Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SOLVED Making dcc, pyzor & razor to work

Discussion in 'E-mail Discussions' started by iso99, Dec 8, 2016.

Tags:
  1. iso99

    iso99 Well-Known Member

    Joined:
    Jan 5, 2011
    Messages:
    104
    Likes Received:
    7
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    Hey guys,

    I'm trying to install and make dcc, pyzor and razor work on my servers. I followed the instructions from: Building a Poor Man’s Barracuda – cPanel edition

    However, pyzor discover says command not found, so I haven't modified my local.cf yet to include use_pyzor 1 - any tips on this one?

    I also found another tutorial here: shivasbase.blogspot.com/2012/03/cpanel-anti-spam-with-sare-dcc-razor.html

    But they are extra steps for DCC and Razor which is not found in the first tutorial (which is rather simple and straightforward). I have not performed those extra steps, are they needed with the latest versions of the mentioned software?

    Those are:
    Code:
    razor-admin –create
    mkdir /var/spool/mqueue
    chown mailnull:mail /var/spool/mqueue
    razor-admin -d -create -home=/var/spool/mqueue/.razor/
    razor-admin -register -home=/var/spool/mqueue/.razor/
    chmod 755 /var/spool/mqueue/.razor
    chown -R mailnull:mail /var/spool/mqueue/.razor
    cd /var/spool/mqueue/.razor
    touch razor-whitelist
    nano /var/spool/mqueue/.razor/razor-agent.conf
    Change or add the following:
    debuglevel = 1
    razorhome = /var/spool/mqueue/.razor/
    
    Configure to run as a daemon
    cd /var/dcc
    nano dcc_conf
    Change DCCD_ENABLE to off, and DCCIFD_ENABLE to on.
    Configure startup script
    cd /etc/rc.d/init.d
    ln -s /var/dcc/libexec/rcDCC DCC
    chkconfig --add DCC
    /etc/rc.d/init.d/DCC start
    
    For DCC, it's basically just running DCC as a daemon rather than calling it from spamassassin (which is how I think it behaves?)

    Lastly, I tried running a spam test - https://spamassassin.apache.org/gtube/gtube.txt

    Here are the results (and again I still haven't configured use_pyzor), please let me know if these are normal and they are indeed running properly as it's somehow cryptic. Also if you found any problems, please let me know.

