[root@ns1 ~]# perl -MCPAN -e shell

/usr/lib/perl5/5.8.8/CPAN/Config.pm initialized.

CPAN is the world-wide archive of perl resources. It consists of about
100 sites that all replicate the same contents all around the globe.
Many countries have at least one CPAN site already. The resources
found on CPAN are easily accessible with the CPAN.pm module. If you
want to use CPAN.pm, you have to configure it properly.

If you do not want to enter a dialog now, you can answer ‘no’ to this
question and I’ll try to autoconfigure. (Note: you can revisit this
dialog anytime later by typing ‘o conf init’ at the cpan prompt.)

The following questions are intended to help you with the
configuration. The CPAN module needs a directory of its own to cache
important index files and maybe keep a temporary mirror of CPAN files.
This may be a site-wide directory or a personal directory.

 

First of all, I’d like to create this directory. Where?

If you want, I can keep the source files after a build in the cpan
home directory. If you choose so then future builds will take the
files from there. If you don’t want to keep them, answer 0 to the
next question.

 

How big should the disk cache be for keeping the build directories
with all the intermediate files?

Cache size for build directory (in MB)? [10] 100 엔터  

By default, each time the CPAN module is started, cache scanning
is performed to keep the cache size in sync. To prevent from this,
disable the cache scanning with ‘never’.

To considerably speed up the initial CPAN shell startup, it is
possible to use Storable to create a cache of metadata. If Storable
is not available, the normal index mechanism will be used.

The next option deals with the charset your terminal supports. In
general CPAN is English speaking territory, thus the charset does not
matter much, but some of the aliens out there who upload their
software to CPAN bear names that are outside the ASCII range. If your
terminal supports UTF-8, you say no to the next question, if it
supports ISO-8859-1 (also known as LATIN1) then you say yes, and if it
supports neither nor, your answer does not matter, you will not be
able to read the names of some authors anyway. If you answer no, names
will be output in UTF-8.

Your terminal expects ISO-8859-1 (yes/no)? [yes] 엔터

If you have one of the readline packages (Term::ReadLine::Perl,
Term::ReadLine::Gnu, possibly others) installed, the interactive CPAN
shell will have history support. The next two questions deal with the
filename of the history file and with its size. If you do not want to
set this variable, please hit SPACE RETURN to the following question.

File to save your history? [/root/.cpan/histfile]
Number of lines to save? [100] 엔터

The CPAN module can detect when a module that which you are trying to
build depends on prerequisites. If this happens, it can build the
prerequisites for you automatically (‘follow’), ask you for
confirmation (‘ask’), or just ignore them (‘ignore’). Please set your
policy to one of the three values.

The CPAN module will need a few external programs to work properly.
Please correct me, if I guess the wrong path for a program. Don’t
panic if you do not have some of them, just press ENTER for those. To
disable the use of a download program, you can type a space followed
by ENTER.

Where is your gzip program? [/bin/gzip]  다 엔터
Where is your tar program? [/bin/tar]
Where is your unzip program? [/usr/bin/unzip]
Where is your make program? [/usr/bin/make]
Where is your links program? [/usr/bin/links]
Where is your wget program? [/usr/bin/wget]
Warning: ncftpget not found in PATH
Where is your ncftpget program? [] /usr/bin
Where is your ftp program? [/usr/kerberos/bin/ftp]
Where is your gpg program? [/usr/bin/gpg]
What is your favorite pager program? [/usr/bin/less]
What is your favorite shell? [/bin/bash]

Every Makefile.PL is run by perl in a separate process. Likewise we
run ‘make’ and ‘make install’ in processes. If you have any
parameters (e.g. PREFIX, LIB, UNINST or the like) you want to pass
to the calls, please specify them here.

If you don’t understand this question, just press ENTER.

