SpamBouncer administration reference:

Purpose:

PreRequisites:

• The reader is executing the procedure herein on a supported platform, as defined here.
• The person performing this procedure can log into the target NetMAX system as the administrative user.
• The person performing this procedure is familiar with the basics of operating a NetMAX server, as outlined in the NetMAX Server Manual.

Overview

This document outlines how to administer the SpamBouncer system on a global level, and is intended for system administrators.

Please note that the SpamBouncer is very CPU intensive when filtering mail. It has been tested on a small-to-medium sized network of about 50 users. For larger installations, SpamBouncer may adversely affect the performance of the mailserver. If this is the case, it can easily be disabled using the instructions below.

SpamBouncer can be globally enabled or disabled by an administrator and can be configured to handle spam in a variety of ways.

SpamBouncer enable/disable

SpamBouncer can be globally enabled or disabled via the "spambouncer" entry in /etc/sysconfig/netmax. Simply set the "spambouncer" variable within this file equal to "yes" to enable SpamBouncer or "no" to disable SpamBouncer. SpamBouncer is enabled by default immediately after the SpamBouncer package installation. This file can be edited through the NetMAX Files Management interface where it can be found within the "root" file tree.

SpamBouncer GlobalNoBounce

The SpamBouncer GlobalNoBounce file is the system-wide version of the per user .nobounce file. This file is named "globalnobounce" and is located in /usr/netmax/spambouncer. Using the NetMAX Files Management interface an administrator can enter email sources that do not require filtering system-wide. This will speed up delivery of your mail and reduce the work your server must do to filter mail, since email from addresses in the "globalnobounce" file is filtered for viruses, but nothing else. In addition, if you regularly add the email addresses of acceptable sources to the "globalnobounce" file, you can use more aggressive filtering options in the SpamBouncer without having a large number of false positives. A sample "globalnobounce" file is shown below:

friend@home.com anotherfriend@home.com boss@work.com coworker@work.com mom@juno.com brother@yahoo.com kid@highschool.kids.us

You can also add partial strings, such as entire domains or subdomains, or partial email addresses, to the "globalnobounce" file. For example, if you know that all email sent from the subdomain engineering.work.com is from one of your coworkers and nobody else, you could add that string to the "globalnobounce" file just as you would add an email address. If the have a friend who habitually changes ISPs or uses email accounts at multiple sites, but whose email address always starts with skywalker@, you could add that string to your "globalnobounce" file just as you would add an email address.

NOTE: Be careful about adding partial strings or entire domains to the "globalnobounce" file. If the string you add is a common string that might be found in email other than the email you are expecting, this can cause the SpamBouncer to think that a spam is okay and not filter it. For example, if you have several friends who have email addresses at aol.com, and you add aol.com to the "globalnobounce" file, the SpamBouncer will pass anything that appears to be from anyone at aol.com without filtering it. Lots of spammers forge email address at aol.com in the From: lines of their spam, so this means you would get a lot of spam in your inbox that the SpamBouncer would otherwise have caught. It is safest to add only complete email addresses to the "globalnobounce" file unless you are an experienced user and understand the implications of a partial match.

SpamBouncer spam handling configurations

SpamBouncer can be configured to handle spam in a variety of ways. Configuration at the NetMAX administrator level occurs within the /usr/netmax/spambouncer/NetMAXsbrc file. This file can be edited through the NetMAX Files Management interface where it can be found within the "root" file tree. The following sections describe typical administrator scenarios and SpamBouncer configurations that correlate with these scenarios. These sections were copied from www.spambouncer.org . SpamBouncer's default configuration correlates with the "Risk-Averse or New Users" configuration.

Risk-Averse or New Users

Users who do not want to risk false positives should use this configuration. This is also the configuration you should start with, regardless of what you do after you become comfortable with Unix and the SpamBouncer.

• BLOCKFOLDER and SPAMFOLDER. Set both of these variables to the name of a folder where you want the SpamBouncer store email that it catches. Once every few days, review this folder to make sure no legitimate email was caught in error. Add the email address of anyone whose email was caught in error to your NOBOUNCE file or LEGITLISTS file (depending on whether it was individual email or a mailing list), and then delete everything else.
• BLOCKREPLY, PATTERNMATCHING, and SPAMREPLY. Set all three of these variables to SILENT. You don't want to send autoreplies or bounces, but you do want Pattern Matching turned on and the default setting leaves it off.
• VIRUSFOLDER. Set this variable to /dev/null to delete all viruses. You don't want to take chances with a virus, and the false positive rate on the virus filters is near zero.

