clapf wiki current

current:antispamdetails

2010-01-20T10:14:34+02:00

Some internals, and further reading Antispam decision Clapf uses a statistical algorithm* to decide whether the incoming email is spam or not. It only marks the message by inserting a new message header called “X-Clapf-spamicity” indicating what probability the email has. If the probability is above a certain limit clapf also adds the “X-Clapf-spamicity: Yes” flag to the message header. This second header is just for the easy spam recognition.

current:antivirussupport

2011-06-11T09:18:00+02:00

Antivirus support Clapf supports several antivirus products to provide antivirus support: * avast! * clamav * Dr.Web * Kaspersky * ESET avast! Prerequisites: You have a working avast! installation. Edit /etc/avastd.conf and set the following variable in the [local] section:

current:exim

2010-01-31T20:22:53+02:00

clapf with Exim Prerequisites You have a working Exim installation. You _have_to_ compile clapf using SMTP (ie. without the --enable-lmtp configure options) Configuring Exim 1. Edit /etc/exim/exim.conf i) specify in the 'Main configuration settings' section that exim should listen on 127.0.0.1:10026/tcp, too:

current:index

2011-04-02T16:12:45+02:00

Upgrading Installation instructions Using the clapf daemon Spam filtering with spamdrop via a maildrop or procmail script. Set up the database backend Perform the initial training Set up training aliases for users Token group types Logging Security

current:initialtraining

2010-01-19T22:24:36+02:00

Initial training The initial training provides an out of the box anti-spam capability for your users, and creates the various SQL tables. You should have two collections of emails: ham and spam. It's better when they are roughly the same size and you should have 1-2-3-5,000 messages per corpora. The messages can be either in RFC-822 mailbox format (eg. Pine and Thunderbird stores emails in this format) or in 2 directories - one containing only ham emails, and the other only spam emails (one em…

current:installation

2011-06-10T22:26:24+02:00

Installation Prerequisites Mandatory: * You have a working database. Clapf supports MySQL 5.1+ and SQLite3. * If you use the spamdrop utility for spam filtering, then install Maildrop, too. Recommended: * Install a supported anti-virus application. See the antivirus support page for the details.

current:ldap

2011-06-10T22:36:21+02:00

LDAP support Prerequisites You have a working Active Directory or LDAP (probably openldap) installation. LDAP / Active Directory support clapf supports only SQL database. However it can import / synchronise AD/LDAP data to its local database. You can do the synchronisation using a CLI tool or the “Administration / Import users from LDAP” menu in the webui.

current:logging

2010-04-22T09:46:19+02:00

Logging Based on the verbosity level clapf syslog()s about its operation. Normally (verbosity=1) clapf logs a single line, eg. Sep 11 16:16:35 thorium clapf[28688]: 4aaa5bc2e143b68ed701d8833be296: sj@acts.hu got SPAM, 1.000, 2378, relay=127.0.0.1:10026, delay=0.12, delays=0.01/0.01/0.00/0.00/0.00/0.02/0.00/0.04/0.00/0.05, status=250 2.0.0 Ok: queued as 5597A17021

current:minefield

2010-02-04T09:16:55+02:00

Blackhole/minefield Some of the spam flood can be prevented with a trap email address. Any email sent to an email address like that is obviously spam. To enable the minefield follow these steps: Edit clapf.conf and set the blackhole_email_list variable:

current:mynetwork

2011-04-11T11:20:11+02:00

mynetwork The purpose of the mynetwork feature is to prevent clapf running spam check on emails coming from certain IP-addresses. If the client IP-address matches mynetwork, clapf will add ”: mynetwork” to the message header.

current:policygroups

2011-03-23T11:28:01+02:00

Policy support Different users may need different settings. With policy support enabled you can create different policies matching the needs of different user groups. Clapf supports policy groups from version 0.4.0. The default policy ('0') is just the configuration you have in clapf.conf. If you modify clapf.conf it means that you modify the default policy that applies to every user.

current:rbl

2010-02-04T09:16:55+02:00

RBL and SURBL support Clapf supports both regular blacklists and URL blacklists. If clapf is unable to determine whether the incoming email is spam or not, it may query some blacklists. To enable it, set the following variables:

current:security

2010-10-18T11:48:50+02:00

Security Usually, clapf listens on the localhost, so it cannot be accessed directly. As clapf listens on a high port (>1024) it does not require any special privileges. You can set the 'username' configuration variable in clapf.conf, and clapf will switch to that user if you start it as the root user.