    Code:
    root@myserver [~]# cat spamtest.txt | grep -i dcc
    Dec  8 16:29:33.571 [857590] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC
    Dec  8 16:29:33.580 [857590] dbg: dcc: network tests on, registering DCC
    Dec  8 16:29:34.286 [857590] dbg: config: fixed relative path: /var/lib/spamassassin/3.004001/updates_                     spamassassin_org/25_dcc.cf
    Dec  8 16:29:34.286 [857590] dbg: config: using "/var/lib/spamassassin/3.004001/updates_spamassassin_o                     rg/25_dcc.cf" for included file
    Dec  8 16:29:34.286 [857590] dbg: config: read file /var/lib/spamassassin/3.004001/updates_spamassassi                     n_org/25_dcc.cf
    Dec  8 16:29:35.382 [857590] dbg: config: warning: no description set for DCC_REPUT_13_19
    Dec  8 16:29:37.197 [857590] dbg: util: executable for cdcc was found at /usr/local/bin/cdcc
    Dec  8 16:29:37.197 [857590] dbg: dcc: dcc_pgm_path, found cdcc in env.path: /usr/local/bin/cdcc
    Dec  8 16:29:37.205 [857590] dbg: dcc: `/usr/local/bin/cdcc -qV homedir libexecdir` reports '1.3.158 h                     omedir=/var/dcc libexecdir=/var/dcc/libexec '
    Dec  8 16:29:37.206 [857590] dbg: dcc: use 'dcc_libexec /var/dcc/libexec' from cdcc
    Dec  8 16:29:37.206 [857590] dbg: dcc: use 'dcc_home /var/dcc' from cdcc
    Dec  8 16:29:37.206 [857590] dbg: dcc: dccifd is not available; no r/w socket at /var/dcc/dccifd
    Dec  8 16:29:37.206 [857590] dbg: util: executable for dccproc was found at /usr/local/bin/dccproc
    Dec  8 16:29:37.206 [857590] dbg: dcc: dcc_pgm_path, found dccproc in env.path: /usr/local/bin/dccproc
    Dec  8 16:29:37.207 [857590] dbg: dcc: /usr/local/bin/dccproc is available
    Dec  8 16:29:37.208 [857590] dbg: dcc: opening pipe to /usr/local/bin/dccproc -C -x 0 -R -w whiteclnt                      </tmp/.spamassassin857590ypTFQPtmp
    Dec  8 16:29:37.343 [857590] dbg: dcc: dccproc responded with 'X-DCC-x.dcc-servers-Metrics: myserver.                     myhostname.com 104; Body=many Fuz1=many Fuz2=many'
    Dec  8 16:29:37.694 [857590] dbg: check: tagrun - tag DCCB is now ready, value: x.dcc-servers
    Dec  8 16:29:37.694 [857590] dbg: check: tagrun - tag DCCR is now ready, value: myserver.myhostname.com 104                     ; Body=many Fuz1=many Fuz2=many
    Dec  8 16:29:37.694 [857590] dbg: dcc: listed: BODY=999999/999999 FUZ1=999999/999999 FUZ2=999999/99999                     9 REP=0/90
    Dec  8 16:29:37.695 [857590] dbg: rules: ran eval rule DCC_CHECK ======> got hit (1)
    Dec  8 16:29:39.676 [857590] dbg: plugin: Mail::SpamAssassin::Plugin::DCC=HASH(0x2b1f9c8) implements '                     check_post_learn', priority 0
    Dec  8 16:29:39.677 [857590] dbg: dcc: DCC learning not enabled by dcc_learn_score
    Dec  8 16:29:39.677 [857590] dbg: check: tests=DCC_CHECK,DIGEST_MULTIPLE,GTUBE,NO_RECEIVED,NO_RELAYS,P                     YZOR_CHECK
    Dec  8 16:29:39.678 [857590] dbg: timing: total 6137 ms - init: 2808 (45.8%), parse: 1.01 (0.0%), extr                     act_message_metadata: 11 (0.2%), get_uri_detail_list: 5 (0.1%), tests_pri_-1000: 11 (0.2%), compile_ge                     n: 417 (6.8%), compile_eval: 48 (0.8%), tests_pri_-950: 8 (0.1%), tests_pri_-900: 8 (0.1%), tests_pri_                     -400: 7 (0.1%), tests_pri_0: 1282 (20.9%), check_spf: 46 (0.7%), dkim_load_modules: 34 (0.6%), check_d                     kim_signature: 0.58 (0.0%), check_dkim_adsp: 56 (0.9%), check_dcc: 147 (2.4%), check_razor2: 74 (1.2%)                     , check_pyzor: 274 (4.5%), tests_pri_500: 1976 (32.2%), poll_dns_idle: 1735 (28.3%)
    X-Spam-Status: Yes, score=1003.1 required=5.0 tests=DCC_CHECK,DIGEST_MULTIPLE,
    1.1 DCC_CHECK              Detected as bulk mail by DCC (dcc-servers.net)
    1.1 DCC_CHECK              Detected as bulk mail by DCC (dcc-servers.net)
    