Parameters for the ‘perl Makefile.PL’ command?
Typical frequently used settings:

    PREFIX=~/perl       non-root users (please see manual for more hints)

Your choice:  [] 엔터
Parameters for the ‘make’ command?
Typical frequently used setting:

    -j3              dual processor system

Your choice:  [] 엔터
Parameters for the ‘make install’ command?
Typical frequently used setting:

    UNINST=1         to always uninstall potentially conflicting files

Sometimes you may wish to leave the processes run by CPAN alone
without caring about them. As sometimes the Makefile.PL contains
question you’re expected to answer, you can set a timer that will
kill a ‘perl Makefile.PL’ process after the specified time in seconds.

If you set this value to 0, these processes will wait forever. This is
the default and recommended setting.

Timeout for inactivity during Makefile.PL? [0] 엔터
If you’re accessing the net via proxies, you can specify them in the
CPAN configuration or via environment variables. The variable in
the $CPAN::Config takes precedence.

Your ftp_proxy? 
Your http_proxy? 
Your no_proxy? 
You have no /root/.cpan/sources/MIRRORED.BY
  I’m trying to fetch one
CPAN: LWP::UserAgent loaded ok
Fetching with LWP:
  ftp://ftp.perl.org/pub/CPAN/MIRRORED.BY

Now we need to know where your favorite CPAN sites are located. Push
a few sites onto the array (just in case the first on the array won’t
work). If you are mirroring CPAN to your local workstation, specify a
file: URL.

First, pick a nearby continent and country (you can pick several of
each, separated by spaces, or none if you just want to keep your
existing selections). Then, you will be presented with a list of URLs
of CPAN mirrors in the countries you selected, along with previously
selected URLs. Select some of those URLs, or just keep the old list.
Finally, you will be prompted for any extra URLs — file:, ftp:, or
http: — that host a CPAN mirror.

(1) Africa
(2) Asia
(3) Australasia
(4) Central America
(5) Europe
(6) North America
(7) Oceania
(8) South America
Select your continent (or several nearby continents) [] 2
Sorry! since you don’t have any existing picks, you must make a
geographic selection.

(1) China
(2) Hong Kong
(3) India
(4) Indonesia
(5) Japan
(6) Kazakhstan
(7) Republic of Korea
(8) Russia
(9) Singapore
(10) Taiwan
(11) Thailand
(12) Turkey
Select your country (or several nearby countries) [] 7
Sorry! since you don’t have any existing picks, you must make a
geographic selection.

(1) ftp://cpan.mirror.cdnetworks.com/CPAN/
(2) ftp://cpan.sarang.net/CPAN/
(3) ftp://ftp.kaist.ac.kr/pub/CPAN
Select as many URLs as you like (by number),
put them on one line, separated by blanks, e.g. ‘1 4 5’ [] 1

Enter another URL or RETURN to quit: []   엔터
New set of picks:
  ftp://cpan.mirror.cdnetworks.com/CPAN/

commit: wrote /usr/lib/perl5/5.8.8/CPAN/Config.pm
Terminal does not support AddHistory.

cpan shell — CPAN exploration and modules installation (v1.7602)
ReadLine support available (try ‘install Bundle::CPAN’)

cpan> install Bundle::CPAN       (CPAN을 설치)

Fetching with LWP:
  ftp://cpan.mirror.cdnetworks.com/CPAN/authors/01mailrc.txt.gz
Going to read /root/.cpan/sources/authors/01mailrc.txt.gz
CPAN: Compress::Zlib loaded ok
Fetching with LWP:
  ftp://cpan.mirror.cdnetworks.com/CPAN/modules/02packages.details.txt.gz
Going to read /root/.cpan/sources/modules/02packages.details.txt.gz
  Database was generated on Tue, 23 Mar 2010 19:40:18 GMT

  There’s a new CPAN.pm version (v1.9402) available!
  [Current version is v1.7602]
  You might want to try
    install Bundle::CPAN
    reload cpan
  without quitting the current session. It should be a seamless upgrade
  while we are running…

생략 ============================
설치 중 … 오래 걸림 …

Checking for Socket…ok
Checking for IO::Socket…ok
Checking if your kit is complete…
Looks good

Ah, I see you already have installed libnet before.

This script will prompt you to enter hostnames that can be used as
defaults for some of the modules in the libnet distribution.