current:setuptrainingaliases

2011-06-10T22:31:11+02:00

Further training Administrators may train the token database with commandline tools, regular users may forward the mis-classified messages as an attachment to one of the two special email adresses. Using the command line Administrators may use spamdrop to train the token database:

current:statistics

2010-10-03T23:14:56+02:00

System wide statistics The webui is able to create various graphs about the operation of clapf derived from the history database collected by the maillog.pl script: Automated PDF reports are also possible: See example PDF report ---------- If you want to preserve data required for the upper two charts longer, then

current:tokendatabase

2011-06-10T22:28:55+02:00

Token database This documentation describes how to create the initial token database. Using the MySQL backend Create a dedicated MySQL user and database: #mysql -u root -p mysql>create database clapf character set 'utf8'; mysql>grant all privileges on clapf.* to clapf@localhost identified by 'verystrongpassword'; mysql>flush privileges; mysql>quit; Create a my.cnf file (eg. /usr/local/share/clapf/.my.cnf) :

current:tokengrouptypes

2010-01-19T23:44:55+02:00

Token group types clapf supports different token group types:

current:ubuntu

2010-06-10T14:07:00+02:00

Notes for Ubuntu users You need the following packages if you use Ubuntu 9.04 (credits: lavian) For Ubuntu 8.04, you have to edit /etc/apparmor.d/usr.sbin.clamd: Jun 10 11:47:56 mail kernel: [10147.664684] audit(1276163276.017:2): type=1503 operation=“inode_permission” requested_mask=”::r” denied_mask=”::r” name=”/usr/local/clapf/var/lib/clapf/tmp/4c10b4cba78ba0d136d9dddf05b5e9” pid=3157 profile=”/usr/sbin/clamd” namespace=“default”

current:upgrading

2012-04-20T09:54:40+02:00

Upgrading Though I try my best to make upgrades as smooth as possible, sometimes I have to make some changes. This page gives a detailed, step by step instructions how to do the upgrade with less pain. Please note, if you upgrade from a previous version, you should do all the changes. Eg. if you migrate from 0.4.1 to 0.4.3, then apply the changes from 0.4.1 to 0.4.2, then from 0.4.2 to 0.4.3.

current:usingmaildrop

2010-02-01T12:14:55+02:00

Using maildrop with real users Spamdrop also can be used with virtual users, see the FAQ for details. Edit /etc/postfix/main.cf: Configure the global maildroprc file (/etc/maildroprc): Make sure to set up proper permissions: The first line passes the email to spamdrop, then it reads the email the put some stuff to the email header. If it's a spam, spamdrop inserts the “X-Clapf-spamicity: Yes” header line and may mark the Subject line too. Then before the local delivery it tries to create th…

current:usingprocmail

2012-03-11T20:35:46+02:00

Using procmail with real users Configure the global procmailrc file (/etc/procmailrc): The first rule passes the email to spamdrop, then it reads the email the put some stuff to the email header. If it's a spam, spamdrop inserts the “X-Clapf-spamicity: Yes” header line and may mark the Subject line too. After downloading the email via POP3/IMAP4/... you can sort your spam to the junk folder or do whatever you want with it.

current:usingtheclapfdaemon

2011-06-10T22:03:30+02:00

Using the clapf daemon Start the clapf daemon: If you use Exim instead of Postfix, then click here. Edit /etc/postfix/master.cf and the following lines: Edit /etc/postfix/main.cf and add the following lines: If you want SMTP local delivery instead of LMTP, then omit the --enable-lmtp configure option and use the following content_filter reference:

current:webui-admin

2010-02-15T14:53:23+02:00

Administrator tasks in the web UI You can login with admin@local:admin as a master admin. Your very first task should be to change the admin password. There are two types of admin roles. You are 'master admin' if you have isadmin=1 (or isAdmin: 1 in case of LDAP). If so, you can manage the users, policies, and email domains.

current:webui-setup

2011-06-10T22:25:31+02:00

Setting up the web UI The 'web UI' stands for the web user interface. It is a collection of PHP scripts, so to use it, you need a web server with PHP support. Important! The register_globals PHP setting _must_ be turned off. If you really need to enable it at the php.ini level, then turn it off in your Apache httpd.conf or in a .htaccess file, eg.

current:webui-using

2010-02-03T17:09:37+02:00

Using the web UI A regular user may access his spam quarantine where he can review his messages. The default view is a formatted view where he can see even the images if there is any. The user can 'release' messages from the quarantine, ie. deliver them to his mailbox, and he can also do this by training the message.

current:webuilogging

2010-10-21T11:55:32+02:00

Webui logging From 0.4.6-rc1, the webui logs its operation into a logfile. It's automatically enabled, you only have to grant write access to the directory for the www user, eg.

current:whitelist

2010-02-04T09:16:56+02:00

Whitelist support Clapf does maintain an internal (and dymanic) whitelist. If you have a partner sending you lots of good emails, then his email address will be in the ham dictinary, ie. his email address is associated with good emails. Then if he starts sending spam later, then his email address will be no longer on the good side, thus dropped from the whitelist.

current:zombies

2010-10-20T21:57:34+02:00

Handling zombies Most of the spam, malware and phishing emails come from zombie networks. Fortunately for us they share a generic pattern. A zombie computer sends messages directly to the MX servers of the recipient instead of using the SMTP relay hosts of its service provider.