IMPORTANT NOTE: As of 7-9-03, we don't recommend using this milter. Use MIMEDefang. See http://www.peregrinehw.com/downloads/MIMEDefang/. INSTALL INSTRUCTIONS This is basically my HOW-TO install SpamAssassin on a RedHat system using sendmail and check all the mail using a Milter. The only reason to run this install is if you want to run a sendmail that then simply forwards the mail to another mail exchange. These documents assume you have already installed Sendmail and SpamAssassin per the current instructions at http://www.peregrinehw.com/download. #UPDATED 8/28/02 for SpamAss Milter v0.1.2 #UPDATED 8/31/02 for SpamAss Milter running as non-root user #UPDATED 12/18/02 for Sendmail 8.12.8: Simple Path Changes #UPDATED 02/21/03 for SpamAss Milter v0.1.3a #UPDATED 03/30/03 to Sendmail 8.12.9 IMPORTANT NOTE: We have found the milter works better and more stably with the following lines in your sendmail.mc define(`confSEPARATE_PROC', `True')dnl define(`confMAX_DAEMON_CHILDREN', `12')dnl #WGET, UNTAR & INSTALL THE VARIOUS SUPPORT DISTRIBUTIONS # # NOTE: Yes, I do know that CPAN can do this automatically but I am a bit of a freak who likes to confirm # the exact version I am getting. # #CREATE A TEMP DIR FOR THE TAR FILES rm -rf /tmp/20030221SPAMMILTER/ mkdir /tmp/20030221SPAMMILTER cd /tmp/20030221SPAMMILTER/ #GET ALL THE TAR FILES wget http://www.peregrinehw.com/downloads/SpamAssassin/spamass-milter-0.1.3a.tar.gz wget http://www.peregrinehw.com/downloads/SpamAssassin/spamassmilter-initscript #CLEAR OUT OLD SOURCE rm -rf /usr/src/spamass-milter-* #RE-COMPILE SENDMAIL WITH LIBMILTER cd /usr/src/sendmail-8.12.10 ####Delete the obj.Linux.* dirs, I think? rm -rf obj.Linux.* echo "APPENDDEF(\`conf_sendmail_ENVDEF', \`-DMILTER')" >> devtools/Site/site.config.m4 cd libmilter sh Build sh Build install cd .. sh Build sh Build install ####YOUR PATH MAY/WILL VARY BASED ON YOUR KERNEL!! VERIFY PATH! i.e. cd /usr/src/sendmail-8.12.10/obj.Linux.2.4.19.i686/libsm #### Thanks to Greg Smith for the hint on how to cd to the directory automatically using uname cd /usr/src/sendmail-8.12.10/obj.`uname`.`uname -r`.`uname -m`/libsm cp -f libsm.a /usr/lib/ #DELETE YOUR OBJECTS TO PREVENT LINKING AGAINST THEM rm -r /usr/src/sendmail-8.12.10/obj.`uname`.`uname -r`.`uname -m` #INSTALL SPAMASS-MILTER cd /usr/src/ tar zxvf /tmp/20030221SPAMMILTER/spamass-milter-0.1.3a.tar.gz cd spamass-milter-0.1.3a/ ./configure make make install ln -s /usr/local/sbin/spamass-milter /usr/local/sbin/spamassmilter echo "INPUT_MAIL_FILTER(\`spamassassin', \`S=local:/var/run/spammilter/spamass.sock, F=, T=C:15m;S:4m;R:4m;E:10m')" >> /etc/mail/sendmail.mc m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf cp /tmp/20030221SPAMMILTER/spamassmilter-initscript /etc/rc.d/init.d/spamassmilter chmod +x /etc/rc.d/init.d/spamassmilter cd /etc/rc.d/rc3.d ln -s ../init.d/spamassmilter S79spamassmilter #UPDATED 08-31-02 not to run as root #Thanks to Dan Nelson for his input! mkdir /var/run/spammilter chown spamd.spamd /var/run/spammilter #Start SpamAssMilter and Restart Sendmail and you should be on your way /etc/rc.d/init.d/spamassmilter start /etc/rc.d/init.d/sendmail restart #REMOVE THE TEMP DIR FOR THE TAR FILES rm -rf /tmp/20030221SPAMMILTER/ #NOTES ABOUT HOW TO USE THIS MILTER TO FILTER YOUR MAIL This is more of a sendmail question but very related so I am including some real world examples. First solution: DNS based solution Pros: Works very well for maintaining many mail servers / firewalls simply through DNS Cons: Can cause mail delays and spikes Assuming you have installed the milter, you