[Kolab-devel] Better anti-spam for kolab

Jørgen Hermanrud Fjeld jhf at linpro.no
Tue Jan 2 09:59:02 CET 2007 

Hello,
I would like kolab out of the box to fight spam in a better manner.
To this end I have made some patches that does that:
* Use RBL to reject known spammers.
* Use greylisting to delay spammers.
* Have stricter requirementes for sender and receiver.

I hope to have this patch included into Kolab, which is why I have tried
to make it inobtrusive. Any feedback on changes is welcome.

The patches add some options kolab-webadmin to enable/disable the new
features, as well as to perl-kolab to act on those changes, and kolabd
to extend the ldap schema to store the settings for these features.

I addition the postgrey package is included for doing greylisting.

The patches are attached to this email, and the postgrey package is
available from OpenPKG, as well as here
"http://limacute.projects.linpro.no/browser/trunk/PKG/postgrey-1.27-2.20060801.src.rpm?format=raw".

Notice that the patches are against an installation of kolab 2 beta 3,
if you wish I will do them against cvs.

-- 
MVH
Jørgen H. Fjeld
Systemleveranser
Linpro AS
-------------- next part --------------
--- /kolab/etc/openldap/schema/kolab2.schema.orig	2007-01-02 09:08:55.000000000 +0100
+++ /kolab/etc/openldap/schema/kolab2.schema	2007-01-02 09:09:00.000000000 +0100
@@ -384,6 +384,30 @@
   SUBSTR caseIgnoreIA5SubstringsMatch
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
 
+attributetype ( 1.3.6.1.4.1.19414.2.1.511
+  NAME 'postfix-require-fqdn'
+  EQUALITY booleanMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.19414.2.1.512
+  NAME 'postfix-reject-unknown'
+  EQUALITY booleanMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.19414.2.1.513
+  NAME 'postfix-rbl'
+  EQUALITY booleanMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.19414.2.1.514
+  NAME 'postfix-greylist'
+  EQUALITY booleanMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 
+  SINGLE-VALUE )
+
 ##########################
 # cyrus imapd attributes #
 ##########################
@@ -534,6 +558,10 @@
         postfix-virtual $
         postfix-enable-virus-scan $
         postfix-allow-unauthenticated $
+        postfix-greylist $
+        postfix-rbl $
+        postfix-reject-unknown $
+        postfix-require-fqdn $
         cyrus-quotawarn $
         cyrus-autocreatequota $
         cyrus-admins $
-------------- next part --------------
--- /kolab/var/kolab/www/admin/service/index.php.orig	2007-01-02 09:03:31.000000000 +0100
+++ /kolab/var/kolab/www/admin/service/index.php	2007-01-02 09:03:37.000000000 +0100
@@ -39,6 +39,7 @@
   global $http;
   global $httpallowunauthfb;
   global $amavis;
+  global $postgrey;
   global $quotawarn;
   global $freebusypast;
   global $postfixmydomain;
@@ -47,6 +48,9 @@
   global $postfixallowunauth;
   global $postfixrelayhost;
   global $postfixrelayport;
+  global $postfixrbl;
+  global $postfixrejectunknown;
+  global $postfixrequirefqdn;
   global $kolabhost;
   global $kolabfilterverifyfrom;
   global $kolabfilterallowsender;
@@ -65,6 +69,7 @@
 	$http = $attrs['apache-http'][0];
 	$httpallowunauthfb = $attrs['apache-allow-unauthenticated-fb'][0];
 	$amavis = $attrs['postfix-enable-virus-scan'][0];
+	$postgrey = $attrs['postfix-greylist'][0];
 	$quotawarn = $attrs['cyrus-quotawarn'][0];
 	$freebusypast = $attrs['kolabFreeBusyPast'][0];
 	$postfixmydomain = $attrs['postfix-mydomain'][0];
@@ -75,6 +80,9 @@
 	$postfixallowunauth = $attrs['postfix-allow-unauthenticated'][0];
 	$postfixrelayhost = $attrs['postfix-relayhost'][0];
 	$postfixrelayport = $attrs['postfix-relayport'][0];
+	$postfixrbl = $attrs['postfix-rbl'][0];
+	$postfixrejectunknown = $attrs['postfix-reject-unknown'][0];
+	$postfixrequirefqdn = $attrs['postfix-require-fqdn'][0];
 	$kolabhost = $attrs['kolabHost'];
 	unset( $kolabhost['count'] );
 	$kolabfilterverifyfrom = $attrs['kolabfilter-verify-from-header'][0];
@@ -126,6 +134,7 @@
   if( postvalue( 'ftp' ) != $ftp )     $attrs['proftpd-ftp'] = postvalue( 'ftp' );
   if( postvalue( 'http' ) != $http )    $attrs['apache-http'] = postvalue( 'http' );
   if( postvalue( 'amavis' ) != $amavis )  $attrs['postfix-enable-virus-scan'] = postvalue( 'amavis' );
+  if( postvalue( 'postgrey' ) != $postgrey )  $attrs['postfix-greylist'] = postvalue( 'postgrey' );
   
   if( !($result = ldap_modify($ldap->connection, "k=kolab,".$_SESSION['base_dn'], $attrs)) ) {
 	$errors[] = sprintf( _("LDAP Error: failed to modify kolab configuration object: %s"),
@@ -179,6 +188,17 @@
   }
 }
 
