SpamPD - Spam Proxy Daemon (version 2.10)
spampd [--host=host[:port]] [--relayhost=hostname[:port]] [--user|u=username] [--group|g=groupname] [--children|c=n] #[--maxchildren|mc=n] [--maxrequests=n] [--childtimeout=n] [--satimeout=n] [--pid|p=filename] [--maxsize=n] [--dose] [--tagall|a] [--log-rules-hit|rh] [--auto-whitelist|aw] [--local-only|L] [--debug|d]
spampd --help
spampd is an SMTP/LMTP proxy that marks (or tags) spam using SpamAssassin (http://www.SpamAssassin.org/). The proxy is designed to be transparent to the sending and receiving mail servers and at no point takes responsibility for the message itself. If a failure occurs within spampd (or SpamAssassin) then the mail servers will disconnect and the sending server is still responsible for retrying the message for as long as it is configured to do so.
spampd uses SpamAssassin to modify (tag) relayed messages based on their spam score, so all SA settings apply. This is described in the SA documentation. spampd will by default only tell SA to tag a message if it exceeds the spam threshold score, however you can have it rewrite all messages passing through by adding the --tagall option (see SA for how non-spam messages are tagged).
spampd logs all aspects of its operation to syslog(8), using the mail syslog facility.
The latest version can be found at http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm.
Perl modules:
spampd is meant to operate as an S/LMTP mail proxy which passes each message through SpamAssassin for analysis. Note that spampd does not do anything other than check for spam, so it is not suitable as an anti-relay system. It is meant to work in conjunction with your regular mail system. Typically one would pipe any messages they wanted scanned through spampd after initial acceptance by your MX host. This is especially useful for using Postfix's (http://www.postfix.org) advanced content filtering mechanism, although certainly not limited to that application.
Please re-read the second sentence in the above paragraph. You should NOT enable spampd to listen on a public interface (IP address) unless you know exactly what you're doing! It is very easy to set up an open relay this way.
Here are some simple examples (square brackets in the ``diagrams'' indicate physical machines):
Running between firewall/gateway and internal mail server
The firewall/gateway MTA would be configured to forward all of its mail to the port that spampd listens on, and spampd would relay its messages to port 25 of your internal server. spampd could either run on its own host (and listen on any port) or it could run on either mail server (and listen on any port except port 25).
Internet -> [ MX gateway (@inter.net.host:25) ->
spampd (@localhost:2025) ] ->
Internal mail (@private.host.ip:25)
Using Postfix advanced content filtering
Please see the FILTER_README that came with the Postfix distribution. You need to have a version of Postfix which supports this (ideally v.2 and up).
Internet -> [ Postfix (@inter.net.host:25) ->
spampd (@localhost:10025) ->
Postfix (@localhost:10026) ] -> final delivery
Note that these examples only show incoming mail delivery. Since it is usually unnecessary to scan mail coming from your network (right?), it may be desirable to set up a separate outbound route which bypasses spampd.
Upgrading from version 1 simply involves replacing the spampd program file with the latest one. Note that the dead-letters folder is no longer being used and the --dead-letters option is no longer needed (though no errors are thrown if it's present). Check the Options list below for a full list of new and deprecated options. Also be sure to check out the change log.
spampd can be run directly from the command prompt if desired. This is useful for testing purposes, but for long term use you probably want to put it somewhere like /usr/bin or /usr/local/bin and execute it at system startup. For example on Red Hat-style Linux system one can use a script in /etc/rc.d/init.d to start spampd (a sample script is available on the spampd Web page @ http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm).
The options all have reasonable defaults, especially for a Postfix-centric installation. You may want to specify the --children option if you have an especially beefy or weak server box because spampd is a memory-hungry program. Check the Options for details on this and all other parameters.
Note that spampd replaces spamd from the SpamAssassin distribution in function. You do not need to run spamd in order for spampd to work. This has apparently been the source of some confusion, so now you know.
