diff --git a/HOWTO b/HOWTO deleted file mode 100644 index 99091c7..0000000 --- a/HOWTO +++ /dev/null @@ -1,154 +0,0 @@ -On Sun, 11 Feb 2007, Rick Saul wrote: - -> Stuart I was planning to move to centos4.4 in a couple of weeks anyway... -> Your advice of where to go from here. - -Oh - you are asking for a howto. - - Step one. Which DSPAM is right for you? - -The DSPAM project makes dspam part of the LDA (Local Delivery Agent). -Pydspam puts dspam into the MTA (Mail Transfer Agent - sendmail with pymilter). - -The advantage of doing dspam in the LDA is that any aliasing has already been -resolved. You need only configure mailboxes. - -The advantage of doing dspam in the MTA is it can screen an entire -company as a gateway with multiple domains. Unfortunately, this -means you have to tell it about all the aliases that comprise each -account. (Also, pydspam is still uses dspam-2.6.5.2 - the Dspam API -has changed for newer versions.) - -If the LDA is right for you, you'll want to use the official Dspam -package. http://www.nuclearelephant.com/projects/dspam/ - -If the MTA approach is what you want, then pydspam is what you want. - -In either case, you will still want pymilter to block forgeries, Windows -executables, etc. - -So, lets assume you want to install pymilter, and may or may not -wish to install pydspam. - - Step two. Obtaining RPMS. - -For basic pymilter you'll need: - -python-2.4 -milter-0.8.10 -sendmail-8.13.x (with milter support enabled) - -and for SPF you'll need: - -pydns-2.3.3-2.4 -pyspf-2.0.5-1.py24 - -and for SRS you'll need: - -pysrs-0.30.11-1.py24 - -I'm pretty sure you will want to have SPF and SRS available. - - Step three. Activate basic milter. - -Activate the basic milter and pysrs by editing /etc/mail/sendmail.mc and adding: - -define(`NO_SRS_FILE',`/etc/mail/no-srs-mailers')dnl -dnl define(`NO_SRS_FROM_LOCAL')dnl -HACK(`pysrs',`/var/run/milter/pysrs')dnl -INPUT_MAIL_FILTER(`pythonfilter', `S=local:/var/run/milter/pythonsock, F=T, T=C:5m;S:20s;R:5m;E:5m') - -You can then "make sendmail.cf" and restart sendmail. - -Start milter and pysrs with "service milter start", "service pysrs start". - -Tail /var/log/milter/milter.log while SMTP clients connect to your -sendmail instance. This should show you what the milter is doing. - -By default, milter-0.8.10 rejects on SPF fail. - - Step four. Tweaking the basic config. - -Most pymilter configuration is in /etc/mail/pymilter.cfg. To activate -changes, "service milter restart". - -By default, milter scans attachments for executable extensions. You can -turn this off by setting banned_exts to the empty list. There are options -to scan ZIP attachments and rfc822 attachments. When it finds a banned -file type, milter saves the original message in /var/log/milter/save, -and replaces the attachment with a plain text warning message. - -Configure hello_blacklist with your own helo name and domains - which -you know cannot legitimately be used by external MTAs. - -Configure trusted_relay with your secondary MX servers, if any. These -should also run pymilter with similar policies. (But this isn't -needed for initial testing.) - -Configure internal_connect with subnets of your internal SMTP clients. -Internal connections skip SPF testing and other policies. You will -likely need to set this to allow outgoing mail if you have -an SPF policy already. - -Configure internal_domains with domains used by your internal SMTP clients. -If they attempt to use any other domain, the attempt is blocked and the -client is logged as a "zombie". Conversely, any attempt by an external -MTA to use one of your internal domains is treated as a forgery and -blocked (a simplified form of local SPF). - -Adjust porn_words and spam_words - these block emails with a Subject -containing the listed strings. They can be empty to disable Subject -string blocking. - - Advanced SPF configuration. - -The sendmail access file, or another readonly database with that -format, can be used for detail spf policy. SPF access policy -record are tagged with "SPF-{Result}:". Results are -Pass, Neutral, Softfail, Fail, PermError. Currently supported -policy keywords are OK, CBV, REJECT. Currently, TempError always -results in TEMPFAIL. - -The default policies are set in pymilter.cfg. The defaults -if none of the config options are set are as follows: - -SPF-Fail: REJECT -SPF-Softfail: CBV -SPF-Neutral: OK -SPF-PermError: REJECT -SPF-Pass: OK - -The tag may be followed by a specific domain. For instance, to -require a Pass from aol.com: - -SPF-Neutral:aol.com REJECT -SPF-Softfail:aol.com REJECT - -The CBV policy requires a valid HELO name. If the EHLO name is -RFC2822 compliant, then a DSN is sent to the alleged sender. The -template for the DSN is selected according to the SPF result: - -Fail: fail.txt -SoftFail: softfail.txt -Neutral: neutral.txt -PermError: permerror.txt -None: strike3.txt - -An SPF-Pass is always accepted by the milter. Domains can be blacklisted -via sendmail in the access file or via a RHS DNS blacklist. - - To be continued. - -Forthcoming topics: - -SRS config - - -pydspam config -wiretap config - --- - Stuart D. Gathman - Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154 -"Confutatis maledictis, flammis acribus addictis" - background song for -a Microsoft sponsored "Where do you want to go from here?" commercial. diff --git a/MANIFEST.in b/MANIFEST.in index 150f25a..5d27a11 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -9,8 +9,6 @@ include MANIFEST.in include testsample.py include testmime.py include testutils.py -include rejects.py -include report.py include test.py include sample.py include milter-template.py