[bind dns + zimbra + spamassassin] antispam installation guide
TRANSCRIPT
![Page 1: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/1.jpg)
1
NSE FINAL REPORT
PART II: ANTI-SPAM INSTALLATION GUIDE
Fall 2014
Group name: Lucky Team
Members Roles
1. Đỗ Thị Trâm Anh - Create background knowledge report
2. Lưu Thị Ngọc Diệp - Create background knowledge report
3. Nguyễn Việt Hưng - Create background knowledge report
4. Nguyễn Đức Minh - Create background knowledge report
5. Tạ Quang Tú - Create background knowledge report
6. Hoàng Mạnh Tiến - Create background knowledge report
7. Nguyễn Văn Mạnh - Create installation guide
![Page 2: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/2.jpg)
2
TABLE OF CONTENTS
I. PROJECT SOLUTION ......................................................................................................................................... 3
A. Zimbra Collaboration Suite (ZCS) ................................................................................................................... 4
1. What is ZCS?.......................................................................................................................................... 4
2. ZCS benefits .......................................................................................................................................... 4
B. SpamAssassin ................................................................................................................................................ 4
C. Network Model ............................................................................................................................................. 3
II. PRODUCT IMPLEMENTATION .......................................................................................................................... 5
A. Scenario ........................................................................................................................................................ 5
B. Prerequisites ................................................................................................................................................. 6
C. Bind Name Server Installation And Configuration ....................................................................................... 10
1. Bind Name Server Installation ............................................................................................................. 10
2. Bind Name Server Configuration ........................................................................................................ 10
3. Bind Name Server Starting .................................................................................................................. 19
4. Bind Name Server Testing ................................................................................................................... 20
D. Zimbra Mail Server Installation And Configuration .................................................................................. 23
1. Zimbra Mail Server Installation ........................................................................................................... 23
2. Zimbra Mail Server Configuration ....................................................................................................... 29
3. Zimbra Mail Server Testing ................................................................................................................. 33
E. SpamAssassin Integration With Zimbra ....................................................................................................... 36
1. SpamAssassin Configuration ............................................................................................................... 36
2. SpamAssassin Testing ......................................................................................................................... 39
III. EVALUATION ........................................................................................................................................... 44
REFERENCES .......................................................................................................................................................... 45
![Page 3: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/3.jpg)
3
I. PROJECT SOLUTION
In this project I use VMware workstation to model a network with 3 computers, one computer is responsible for
DNS and mail server; and the 2 others are clients (For details, please see the below diagram).
To configure our system, I used the following software:
DNS server: Bind DNS.
Email server: Zimbra Collaboration Suite open source edition.
Anti-spam: SpamAssassin.
Mail client: Zimbra
I would like to express my gratitude to Dr. Tran Quang Anh and Mr. Minh-Tuan Vu for their Vietnamese rules that
I used in SpamAssassin, which have been invaluable to finish our project.
A. Network Model
Figure 1 Email Systems
![Page 4: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/4.jpg)
4
A. Zimbra Collaboration Suite (ZCS)
1. What is ZCS?
Zimbra Collaboration Suite is a truly modern, innovative messaging and collaboration application.
It is the leading open source solution for enterprise, service provider, education, and government environments;
offering administrators and their end-users unmatched benefits in message, calendar, document management
and sharing.
The system is also available to integrate internal chat to shorten time in exchange between members. High
performance allows to send, receive and load data so quickly to save time for users. Also, you do not need to
worry about system management because all operations are very simple and convenient.
The most considerable is saving the maximum costs and still ensure the principles of respect for copyright.
2. ZCS benefits
KEY ADMINISTRATIVE BENEFITS KEY END-USER BENEFITS
Better reliability
Cost effective Native
Easy to maintain
All in one
Security
Open solution
Elegant experience
Flexibility
Freedom of choice
Freedom of Client Choice
Comprehensive Calendaring
Modern collaboration styles/formats
B. SpamAssassin
SpamAssassin is one of the best solutions for anti-spam among many anti-spam software. According to Schwartz
(Alan Schwartz, 2004, SpamAssassin) SpamAssassin system is software for analyzing emails messages,
determining and reporting how likely them are to be spam or legitimate email (called ham). It is rule-based system
that compares different parts of email messages with a large set of rules. Each rule adds or removes points from
a message’s spam score. A message with a high enough score is reported to be spam.
![Page 5: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/5.jpg)
5
II. PRODUCT IMPLEMENTATION
A. Scenario
For this project, I use 3 machines, 1 for DNS (BIND) and mail server (ZCS) setup and the 2 others for clients.
Computer 01: DNS and Zimbra Mail server
Computer 02: Client
Computer 03: Client
OS: Centos release 6.6 (Final)
IP address: 192.168.223.128
Hostname: mail.2C12.com
OS: Centos release 6.6 (Final)
IP address: 192.168.233.129
Hostname: client01
OS: Windows 8.1 Professional
IP address: 192.168.223.1
Hostname: LuckyLuke
![Page 6: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/6.jpg)
6
B. Prerequisites
For easy to configure I turn off Firewall, SElinux and postfix service.
