MailScanner: October 2004 Archives

Spam Assassin 3 comes with a builtin SPF record checker, so it would make sense to publish SPF records for domains. Or would it? This domain has now got a simple set of SPF records which I setup using a couple of the online tools to generate them. If you want to see how many domains are publishing SPF have a look here. Although it is not a definitive listing it does give some indication of the number of records published, including some of the higher profile sites. Gmail checks for SPF, so you will see results in your headers: Received-SPF: neutral (gmail.com: xxx.xxx.xxx.xxx is neither permitted nor denied by domain of xxxxx@xxxx.com) The key with SPF is the scoring. If you explicitly set your SPF records to a limited number of hosts/IPs then any mail purporting to come from your domain will be checked against its SPF record. If the sending IP/hostname is not in the SPF record then the receiving MTA should not "trust" it. Will this lead to a reduction in spam? No, but it should help to cut down the amount of spoofed junk hitting people's mail boxes. If you publish SPF records for your domains you *should* be able to reduce the likelihood of you r domain being used in a "joe job". At least that's my understanding of it. If you need help in setting up SPF records then look at:

• SPF site
• SPF tools

There is a lot of debate surrounding SPF in general, but some good articles like this one make it very clear.

Upgrading MailScanner on an rpm based system is not complicated as long as you read the messages on the screen. First off go to the MailScanner download section and get the version you want to upgrade to. The second one in the list is the rpm version for RedHat and derivatives. Normally there is a choice of "stable" and "beta" downloads. What's the difference? The stable has been tested more thoroughly by beta testers and is unlikely to cause any issues on your system. The beta release may not be as thoroughly tested and is not really aimed at the "faint hearted". Put it another way, if you are not extremely comfortable with managing MailScanner don't use the beta release :mrgreen: I would recommend that you download any installers into a specific directory in /home, for example I use /home/blacknight to store them. DO NOT download the installer to /etc/MailScanner Let's begin: cd /home/blacknight (edit this to taste) wget http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/rpm/MailScanner-4.34.8-4.rpm.tar.gz (change URL to the most recent version / the version you want to install) tar -zxvf MailScanner-4.34.8-4.rpm.tar.gz (change to file you have downloaded) cd MailScanner* < <- move into the MailScanner installer directory At this point it would not be a bad idea to stop the running MS daemon, so issue the following commands: /etc/init.d/MailScanner stop /etc/init.d/MailScanner startin This will stop the main daemon but then restart the incoming queue. Next we install MS by running: ./install.sh Depending on your setup it can take anything up to 15 minutes to complete. At the end of the process do the following (presuming you haven't had huge errors!) cd /etc/MailScanner << where the MailScanner scripts "live" upgrade_MailScanner_conf << if run by itself it will give you tips on usage upgrade_MailScanner_conf MailScanner.conf MailScanner.conf.rpmnew > MailScanner.new this will read in the "new" config file and "intelligently" append any new option directives to your existing config which will create a new file called MailScanner.new You can compare the two files using the "diff" command if you want, but the output of the upgrade script is usually quite verbose. We then need to overwrite the "old" config file with the new one: mv -f MailScanner.conf MailScanner.old mv -f MailScanner.new MailScanner.conf Now restart MailScanner: /etc/init.d/MailScanner restart If you want to see exactly what you are using try this: MailScanner -v which will give you a quite verbose breakdown of all the various modules and addons in use on your system Enjoy!

Julian's book finally arrived today. I haven't had time to read it yet, but it's nice to get a "hard copy". I really hate reading books off a screen.