+if( $_REQUEST['submitpostfixantispam'] ) {
+  $attrs = array();
+  $attrs['postfix-require-fqdn'] = postvalue( 'postfixrequirefqdn' );
+  $attrs['postfix-reject-unknown'] = postvalue( 'postfixrejectunknown' );
+  $attrs['postfix-rbl'] = postvalue( 'postfixrbl' );
+  if( !($result = ldap_modify($ldap->connection, "k=kolab,".$_SESSION['base_dn'], $attrs)) ) {
+	$errors[] = sprintf(_("LDAP Error: failed to modify kolab configuration object: %s"),
+						ldap_error($ldap->connection));
+  }
+}
+
 if( $_REQUEST['submitkolabfilter'] ) {
   $attrs = array(
 				 'kolabfilter-verify-from-header'        => postvalue( 'kolabfilterverifyfrom' ),
@@ -279,7 +299,8 @@
 				  array( 'service' => 'imaps', 'name' => _('IMAP/SSL Service (TCP port 993)'), 'enabled' => toboolstr( $imaps ) ),
 				  array( 'service' => 'sieve', 'name' => _('Sieve service (TCP port 2000)'), 'enabled' => toboolstr( $sieve ) ),
 				  array( 'service' => 'amavis', 'name' => _('Amavis Email Scanning (Virus/Spam)'), 
-						 'enabled' => toboolstr( $amavis ) ) );
+						 'enabled' => toboolstr( $amavis ) ),
+				  array( 'service' => 'postgrey', 'name' => _('Postgrey (Greylisting to prevent spam)'), 'enabled' => toboolstr( $postgrey ) ) );
 
 /**** Check for system aliases ****/
 function exists_group( $group ) {
@@ -304,6 +325,9 @@
 $smarty->assign( 'postfixallowunauth', toboolstr($postfixallowunauth) );
 $smarty->assign( 'postfixrelayhost', $postfixrelayhost );
 $smarty->assign( 'postfixrelayport', $postfixrelayport );
+$smarty->assign( 'postfixrbl',          toboolstr($postfixrbl));
+$smarty->assign( 'postfixrejectunknown',toboolstr($postfixrejectunknown));
+$smarty->assign( 'postfixrequirefqdn',  toboolstr($postfixrequirefqdn));
 $smarty->assign( 'kolabfilterverifyfrom', toboolstr($kolabfilterverifyfrom) );
 $smarty->assign( 'kolabfilterallowsender', toboolstr($kolabfilterallowsender) );
 $smarty->assign( 'kolabfilterrejectforgedfrom', toboolstr($kolabfilterrejectforgedfrom) );
--- /kolab/var/kolab/php/admin/templates/service.tpl.orig	2007-01-02 09:04:49.000000000 +0100
+++ /kolab/var/kolab/php/admin/templates/service.tpl	2007-01-02 09:04:54.000000000 +0100
@@ -82,6 +82,21 @@
 </form>
 </div>
 <br />
+<h2>{tr msg="Anti Spam Measures"}</h2>
+<div class="contentform">
+<form name="postfixantispam" method="post">
+<input type="checkbox" name="postfixrequirefqdn" {if $postfixrequirefqdn == 'true' }checked{/if} />
+{tr msg="Reject email if not both sender and receiver have a syntactically valid domain name."}
+<br />
+<input type="checkbox" name="postfixrejectunknown" {if $postfixrejectunknown == 'true' }checked{/if} />
+{tr msg="Reject email if not both sender and receiver domains can be verified by DNS lookup. It is recommended to also require syntactically valid domain names, to avoid lookup of domain names that are obviously bogus."}
+<br />
+<input type="checkbox" name="postfixrbl" {if $postfixrbl == 'true' }checked{/if} />
+{tr msg="Reject email from IP adresses of known spammers, detected by RBL lookup."}
+<div align="right"><input type="submit" name="submitpostfixantispam" value="{tr msg="Update"}" /></div>
+</form>
+</div>
+<br />
 <h2>{tr msg="Domains"}</h2>
 <table class="contenttable" cellpadding="0" cellspacing="1px">
 	<tr class="contentrow">
-------------- next part --------------
--- /kolab/lib/perl/vendor_perl/5.8.7/Kolab.pm.orig	2007-01-02 09:01:10.000000000 +0100
+++ /kolab/lib/perl/vendor_perl/5.8.7/Kolab.pm	2007-01-02 08:58:40.000000000 +0100
@@ -444,6 +444,14 @@
         system("/kolab/bin/openpkg rc proftpd stop");
     }
 
+    if ($config{'postfix-greylist'} =~ /true/i) {
+        Kolab::log('K', 'Starting Postgrey if not running');
+        system("/kolab/bin/openpkg rc postgrey start");
+    } else {
+        &log('K', 'Stopping Postgrey, if running...');
+        system("/kolab/bin/openpkg rc postgrey stop");
+    }
+
     %Kolab::Conf::haschanged = ();
 
     &log('K', 'Reload finished');
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.kolab.org/pipermail/devel/attachments/20070102/84529939/attachment.sig>

More information about the devel mailing list