To ensure that you do not enter an invalid hostname, I can perform a
lookup on each hostname you enter. If your internet connection is via
a dialup line then you may not want me to perform these lookups, as
it will require you to be on-line.

The following questions all require a list of host names, separated
with spaces. If you do not have a host available for any of the
services, then enter a single space, followed by <CR>. To accept the
default, hit <CR>

Enter a list of available NNTP hosts : []  엔터
Enter a list of available SMTP hosts : []
Enter a list of available POP3 hosts : []
Enter a list of available SNPP hosts : []
Enter a list of available PH Hosts   : []
Enter a list of available TIME Hosts   : []
Enter a list of available DAYTIME Hosts   : []

Do you have a firewall/ftp proxy  between your machine and the internet

If you use a SOCKS firewall answer no

Normally when FTP needs a data connection the client tells the server
a port to connect to, and the server initiates a connection to the client.

Some setups, in particular firewall setups, can/do not work using this
protocol. In these situations the client must make the connection to the
server, this is called a passive transfer.

If you specified some default hosts above, it is possible for me to
do some basic tests when you run make test'

This will cause make test’ to be quite a bit slower and, if your
internet connection is via dialup, will require you to be on-line
unless the hosts are local.

Do you want me to run these tests (y|n) ? [yes] no (입력)
..
..
Features present: preput 1 getHistory 1 addHistory 1 attribs 1 ornaments 1 appname 1 minline 1 autohistory 1 newTTY 1 tkRunning 1 setHistory 1

  Flipping rl_default_selected each line.

        Hint: Entering the word
                exit
        would exit the test. 😉  (If feature ‘preput’ is present,
        this word should be already entered.)

                                                                                                                                    Enter arithmetic or Perl expression: exit   엔터
..
…
CPAN: Term::ReadLine::Perl loaded ok
………………..
20 subroutines in Term::ReadLine redefined

cpan shell — CPAN exploration and modules installation (v1.7602)
ReadLine support enabled

CPAN 설치가 완료 되었으며 이제부터 스팸어세신 설치전 필요한 기본 모듈을 추가한다

cpan> install Digest::SHA1 HTML::Parser Net::DNS LWP HTTP:Data IO::Zlib Archive::Tar Sys::Syslog Pod::Usage


  CPAN.pm: Going to build O/OL/OLAF/Net-DNS-0.66.tar.gz

Testing if you have a C compiler and the needed header files….
You have a working compiler.

You appear to be directly connected to the Internet.  I have some tests
that try to query live nameservers.

Do you want to enable these tests? [y]  n 엔터
..
..
Appending installation info to /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/perllocal.pod
  /usr/bin/make install  — OK

옵션모듈을 추가해 준다

cpan> install MIME::Base64 DB_File Net::SMTP Mail::SPF Mail::SPF::Query NetAddr::IP IP::Country::Fast Net::Ident IO::Socket::SSL Compress::Zlib Time::HiRes Mail::DKIM Mail::Domainkeys Crypt::OpenSSL::Bignum DBI DBI Encode::Detect

….
…

Installing /usr/share/man/man3/Encode::Detect::Detector.3pm
  /usr/bin/make install  — OK


Spamassassin을 설치한다

cpan> install Mail::SpamAssassin

..
..
  CPAN.pm: Going to build J/JM/JMASON/Mail-SpamAssassin-3.3.1.tar.gz

What email address or URL should be used in the suspected-spam report
text for users who want more information on your filter installation?
(In particular, ISPs should change this to a local Postmaster contact)
default text: [the administrator of that system] webmaster@xinet.kr
..
..
chmod 755 /usr/share/spamassassin
  /usr/bin/make install  — OK

cpan> q
Lockfile removed.

