spasm - the anti-spam milter ============================ Requirements: - sendmail 8.12.11 or later with libmilter support - linux (or, possibly, other unices) - Berkeley DB4 Optional: - TrendMicro linux filescan (vscan) - SpamAssassin Compiling spasm (bare minimum): 1. Unpack the distribution 2. ./configure (run with --help to view all options) 3. Edit ./include/spasm.h and set the path to the config file 4. make 5. make install Installation and Configuration: 1. Create the directory you specified for the config file and copy spasm.conf.sample into it 2. Edit spasm.conf to taste 3. Create the spasm user account 4. Create the various directories specified in spasm.conf 5. chown all directories to the spasm user 6. chmod all directories to 700 7. (optional) Add contrib/cleanQuarantine to a cron job, editing to specify the quarantine directory and the maximum number of days before deleting quarantine files 8. (optional) If using spamassassin, create a .spamassassin directory in the spasm user's home directory, and copy the spasm.user_prefs file from the contrib directory into .spamassassin/user_prefs then chown the .spamassassin directory and user_prefs to the spasm user. 9. (optional) Copy the spasm.init file from the contrib directory into the /etc/rc.d/init.d directory (distribution-specific) and set the script to load at boot. 10. (optional) If using TrendMicro's vscan, see README.vscan for more details. 11. In your sendmail configuration's .m4 file, add: INPUT_MAIL_FILTER(`spasm', `S=unix:/path/to/socket.sock, T=C:10m;S:5m;R:5m;E:5m') define(`confINPUT_MAIL_FILTERS', `spasm') where "S=" is what you set in the spasm.conf file. If using inet sockets, set it to: "S=inet:9999@host.dom.ain" where 9999 is the port specified in spasm.conf then rebuild your sendmail.cf file. You can also modify your sendmail.cf directly by adding: O InputMailFilters=spasm Xspasm, S=unix:/etc/mail/spasm/spasm.sock, T=C:10m;S:5m;R:5m;E:5m 12. Start spasmd by running the spasm init script, or start directly by simply running the spasmd binary 13. Send a HUP to sendmail (or restart) Initial Setup: 1. Create a textfile with local blacklist entries, if desired, according to the spasmdb(1) manpage, and run spasmdb to populate local blacklist. 2. Read the spasm(1) manpage, then run spasm(1) to set initial filter options, whitelists, individual blacklists, and any spamtraps. CGI Setup: 1. Specify the locations for the CGI directory and the helper app directory, and your apache group, with configure: ./configure --with-apache-group=apache \ --with-cgi-dir=/var/www/cgi-bin \ --with-contrib-dir=/var/www/bin Then 'make' and 'make install-contrib', or copy the relevant files by hand. The spasm_cgi_app binary must be owned by the spasm user and apache group, and must be suid. Give it read and execute permissions *only* for user and group (4550). It must not be world executable! The authuser binary must be owned by root and the apache group, and must be suid. Set permissions the same as for the spasm_cgi_app binary. 2. Copy the spasm.pam file from the contrib directory into your pam.d directory, modifying it for your system if necessary. By default, it uses system-auth for authentication. If your system does not use PAM for authentication, the authuser.c file must be customised. 3. Edit the spasm.cgi file, specifying the script location, directory paths, the path to the sendmail binary, and the default domain. Edit the remainder of the script at your own risk. The CGI script does not allow global editing, only user-authenticated editing. For global editing of domain filters, use the spasm(1) command line interface. See manpages for spasm(1), spasmdb(1), and spasmd(8)