Solido Spam Filter - Administrator's Guide

Kasper H. Langer
Software Developer, Solido Systems

This document is based on the latest v4.1 release.

Installation and Updates

The easiest way to install the solido spam filter is to use the jar-based installer.

Before installing make sure your machine meets the following requirements:

  • 512 MB ram
  • SUN java 1.6 JRE or above (with link at /usr/bin/java)
  • Internet connection with no firewall blocking outgoing connections to update.solidosystems.com:8120

For more information about this, see the general installation documentation.

The jar-based installer can also be used to update the package if you keep the installed components in their default locations.

Running

Solido Spam Filter comes with a small control script which can be used to start, stop and check status. If you have installed it using the jar-based installer and used the default locations, the scrip will be located in /usr/local/bin/. On most systems, this should mean that it's already in your path, but in other systems you might need to provide the full path.

For most uses you will need to run the spam filter as the root user in order for it to access local mail files. For now, let's assume that you will be using sudo to run the spam filter. To start the spam filter, we simply call the control script with the argument start.

> sudo /usr/local/bin/spamfilterctrl start
Starting Solido Spam Filter
Solido Spam Filter starting
 + Current time Fri Nov 16 12:47:29 CET 2007
 + Application version 4.0 build v5.0-b12
 + Operating system
   - Mac OS X 10.5.1
   - Application started by root
 + Java
   - Version 1.5.0_13
   - Vendor Apple Inc.
   - Maximum amount of memory 256 MB
   - 2 available processors
 + Ready...

Once you see the + Ready... message, the spam filter has completed its startup process successfully. While the spam filter is starting up, it writes out some information about its environment—this is primarily for debugging purposes. If you ever need support from Solido Systems, this output will helps us track down problems by giving us the exact version of the spam filter, java and your os—along with information such as the amount of memory available to the spam filter.

Let's shut it down again by using the same control script with the stop command instead of start:

> sudo /usr/local/bin/spamfilterctrl stop
Stopping Solido Spam Filter
Solido Mail Spam Filter
 + Current time Fri Nov 16 12:48:33 CET 2007
 + Stopped...

Once you see the + Stopped... message, the spam filter has been fully shut down. If you are unsure wether or not the spam filter is running, you can call the script with the status command. The following shows the output we get when the spam filter is not running:

> sudo /usr/local/bin/spamfilterctrl status
Checking the status of Solido Spam Filter
Solido Spam Filter is not running!

The following shows the output when the spam filter is running. Please note that the pid number you see is the actual process id of the spam filter, it is thus very unlikely that your number will be the same as the one in this sample.

> sudo /usr/local/bin/spamfilterctrl status
Checking the status of Solido Spam Filter
Solido Spam Filter is running under pid 1043

Configuration

In most cases the spam filter will run straight out of the box without any further configuration. Extra configuration is possible through the configuration file with default location /usr/local/solido/spamfilter/etc/spamfilter.conf. Each of the configuration parameters is explained further in the following subsections.

log-level

Sets the amount of entries written to the log file. Options are ALL, SYST, ERR, WARN, INFO, TRACE, WERB and NONE.

datadir

Specifies the location of data files. This is also the location where the automatic update services places new files.

port & listen

Specifies what port and ip the scan service listens to.

admin-port & admin-listen

Specifies what port and ip the admin service listens to.

thread-count

The number of concurrent scan worker threads running. Set this number too low and all the CPU time wont be utilized. Set this number to high and the machine will unresponsive and inefficient under high load. Usually something in between 1 and 16 will work. On seriously multi core machines best result might be achieved with numbers as high or above 32. Notice this number is limited by the type of license but the trial license is unlimited.

timeout-idle

The number of seconds before a idle thread is killed by the watchdog

timeout-working

The number of seconds before a working (scanning) thread is killed by the watchdog

update-download-interval

The number of minutes between checking for updates.

pq_ratio

Specifies how thoroughly each mail is scanned. Set pq_ratio to 1 to get fastest performance and set it to ten to get best quality. Zero will completely bypass the filter.

trusted-ip-file

Specifies the location of the a file specifying trusted mail servers (MTA's). This helps the filter understand the structure of the mail setup which will improve scan quality if the filter is not the used by the frontline receiving servers.

skipntransportheaders

This is an alternative setting to 'trusted-ip-file'. If incomming mail always passes through the same number of internal MTA's before hitting the spam filter use this option.

Spam Assassin replacement

The Solido Spam Filter now comes with a beta of a Spam Assassin spamc replacement. With the spam filter service running (see how to start above) try the following:

> cat /usr/local/solido/spamfilter/examples/spam1.raw | solidospamc 
X-Spam-Flag: YES
X-Spam-Checker-Version: Solido Spam Filter 4.0 (build 86)
X-Spam-Level: ************
X-Spam-Status: YES, score=11.0 required=5.0
Received: from localhost (localhost [127.0.0.1])
        by localhost;
        Tue, 11 Dec 2007 13:50:17 +0100
Reply-To: khl@solidosystems.com
X-Priority: Normal
To: "Kasper Langer" <khl@solidosystems.com>
Subject: Che@p meds inside
From: khl@solidosystems.com
Date: Tue, 11 Dec 2007 12:50:07 +0000
Content-Type: text/plain; charset=ISO-8859-1
MIME-Version: 1.0

Check out this incredible vi@gra stuff at an incredible low price online only!!!
www.cheapviagraRus.com

For more information type solidospamc --help.

Spam Assassin plug-in

To use the solido spamfilter as plugin for spamassassin simply copy solidospamfilter.pm and solidospamfilter.cf files from /usr/local/solido/spamfilter/sa/ to your spamassassin 'site rules' directory - usually /etc/spamassassin, /etc/mail/spamassassin/ or /opt/zimbra/conf/spamassassin/.

You can run 

spamassassin -D < /usr/local/solido/spamfilter/examples/spam1.raw 2>&1 1> /dev/null | grep "site rules dir"'

to check what directory your spamassassin uses.

To evaluate but not use the result of the filter copy solidotest.cf instead of solidospamfilter.cf. The scores can be edited manually in solidospamfilter.cf afterwards. Remember to restart spamd after copying or changing files.