EnderUNIX Zabit
EnderUNIX Zabit
Content And Attachment Filter For qmail
Latest Version : 0.7.1
What is Zabit?Almost anyone would agree that the most prominent problem facing mail server
administrators is spam mails. For that we've decided to code a program which
will be able to detect and reject spam before the mail gets queued.
Zabit is a content/attachment filter for qmail. It's been coded in C language for performance reasons.
Zabit project consists of two main components, zabit and zabit-wrp.
Zabit does content filtering and attachment control, whereas zabit-wrp is designed to allow a virus-scanner to co-exist with zabit.
How Zabit works?
qscanq with virus scanner:
qscanq-+---> ripmime |---> virus scanner `---> [ qmail-queue | mail rejected ] Scenario with zabit and without any virus scanner: qscanq-+---> ripmime |---> zabit `---> [ qmail-queue | mail rejected ]
Scenario with both zabit and a virus scanner (for qscanq): qscanq-+---> ripmime |---> zabit-wrp -+--> zabit | `--> Virus scanner `---> [ qmail-queue | mail rejected ] For Zabit to run, qscanq must be pre-installed.
I recommend to use 'qSheff' instead of qscanq. Because of it supports zabit natively and you don't need zabit-wrp. It is also more flexible and easier than qscanq. It provides easiear configuration and quarantine. You don't need re-compile source if you turn off zabit. See http://www.enderunix.org/qsheff/
Scanerio with qSheff:
qsheff-+---> ripmime
|---> zabit (enable_spam_prog = 1)
|---> clamdscan
`---> [ qmail-queue | mail rejected ]
qSheff and qscanq detaches incoming mail as a message body and attachments using ripmime. They scans these files agains viruses via a command-line virus scanner i.e. clam. If antivirus program cannot find any virus within the files, they passed the mail to qmail-queue. If, on the other hand, antivirus program does find any virus within the mail, they returns an error message to qmail-smtpd, indicating some viri activity has been recorded in the incoming mail. qmail-smtpd returns the "Permanently Rejected" error message to the smtp client.
Zabit scans the files detached by qSheff or qscanq (via ripmime) and checks to see whether these files include keywords and attachment names contained in zabit configuration file. For the matching mails, it returns error messages.
If you have a virus scanner installed and you want to use both zabit and your virus-scanner on the same setup, zabit-wrp is your friend. zabit-wrp first runs zabit, if it returns error, it returns the error; if not, it runs the virus scanner returns any error messages returned by virus scanner program. This way, your mails can be both checked agains virus and spammer activity. The reason zabit is run before virus scanner is that it can scan names and extentions on attachments names. Files with *.pif extension can be blocked without further investigation by virus scanners so that the system resources are used much more wisely.
Project News
Supported Operating Systems
Download
Installation
For 0.7.1, see INSTALL, POST-INSTALL, README files.
Complete Turkish Guide for qSheff and zabit (Baris Simsek)
Complete Turkish Guide for qscanq and zabit (Baris Simsek)
Sample OutputConfig Files
Mailing Lists
Bug Reporting
Author
Thanks
Links
(c) 2004, EnderUNIX Software Development Team Istanbul/Turkey