http://clapf.org/wiki/ 2012-05-21T07:10:04+02:00 http://clapf.org/wiki/ http://clapf.org/wiki/lib/tpl/mmkanso/images/favicon.ico text/html 2010-02-18T15:42:08+02:00 http://clapf.org/wiki/doku.php/0.4.4:antispamdetails?rev=1266504128&do=diff Some internals, and further reading Antispam decision Clapf uses a statistical algorithm* to decide whether the incoming email is spam or not. It only marks the message by inserting a new message header called “X-Clapf-spamicity” indicating what probability the email has. If the probability is above a certain limit clapf also adds the “X-Clapf-spamicity: Yes” flag to the message header. This second header is just for the easy spam recognition. text/html 2010-02-18T15:42:08+02:00 http://clapf.org/wiki/doku.php/0.4.4:antivirussupport?rev=1266504128&do=diff Antivirus support Clapf supports several antivirus products to provide antivirus support: * avast! * clamav * Dr.Web * Kaspersky avast! Prerequisites: You have a working avast! installation. Edit /etc/avastd.conf and set the following variable in the [local] section: text/html 2010-02-18T15:42:08+02:00 http://clapf.org/wiki/doku.php/0.4.4:exim?rev=1266504128&do=diff clapf with Exim Prerequisites You have a working Exim installation. You _have_to_ compile clapf using SMTP (ie. without the --enable-lmtp configure options) Configuring Exim 1. Edit /etc/exim/exim.conf i) specify in the 'Main configuration settings' section that exim should listen on 127.0.0.1:10026/tcp, too: text/html 2010-02-18T15:42:08+02:00 http://clapf.org/wiki/doku.php/0.4.4:index?rev=1266504128&do=diff Upgrading Installation instructions Using the clapf daemon Spam filtering with spamdrop via a maildrop or procmail script. Set up the database backend Perform the initial training Set up training aliases for users Token group types Logging web UI * Setting up the web UI * Administrator tasks in the web UI * Using the web UI * You may try the web UI. Login: aaa@aaa.fu, password: aaa, or admin@local:clapfrocks text/html 2010-02-18T15:42:08+02:00 http://clapf.org/wiki/doku.php/0.4.4:initialtraining?rev=1266504128&do=diff Initial training The initial training provides an out of the box anti-spam capability for your users, and creates the various SQL tables. You should have two collections of emails: ham and spam. It's better when they are roughly the same size and you should have 1-2-3-5,000 messages per corpora. The messages can be either in RFC-822 mailbox format (eg. Pine and Thunderbird stores emails in this format) or in 2 directories - one containing only ham emails, and the other only spam emails (one em… text/html 2010-02-18T15:42:08+02:00 http://clapf.org/wiki/doku.php/0.4.4:installation?rev=1266504128&do=diff Installation Prerequisites Mandatory: * You have a working database. Clapf supports MySQL and SQLite3. * If you use the spamdrop utility for spam filtering, then install Maildrop, too. Recommended: * Install a supported anti-virus application. See the antivirus support page for the details. text/html 2010-02-18T15:42:08+02:00 http://clapf.org/wiki/doku.php/0.4.4:ldap?rev=1266504128&do=diff LDAP support Prerequisites You have a working LDAP (probably openldap) installation. Installation and configuration 1. Add the required schema files to the LDAP server. If you have openldap: Please note that the qmail.schema depends on the core, cosine, and nis schemas, so do not forget to include them in your slapd.conf. text/html 2010-02-18T15:42:08+02:00 http://clapf.org/wiki/doku.php/0.4.4:logging?rev=1266504128&do=diff Logging Based on the verbosity level clapf syslog()s about its operation. Normally (verbosity=1) clapf logs a single line, eg. Sep 11 16:16:35 thorium clapf[28688]: 4aaa5bc2e143b68ed701d8833be296: sj@acts.hu got SPAM, 1.000, 2378, relay=127.0.0.1:10026, delay=0.12, delays=0.01/0.01/0.00/0.00/0.00/0.02/0.00/0.04/0.00/0.05, status=250 2.0.0 Ok: queued as 5597A17021 text/html 2010-02-18T15:42:08+02:00 http://clapf.org/wiki/doku.php/0.4.4:minefield?rev=1266504128&do=diff Blackhole/minefield Some of the spam flood can be prevented with a trap email address. Any email sent to an email address like that is obviously spam. To enable the minefield follow these steps: Edit clapf.conf and set the blackhole_email_list variable: text/html 2010-02-18T15:42:08+02:00 http://clapf.org/wiki/doku.php/0.4.4:policygroups?rev=1266504128&do=diff Policy support Different users may need different settings. With policy support enabled you can create different policies matching the needs of different user groups. Clapf supports policy groups from version 0.4.0. The default policy ('0') is just the configuration you have in clapf.conf. If you modify clapf.conf it means that you modify the default policy that applies to every user. text/html 2010-02-18T15:42:08+02:00 http://clapf.org/wiki/doku.php/0.4.4:rbl?rev=1266504128&do=diff RBL and SURBL support Clapf supports both regular blacklists and URL blacklists. If clapf is unable to determine whether the incoming email is spam or not, it may query some blacklists. To enable it, set the following variables: text/html 2010-02-18T15:42:08+02:00 http://clapf.org/wiki/doku.php/0.4.4:setuptrainingaliases?rev=1266504128&do=diff Further training Administrators may train the token database with commandline tools, regular users may forward the mis-classified messages as an attachment to one of the two special email adresses. Using the command line Administrators may use spamdrop to train the token database: text/html 2010-02-18T15:42:08+02:00 http://clapf.org/wiki/doku.php/0.4.4:statistics?rev=1266504128&do=diff System wide statistics You may create various graphs about the operation of clapf like the following: Prerequisites: install rrdtool: <http://www.rrdtool.org/> 1. Create the rrd files: 2. Create two cron entries: process_syslog.pl needs the following arguments (your date command may be different): text/html 2010-02-18T15:42:08+02:00 http://clapf.org/wiki/doku.php/0.4.4:tokendatabase?rev=1266504128&do=diff Token database This documentation describes how to create the initial token database. Using the MySQL backend Create a dedicated MySQL user and database: #mysql -u root -p mysql>create database clapf; mysql>grant all privileges on clapf.