Use Jsmtpd as an anti-spam/virus gateway
Concepts
You have an existing mail server. Set up another machine that will relay filtered mails to your existing mail server. Change your mx records so that they point to the filtering machine.
Howto
- Set up a frontal machine thats runs Jsmtpd + ClamAV + Spamassassin
- Set up the following filters in Jsmtpd:
- Input ip filter: GeoIP plugin : block unwanted countries
- Input ip filter: Real time blacklist plugin: you can use sbl-xbl.spamhaus.org, relays.ordb.org
- SPF plugin : will verify authorized senders, and greylist (delay), in case of failure
- ACL plugin : Configure for your domain. You can use SimpleACL or LdapAcl?, if you have a DSA
- Body filter: Spamassassin. Will connect to a spamd instance to check mail content
- Body filter: ClamAV. Will connect to a clamd instance to check mail content for viruses.
- Set up a SmptRelay? as local delivery plugin that points to your original mail server
- Modify you MX records
Config fragments, Input IP chain
For GeoIP, checkout the source, build the plugin and install it. You can load the plugin in the element filtersetup:
<filterInit class="org.jsmtpd.plugins.geoip.ipfilter.GeoipInputFilter" name="geoIP"> <propertyset name="BlacklistedCountry" value="HK"/> <propertyset name="BlacklistedCountry" value="KR"/> <propertyset name="BlacklistedCountry" value="KP"/> <propertyset name="BlacklistedCountry" value="CN"/> <propertyset name="BlacklistedCountry" value="TW"/> </filterInit>
For the real time black list plugin, use somthing like :
<filterInit class="org.jsmtpd.plugins.inputIPFilters.RBLFilter" name="rtBlackList"> <propertyset name="BypassLocal" value="true"></propertyset> <propertyset name="RBLServer" value="sbl-xbl.spamhaus.org"></propertyset> <propertyset name="RBLServer" value="whois.rfc-ignorant.org"></propertyset> <propertyset name="RBLServer" value="relays.ordb.org"></propertyset> </filterInit>
Then add the logical names ("geoIP" in the first example) to the ip filter chain :
<inputIPFilterChain> <ipFilter name="geoIP"/> <ipFilter name="rtBlackList"/> </inputIPFilterChain>
Smtp Extensions
Checkout the SPF plugin :
svn chekout http://svn.jsmtpd.org/trunk/Jsmtpd-spf/
Copy the lib/*.jar to your plugin directory, copy dist/spf.jar to your plugin directory. Add the following extension to the smtpExtensions element :
<smtpExtension name="Greylist SPF" class="org.jsmtpd.plugins.smtpExtensions.GreyList">
Body filtering
Theses filters check the content of the mail. Each plugin says true or false, and you can branch another body filter to each branch. Set is done in two times. First, load and configure the plugins, and assign a name. Then use the name to build a logical tree of filter plugins. We will use to plugins : spam assassin and ClamAV.
First, you have to setup ClamAV and spamassassin to TCP daemon mode. Jsmtpd's plugin will connect to theses daemons. Refer to the doc to set up them.
Load the two plugins :
<filtersetup>
<filterInit name="antispam" class="org.jsmtpd.plugins.filters.SA.SAFilter">
<propertyset name="SpamdHost" value="127.0.0.1"/> <!-- Change to your Spamassassin server -->
<propertyset name="SpamdPort" value="783"/>
<propertyset name="SocketTimeout" value="45"/>
<propertyset name="SkipIfSizeMore" value="524288"/>
</filterInit>
<filterInit name="antivirus" class="org.jsmtpd.plugins.filters.ClamAV.ClamAVFilter">
<propertyset name="ClamdHost" value="127.0.0.1"/> <!-- Change to your ClamAV server -->
<propertyset name="ClamdPort" value="3310"/>
<propertyset name="SocketTimeout" value="45"/>
<propertyset name="FailOnError" value="true"/>
</filterInit>
</filtersetup>
Spam assassin filter is known as "antispam" in this example, and ClamAV plugin is known as "antivirus". Let's wire them :
<bodyFilterTree>
<filter name="antivirus">
<true>
<filter name="antispam">
<true/>
<false/>
</filter>
</true>
<false/>
</filter>
</bodyFilterTree>
In this configuration, the first filter checked is clamAV. If a virus is found, the plugin branches to <false>. Because there is nothing more after, the filter tree status is false : the mail is dropped. In case there is no virus in the mail, true branch is followed. There is another plugin executed at this point : antispam (spamassassin). If it does not detects a spam, filtering ends in a true branch : mail will be delivered. If the mail is found to be a spam, mail is dropped. Note that you can change this behaviour by adding a true filter (a filter that says always true) to the false branch of the anti spam plugin. In that last case, it would not drop spam mail, but the content is rewrittent by spamasssin (to add spam tags to header fields of the mail).
Local delivery
This plugin would traditionnaly be something used to delivery mail localy : maildir or mailbox writer, ltmp sender for cyrus backend by example. But what we want is to have mail delivered to another existing SMTP server, so we will use a special plugin to do so :
<LocalDeliveryService name="relay delivery" class="org.jsmtpd.plugins.deliveryServices.SMTPRelay"> <propertyset name="relay" value="my-old-mta.mydomain.com"/> <propertyset name="smtpPort" value="25"/> </LocalDeliveryService>
Notes
There is another last point missing in that configuration : ACL plugin. It is used to tell Jsmtpd if mail is to be handled localy or to be relayed. There are 2 acl plugins available at this time : Ldap or simple acl.
Configuration Sample
At the end of this page, there is a plugin-config.xml file attached. It's the one I use for the backup MX for jsmtpd.org. This server takes mail only when the main server is down, and also uses a smtp relay output plugin to deliver mail back to the main smtp server. For the users of jsmtpd.org, I've setted up an opendlap DSA holding a standard posix DIT tree : a branch holding users, a branch holding groups and a branch holding network objects. Users use posixAccount/shaddowAccount classes, groups uses posixGroups. Three plugins uses the ldap server :
- ACL: to determine local users and relayed networks
- Body rewriter : It changes the aliases of mails recipients to real users
- Smtp Authenticator : Over a tls channel, users can be authenticated against the directory.
I also use another plugin : snippet plugin to auto-attach signatures to emails.
For the rest, it looks like what you find in an antispam gateway : SPF, real time black lists, antivirus, anti spam, manual black list, etc...
The things missing in the configuration file attached are passwords and addresses of internal services.
Attachments
- jsmtpd-plugin-config.xml (7.3 kB) - added by jfp on 04/05/06 22:33:19.