- Turn off Postfix service.
- Turn off firewall.
• Enter menu.
Navigate to Firewall Configuration.
service postfix stop
chkconfig postfix off
![Page 7: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/7.jpg)
7
Disable firewall.
![Page 8: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/8.jpg)
8
Exit set up wizard.
- Disable SElinux.
gedit /etc/selinux/conf
![Page 9: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/9.jpg)
9
- Restart the system.
![Page 10: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/10.jpg)
10
C. Bind Name Server Installation And Configuration
1. Bind Name Server Installation.
- Install bind packages.
2. Bind Name Server Configuration
- Add host entry
yum install bind -y
gedit /etc/hosts
![Page 11: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/11.jpg)
11
- Add name server
- Edit named.conf located in /etc/named.conf
gedit /etc/resolv.conf
gedit /etc/named.conf
![Page 12: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/12.jpg)
12
In name.conf file create forward and reverse zone
![Page 13: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/13.jpg)
13
Full named.conf file
options {
listen-on port 53 { 127.0.0.1; 192.168.233.128; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.233.0/24; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
![Page 14: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/14.jpg)
14
// Forward zone
zone "2C12.com" IN {
type master;
file "fw.2C12.com";
allow-update {none; };
};
// Reverse zone
zone "233.168.192.in-addr.arpa" IN {
type master;
file "rev.2C12.com";
allow-update {none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
![Page 15: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/15.jpg)
15
- Create forward and revere zone file
Go directory /var/named/ and Listing file located inside it
cd /var/named
ls –l
![Page 16: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/16.jpg)
16
I use sample configuration files for creating forward and reverse look-up files, for this I’ve to copy the sample
configuration files. Then, verify whether they are created successfully.
cp named.localhost fw.2C12.com
cp named.localhost rev.2C12.com
ls -l
![Page 17: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/17.jpg)
17
Create forward look-up zone file
$ORIGIN 2C12.com.
$TTL 1D
@ IN SOA dns.2C12.com. root.2C12.com. (
20142611 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H) ; minimum
; Name Server
IN A 192.168.233.128
IN NS dns
IN MX 10 mail.2C12.com.
; Host in the domain
dns IN A 192.168.233.128 mail IN A 192.168.233.128
gedit fw.2c12.com
![Page 18: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/18.jpg)
18
Create reverse look-up zone file
- Change group ownership of forward look-up & reverse look-up files
gedit rev.2c12.com
ls -l /var/named/
![Page 19: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/19.jpg)
19
Here we can see both the files are in root users ownership, because files which we makes a copy from sample
files are available under /var/named/. Change the group to named on both files using following commands.
After changing correct ownership on the files, verify them again.
3. Bind Name Server Starting
- Start the named service
chgrp named /var/named/ fw.2C12.com
chgrp named /var/named/ rev.2C12.com
service named start
![Page 20: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/20.jpg)
20
- Make it persistent.
4. Bind Name Server Testing
- Testing
chkconfig named on
chkconfig --list named
dig 2c12.com
![Page 21: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/21.jpg)
21
ping mail.2c12.com
nslookup
![Page 22: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/22.jpg)
22
- From Windows 8.1 computer, to verify DNS server
Add the host entry
Set up Bind name server successfully, now install mail server.
![Page 23: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/23.jpg)
23
D. Zimbra Mail Server Installation And Configuration
1. Zimbra Mail Server Installation
- Install require packages
- Go to Zimbra homepage, download suitable package for you system and copy it to the working
directory, here I used folder /var/opt
Link: http://www.zimbra.com/downloads/zimbra-collaboration-open-source
yum install nc
![Page 24: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/24.jpg)
24
- Install Zimbra
Go to directory Zimbra packages located
Decompress Zimbra package
cd /var/opt
ls
tar –zxvf [file name]
![Page 25: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/25.jpg)
25
Change folder’s name to shorter
Go into that folder to install Zimbra
cd ./zcs
ls
./install.sh --platform-override
![Page 26: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/26.jpg)
26
Confirm software license
System checking for require packages
If set up wizard notify there are any missing required package, install it by the following command
yum install [package names] -y
![Page 27: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/27.jpg)
27
Select package to install. (You can customize on your own way)
Confirm to install
![Page 28: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/28.jpg)
28
Installation progress
Changing domain name and waiting for completion
![Page 29: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/29.jpg)
29
2. Zimbra Mail Server Configuration
- If Zimbra Mail Server is installed successfully, the terminal should be looked like this
- Configure admin password
Press 7 to enter Zimbra-store
![Page 30: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/30.jpg)
30
Press ‘4’ and start to set password
![Page 31: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/31.jpg)
31
Press ‘r’ and go to previous menu
Saving the configuration.
![Page 32: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/32.jpg)
32
Waiting for completion, terminal should be looked like this.