    Code:
    root@myserver [~]# cat spamtest.txt | grep -i pyzor
    Dec  8 16:29:33.580 [857590] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC
    Dec  8 16:29:33.587 [857590] dbg: pyzor: network tests on, attempting Pyzor
    Dec  8 16:29:34.296 [857590] dbg: config: fixed relative path: /var/lib/spamassassin/3.004001/updates_spamassassin_org/25_pyzor.cf
    Dec  8 16:29:34.297 [857590] dbg: config: using "/var/lib/spamassassin/3.004001/updates_spamassassin_org/25_pyzor.cf" for included file
    Dec  8 16:29:34.297 [857590] dbg: config: read file /var/lib/spamassassin/3.004001/updates_spamassassin_org/25_pyzor.cf
    Dec  8 16:29:37.418 [857590] dbg: util: executable for pyzor was found at /usr/bin/pyzor
    Dec  8 16:29:37.418 [857590] dbg: pyzor: pyzor is available: /usr/bin/pyzor
    Dec  8 16:29:37.419 [857590] dbg: pyzor: opening pipe: /usr/bin/pyzor --homedir /etc/mail/spamassassin check < /tmp/.spamassassin857590ypTFQPtmp
    Dec  8 16:29:37.691 [857590] dbg: pyzor: [857616] finished: exit 1
    Dec  8 16:29:37.691 [857590] dbg: pyzor: got response: public.pyzor.org:24441 (200, 'OK') 87 3
    Dec  8 16:29:37.692 [857590] dbg: check: tagrun - tag PYZOR is now ready, value: Whitelisted.
    Dec  8 16:29:37.692 [857590] dbg: pyzor: listed: COUNT=87/5 WHITELIST=3
    Dec  8 16:29:37.693 [857590] dbg: rules: ran eval rule PYZOR_CHECK ======> got hit (1)
    Dec  8 16:29:39.677 [857590] dbg: check: tests=DCC_CHECK,DIGEST_MULTIPLE,GTUBE,NO_RECEIVED,NO_RELAYS,PYZOR_CHECK
    Dec  8 16:29:39.678 [857590] dbg: timing: total 6137 ms - init: 2808 (45.8%), parse: 1.01 (0.0%), extract_message_metadata: 11 (0.2%), get_uri_detail_list: 5 (0.1%), tests_pri_-1000: 11 (0.2%), compile_gen: 417 (6.8%), compile_eval: 48 (0.8%), tests_pri_-950: 8 (0.1%), tests_pri_-900: 8 (0.1%), tests_pri_-400: 7 (0.1%), tests_pri_0: 1282 (20.9%), check_spf: 46 (0.7%), dkim_load_modules: 34 (0.6%), check_dkim_signature: 0.58 (0.0%), check_dkim_adsp: 56 (0.9%), check_dcc: 147 (2.4%), check_razor2: 74 (1.2%), check_pyzor: 274 (4.5%), tests_pri_500: 1976 (32.2%), poll_dns_idle: 1735 (28.3%)
            GTUBE,NO_RECEIVED,NO_RELAYS,PYZOR_CHECK shortcircuit=no autolearn=no
    2.0 PYZOR_CHECK            Listed in Pyzor (http://pyzor.sf.net/)
    2.0 PYZOR_CHECK            Listed in Pyzor (http://pyzor.sf.net/)
    
    Code:
    root@myserver [~]# cat spamtest.txt | grep -i razor
    Dec  8 16:29:33.588 [857590] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC
    Dec  8 16:29:33.685 [857590] dbg: razor2: razor2 is available, version 2.84
    Dec  8 16:29:34.298 [857590] dbg: config: fixed relative path: /var/lib/spamassassin/3.004001/updates_spamassassin_org/25_razor2.cf
    Dec  8 16:29:34.298 [857590] dbg: config: using "/var/lib/spamassassin/3.004001/updates_spamassassin_org/25_razor2.cf" for included file
    Dec  8 16:29:34.298 [857590] dbg: config: read file /var/lib/spamassassin/3.004001/updates_spamassassin_org/25_razor2.cf
    Dec  8 16:29:37.417 [857590] dbg: razor2: part=0 noresponse
    Dec  8 16:29:37.418 [857590] dbg: razor2: results: spam? 0
    Dec  8 16:29:37.418 [857590] dbg: razor2: results: engine 4, highest cf score: 0
    Dec  8 16:29:37.418 [857590] dbg: razor2: results: engine 8, highest cf score: 0
    Dec  8 16:29:39.678 [857590] dbg: timing: total 6137 ms - init: 2808 (45.8%), parse: 1.01 (0.0%), extract_message_metadata: 11 (0.2%), get_uri_detail_list: 5 (0.1%), tests_pri_-1000: 11 (0.2%), compile_gen: 417 (6.8%), compile_eval: 48 (0.8%), tests_pri_-950: 8 (0.1%), tests_pri_-900: 8 (0.1%), tests_pri_-400: 7 (0.1%), tests_pri_0: 1282 (20.9%), check_spf: 46 (0.7%), dkim_load_modules: 34 (0.6%), check_dkim_signature: 0.58 (0.0%), check_dkim_adsp: 56 (0.9%), check_dcc: 147 (2.4%), check_razor2: 74 (1.2%), check_pyzor: 274 (4.5%), tests_pri_500: 1976 (32.2%), poll_dns_idle: 1735 (28.3%)
    