[root@ns1 ~]# spamassassin -V
SpamAssassin version 3.3.1
  running on Perl version 5.8.8

[root@ns1 ~]# ls -l /etc/mail/spamassassin/
합계 32
drwxr-xr-x 2 root root 4096  3월 24 06:42 bayes
-rw-r–r– 1 root root 1299  3월 24 15:28 init.pre
-rw-r–r– 1 root root 2214  3월 24 15:28 local.cf
-rw-r–r– 1 root root 1716  3월  9 15:27 local.cf.rpmsave
-rw-r–r– 1 root root 2524  3월 24 15:28 v310.pre
-rw-r–r– 1 root root 1194  3월 24 15:28 v312.pre
-rw-r–r– 1 root root 2416  3월 24 15:28 v320.pre
-rw-r–r– 1 root root 1237  3월 24 15:28 v330.pre
[root@ns1 ~]#
[root@ns1 ~]#
[root@ns1 ~]# ls -l /usr/bin/spam*
-r-xr-xr-x 1 root root  29576  3월 24 15:25 /usr/bin/spamassassin
-r-xr-xr-x 1 root root 106276  3월 24 15:25 /usr/bin/spamc
-r-xr-xr-x 1 root root 108242  3월 24 15:25 /usr/bin/spamd
[root@ns1 ~]#
[root@ns1 ~]# ls -l /usr/share/spamassassin/
합계 116
-rw-r–r– 1 root root 101479  3월 24 15:28 languages
-rw-r–r– 1 root root   4777  3월 24 15:28 sa-update-pubkey.txt
-rw-r–r– 1 root root   1869  3월 24 15:28 user_prefs.template

[root@ns1 ~]# useradd -M -s /bin/false -c “SpamAssassin Operator” spamd

[root@ns1 ~]# cat /etc/passwd | grep spamd
spamd:x:540:540:SpamAssassin Operator:/free/home/spamd:/bin/false

[root@ns1 ~]# cat /etc/shadow | grep spamd
spamd:!!:14692:0:99999:7:::

[root@ns1 ~]# vi /etc/sysconfig/spamassassin


# Hint : if you want to enable SpamAssassin debugging
# (the debug output goes to /var/log/maillog) then use :
# SPAMDOPTIONS=”-x -u spamd -H /home/spamd -d -D”
# Don’t leave debugging turned on unnecessarily though,
# because it will slow down a busy server.
#
# Otherwise, for normal operation (debugging disabled) use :
SPAMDOPTIONS=”-x -u spamd -H /home/spamd -d”

저장

시작 스크립트 복사

[root@ns1 ~]# cp /root/.cpan/build/Mail-SpamAssassin-3.3.1/spamd/redhat-rc-script.sh /etc/init.d/spamd
[root@ns1 ~]# chkconfig –add spamd
[root@ns1 ~]# chkconfig spamd on

데몬 시작

[root@ns1 ~]# service spamd start
spamd (을)를 시작 중: child process [11592] exited or timed out without signaling production of a PID file: exit 255 at /usr/bin/spamd line 2588.
                                                           [실패]

이상하게 이 부분에서 에러가 발생된다 원인은 위에서 설명한것처럼 /usr/share/spamassassin에 파일들이
다 있지 않아서 에러가 발생한 것이다.

업데이트를 해주면 위의 문제를 해결 할수 있다

[root@ns1 ~]# sa-update -D –nogpg
..
..

[root@ns1 ~]# ls -l /var/lib/spamassassin/3.003001/updates_spamassassin_org
-rw-r–r– 1 root root   5930  3월 24 15:42 10_default_prefs.cf
-rw-r–r– 1 root root   1547  3월 24 15:42 25_accessdb.cf
—생략—-
-rw-r–r– 1 root root   2214  3월 24 15:42 local.cf
-rw-r–r– 1 root root   2762  3월 24 15:42 regression_tests.cf
-rw-r–r– 1 root root   4777  3월 24 15:42 sa-update-pubkey.txt
-rw-r–r– 1 root root   1869  3월 24 15:42 user_prefs.template

위의 파일들을 /usr/share/spamassassin 폴더에 옮겨준다

[root@ns1 ~]# mv /var/lib/spamassassin/3.003001/updates_spamassassin_org/* /usr/share/spamassassin/
mv: overwrite /usr/share/spamassassin/languages'? y
mv: overwrite /usr/share/spamassassin/sa-update-pubkey.txt’? y
mv: overwrite `/usr/share/spamassassin/user_prefs.template’? y

