeing who you receive mail from.
#
# The file after the ':source' command should be the file that you want to contain the save hooks in.
# In my setup I have all my hooks in a separate file, ~/.mutt/mutt.hooks, which is sourced from my main
# ~/.muttrc file.
#
# There are 3 bindings, one for each mutt 'view':
macro index \eH "<pipe-message>formail -X \
From:>/tmp/hookgen.pl_cache\n<shell-escape>/home/munk/bin/perl/mutt/hookgen.pl\n:source \
~/.mutt/mutt.hooks\n" "Edit mutt hooks file and reload it"
macro pager \eH \
"<pipe-message>formail -X \
From:>/tmp/hookgen.pl_cache\n<shell-escape>/home/munk/bin/perl/mutt/hookgen.pl\n:source \
~/.mutt/mutt.hooks\n" "Edit mutt hooks file and reload it"

This presumes you're using the key sequence 'ESC H' - the escape key followed by a capital H - to bind the function. Feel free to use another keystroke.

At the point in your ~/.muttrc file that you want the save-hook saving, add the following:

CODE:

'#SAVE AND FCC HOOKS'

Now create and save the following perl script for the above macro binding to use. Please note I didn't originally write this script, I based it on a script by Eric Smith in the URL below. You might want to read the original mail because he uses a slightly different approach. You can debug the script on the commandline by uncommenting the line starting '#$debug'.

Here's the script:

CODE:

#!/usr/bin/perl -w
# Original idea with thanks to Eric Smith.
# see here: http://marc.10east.com/?l=mutt-users&m=104422326212956&w=2

# Overview:
# This script allows you to create save hooks in mutt. Add the following to
# your ~/.muttrc file:
#
# macro index \eH "<pipe-message>formail -X From:>/tmp/hookgen.pl_cache\n \
# <shell-escape>/home/munk/bin/perl/mutt/hookgen.pl\n:source ~/.mutt/mutt.hooks\n" \
# "Edit mutt hooks file and reload it"
# macro pager \eH # "<pipe-message>formail -X # From:>/tmp/hookgen.pl_cache\n \
# <shell-escape>/home/munk/bin/perl/mutt/hookgen.pl\n:source ~/.mutt/mutt.hooks\n" \
# "Edit mutt hooks file and reload it"
#
# substituting:
# /tmp/hookgen.pl_cache for the location you want to store the 'From' header
# temporarily
#
# /home/munk/bin/perl/hookgen.pl for the location of this script.
#
# ~/.mutt/mutt.hooks for the file you want to save the hooks into, normally this will be your ~/.muttrc
#
# IMPORTANTLY: add the following in the file you want to save the hooks to:
# '#SAVE AND FCC HOOKS' (everything inside the quotes)

use strict;
my $cmd = undef;
my $regexp = undef;
my $folder = undef;
my $alt_hook = undef;
my $domain = undef;
my $save_hook = undef;
my $debug = undef;

# set this to the name of the temp file used in the muttrc bind directive for
# this macro:
my $tmp_file = '/tmp/hookgen.pl_cache';

# set this to the file you want to save the hooks to - make sure the hook file
# has the text '#SAVE AND FCC HOOKS' in it!:
my $hook_file = '/home/munk/.mutt/mutt.hooks';

# To debug the script, uncomment the following line:
# $debug = 'From: "John Smith" <john.smith@example.com>';

`echo '$debug' > $tmp_file` if $debug;

open CACHE, "</tmp/hookgen.pl_cache" or die "Cannot open /tmp/hookgen.pl_cache $!";
while (<CACHE>) {
if(/^from:/i){
chomp;
/.*\@([^>]*)/i;
$domain = $1;
}
}
$regexp = $folder = $domain;
close CACHE;

$save_hook="save-hook '~f $regexp' +/$folder";

while(){
print "Save hook to be added:\n\n$save_hook\n\n";
print "Hit enter to save, enter an alternative save-hook, or hit ctrl-c to exit:\n";

chomp($alt_hook = <STDIN>);

if ($alt_hook eq ""){
last;
} else {
$save_hook = $alt_hook ;
}
}

$cmd = 'perl -pi -e "s@(?<=#SAVE AND FCC HOOKS)@\n' . $save_hook . '@" ' . $hook_file;

if($debug){
print "Running in debug mode:\n\n";
print "Would have saved this hook:\n\n$save_hook\n\n";
print "to this hook file:\n\n$hook_file\n";
print "Using this command:\n\n$cmd\n";
} else {
system qq|$cmd|;
}

Forwarding Mail To Gmail

nospam@example.com (munk) — Wed, 25 Aug 2004 17:48:15 +0000

I had the good fortune to be given a gmail account a while ago (thanks elybis!) and planned to use it mainly for mailing list messages. Being able to search through years worth of mailing lists instantly sounded ideal and with that I set to forwarding all the current mailing list messages I have for certain lists on to my gmail account...

Read the extended article for info on bouncing mail to gmail with mutt (miserable failure), reconfiguring Exim to handle bouncing mail to gmail more effectively and using a perl script to streamline injecting messages into the Exim mail queue for delivery to Gmail.