* to clapf@localhost identified by 'verystrongpassword'; mysql>flush privileges; mysql>quit; Create a my.cnf file (eg. /usr/local/share/clapf/.my.cnf) : text/html 2010-02-18T15:42:08+02:00 http://clapf.org/wiki/doku.php/0.4.4:tokengrouptypes?rev=1266504128&do=diff Token group types clapf supports different token group types: text/html 2010-02-18T15:42:08+02:00 http://clapf.org/wiki/doku.php/0.4.4:ubuntu?rev=1266504128&do=diff Notes for Ubuntu users You need the following packages if you use Ubuntu 9.04 (credits: lavian) text/html 2010-02-18T15:42:08+02:00 http://clapf.org/wiki/doku.php/0.4.4:upgrading?rev=1266504128&do=diff Upgrading Though I try my best to make upgrades as smooth as possible, sometimes I have to make some changes. This page gives a detailed, step by step instructions how to do the upgrade with less pain. Please note, if you upgrade from a previous version, you should do all the changes. Eg. if you migrate from 0.4.1 to 0.4.3, then apply the changes from 0.4.1 to 0.4.2, then from 0.4.2 to 0.4.3. text/html 2010-02-18T15:42:08+02:00 http://clapf.org/wiki/doku.php/0.4.4:usingmaildrop?rev=1266504128&do=diff Using maildrop with real users Spamdrop also can be used with virtual users, see the FAQ for details. Edit /etc/postfix/main.cf: Configure the global maildroprc file (/etc/maildroprc): Make sure to set up proper permissions: The first line passes the email to spamdrop, then it reads the email the put some stuff to the email header. If it's a spam, spamdrop inserts the “X-Clapf-spamicity: Yes” header line and may mark the Subject line too. Then before the local delivery it tries to create th… text/html 2010-02-18T15:42:08+02:00 http://clapf.org/wiki/doku.php/0.4.4:usingprocmail?rev=1266504128&do=diff Using procmail with real users Configure the global procmailrc file (/etc/procmailrc): The first rule passes the email to spamdrop, then it reads the email the put some stuff to the email header. If it's a spam, spamdrop inserts the “X-Clapf-spamicity: Yes” header line and may mark the Subject line too. After downloading the email via POP3/IMAP4/... you can sort your spam to the junk folder or do whatever you want with it. text/html 2010-02-18T15:42:08+02:00 http://clapf.org/wiki/doku.php/0.4.4:usingtheclapfdaemon?rev=1266504128&do=diff Using the clapf daemon Start the clapf daemon: If you use Exim instead of Postfix, then click here. Edit /etc/postfix/master.cf and the following lines: Edit /etc/postfix/main.cf and add the following lines: If you want SMTP local delivery instead of LMTP, then omit the --enable-lmtp configure option and use the following content_filter reference: text/html 2010-02-18T15:42:08+02:00 http://clapf.org/wiki/doku.php/0.4.4:webui-admin?rev=1266504128&do=diff Administrator tasks in the web UI You can login with admin@local:admin as a master admin. Your very first task should be to change the admin password. There are two types of admin roles. You are 'master admin' if you have isadmin=1 (or isAdmin: 1 in case of LDAP). If so, you can manage the users, policies, and email domains. text/html 2010-02-18T15:42:08+02:00 http://clapf.org/wiki/doku.php/0.4.4:webui-setup?rev=1266504128&do=diff Setting up the web UI The 'web UI' stands for the web user interface. It is a collection of PHP scripts, so to use it, you need a web server with PHP support. You have to use --with-userdb=... in order to make the webui work. The user database stores user data, such as numeric uid, username, email address, email aliases, whitelists, policy settings, ... (but not any token related data). text/html 2010-02-18T15:42:08+02:00 http://clapf.org/wiki/doku.php/0.4.4:webui-using?rev=1266504128&do=diff Using the web UI A regular user may access his spam quarantine where he can review his messages. The default view is a formatted view where he can see even the images if there is any. The user can 'release' messages from the quarantine, ie. deliver them to his mailbox, and he can also do this by training the message. text/html 2010-02-18T15:42:08+02:00 http://clapf.org/wiki/doku.php/0.4.4:whitelist?rev=1266504128&do=diff Whitelist support Clapf does maintain an internal (and dymanic) whitelist. If you have a partner sending you lots of good emails, then his email address will be in the ham dictinary, ie. his email address is associated with good emails. Then if he starts sending spam later, then his email address will be no longer on the good side, thus dropped from the whitelist. text/html 2010-02-18T15:42:08+02:00 http://clapf.org/wiki/doku.php/0.4.4:zombies?rev=1266504128&do=diff Handling zombies Most of the spam, malware and phishing emails come from zombie networks. Fortunately for us they share a generic pattern. A zombie computer sends messages directly to the MX servers of the recipient instead of using the SMTP relay hosts of its service provider.