[root@ns1 ~]# mv /var/lib/spamassassin/3.003001/updates_spamassassin_org.cf /usr/share/spamassassin/

업데이트 된 폴더를 삭제

[root@ns1 lib]# rm -rf /var/lib/spamassassin/


이제 다시 spamd 데몬을 다시 시작해 보자

[root@ns1 lib]# service spamd restart
spamd 를 정지 중:                                          [실패]
spamd (을)를 시작 중:                                      [  OK  ]

데몬이 올라와 있는지 확인한다

[root@ns1 ~]# ps -ef | grep spamd              
root     12568     1 41 16:25 ?        00:00:02 /usr/bin/spamd -x -u spamd -H /home/spamd -d -r /var/run/spamd.pid
spamd    12571 12568  0 16:25 ?        00:00:00 spamd child
spamd    12573 12568  0 16:25 ?        00:00:00 spamd child

포트 확인

[root@ns1 ~]# netstat -nlp | grep spamd 
tcp        0      0 127.0.0.1:783               0.0.0.0:*                   LISTEN      12568/spamd.pid

[root@ns1 ~]# cd /etc/mail/spamassassin/

기존 파일은 백업을 해두고 새로 local.cf 파일을 생성한다

[root@ns1 spamassassin]# mv local.cf local.cf.old

[root@ns1 spamassassin]# vi local.cf

# SpamAssassin config file for version 3.x
# NOTE: NOT COMPATIBLE WITH VERSIONS 2.5 or 2.6
# See http://www.yrex.com/spam/spamconfig25.php for earlier versions
# Generated by http://www.yrex.com/spam/spamconfig.php (version 1.50)

report_safe : 스팸으로 판단될 경우 원본글을 감출지 여부이다. 메일을 읽는 순간 당할수 있는 그 어떤 공격이 두렵다면 1로 해야 한다. 하지만 0으로 설정한다.

required_score : 몇점 이상을 스팸메일로 의심할것인지에 대한 설정이다. 이것은 서버관리자의 주관적인 부분이다. 그냥 5로 해도 무관하다고 본다.

use_bayes : 학습된 Bayesian Classifier를 사용할것인지에 대한 여부이다. 당연히 1로 한다.

bayes_auto_learn : 자동학습에 대한 설정이다. 정말로 확실한 스팸의 경우 분석하여 나누어진 토큰을 지속적으로 학습 시킨다. 물론 자동으로.

bayes_path : 학습된 토큰 파일을 저장할 위치이다. 기본적으로 사용자 별로 개별 저장되나 이런식으로 하여 중앙 관리가 가능하다. 저 값은 접두어다. 저 뒤로 _toks와 _seen이 붙는 파일 두개가 생긴다.

bayes_file_mode : 파일의 권한이다. 666정도면 되겠다.

skip_rbl_checks : RBL체크값을 점수에 활용한다. 나름 맹활약을 하게 된다.

use_razor2 : Vipul’s Razor라는 곳에서 운영하는 블랙리스트 공유 시스템을 활용할지 여부이다. 난 사용안했다. 설치할것이 별도로 존재한다.

use_dcc : Distributed Checksum Clearinghouse의 약자이다. 실제 홈페이지에서는 스팸을 줄이는데 특출난 효과가 있다고 설명하고 있다. 필요하다 판단되면 사용하자

use_pyzor : Razor2와 비슷한 역할을 하는것 같다. 자세한건 사용해 보지 않아서 모르겠다. 홈페이지는 여기

ok_languages : 중요하게 사용되는 언어를 설정해 주면 된다. 한국의 경우 ko를 적어주면 된다. 영어권과 메일을 주고 받을일이 많다면 en도 추가해 주자.

ok_locales : 위와 같은 역할을 한다.

score : 별도로 특정 룰에 대한 점수를 강제로 지정할 수 있다.

whitelist_from : 믿을 수 있는 메일주소를 지정해주자. 매우 중요한 거래처의 메일이나 같은 서버의 메일은 굳이 점수를 매길필요가 없다

