Razor2, Pyzor, Spamcop and DCC setup

May 26, 2024 by Roberto Puzzanghera 6 comments

Changelog

Razor2 upgraded to v. 2.86 (fork of dead project)
Dec 26, 2023
Pyzor installed from github, as version 1.0.0 is not python3 compliant (thanks Mike)

This page concerns the setup of several filtering networks which help spamassassin to decide if a given message is spam or not. Enabling them, together with the bayesian learning system, drastically improves the spamassassin efficiency in doing this.

Loading the filters

First of all load the filters that we are going to enable editing your v310.pre file like this:

# DCC - perform DCC message checks. 
# 
# DCC is disabled here because it is not open source.  See the DCC 
# license for more details. 
# 
loadplugin Mail::SpamAssassin::Plugin::DCC

# Pyzor - perform Pyzor message checks. 
# 
loadplugin Mail::SpamAssassin::Plugin::Pyzor

# Razor2 - perform Razor2 message checks. 
# 
loadplugin Mail::SpamAssassin::Plugin::Razor2

# SpamCop - perform SpamCop message reporting 
# 
loadplugin Mail::SpamAssassin::Plugin::SpamCop

Razor2

Vipul's Razor is a distributed, collaborative, spam detection and filtering network. Through user contribution, Razor establishes a distributed and constantly updating catalogue of spam in propagation that is consulted by email clients to filter out known spam. Detection is done with statistical and randomized signatures that efficiently spot mutating spam content. User input is validated through reputation assignments based on consensus on report and revoke assertions which in turn is used for computing confidence values associated with individual signatures.

Download and install razor-agent-sdk and razor-agent:

cd /usr/local/src
wget https://downloads.sourceforge.net/project/razor/razor-agents-sdk/2.07/razor-agents-sdk-2.07.tar.bz2 
wget -O razor-agents-2.86.tar.gz https://github.com/toddr/Razor2-Client-Agent/archive/refs/tags/v2.86.tar.gz

tar xjf razor-agents-sdk-2.07.tar.bz2
cd razor-agents-sdk-2.07
chown -R root:root .
perl Makefile.PL
make
make install

cd ..
tar xzf razor-agents-2.86.tar.gz
cd Razor2-Client-Agent-2.86/
chown -R root:root .
perl Makefile.PL
make
make install

You should have already installed the Razor2 perl package. If not install it now:

force notest install Mail::SpamAssassin::Plugin::Razor2

Razor2 requires reporters to be registered. This lets reporters build a reputation over time, so their reports and revocations are weighted according to their reputation value.

mkdir -p /etc/mail/spamassassin/.razor
razor-admin -home=/etc/mail/spamassassin/.razor -register
razor-admin -home=/etc/mail/spamassassin/.razor -create
razor-admin -home=/etc/mail/spamassassin/.razor -discover

Tell Razor2 where it lives adding this lines to /etc/mail/spamassassin/.razor/razor-agent.conf and setup the log dir

razorhome = /etc/mail/spamassassin/.razor/ logfile = /var/log/spamassassin/razor-agent.log

We already set the rotation of this log file before.

Tell spamassassin where Razor2 lives adding this to your local.cf

razor_config /etc/mail/spamassassin/.razor/razor-agent.conf

Pyzor

Pyzor is a collaborative, networked system to detect and block spam using digests of messages. Using Pyzor client a short digest is generated that is likely to uniquely identify the email message.

You can install Pyzor via pip3

pip3 install https://github.com/SpamExperts/pyzor/archive/refs/heads/master.zip

The following installation procedure won't work anymore as version 1.0.0 is not compatible with python3.

cd /usr/local/src
wget https://files.pythonhosted.org/packages/75/9d/e38a18d8c932f397537cda0d03a606314611fe1ebd8b24ed8fdd4df23191/pyzor-1.0.0.tar.gz
tar xzf pyzor-1.0.0.tar.gz
cd pyzor-1.0.0
chown -R root:root .
python setup.py build 
python setup.py install

Create the pyzor directory:

mkdir -p /etc/mail/spamassassin/.pyzor
chown spamd:spamd /etc/mail/spamassassin/.pyzor

Tell spamassassin where Pyzor lives adding these lines to your local.cf

pyzor_options --homedir /etc/mail/spamassassin/.pyzor 
pyzor_timeout 20

Spamcop

Spamcop is a known spam blocking list which works also as a reporting system sending warning information to the internet service provider responsible for hosting the services used by the spammer (web sites and email sending sites). SpamCop also uses the information to generate SpamCop's free blocking list.

