December 6, 2007

 Improving Spam detection using Razor for Spamassassin

By default the Spamassassin package included with @Mail has a conservative set of Anti-Spam rules, to avoid catching legimate email messages.

However with the barrage of recent Spam messages, new measures need to be taken to filter the growing number of junk messages.

@Mail utilizes the Spamassassin package for runtime SMTP scanning of email-messages. The Spamassassin package is highly customizable and includes many configuration options to further analyze and detect incoming Spam messages.

An effective method of scanning junk messages is using the distributed Razor network, which is a network that contains message-checksums of Spam messages, which can be cross referenced by Spamassassin for incoming messages.

Razor can be used as an added defense against Spam messages, and is highly effective without the need for resource intensive scanning.

Step1: Download the Razor SDK package at:

http://razor.sourceforge.net/download/

This is a package that includes all dependencies required to run the Razor agent via Perl ( Time::HiRes, Digest::SHA1, MIME::Base64 , Getopt::Long , File::Copy and URI::Escape )

To install:

# wget 'http://internap.dl.sourceforge.net/sourceforge/razor/razor-agents-sdk-2.07.tar.bz2'

Note: Use the main site for the latest package

# bunzip2 razor-agents-sdk-2.07.tar.bz2
# tar xfv razor-agents-sdk-2.07.tar

Uncompress the archive

# cd razor-agents-sdk-2.07
# export LANG=C ; perl Makefile.PL ; make install

This will compile the Razor SDK and install any missing dependencies on your server.

You are now ready to proceed with the Razor installation.

Step2: Installing the Razor package

This is the runtime binary used by Spamassassin to connect to the Razor spam reporting network.

# wget 'http://superb-east.dl.sourceforge.net/sourceforge/razor/razor-agents-2.82.tar.bz2'

Note: Use the main site for the latest package

# bunzip2 razor-agents-2.82.tar.bz2
# tar xfv razor-agents-2.82.tar

Uncompress the archive

# cd razor-agents-2.82/
# export LANG=C ; perl Makefile.PL ; make install

This will complete the installation of the Razor package. The next step is to configure Spamassassin to use the Razor module.

Step3: Configuring Spamassassin

Once Razor is installed, Spamassassin must be reinstalled to recognize the Razor module.

* To re-install Spamassassin:

# cd /usr/local/atmail/webmail/libs/src/sa-atmail/

# perl Makefile.PL INSTALLDIRS=vendor PREFIX=/usr/local/atmail/spamassassin/ CONFDIR=/usr/local/atmail/spamassassin/etc/ DATADIR=/usr/local/atmail/spamassassin/etc/

# make ; make install

Next, setup the directory and runtime structure for Razor

# mkdir /usr/local/atmail/spamassassin/razor

# razor-admin -home=/usr/local/atmail/spamassassin/razor/ -register

This will register the utility to connect to the Razor network

# razor-admin -home=/usr/local/atmail/spamassassin/razor/ -create

# razor-admin -d -home=/usr/local/atmail/spamassassin/razor/ -discover

Next, this will report if you can successfully connect to the Razor network.

If successful, proceed to the next stage, otherwise check your firewall has not blocked any outgoing ports.

Step4: Editing the Spamassassin local.cf

Once Razor is installed Spamassassin must be configured to recognize Razor.

Edit the file:

/usr/local/atmail/spamassassin/etc/local.cf

Append:

# Default Razor settings, hardcoded
loadplugin Mail::SpamAssassin::Plugin::Razor2
razor_config /usr/local/atmail/spamassassin/razor/razor-agent.conf

Note: When using the @Mail Webadmin > Filters > Spam-settings the local.cf will be re-written, so this value will have to be reset ( Razor will be included by default in a future @Mail version )

Next, edit:

/usr/local/atmail/spamassassin/razor/razor-agent.conf

Append the razorhome location:

razorhome = /usr/local/atmail/spamassassin/razor/

Once complete, restart the @Mail services to recognize the new configuration:

# /etc/init.d/atmailserver restart

Or use this for Redhat/fedora

# service atmailserver restart

Step5: Testing Razor detection works

First you can download a common spam message that will trigger Razor detection at:

# wget 'http://kb.atmail.com/attach/spam-mail.txt'

Next, test a message via Spamassassin in debug mode for the results

# /usr/local/atmail/spamassassin/bin/spamassassin -t -D < spam-mail.txt

This will print verbose debugging info while scanning the email via Spamassassin.

On a successful Razor installation you will see the following returned:

[19046] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC
[19046] dbg: razor2: razor2 is available, version 2.82

And the message should return a positive Razor match:

0.5 RAZOR2_CHECK           Listed in Razor2 (http://razor.sf.net/)

Congratulations, you have now configured Spamassassin to use Razor, and users will receive a lot less incoming Spam!


Filed under: Anti-Spam — info @ 2:24 pm

2 Comments »

  1. In Step 3, instead of /usr/local/atmail/webmail/libs/src/sa-atmail/
    I used /usr/local/atmail/server_source. The directory cd /usr/local/atmail/webmail/libs/src/sa-atmail/ didn’t exist on my 5.6 install.

    Also, /usr/local/atmail/spamassassin/etc/local.cf didn’t exist, so I created it. Maybe that’s another 5.6 issue?

    Comment by Steve Bogner — February 11, 2009 @ 2:07 pm
  2. After following all above steps failed to get Razor2 scanning emails.
    Had to create /usr/local/atmail/spamassassin/etc/25_atmail.cf file and added following entry

    loadplugin Mail::SpamAssassin::Plugin::Razor2

    Comment by Ali Tajik — October 5, 2009 @ 8:03 pm

RSS feed for comments on this post. TrackBack URI

Leave a comment