[root@ns1 ~]# vi /etc/procmailrc

DROPPRIVS=yes
#SpamAssassin Procmail Start
#
:0fw: spamassassin.lock
* < 256000
|spamc -u $LOGNAME
#SpamAssassin End

[root@ns1 ~]# /etc/rc.d/init.d/sendmail restart
sm-client을 종료 중:                                       [  OK  ]
sendmail를 종료 중:                                        [  OK  ]
sendmail (을)를 시작 중:                                   [  OK  ]
sm-client를 시작 중:                                       [  OK  ]
[root@ns1 ~]# /etc/rc.d/init.d/spamd restart
spamd 를 정지 중:                                          [  OK  ]
spamd (을)를 시작 중:                                      [  OK  ]

Mar 24 16:56:05 ns1 spamd[12981]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50570
Mar 24 16:56:05 ns1 spamd[12981]: spamd: processing message <005401cacb27$ad81abc0$2e00a8c0@seve0ai73lumaw> for wls1125:540
Mar 24 16:56:13 ns1 spamd[12981]: plugin: eval failed: bayes: (in learn) locker: safe_lock: cannot create tmp lockfile /home/spamd/.spamassassin/bayes.lock.ns1.xinet.kr.12981 for /home/spamd/.spamassassin/bayes.lock: 그런 파일이나 디렉토리가 없음
Mar 24 16:56:13 ns1 spamd[12981]: spamd: clean message (-1.0/5.0) for wls1125:540 in 8.3 seconds, 1544 bytes.
Mar 24 16:56:13 ns1 spamd[12981]: spamd: result: . 0 – ALL_TRUSTED,HTML_MESSAGE scantime=8.3,size=1544,user=wls1125,uid=540,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=50570,mid=<005401cacb27$ad81abc0$2e00a8c0@seve0ai73lumaw>,autolearn=unavailable
Mar 24 16:56:13 ns1 sendmail[13199]: o2O7u3XY013198: to=<jsh@xinet.kr>, ctladdr=<jsh@xinet.kr> (531/531), delay=00:00:10, xdelay=00:00:10, mailer=local, pri=31478, dsn=2.0.0, stat=Sent
Mar 24 16:56:14 ns1 spamd[12939]: prefork: child states: II

Mar 24 17:07:45 ns1 spamd[12981]: spamd: connection from localhost.localdomain [127.0.0.1] at port 59665
Mar 24 17:07:45 ns1 spamd[12981]: spamd: processing message <006501cacb29$4d2a5cc0$2e00a8c0@seve0ai73lumaw> for wls1125:540
Mar 24 17:07:49 ns1 spamd[12981]: plugin: eval failed: bayes: (in learn) locker: safe_lock: cannot create tmp lockfile /home/spamd/.spamassassin/bayes.lock.ns1.xinet.kr.12981 for /home/spamd/.spamassassin/bayes.lock: 그런 파일이나 디렉토리가 없음
Mar 24 17:07:49 ns1 spamd[12981]: spamd: identified spam (13.7/5.0) for wls1125:540 in 4.3 seconds, 6219 bytes.
Mar 24 17:07:49 ns1 spamd[12981]: spamd: result: Y 13 – DRUGS_ERECTILE,DRUG_ED_CAPS,HTML_IMAGE_ONLY_32,HTML_MESSAGE,RCVD_IN_SORBS_WEB,T_RP_MATCHES_RCVD,T_SURBL_MULTI1,T_SURBL_MULTI2,T_SURBL_MULTI3,URIBL_AB_SURBL,URIBL_DBL_SPAM,URIBL_JP_SURBL,URIBL_SC_SURBL,URIBL_WS_SURBL scantime=4.3,size=6219,user=wls1125,uid=540,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=59665,mid=<jsh@xinet.kr>, delay=00:00:07, xdelay=00:00:07, mailer=local, pri=36145, dsn=2.0.0, stat=Sent
Mar 24 17:07:49 ns1 spamd[12939]: prefork: child states: II