Apple OSX
Spamassassin rules
a good guide is here
http://commons.oreilly.com/wiki/index.php/SpamAssassin/SpamAssassin_Rules
#to block combination of words in incoming email’s body
body __LOCAL_PASSWORD1 /\bWAB\b/i
body __LOCAL_PASSWORD2 /\bWestern Academy of Beijing\b/i
body __LOCAL_PASSWORD3 /\bpassword\b/i
meta LOCAL_MULTIPLE_PASS1 (__LOCAL_PASSWORD1 && __LOCAL_PASSWORD3)
score LOCAL_MULTIPLE_PASS1 200
meta LOCAL_MULTIPLE_PASS2 (__LOCAL_PASSWORD2 && __LOCAL_PASSWORD3)
score LOCAL_MULTIPLE_PASS2 200
#to block or notify as spam if a word is present in an incoming email
body LOCAL_PASSWORD /\bpassword\b/i
score LOCAL_PASSWORD 35
describe NO_PASSWORD This rule informs the email recipient that email might be \
spam
#to block emails to certain email addresses
header LOCAL_DISTLIST ALL =~ /^(?:to|cc|):.*itstaff\@wab\.edu/im
describe LOCAL_DISTLIST sent from or to friend@public.com
score LOCAL_DISTLIST 500
Releasing mails from quarantine
Using amavis-release
The utility amavisd-release (amavisd-new-2.3.3 or later) tells the amavisd daemon to fetch a mail from a local quarantine, and send it to MTA through its regular channels ($notify_method), bypassing re-checking.
amavisd-release is included in the amavisd source tarball (which in turn is included in the source rpm), but unfortunately OpenPKG does not install it by default. To manually extract it do the following (this assumes your host distribution has ‘rpm’ installed, but OpenPKG-internal tools should work as well):
$ cp amavisd-.src.rpm /tmp
$ cd /tmp
$ rpm2cpio amavisd-.src.rpm | cpio -idmv
$ tar xzf amavisd-new-.tar.gz
$ cp amavisd-/amavisd-release /kolab/sbin/
$ chown kolab:kolab /kolab/sbin/amavisd-release
By default it connects to socket /var/amavis/amavisd.sock, on which amavisd should be listening for AM.PDP protocol, but one can use inet socket instead of a Unix socket if there is a need to run amavisd-release from a remote host.
In the amavisd.conf.template the following should be added:
# $unix_socketname = “$MYHOME/amavisd.sock”; # listen on Unix socket
$unix_socketname = “/kolab/var/amavisd/amavisd see this site.sock”; # listen on Unix socket
# alternatively (less common):
# $inet_socket_port = [10024, 9998]; # listen on listed inet tcp ports
# apply policy bank AM.PDP-SOCK on a Unix socket:
# (note that this precludes the use of old amavis-milter
# helper program (with sendmail) on the same socket)
$interface_policy{‘SOCK’} = ‘AM.PDP-SOCK’;
# apply policy bank AM.PDP-INET to some inet tcp socket, e.g. tcp port 9998:
$interface_policy{‘9998’} = ‘AM.PDP-INET’;
$policy_bank{‘AM.PDP-SOCK’} = {
protocol => ‘AM.PDP’, # select Amavis policy delegation protocol
auth_required_release => 0, # don’t require secret_id for amavisd-release
};
$policy_bank{‘AM.PDP-INET’} = {
protocol => ‘AM.PDP’, # select Amavis policy delegation protocol
inet_acl => [qw( 127.0.0.1 [::1] )], # restrict access to these IP addresses
# auth_required_release => 0, # don’t require secret_id for amavisd-release
};
Setting of $auth_required_release decides whether the requestor needs to specify secret_id in addition to mail_id to authorize a mail release. The secret_id is stored in SQL table msgs when logging to SQL is enabled, otherwise this information is not accessible.
Note that turning off $auth_required_release check is safe as long as access to the socket is restricted, like with file protections on a Unix socket, or restricted with inet_acl to specific IP addresses. Enabling or disabling $auth_required_release is a management / setup decision and convenience.
To release a mail message an exact quarantine location should be specified as an argument to amavisd-release, e.g.:
$ amavisd-release /kolab/var/amavisd/virusmails/spam-UM3XM3XDbN52.gz
The amavisd-release utility also accepts mail_id from STDIN if releasing more than one message in one go is more convenient:
$ amavisd-release –
/kolab/var/amavisd/virusmails/spam-UM3XM3XDbN52.gz
/kolab/var/amavisd/virusmails/spam-gnwKVFKiuey3.gz
/kolab/var/amavisd/virusmails/spam-Xpkj9mLLBHTR.gz
# allow local networks
header LOCAL_RCVD Received =~ /from.*\(.*\[10\.\d+\.\d+\.\d+\]\)/
describe LOCAL_RCVD Received from a local machine
score LOCAL_RCVD -5000
# allow local networks and specific email address
header LOCAL_RCVD Received =~ /from \S+\.example\.com\s+\(\S+\.example\.com\s+\[192\.168\..*\s+by\s+mandark\.labs\.example\.com/
describe LOCAL_RCVD Received from a local machine
score LOCAL_RCVD -50