- Verifying Zimbra services running
![Page 33: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/33.jpg)
33
3. Zimbra Mail Server Testing
- Adding users via CLI console, here I add 3 accounts; they are spam-manhnv, ham-manhnv and manhnv;
all accounts have password ‘123456’
su - zimbra
zmprov ca [email protected] 123456
zmprov ca [email protected] 123456
zmprov ca [email protected] 123456
![Page 34: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/34.jpg)
34
- Access web clients through IP address or domain name:
Admin page: https://192.168.233.128:7071 or https://mail.2c12.com:7071/zimbraAdmin/
Note: remember to use https protocol to prevent port confliction.
User login: https://192.168.233.128 or https://mail.2C12.com
![Page 35: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/35.jpg)
35
- Sending mail
Figure 2 Sending email
Figure 3 Receiving email
![Page 36: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/36.jpg)
36
E. SpamAssassin Integration With Zimbra
1. SpamAssassin Configuration
- Change working directory to /opt/zimbra/data/spamassassin/localrules and create rule file for
Vietnamese language.
Note: to see location for doing customizations of SpamAssassin visit this link.
- Copy all contests from this file to the vietnamese_rules.cf
cd /opt/zimbra/data/spamassassin/localrules gedit vietnamese_rules.cf
![Page 37: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/37.jpg)
37
- Change the group ownership.
Here we can see the file are in root user’s ownership, Change the group to Zimbra on it by using following
commands, after that verify the change.
ls –l
chgrp zimbra vietnamese_rules.cf
ls -l
![Page 38: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/38.jpg)
38
- Restart the service
![Page 39: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/39.jpg)
39
2. SpamAssassin Testing
- Vietnamese spam email (all spam keywords in Subject)
Figure 4 Sending spam email
![Page 40: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/40.jpg)
40
Figure 5 Spam email moved into Junk box automatically
Figure 6 Spam score calculate by SpamAssassin
![Page 41: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/41.jpg)
41
- Vietnamese spam email (all spam keywords in body).
Figure 7 Sending spam email
![Page 42: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/42.jpg)
42
Figure 8 Spam email moved into Junk box automatically
Figure 9 Spam Score calculated by SpamAssassin
![Page 43: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/43.jpg)
43
- Adding blacklist and whitelist
Emails are in blacklist cannot send email to other address in the system.
![Page 44: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/44.jpg)
44
III. EVALUATION
After finishing this project, a lot of results has achieved.
• Understand how Bind Name Server works and configure it successfully.
• Install, configure and customize Zimbra mail server successfully. All the basic functions of an email
server working correctly such as: send and receive email, attach files, spelling check, anti-spam
framework archived...
• Understand how SpamAssassin works and configure it successfully.
• Spam filtering for Vietnamese and English is able to operate.
Beside, due to the limited time I cannot implement the following options, they are also solutions to improve
Zimbra Anti-spam System using SpamAssassin:
Install SPF
Install RAZOR2
Install PYZOR
In conclusion, in the future I’m going to improve our anti-spam system by implementing the above solution.
![Page 45: [Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide](https://reader033.vdocuments.us/reader033/viewer/2022051300/58ee250f1a28ab00038b4609/html5/thumbnails/45.jpg)
45
REFERENCES
1. Alan Schwartz, July 2004, SpamAssassin, First Edition, O’Reilly Media, Inc.
2. “Managing User Accounts”, Zimbra administration guide, viewed November 19 2014,
http://www.zimbra.com/docs/ne/4.0.5/administration_guide/Managing_Accounts.9.1.html
3. Basic Linux Commands, viewed November 19 2014, http://www.debianhelp.co.uk/commands.htm
4. Vietnamese Spam Filter Rules - Vietnamese_rules.cf, viewed November 19 2014,
http://fit.hanu.edu.vn/vietnamese-rules/
5. “Improve Anti-spamm system”, Zimbra 8.5 documentation, viewed November 19 2014,
wiki.zimbra.com/wiki/Improving_Anti-spam_system
6. “SpamAssassin Customizations”, Zimbra 8.5 documentation, viewed November 19 2014,
http://wiki.zimbra.com/wiki/SpamAssassin_Customizations
7. Setup Master-Slave DNS Server Using “Bind” Tools in RHEL/CentOS 6.5, viewed November 19 2014,
http://www.tecmint.com/setup-master-slave-dns-server-in-centos/
8. “16.2. /etc/named.conf”, Red Hat Enterprise Linux Deployment Guide, viewed November 19 2014,
https://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-bind-zone.html
9. “16.3. Zone Files”, Red Hat Enterprise Linux Deployment Guide, viewed November 19 2014,
“”https://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-bind-zone.html
10. Cài đặt và cấu hình Zimbra trên CentOS 6, viewed November 19 2014, ,
http://vn.tips4admin.com/post/2011/10/07/Cai-%C4%91at-va-cau-hinh-Zimbra-tren-CentOS-6.aspx