Installing spamass-milter on BlueOnyx

yum install sendmail-milter

yum install milter-greylist.x86_64

vi /etc/mail/greylist.conf
/etc/init.d/milter-greylist restart

vi /etc/mail/sendmail.mc
dnl INPUT_MAIL_FILTER(`greylist’,`S=local:/var/run/milter-greylist/milter-greylist.sock’)
define(`confMILTER_MACROS_CONNECT’, `j, {if_addr}’)
define(`confMILTER_MACROS_HELO’, `{verify}, {cert_subject}’)
define(`confMILTER_MACROS_ENVFROM’, `i, {auth_authen}’)
dnl define(`confMILTER_MACROS_ENVRCPT’, `{greylist}’)
dnl INPUT_MAIL_FILTER(`clamav’, `S=local:/var/run/clamav/clamav-milter.sock, F=T, T=S:4m;R:4m’)dnl
dnl INPUT_MAIL_FILTER(`spamassassin’, `S=local:/var/run/spamass-milter/spamass-milter.sock, F=T, T=S:6m;R:6m;E:15m’)dnl
dnl INPUT_MAIL_FILTER(`spamassassin’, `S=local:/var/run/spamass-milter/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m’)dnl
dnl define(`confMILTER_MACROS_CONNECT’,`t, b, j, _, {daemon_name}, {if_name}, {if_addr}’)dnl
dnl define(`confMILTER_MACROS_HELO’,`s, {tls_version}, {cipher}, {cipher_bits}, {cert_subject}, {cert_issuer}’)dnl
make -C /etc/mail
/etc/init.d/sendmail restart

chkconfig milter-greylist –levels 35 on

cd
wget http://dl.fedoraproject.org/pub/epel/6/x86_64/spamass-milter-0.3.2-3.el6.x86_64.rpm
rpm2cpio spamass-milter-0.3.1-30.el6.x86_64.rpm  | cpio -idmv

mc

cp etc/rc.d/init.d/spamass-milter /etc/init.d/
cp etc/sysconfig/spamass-milter /etc/sysconfig/
cp usr/sbin/spamass-milter /usr/sbin/
cp usr/share/* /usr/share/
cp -R usr/share/* /usr/share/
cp var/lib/spamass-milter /var/lib/
cp -R var/lib/spamass-milter /var/lib/
cp -R var/run/spamass-milter /var/run/

/usr/sbin/groupadd -r sa-milt
/usr/sbin/useradd -r -g sa-milt -d /var/lib/spamass-milter -s /sbin/nologin -c “SpamAssassin Milter” sa-milt
/sbin/chkconfig –add spamass-milter
/etc/init.d/spamass-milter restart
more etc/sysconfig/spamass-milter
/etc/init.d/spamass-milter restart

 

 

wget http://download.savannah.gnu.org/releases/spamass-milt/spamass-milter-0.3.2.tar.gz

wget http://download.savannah.gnu.org/releases/spamass-milt/spamass-milter-0.3.2.tar.gz
tar -xzvf spamass-milter-0.3.2.tar.gz
cd spamass-milter-0.3.2
ll
./configure
yum install gcc
./configure
more config.log
yum install gcc-c++
./configure
make
ll
more Makefile
make install
updatedb
locate spamass-milter
mv /usr/local/sbin/spamass-milter /usr/sbin/spamass-milter
mv /usr/local/share/man/man1/spamass-milter.1 /usr/share/man/man/man1/spamass-milter.1.gz
/etc/init.d/spamass-milter restart
vi /etc/mail/sendmail.mc
make -C /etc/mail && /etc/init.d/sendmail restart && tail -f /var/log/maillog
ll /etc/MailScanner/bayes/bayes_*
spamd –help
vi /etc/init.d/spamassassin
tail -f /var/log/maillog
cd ..
ll
cd test/
ll
mc
cd /var/lib/spamass-milter/
ls -al
cd ..
ls -al
chown -R sa-milt spamass-milter
ll
chown -R sa-milt:sa-milt spamass-milter
tail -f /var/log/maillog
vi /etc/mail/sendmail.mc
make -C /etc/mail && /etc/init.d/sendmail restart && tail -f /var/log/maillog
chown -R sa-milt:apache /var/lib/spamass-milter
tail -f /var/log/maillog
grep GTUBE /var/log/maillog
vi /etc/mail/sendmail.mc
make -C /etc/mail && /etc/init.d/sendmail restart && tail -f /var/log/maillog
exit
ll
locate sed

 

How to get system encoding under Linux

Well, the problem is that you want to know what is the current system encoding under your linux server, but it’s not a system setting, rather a terminal setting. To know which is the terminal encoding just type:

echo $LC_CTYPE

If you want to know the terminal language type:

echo $LANG

To list all the configuration, just type:

locale

And, least but not last, if you want to change the encoding type:

export LC_ALL=en_US.UTF-8
export LANG="$LC_ALL"
export LANGUAGE="$LC_ALL"

System training with ModSecurity (avoiding false positives)

When using ModSecurity the system will trigger any sort of exception, giving false positives in many kind of situations. This article enumerates those exceptions we have found useful in every day’s life.

All these rules must be put in a specific file:

vi /etc/httpd/modsecurity-crs/activated_rules/modsecurity_crs_48_local_exceptions.conf

Add the following lines:

#Avoid Google Analytics false positives:
SecRuleUpdateTargetById 981172 !REQUEST_COOKIES:'/^__utm/'
SecRuleUpdateTargetById 950901 !REQUEST_COOKIES:'/^__utm/'

#Avoid 127.0.0.1
SecRule REMOTE_ADDR "^127.0.0.1$" "phase:1,t:none,nolog,allow,ctl:ruleEngine=Off,ctl:auditEngine=Off,id:9999"

#Request Missing an Accept Header -  Allow for Google Reader
SecRuleRemoveById 960015

#Avoid checks on some wordpress related posted arguments:
SecRuleUpdateTargetById 981173 "!ARGS:_wp_http_referer"
SecRuleUpdateTargetById 981173 "!ARGS:_wp_original_http_referer"
SecRuleUpdateTargetById 981173 "!ARGS:referredby"

#Avoid special encoding chars false positives
SecRuleRemoveById 960024

Another good way to avoid false positives is to set thresholds in the proper way: you have to edit the config file and set the score levels.

vi /etc/httpd/modsecurity-crs/modsecurity_crs_10_config.conf

than look at the lines

SecAction \
  "id:'900003', \
  phase:1, \
  t:none, \
  setvar:tx.inbound_anomaly_score_level=5, \
  setvar:tx.outbound_anomaly_score_level=4, \
  nolog, \
  pass"

You have to put something different into the tx.inbound_anomaly_score_level and tx.outbound_anomaly_score_level: values of 15 and 12 are ok!

SecAction \
  "id:'900003', \
  phase:1, \
  t:none, \
  setvar:tx.inbound_anomaly_score_level=15, \
  setvar:tx.outbound_anomaly_score_level=12, \
  nolog, \
  pass"

Then a restart…. and it’s up and running!

/etc/init.d/httpd restart