Register an account here. Note: the captcha filter is not working here on my chromium browser; it works with firefox. At the end of the procedure you will get a unique e-mail address (something like submit.xxxxxxxxxxxxxxxxxxx@spam.spamcop.net) that you have to pass to spamassassin in order to send the reports to spamcop.

Finally you have to add the Spamcop addresses to your configuration in your local.cf file. spamcop_to_address is the address where to submit your reports, while spamcop_from_address is an email where you want to receive a feedback from the reporting system each time a spam message has been reported.

spamcop_from_address postmaster@yourdomain.tld 
spamcop_to_address submit.xxxxxxxxxxxxxxx@spam.spamcop.net

DCC

The Distributed Checksum Clearinghouses or DCC is an anti-spam content filter that runs on a variety of operating systems. The counts can be used by SMTP servers and mail user agents to detect and reject or filter spam or unsolicited bulk mail. DCC servers exchange or "flood" common checksums. The checksums include values that are constant across common variations in bulk messages, including "personalizations."

Overview
More info: Installing DCC, Using DCC

Install as follows

wget https://www.dcc-servers.net/dcc/source/dcc.tar.Z
tar xzf dcc.tar.Z
cd dcc-v.er.sion
CFLAGS="-O2 -fstack-protector" DCC_CFLAGS="-O2 -fstack-protector" ./configure
make
make install

Now load DCC uncommenting this line in your v310.pre file

loadplugin Mail::SpamAssassin::Plugin::DCC

and enable it adding these lines to your local.cf

use_dcc 1 
dcc_path /usr/local/bin/dccproc

Testing

This is how to test that the message is reported to Razor, Pyzor and Spamcop. Save a raw spam message into spam.txt and run spamassassin passing the --report option:

spamassassin --debug --report --nocreate-prefs < spam.txt

Spamassassin

User Prefs

add a comment

Comments

where is pyzor_options ??

mark July 3, 2024 15:45 CET

Hi!

Where is the pyzor_options binary? I can't find it pyzor package.

Reply | Permalink

where is pyzor_options ??

Roberto Puzzanghera mark July 3, 2024 16:11 CET

Hi, it's not a binary. It's a spamassassin's variable

Reply | Permalink

pyzor 1.0.0 is not compatible with python3

Mike December 25, 2023 22:45 CET

Hello Roberto,

Ver 1.0.0 does not working with python3.

it's fixed in this repo, so

pip3 install https://github.com/SpamExperts/pyzor/archive/refs/heads/master.zip

wget https://github.com/SpamExperts/pyzor/archive/refs/heads/master.zip

Reply | Permalink

pyzor 1.0.0 is not compatible with python3

Roberto Puzzanghera Mike December 26, 2023 07:05 CET

Thank you, I'll check it out

Reply | Permalink

spamcop_max_report_size is not working

Bai Borko January 31, 2022 11:48 CET

Hi Roberto,

First i want to say BIG thank you for all that you do, for all yours patches, for this great tutorial!
I have spamcop report enabled in my local.cf

spamcop_from_address postmaster@mydomain.com
spamcop_to_address submit.XXXXXXXXXXX@spam.spamcop.net
spamcop_max_report_size 40

When i report spam with attachment in www.spamcop.net I received the following

"You are most likely submitting a very large email. Please trim some of the unnecessary data (noting where this has been done) from this posting and try again. 
SpamCop will no longer accept email larger than 50.0K bytes."

Seems spamcop_max_report_size is not working correctly.

Do you have an idea how to report only mail headers without attachment?

Reply | Permalink