are just trying to make this installation a temporary hop on the way to the mailbox. So if the mail is getting to /var/spool/mail then it's not working correctly. Let's assume your domain is peregrinehw.com. Let's assume your Spam Milter box is IP 200.200.200.1. Let's assume your final destination MX is an internal IP firewalled by your SPAM Milter Box on IP 192.168.1.1. This will also work for a public IP for the final MX and will allow mail to work even if the milter server is down. Set your DNS like this: peregrinehw.com IN MX 5 internalmx.peregrinehw.com <--Primary MX is internal peregrinehw.com IN MX 10 mx.peregrinehw.com <--Secondary MX is external ...More Backup MX Records... internalmx.peregrinehw.com IN A 200.200.200.1 mx.peregrinehw.com IN A 192.168.1.1 On the Spam Milter box, make certain your local-host-names does NOT include peregrinehw.com. Make sure your relay-domains DOES include peregrinehw.com. Then what will happen is as follows: A person emails a user @ peregrinehw.com. EMail is transmitted to their SMTP server. Their server looks up the MX records and gets internalmx.peregrinehw.com It can't connect. It looks up the next MX priority and gets mx.peregrinehw.com It can connect and the mail is transferred to your milter box. Your milter box now filters for spam and looks to see where it has to go next. It's NOT the local host so it looks up the MX records. It gets internalmx.peregrinehw.com It CAN connect It transfers the mail all nicely filtered. VOILA! Second solution: Use a SmartHost Pros: All email being relay'd through the milter server will be forwarded to internal mail server. Cons: All email will be forwarded through to the internal server. If the server name of the final destination changes then the Sendmail configuration must be updated Won't work for ISPs or people with multiple mail destinations Requires Sendmail.cf file rebuild to implement changes. Using the same three assumptions above, add the following line to /etc/mail/sendmail.mc and rebuild the cf: define(`SMART_HOST', `internalmx.peregrinehw.com')dnl This will result in ALL mail being relayed by the Milter box to be sent to internalmx.peregrinehw.com after it has been filtered. Requirements: 1. internalmx.peregrinehw.com should not be listed as a formal MX record in DNS but rather just an A record 2. The milter box shold be the MX record with the highest priority (hence the lowest MX record #) 3. The final destination server should NOT use the Milter box as an outbound relay server as this will case loops! 4. Your local-host-names file does NOT include the domain to be relayed (for the example it is peregrinehw.com) 2. Your relay-domains file DOES include the domain to be relayed for (for the example, it is peregrinehw.com) Third solution: Use a Mailertable on the Milter machine Pros: Using the mailertable allows you to designate the final destination for a particular domain. Only mail for those domains in the mailer table are relay'd to the internal mail server. Outbound mail is relay'd normally. Con: If the server name of the final destination changes then the Sendmail configuration has to be updated. Again using the same three assumptions from the first solution and the requirements for the second solution, add the following line to /etc/mail/mailertable and rebuild the files with a make all in /etc/mail: peregrinehw.com smtp:[internalmx.peregrinehw.com] NOTE: The square brackets turn off MX records for this host only to prevent mail loops! Hope this helps and thanks to Bob Falkenberg for his excellent help with the second and third solutions!