INN - filtering spam, cleanfeed and postfilter
aioe recommends the "cleanfeed" spam filter. This one is not available on my openSUSE Leap 15.3, but it's a simple perl script one can find here.
The filter folder as said in inn.conf pathfilter option is "/usr/lib/news/bin/filter", for convenience, I added in my ~news folder a link and changed the ownership to news:news.
ln -s /usr/lib/news/bin/filter filter
then I noticed that the "filter" folder is not empty... but the /usr/lib/news/bin/filter folder is owned by root, so dealing with it needs to be root.
So go to the link above.
- download the zip file from "code" with "wget -nH https://github.com/crooks/cleanfeed/archive/refs/heads/master.zip", this create the master.zip file in your present folder (notice there are several versions of cleanfeed archive, mostly indentical);
- use mc to open this file and copy "cleanfeed-master" to the news folder. In this way all the relevant files/folders are created.
The download can give you a "cleanfeed.tar.gz", a master.zip or a "cleanfeed.zip", but the content is the same.
news@ns507557:~> ll cleanfeed/ total 120 drwxr-xr-x 1 news news 84 2 mars 2020 badurls -rw-r--r-- 1 news news 1577 2 mars 2020 changelog -rw-r--r-- 1 news news 96948 2 mars 2020 cleanfeed -rw-r--r-- 1 news news 197 2 mars 2020 cleanfeed.asc -rw-r--r-- 1 news news 7035 2 mars 2020 cleanfeed.local.sample -rw-r--r-- 1 news news 749 2 mars 2020 filter_nnrpd.pl drwxr-xr-x 1 news news 234 2 mars 2020 html -rw-r--r-- 1 news news 838 2 mars 2020 README drwxr-xr-x 1 news news 216 2 mars 2020 samples drwxr-xr-x 1 news news 28 2 mars 2020 tools
- go as root to /usr/lib/news/bin/filter;
- moved the present content to an "oldfilter" folder (just in case);
- ln -s /etc/news/cleanfeed-master/filter_nnrpd.pl filter_innd.pl
s507557:/usr/lib/news/bin/filter # ll total 4 lrwxrwxrwx 1 root root 42 20 déc. 10:22 filter_nnrpd.pl -> /etc/news/cleanfeed-master/filter_nnrpd.pl drwxr-xr-x 1 root news 288 19 déc. 18:32 oldfilter
Allowing perl and filter_innd.pl
The culprit is than
- perl can't be enabled in INN if there is no perl filter... the default install gives the necessary files, so that perl is enabled, but as soon as you move the files to an "oldfiles" folder, perl is disabled until filter_innd.pl is again created.
- cleanfeed filter is *not" filter_innd.pl but simply "cleanfeed" in the cleanfeed folder. This may seems obvious, but it's not as there *is* a filter_innpd.pl file.
news@ns507557:/etc/news/filter> ln -s /etc/news/cleanfeed-master/cleanfeed filter_innd.pl news@ns507557:/etc/news/filter> ll total 8 lrwxrwxrwx 1 news news 36 24 déc. 08:52 filter_innd.pl -> /etc/news/cleanfeed-master/cleanfeed lrwxrwxrwx 1 news news 42 22 déc. 09:53 filter_nnrpd.pl -> /etc/news/cleanfeed-master/filter_nnrpd.pl drwxr-xr-x 1 news news 288 19 déc. 18:32 oldfilter news@ns507557:/etc/news/filter> ctlinnd reload filter.perl 'reason' Ok news@ns507557:/etc/news/filter> ctlinnd perl y Ok news@ns507557:/etc/news/filter> ctlinnd mode Server running Allowing remote connections Parameters c 10 i 50 (1) l 5000000 o 1010 t 300 H 2 T 60 X 0 normal specified Not reserved Readers follow enabled Perl filtering enabled Perl filter stats: Pass: 0 Reject: 0 Refuse: 0 MD5: 0 PHL: 0 PHN: 0 PHR: 0 FSL: 0
Allowing options in cleanfeed.local
It's better not to change too often the main perl file, so it exists a "cleanfeed.local" file. But the place where this file have to be is indicated in a parameter in cleanfeed perl file.
the parameter is at the beginning of cleanfeed (or filter_innd.pl)
#$config_dir = '/usr/local/news/cleanfeed/etc'; $config_dir = '/usr/lib/news/bin/filter';
first line (with #) is the cleanfeed default, second line is what I choosed. It's simply the basic filter folder.
some files are aimed to hold variations and are stored in the cleanfeed source folder subfolder /etc.
Postfilter aim to filter posts coming from the users of your server. Main doc is here.
Fore the online git version:
You can download it from Postfilter Github.
for this, look at the "code" button and clic on it.
Right clic on "Download ZIP".
go to your server, root account and type
wget <link you copied just before>
just now, for me it was:
Then I preferred to rename the file with a more descriptive name:
mv master.zip postfilter-master.zip
Frequent use of "ll" (ls -l if you don't have the ll alias) is recommended to check if you are in the right folder.
Her you find the postfilter installer, so
./postfilter-installer -c to check. I lacked Net::DNS perl module
You install the missing module doing:
After that, runninc -c, ask for DBI, si
cpan DBI gives an error, but
# zypper in perl-Net::DNS
Works. And now ./postfilter-installer -c is happy :-).
It goes OK. Just for references, the results:
innconfval found at /usr/lib/news/bin//innconfval Postfilter directories created OK. Touching files OK. Copying files OK. Replacing filter_nnrpd.pl [ OK ] <- this may not be OK, because this filter was used, to check Postfilter was successfully installed
# ./postfilter-installer -v
Should show you
Postfilter 0.8 [ OK ]
Config files for postfilter (present in the etc folder of the archive) are copied to ~news/postfilter.
Here, change the postfilter.conf at your will (the file is self-explanatory). In rules.conf change your IP.
In access.conf are the numbers of things allowed.
Badwords.conf is nearly empty by default and syntax is very picky. Change with caution.
- postfilter.pl is in /usr/lib/news/bin/filter/postfilter/postfilter.pl with lin k from /usr/lib/news/bin/filter/filter_nnrpd.pl
- Config files are in /etc/news/postfilter
- logs are in /etc/news/spool/postfilter>
Postfilter is very powerful, but thus pretty hard to configure. I had to make some changes to the default file some not that good that I had to remove :-(
I try to add in the file a comment like "charged to tru by jdd on sep 25 2022" to make finding my changes more easily. I make frequent file copies, just in case. I presently (when I write this doc made 11 changes...
List (grep -A 3 jdd postfilter.conf)
- "salt" obviously changed for some ugly list of signs
- "server_type", "public",
- "enable_domain_check", "false",
- "default_action_on_reject", "reject",
- "period", 21600,
- "tor_network", "reject",
- "allow_control_cancel", "true",
For this option, the file says that it's unused if INN is started with the -C option. This don't prove right. If set to "false", it prevent the working of control-lock, when inn -C don't.
- "allow_mail_headers", "true", (for the mail to news gateway)
- "allow_html", "true", (I expect less problem with multipart mails in the gateway)
- "maximum_multipost", 3,
- "delete_header_x-no-archive", "false",