Spam Assasin Virtual Appliance Question

Question asked by Jay Altemoos - 11/1/2016 at 1:17 PM

Unanswered

I am sure this isn't covered here but I figured I would ask anyways. So I downloaded and got the spam assassin virtual appliance running. Smarter is talking to it and we have already seen improvements for trapping spam. The issues I have with the appliance are #1) It's using a outdated version of CentOS and #2) it's using a outdated version of Spam Assassin (3.2.4). Which Spam Assassin 3.2.4 is warned against using on the Apache website and should be updated immediately. Basically they are hands off on that version now since there has been several fixes in place. So it's a use at your own risk type of deal. Anyways, I am familiar enough with Linux to navigate around and run commands from the command line. Spam Assassin's sa-update on the virtual appliance does not work. So the question I have about the virtual appliance is with Webmin. There's 2 plugins for spam assasssin (Spamd Startup Parameters and Spam Statistics) that appear to be custom in the webmin interface that are not in the common newer release. Any idea where or if I can get those 2 plugins for the new release of webmin somewhere?

Reason why I ask is because since the sa-update does not work in the SAVASM, I built a Ubuntu 16.10 virtual server box to configure and run spam assassin on. I like the 2 options I mentioned above for webmin, but after days of searching I have turned up zero. I also checked out the EFA-Project but that too has it's limitations. It's not easily intergrated to SM at all and it wants PostFix to be the MTA which is not what I want. SM is the MTA.

I am kind of at a stand still at the moment, any ideas? This may or may not be able to be answered here, but figured I would try.

6 Replies

Reply to Thread

Employee Replied

11/2/2016 at 10:39 AM

Employee Post

Jay,

The SpamAssassin virtual appliance was made by one of our community members, the project has since been discontinued from what I understand so no further improvements have been made. I'm unsure where to download the SpamAssassin plugins for webmin unfortuantely.

You may be able to retrieve the Webmin plugins from the SpamAssassin virtual appliance and copy these over to your ubuntu VM's webmin installation using Webmins built in export functionality for modules.

Jay Altemoos Replied

11/2/2016 at 1:19 PM

Good afternoon Von. Thank you for the response. So here's what I found out from sifting through the webmin install on the virtual appliance, there are 2 custom cgi modules placed in there to give that functionality. So what I have done so far is build a Ubuntu 16.10 server in VMWarePlayer and get the initial config done with Webmin and Spamassassin. Then I had to place those config files from the virtual appliance in place and then make a few edits, and also to some webmin files as well so they are looking at the correct files needed. Several hours worth of work so far just sifting through the code and making sense of what the custom modules are looking at. In the end I got the icons to populate in webmin and got the instructions to work.

Reason for doing that is because I liked the functionality of seeing what rules have trapped what and ease of use for making sure spamd would allow SmarterMail to make calls to it. That way if one of the other tech in my office needs to make a change they don't have to learn how to navigate Linux through the command window. Webmin will take care of it right there.

I will keep this posted on what transpired after I test it on our test server.

Jay Altemoos Replied

11/2/2016 at 1:26 PM

Also on a side note, I also checked out the EFA-Project. It looks really promising but the biggest issue I have with it is that EFA basicaly wants to be a proxy between the internet and your mail server unless you are using the EFA project as your entire solution. In a nut shell unless it can be configured the same way the SAVASM can, a lot of people may not use it. I would need to spend some quality time with it to get it configured and test.

Employee Replied

11/2/2016 at 1:30 PM

Employee Post

Jay, thank you for the update, glad to hear you were able to get everything up and running. Although it sounded like it took a decent amount of effort I'm sure this will pay off in your environment.

Your feedback mirrors that of a few others who deploy such virtual appliances where these are used for reporting (what specifically is flagging messages as spam, and under what rules, etc) and message recoverability in the event of false positives (which we do offer, in regards to outbound quarantining of spam, but do not have for incoming at this time).

I'd like to forward this on to our developers as well so that we could potentially offer similar features within our reporting.

Thanks again for your feedback, let me know how everything is running once you get a chance to test fully.

Employee Replied

11/2/2016 at 1:40 PM

Employee Post

Jay, the EFA project uses the standard release of SpamAssassin and it can be configured to accept remote connections if you only wanted to leverage the SpamAssassin portion of it.

From my testing, it doesn't actually proxy the connection, but acts as a gateway. EFA will perform user verification in which EFA reaches out to your configured mail server and issues a RCPT to: command for the account mail is delivered to, if the mailbox does not exist, the connection is rejected within EFA.

After this verification, it accepts and handles mail like any MTA\Gateway (such as Barracuda, Juniper, etc). Based on your transport settings it will only accept and deliver mail addressed to only valid users and then will pass them down to the SmarterMail server.

I like EFA personally for the ease in quarantining messages and releasing them. Upon release, you also have the option to 'learn' from false positives where the rule set for SA is then updated on the fly.

Jay Altemoos Replied

11/28/2016 at 3:17 PM

So I just wanted to update this thread in case anyone was curious. I originally built an Ubuntu VM server and ran that from within Virtualbox on our SM server. While it took some tap dancing to get everything setup, I ran into a few weird issues where SM kept complaining that it couldn't connect to SpamAssassin and it was random. It would connect and then wouldn't. So instead of spending several more hours chasing that down, I ended up using the EFA appliance instead.

I run the EFA appliance in virtual box and placed the edits I needed for the configuration of Spamassassin to run as a daemon. I also wanted to see the spamassassin reporting like the SAVSM appliance had. Since both devices are using CentOS, I only had to grab a few files I needed and drop them in place. There are a few edits that were needed, but nothing major. I can outline them in a thread here if anyone wants them. It's not too difficult, but some basic Linux knowledge is helpful. I did most of it through the Webmin interface.

I just want to note, I am not running the EFA appliance to it's fullest potential because my VirtualBox installation is running on the same machine. Our server has a public IP specified and placing the VM in front of it was not something I wanted to do. I understand that EFA acts as a gateway and is very handy. In fact I liked a lot of the features they have built into it, but all I really needed was the Spamassassin part. So EFA is only providing Spamassassin support at this point and that's it. Plus the main concern I had was if the EFA VM did go down for whatever reason, my email flow would be dead in the water if I put the EFA VM in front of the mail server. Worst case scenario now would be the remote spamassassin server would not be available until the VM came back up. So email flow is not impacted the way I have things configured.

Back to Community Threads

Please leave this box unchecked

6 Replies

Reply to Thread

Tags

Related Knowledge Base Articles