Here is a typical setup for Postfix ``advanced'' content filtering as described in the FILTER_README that came with the Postfix distribution (which you really need to read):
/etc/postfix/master.cf:
smtp inet n - y - - smtpd
-o content_filter=smtp:localhost:10025
-o myhostname=mx.example.com
localhost:10026 inet n - n - 10 smtpd
-o content_filter=
-o myhostname=mx-int.example.com
The first entry is the main public-facing MTA which uses localhost:10025
as the content filter for all mail. The second entry receives mail from
the content filter and does final delivery. Both smtpd instances use
the same Postfix main.cf file. spampd is the process that listens on
localhost:10025 and then connects to the Postfix listener on localhost:10026.
Note that the myhostname options must be different between the two instances,
otherwise Postfix will think it's talking to itself and abort sending.
For the above example you can simply start spampd like this:
spampd --host=localhost:10025 --relayhost=localhost:10026
FILTER_README from the Postfix distro has more details and examples of various setups, including how to skip the content filter for outbound mail.
Another tip for Postfix when considering what timeout values to use for --childtimout and --satimeout options is the following command:
# postconf | grep timeout
This will return a list of useful timeout settings and their values. For
explanations see the relevant man page (smtp, smtpd, lmtp). By default
spampd is set up for the default Postfix timeout values.
(changed in v2)Important! You should NOT enable spampd to listen on a public interface (IP address) unless you know exactly what you're doing!
(new in v2)(new in v2)You may want to set your origination mail server to limit the
number of concurrent connections to spampd to match this setting (for
Postfix this is the xxxx_destination_concurrency_limit setting where
'xxxx' is the transport being used, usually 'smtp', and the default is 100).
(new in v2)(new in v2)(new in v2)(new in v2)(new in v2.1)(new in v2.1)(new in v2)(changed in v2)
The following options are no longer used but still accepted for backwards compatibility with spampd v1:
spampd --host=192.168.1.10
Same as above but spampd runs on port 10025 of the same host as the firewall/gateway and passes messages on to the internal mail server on another host.
spampd --relayhost=192.168.1.10
spampd --port=10025 --relayhost=127.0.0.1:10026 --auto-whitelist
spampd is written and maintained by Maxim Paperno <MPaperno@WorldDesign.com>. See http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm for latest info.
spampd v2 uses two Perl modules by Bennett Todd and Copyright (C) 2001 Morgan Stanley Dean Witter. These are distributed under the GNU GPL (see module code for more details). Both modules have been slightly modified from the originals and are included in this file under new names.
Also thanks to Bennet Todd for the example smtpproxy script which helped create this version of spampd. See http://bent.latency.net/smtpprox/ .
spampd v1 was based on code by Dave Carrigan named assassind. Trace amounts of his code or documentation may still remain. Thanks to him for the original inspiration and code. See http://www.rudedog.org/assassind/ .
Also thanks to spamd (included with SpamAssassin) and amavisd-new (http://www.ijs.si/software/amavisd/) for some tricks.
spampd is Copyright (c) 2002 by World Design Group and Maxim Paperno.
Portions are Copyright (C) 2001 Morgan Stanley Dean Witter as mentioned above in the Credits section.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
The GNU GPL can be found at http://www.fsf.org/copyleft/gpl.html
None known. Please report any to MPaperno@WorldDesign.com.
Figure out how to use Net::Server::PreFork because it has cool potential for load management. I tried but either I'm missing something or PreFork is somewhat broken in how it works. If anyone has experience here, please let me know.
Add configurable option for rejecting mail outright based on spam score. It would be nice to make this program safe enough to sit in front of a mail server such as Postfix and be able to reject mail before it enters our systems. The only real problem is that Postfix will see localhost as the connecting client, so that disables any client-based checks Postfix can do and creates a possible relay hole if localhost is trusted.
Per-user preferences: The jury is still out on this one. I'm thinking more and more that most per-user prefs should be specified on the final mailbox server. Why? Because SMTP isn't designed with per-user preferences in mind. On a relay server, the same message body can go to multiple recipients who may have wildly different preferences when it comes to handilng junk mail. The exception here might be the use of LMTP protocol, which bears further investigation.
perl(1), Spam::Assassin(3), http://www.spamassassin.org/, http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm