Razor2, Pyzor, Spamcop and DCC setup

July 14, 2021 Roberto Puzzanghera0 comments

This page concerns the setup of several filtering networks which help spamassassin to decide if a given message is spam or not. Enabling them, together with the bayesian learning system, drastically improves the spamassassin efficiency in doing this.

Loading the filters

First of all load the filters that we are going to enable editing your v310.pre file like this:

# DCC - perform DCC message checks. 
# 
# DCC is disabled here because it is not open source.  See the DCC 
# license for more details. 
# 
loadplugin Mail::SpamAssassin::Plugin::DCC

# Pyzor - perform Pyzor message checks. 
# 
loadplugin Mail::SpamAssassin::Plugin::Pyzor

# Razor2 - perform Razor2 message checks. 
# 
loadplugin Mail::SpamAssassin::Plugin::Razor2

# SpamCop - perform SpamCop message reporting 
# 
loadplugin Mail::SpamAssassin::Plugin::SpamCop

Razor2

Vipul's Razor is a distributed, collaborative, spam detection and filtering network. Through user contribution, Razor establishes a distributed and constantly updating catalogue of spam in propagation that is consulted by email clients to filter out known spam. Detection is done with statistical and randomized signatures that efficiently spot mutating spam content. User input is validated through reputation assignments based on consensus on report and revoke assertions which in turn is used for computing confidence values associated with individual signatures.

Download and install razor-agent-sdk and razor-agent:

cd /usr/local/src
wget https://downloads.sourceforge.net/project/razor/razor-agents-sdk/2.07/razor-agents-sdk-2.07.tar.bz2 
wget https://downloads.sourceforge.net/project/razor/razor-agents/2.85/razor-agents-2.85.tar.bz2

tar xjf razor-agents-sdk-2.07.tar.bz2
cd razor-agents-sdk-2.07
chown -R root:root .
perl Makefile.PL
make
make install

cd ..
tar xjf razor-agents-2.85.tar.bz2
cd razor-agents-2.85
chown -R root:root .
perl Makefile.PL
make
make install

You should have already installed the Razor2 perl package. If not install it now:

force notest install Mail::SpamAssassin::Plugin::Razor2

Razor2 requires reporters to be registered. This lets reporters build a reputation over time, so their reports and revocations are weighed according to their reputation value.

Register yourself and create the config directory:

mkdir -p /etc/mail/spamassassin/.razor
razor-admin -home=/etc/mail/spamassassin/.razor -register
razor-admin -home=/etc/mail/spamassassin/.razor -create
razor-admin -home=/etc/mail/spamassassin/.razor -discover

Tell Razor2 where it lives adding this line to /etc/mail/spamassassin/.razor/razor-agent.conf and setup the log dir

razorhome = /etc/mail/spamassassin/.razor/ 
logfile = /var/log/spamassassin/razor-agent.log

We already set the rotation of this log file before.

Tell spamassassin where Razor2 lives adding this to your local.cf

razor_config /etc/mail/spamassassin/.razor/razor-agent.conf

Pyzor

Pyzor is a collaborative, networked system to detect and block spam using digests of messages. Using Pyzor client a short digest is generated that is likely to uniquely identify the email message.

You can install Pyzor via pip or pip3

pip3 install pyzor

or, as an alternative, you can download the source and install in the usual way

cd /usr/local/src
wget https://files.pythonhosted.org/packages/75/9d/e38a18d8c932f397537cda0d03a606314611fe1ebd8b24ed8fdd4df23191/pyzor-1.0.0.tar.gz
tar xzf pyzor-1.0.0.tar.gz
cd pyzor-1.0.0
chown -R root:root .
python setup.py build 
python setup.py install

Create the pyzor directory:

mkdir -p /etc/mail/spamassassin/.pyzor
chown spamd:spamd /etc/mail/spamassassin/.pyzor

Tell spamassassin where Pyzor lives adding this to your local.cf

pyzor_options --homedir /etc/mail/spamassassin/.pyzor 
pyzor_timeout 20

Spamcop

Spamcop is a known spam blocking list which works also as a reporting system sending warning information to the internet service provider responsible for hosting the services used by the spammer (web sites and email sending sites). SpamCop also uses the information to generate SpamCop's free blocking list.

Register an account here. Note: the captcha filter is not working here on my chromium browser; it works with firefox. At the end of the procedure you will get a unique e-mail address (something like submit.xxxxxxxxxxxxxxxxxxx@spam.spamcop.net) that you have to pass to spamassassin in order to send the reports to spamcop. We will see below how to set up SA accordingly.

Finally you have to add the Spamcop addresses to your configuration in your local.cf file. spamcop_to_address is the address where to submit your reports, while spamcop_from_address is an email where you want to receive a feedback from the reporting system each time a spam message has been reported.

spamcop_from_address postmaster@yourdomain.tld 
spamcop_to_address submit.xxxxxxxxxxxxxxx@spam.spamcop.net

DCC

The Distributed Checksum Clearinghouses or DCC is an anti-spam content filter that runs on a variety of operating systems. The counts can be used by SMTP servers and mail user agents to detect and reject or filter spam or unsolicited bulk mail. DCC servers exchange or "flood" common checksums. The checksums include values that are constant across common variations in bulk messages, including "personalizations."

Install as follows

wget https://www.dcc-servers.net/src/dcc/old/dcc-2.3.168.tar.Z
tar xzf dcc-2.3.168.tar.Z
CFLAGS="-O2 -fstack-protector" DCC_CFLAGS="-O2 -fstack-protector" ./configure
make
make install

Now load DCC uncommenting this line in your v310.pre file

loadplugin Mail::SpamAssassin::Plugin::DCC

and enable it adding these lines to your local.cf

use_dcc 1 
dcc_path /usr/local/bin/dccproc

Testing

This is how to test that the message is reported to Razor, Pyzor and Spamcop. Save a raw spam message into spam.txt and run spamassassin passing the --report option:

spamassassin --debug --report --nocreate-prefs < spam.txt

Add a comment