    Thanks a lot!
     
    #1 iso99, Dec 8, 2016
    Last edited by a moderator: Dec 8, 2016
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    These plugins are built in with the version of SpamAssassin offered with cPanel. Here's the path to their configuration files with version 3.004001:

    /var/lib/spamassassin/3.004001/updates_spamassassin_org/25_pyzor.cf
    /var/lib/spamassassin/3.004001/updates_spamassassin_org/25_razor2.cf
    /var/lib/spamassassin/3.004001/updates_spamassassin_org/25_dcc.cf


    Thank you.
     
  3. iso99

    iso99 Well-Known Member

    Joined:
    Jan 5, 2011
    Messages:
    104
    Likes Received:
    7
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    If you say they are built-in then compiling them from source wasn't necessary?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    That's correct, they are included by default when enabling SpamAssassin on your system.

    Thank you.
     
  5. iso99

    iso99 Well-Known Member

    Joined:
    Jan 5, 2011
    Messages:
    104
    Likes Received:
    7
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    Ah I see, that was rather convenient :D

    Thanks!
     
    cPanelMichael likes this.
  6. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,304
    Likes Received:
    42
    Trophy Points:
    178
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    I don't want to uninstall my customized DCC / Pyzor / Razor setups on all my servers just to prove or disprove this. However, I really question whether cPanel is actively using Pyzor / Razor / DCC on their SpamAssassin. All you have posted above are rules. They do nothing without enabling DCC / Pyzor / Razor, and in order to enable at least some of those you would typically have to install some PERL modules and set up a DCC server.

    Is there documentation / Changelogs anywhere that show that cPanel specifically has made these things available by default? Specifically, the suggested out-of-the-box support of Pyzor / DCC strike me as odd.

    Mike
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    You are correct that out of the box support isn't available. The steps on a third-party URL like this one are still required:

    Building a Poor Man’s Barracuda – cPanel edition

    The plugins for Pyzor and Razor2 are enabled by default, and the plugin for DCC is disabled by default. You can verify this by reviewing the following entries in the /etc/mail/spamassassin/v310.pre file:

    Code:
    # DCC - perform DCC message checks.
    #
    # DCC is disabled here because it is not open source.  See the DCC
    # license for more details.
    #
    #loadplugin Mail::SpamAssassin::Plugin::DCC
    
    # Pyzor - perform Pyzor message checks.
    #
    loadplugin Mail::SpamAssassin::Plugin::Pyzor
    
    # Razor2 - perform Razor2 message checks.
    #
    loadplugin Mail::SpamAssassin::Plugin::Razor2
    Uncommenting the loadplugin Mail::SpamAssassin::Plugin::DCC line, saving the file, and restarting SpamAssasin will enable the plugin for DCC, however you'd still have to install/configure it on the system.

    Thank you.
     
  8. iso99

    iso99 Well-Known Member

    Joined:
    Jan 5, 2011
    Messages:
    104
    Likes Received:
    7
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    And that clarified everything. Installing them manually was the correct path after all :)
     
    cPanelMichael and mtindor like this.
Loading...

Share This Page