Continue reading "Forwarding Mail To Gmail"

Email Related Perl Scripts

nospam@example.com (munk) — Sat, 06 Mar 2004 18:29:51 +0000

There are a number of interesting email related perl scripts here:

http://www.cpan.org/scripts/mailstuff/

Stumbled across this after a question by Manuel Hirsch on the Devshed Forum asking how to delete all duplicate emails from an mbox format mail spool/file/folder.

Happy Birthday Spam

nospam@example.com (munk) — Fri, 05 Mar 2004 17:26:56 +0000

Today is the 10th birthday of spam - not sure whether to be happy about this... :P

Spam's Tenth Birthday

Microsoft Tackle Spam

nospam@example.com (munk) — Fri, 27 Feb 2004 21:21:14 +0000

After making some noises about tackling the spam problem, Microsoft have just released information about their initiative to tackle the problem. The initiative is dubbed 'Caller-ID For Email and works along the lines of adding extra info to DNS records to identify where email is allowed to originate from for a given domain.

This idea is almost identical to that put forward by the SPF Folk, although the caller-id approach uses XML in the DNS records instead of plaintext - which the SPF approach uses. This could have the downside of breaking or causing unnecessary DNS traffic with increased packet sizes being required to transport XML encapsulated DNS data.

The caller-id approach also requires the full message to be read by the MTA before any action is appropriated. This could potentially increase SMTP traffic, leading to a waste of bandwidth.

Only time will tell which approach will be taken up.

Original article here:

MS Caller ID Plan Boosts SMTP Authentication

MailGraph Modified For Exim

nospam@example.com (munk) — Tue, 17 Feb 2004 12:12:46 +0000

Christian G. Warden has just kindly sent me an email detailing the location of a modified version of the mailgraph tool which keeps track of messages rejected in different classes by exim.

The modified package can be found here:

http://postica.net/software/mailgraph/

Thanks Christian!

Selective Spam Filtering System For Exim

nospam@example.com (munk) — Thu, 12 Feb 2004 12:21:52 +0000

This is a HOWTO guide for setting up a selecting spam filtering system on Exim:

Selective Spam Filtering System For Exim

Note this is very similar in fact to a method detailed in the Exiscan ACL examples found here:

exiscan-acl example configurations / FAQ - search for '6. Having multiple content scanning profiles for several'

SPF Records Added

nospam@example.com (munk) — Thu, 12 Feb 2004 12:02:22 +0000

Just added a bunch of DNS SPF TXT records for the domains I send email for. Lets hope that eventually when the uptake of SPF checking takes off - and it will right? - that this helps cut down on spam.

"Reply-To" Munging Considered Harmful

nospam@example.com (munk) — Tue, 10 Feb 2004 15:26:05 +0000

Just a personal bookmark for myself:

"Reply-To" Munging Considered Harmful

Patch Released For ClamAV On FreeBSD

nospam@example.com (munk) — Mon, 09 Feb 2004 16:18:32 +0000

Woot - just found a post on the exim-users list by Oliver Eikemeier that allegedly stops a DOS caused by ClamAV crashing and stopping mail being processed - sounds like the problem I was having here.

Anyway I just applied the patch and reinstated the ClamAV Exiscan ACL, so fingers crossed the clamd daemon stays up a little longer than last time.

The patch is included in the extended article 'just in case'.
:P

Continue reading "Patch Released For ClamAV On FreeBSD"

ClamAV Broken

nospam@example.com (munk) — Thu, 05 Feb 2004 12:48:43 +0000

After installing and configuring clamav, I left the thing running overnight and found the next day that the clamd av scanner daemon had been down for about 16 hours. Lots of mail was dropped because of this - the clamav acl fails and so mail is temporarily deferred. It seems that clamav is known for not being the most stable of daemons, hopefully recent development on the daemon will make it more stable - running in processes instead of threads. I had thought and tried to get clamd working with daemontools, but ran into problems with this method. I can live without the av scanner for now..

Exim Cookbook

nospam@example.com (munk) — Tue, 03 Feb 2004 19:08:23 +0000

This forum contains a lot of useful cookbook style recipes for Exim:

The Unofficial Exim MTA Info Forums

Worth a visit if you're after examples of how to configure Exim. :P

Sender Permitted From - SPF - Yet Another Solution To Spam?

nospam@example.com (munk) — Tue, 03 Feb 2004 19:03:40 +0000

Sender Permitted From or SPF - is an initiative aimed at reducing spam and malware through the introduction of a DNS based grammar which describes where a domain sends email from - in effect a 'reverse-MX' record.

See also the excellent SPF Tools Site

Continue reading "Sender Permitted From - SPF - Yet Another Solution To Spam?"

Installing, Configuring and Testing ClamAV On FreeBSD Exim

nospam@example.com (munk) — Tue, 03 Feb 2004 13:54:35 +0000

This is a HOWTO style guide to installing, configuring and testing the ClamAV anti-virus scanner on FreeBSD, including details on integrating support for mail-scanning with clamav into Exim.

Continue reading "Installing, Configuring and Testing ClamAV On FreeBSD Exim"