Ready to Fight Back

Users who are willing to accept a low false positive rate, and who want to use the SpamBouncer's autocomplaining features, should set the following variables:

• ALTFROM. Set this to the email address from which you want to send complaints. You may want to obtain a free email address at Yahoo or another free provider and use it just for this purpose. Some ISPs forward spam complaints to spammers, and spammers have been known to sell the addresses of people who complain to other spammers as "known live" email addreses, or even mailbomb those who complain. It is best not to send complaints from your normal email address. (A user pointed out that a number of abuse addresses reject complaints from people with Hotmail addresses. You might want to avoid using Hotmail for your complaint account.)
• BLOCKFOLDER and SPAMFOLDER. Set both of these variables to the name of a folder where you want the SpamBouncer store email that it catches. Once every few days, review this folder to make sure no legitimate email was caught in error. Add the email address of anyone whose email was caught in error to your NOBOUNCE file or LEGITLISTS file (depending on whether it was individual email or a mailing list). Delete anything the SpamBouncer has complained about already, or that you don't want to bother with, and complain about the rest manually.
• BLOCKREPLY. Set this to SILENT. Email classified as Blocked does have some false positives in it, so check your BLOCKFOLDER/SPAMFOLDER regularly to rescue anything you wanted to receive. (And add the sender's name to your NOBOUNCE file to prevent further blocking.)
• PATTERNMATCHING. Set this variable to SILENT. You don't want to send autoreplies or bounces for Pattern Matching because it is more prone to false positives than other types of Blocked email, but you do want Pattern Matching turned on and the default setting leaves it off. (Add the sender's name to your NOBOUNCE file to prevent further blocking.)
• SENDMAIL. Set this to point to your system's copy of the sendmail program. On many systems, this is located in /usr/bin/sendmail, /usr/sbin/sendmail, or even /bin/sendmail. If you do not set this variable correctly, the SpamBouncer will not be able to send bounces, complaints, or notify messages.
• SPAMREPLY. Set this to COMPLAIN. The SpamBouncer very rarely classifies legitimate email as spam. It also does not complain about most spam; it complains only about spam from known spam sources, and usually very aggressive known spam sources that send a lot of spam. By auto-complaining, you ensure that the ISPS of egregious and aggressive spammers are notified immediately when their spamming customers spam again.
• VIRUSFOLDER. Set this variable to /dev/null to delete all viruses. You don't want to take chances with a virus, and the false positive rate on the virus filters is near zero.

I hate spam and I want it gone now

If you feel this way, then you and I obviously have some common ancestors or early environmental influences in common. Set the following variables if you want to autocomplain aggressively, bounce spam back, and notify users whose mail is blocked by the SpamBouncer, and are willing to check the BLOCKFOLDER frequently for false positives:

• ALTFROM. Set this to the email address from which you want to send complaints.
• BLOCKFOLDER. Set this variable to the name of a folder where you want the SpamBouncer store blocked email. Once every few days, review this folder to make sure no legitimate email was caught in error. Add the email address of anyone whose email was caught in error to your NOBOUNCE file or LEGITLISTS file (depending on whether it was individual email or a mailing list). Delete anything the SpamBouncer has complained about already, or that you don't want to bother with. Complain about the rest manually.
• BLOCKREPLY. Set this to NOTIFY. Email classified as Blocked does have some false positives in it, so in addition to notifying people, you should check your BLOCKFOLDER/SPAMFOLDER regularly to rescue anything you wanted to receive. (And add the sender's name to your NOBOUNCE file to prevent further blocking.)
• PATTERNMATCHING. Set this variable to NOTIFY as well, and the SpamBouncer will treat email caught by the Pattern Matching filters exactly as it does Blocked email. (Add the sender's name to your NOBOUNCE file to prevent further blocking.)
• SENDMAIL. Set this to point to your system's copy of the sendmail program. On many systems, this is located in /usr/bin/sendmail, /usr/sbin/sendmail, or even /bin/sendmail. If you do not set this variable correctly, the SpamBouncer will not be able to send bounces, complaints, or notify messages.
• SPAMFOLDER. Set this variable to the name of a folder where you want the SpamBouncer store spam, and review the folder every few days so that you can complain manually about anything the SpamBouncer didn't autocomplain about, or set it to /dev/null if you don't want to be bothered with it further.
• SPAMREPLY. Set this to COMPLAIN, BOUNCE, or BOTH. COMPLAIN will cause the SpamBouncer to send automatic complaints about spam that comes from a known source. BOUNCE will cause the SpamBouncer to bounce spam back to the sender, unless the sender email address is an obvious forgery. BOTH will cause it to do both. I recommend setting this to COMPLAIN because a lot of spammers forge From: lines and bouncing their email just adds to the load on the Internet. (I may remove the BOUNCE option entirely in the future.)
• VIRUSFOLDER. Set this variable to /dev/null to delete all viruses, or to a folder if you want to look at the virus emails on your Unix system (which is probably immune to them) and determine who might be infected so that you can notify them or their ISP and get the problem fixed.