Razor2, Pyzor, Spamcop and DCC setup

December 26, 2023 by Roberto Puzzanghera 4 comments

Changelog

  • Dec 26, 2023
    Pyzor installed from github, as version 1.0.0 is not python3 compliant (thanks Mike)

This page concerns the setup of several filtering networks which help spamassassin to decide if a given message is spam or not. Enabling them, together with the bayesian learning system, drastically improves the spamassassin efficiency in doing this.

Loading the filters

First of all load the filters that we are going to enable editing your v310.pre file like this:

# DCC - perform DCC message checks. 
# 
# DCC is disabled here because it is not open source.  See the DCC 
# license for more details. 
# 
loadplugin Mail::SpamAssassin::Plugin::DCC

# Pyzor - perform Pyzor message checks. 
# 
loadplugin Mail::SpamAssassin::Plugin::Pyzor

# Razor2 - perform Razor2 message checks. 
# 
loadplugin Mail::SpamAssassin::Plugin::Razor2

# SpamCop - perform SpamCop message reporting 
# 
loadplugin Mail::SpamAssassin::Plugin::SpamCop

Razor2

Vipul's Razor is a distributed, collaborative, spam detection and filtering network. Through user contribution, Razor establishes a distributed and constantly updating catalogue of spam in propagation that is consulted by email clients to filter out known spam. Detection is done with statistical and randomized signatures that efficiently spot mutating spam content. User input is validated through reputation assignments based on consensus on report and revoke assertions which in turn is used for computing confidence values associated with individual signatures.

Download and install razor-agent-sdk and razor-agent:

cd /usr/local/src
wget https://downloads.sourceforge.net/project/razor/razor-agents-sdk/2.07/razor-agents-sdk-2.07.tar.bz2 
wget https://downloads.sourceforge.net/project/razor/razor-agents/2.85/razor-agents-2.85.tar.bz2

tar xjf razor-agents-sdk-2.07.tar.bz2
cd razor-agents-sdk-2.07
chown -R root:root .
perl Makefile.PL
make
make install

cd ..
tar xjf razor-agents-2.85.tar.bz2
cd razor-agents-2.85
chown -R root:root .
perl Makefile.PL
make
make install

You should have already installed the Razor2 perl package. If not install it now:

force notest install Mail::SpamAssassin::Plugin::Razor2

Razor2 requires reporters to be registered. This lets reporters build a reputation over time, so their reports and revocations are weighted according to their reputation value.

Register yourself and create the config directory:

mkdir -p /etc/mail/spamassassin/.razor
razor-admin -home=/etc/mail/spamassassin/.razor -register
razor-admin -home=/etc/mail/spamassassin/.razor -create
razor-admin -home=/etc/mail/spamassassin/.razor -discover

Tell Razor2 where it lives adding this lines to /etc/mail/spamassassin/.razor/razor-agent.conf and setup the log dir

razorhome = /etc/mail/spamassassin/.razor/ logfile = /var/log/spamassassin/razor-agent.log

We already set the rotation of this log file before.

Tell spamassassin where Razor2 lives adding this to your local.cf

razor_config /etc/mail/spamassassin/.razor/razor-agent.conf

Pyzor

Pyzor is a collaborative, networked system to detect and block spam using digests of messages. Using Pyzor client a short digest is generated that is likely to uniquely identify the email message.

 

You can install Pyzor via pip3

pip3 install https://github.com/SpamExperts/pyzor/archive/refs/heads/master.zip

The following option won't work as version 1.0.0 is not compatible with python3

cd /usr/local/src
wget https://files.pythonhosted.org/packages/75/9d/e38a18d8c932f397537cda0d03a606314611fe1ebd8b24ed8fdd4df23191/pyzor-1.0.0.tar.gz
tar xzf pyzor-1.0.0.tar.gz
cd pyzor-1.0.0
chown -R root:root .
python setup.py build 
python setup.py install

Create the pyzor directory:

mkdir -p /etc/mail/spamassassin/.pyzor
chown spamd:spamd /etc/mail/spamassassin/.pyzor

Tell spamassassin where Pyzor lives adding this to your local.cf

pyzor_options --homedir /etc/mail/spamassassin/.pyzor 
pyzor_timeout 20

Spamcop

Spamcop is a known spam blocking list which works also as a reporting system sending warning information to the internet service provider responsible for hosting the services used by the spammer (web sites and email sending sites). SpamCop also uses the information to generate SpamCop's free blocking list.

Register an account here. Note: the captcha filter is not working here on my chromium browser; it works with firefox. At the end of the procedure you will get a unique e-mail address (something like submit.xxxxxxxxxxxxxxxxxxx@spam.spamcop.net) that you have to pass to spamassassin in order to send the reports to spamcop.

Finally you have to add the Spamcop addresses to your configuration in your local.cf file. spamcop_to_address is the address where to submit your reports, while spamcop_from_address is an email where you want to receive a feedback from the reporting system each time a spam message has been reported.

spamcop_from_address postmaster@yourdomain.tld 
spamcop_to_address submit.xxxxxxxxxxxxxxx@spam.spamcop.net

DCC

The Distributed Checksum Clearinghouses or DCC is an anti-spam content filter that runs on a variety of operating systems. The counts can be used by SMTP servers and mail user agents to detect and reject or filter spam or unsolicited bulk mail. DCC servers exchange or "flood" common checksums. The checksums include values that are constant across common variations in bulk messages, including "personalizations."

Install as follows

wget https://www.dcc-servers.net/dcc/source/dcc.tar.Z
tar xzf dcc.tar.Z
cd dcc-v.er.sion
CFLAGS="-O2 -fstack-protector" DCC_CFLAGS="-O2 -fstack-protector" ./configure
make
make install

Now load DCC uncommenting this line in your v310.pre file

loadplugin Mail::SpamAssassin::Plugin::DCC

and enable it adding these lines to your local.cf

use_dcc 1 
dcc_path /usr/local/bin/dccproc

Testing

This is how to test that the message is reported to Razor, Pyzor and Spamcop. Save a raw spam message into spam.txt and run spamassassin passing the --report option:

spamassassin --debug --report --nocreate-prefs < spam.txt

Comments

pyzor 1.0.0 is not compatible with python3

Hello Roberto,

Ver 1.0.0 does not working with python3.

it's fixed in this repo, so

pip3 install https://github.com/SpamExperts/pyzor/archive/refs/heads/master.zip

or

wget https://github.com/SpamExperts/pyzor/archive/refs/heads/master.zip

Reply |

pyzor 1.0.0 is not compatible with python3

Thank you, I'll check it out

Reply |

spamcop_max_report_size is not working

Hi Roberto,

First i want to say BIG thank you for all that you do, for all yours patches, for this great tutorial!
I have spamcop report enabled in my local.cf

spamcop_from_address postmaster@mydomain.com
spamcop_to_address submit.XXXXXXXXXXX@spam.spamcop.net
spamcop_max_report_size 40

When i report spam with attachment in www.spamcop.net I received the following

"You are most likely submitting a very large email. Please trim some of the unnecessary data (noting where this has been done) from this posting and try again. 
SpamCop will no longer accept email larger than 50.0K bytes."

Seems spamcop_max_report_size is not working correctly.

Do you have an idea how to report only mail headers without attachment?

Reply |

spamcop_max_report_size is not working

Hi, honestly I've never seen this one. The documentation says that 50 is the default size...

Let me know if you solve

Reply |