[zabit.gif] EnderUNIX Zabit Content And Attachment Filter For qmail Latest Version : 0.7.1 [1]Turkish What is Zabit? Almost anyone would agree that the most prominent problem facing mail server administrators is spam mails. For that we've decided to code a program which will be able to detect and reject spam before the mail gets queued. Zabit is a content/attachment filter for qmail. It's been coded in C language for performance reasons. Zabit project consists of two main components, zabit and zabit-wrp. Zabit does content filtering and attachment control, whereas zabit-wrp is designed to allow a virus-scanner to co-exist with zabit. How Zabit works? qscanq with virus scanner: qscanq-+---> ripmime |---> virus scanner `---> [ qmail-queue | mail rejected ] Scenario with zabit and without any virus scanner: qscanq-+---> ripmime |---> zabit `---> [ qmail-queue | mail rejected ] Scenario with both zabit and a virus scanner (for qscanq): qscanq-+---> ripmime |---> zabit-wrp -+--> zabit | `--> Virus scanner `---> [ qmail-queue | mail rejected ] For Zabit to run, qscanq must be pre-installed. I recommend to use 'qSheff' instead of qscanq. Because of it supports zabit natively and you don't need zabit-wrp. It is also more flexible and easier than qscanq. It provides easiear configuration and quarantine. You don't need re-compile source if you turn off zabit. See [2]http://www.enderunix.org/qsheff/ Scanerio with qSheff: qsheff-+---> ripmime |---> zabit (enable_spam_prog = 1) |---> clamdscan `---> [ qmail-queue | mail rejected ] qSheff and qscanq detaches incoming mail as a message body and attachments using ripmime. They scans these files agains viruses via a command-line virus scanner i.e. clam. If antivirus program cannot find any virus within the files, they passed the mail to qmail-queue. If, on the other hand, antivirus program does find any virus within the mail, they returns an error message to qmail-smtpd, indicating some viri activity has been recorded in the incoming mail. qmail-smtpd returns the "Permanently Rejected" error message to the smtp client. Zabit scans the files detached by qSheff or qscanq (via ripmime) and checks to see whether these files include keywords and attachment names contained in zabit configuration file. For the matching mails, it returns error messages. If you have a virus scanner installed and you want to use both zabit and your virus-scanner on the same setup, zabit-wrp is your friend. zabit-wrp first runs zabit, if it returns error, it returns the error; if not, it runs the virus scanner returns any error messages returned by virus scanner program. This way, your mails can be both checked agains virus and spammer activity. The reason zabit is run before virus scanner is that it can scan names and extentions on attachments names. Files with *.pif extension can be blocked without further investigation by virus scanners so that the system resources are used much more wisely. Project News * May 19, 2005 Zabit 0.7.1 released. * Jan 09, 2005 Zabit 0.7 released. * Oct 13, 2004, Zabit 0.6-BETA released. * June 23, 2004, Zabit 0.5-BETA released. TODO * You can see [3]TODO file. Supported Operating Systems * Linux * FreeBSD/NetBSD/OpenBSD * Solaris * Linux PPC Download * [4]zabit-0.7.1.tar.gz * [5]zabit-0.7.tar.gz * [6]zabit-0.6-BETA.tar.gz * [7]zabit-0.5-BETA.tar.gz Installation For 0.6-BETA, see [8]INSTALL, [9]POST-INSTALL, [10]README files. [11]Complete Turkish Guide for qSheff and zabit (Baris Simsek) [12]Complete Turkish Guide for qscanq and zabit (Baris Simsek) Sample Output * Sample output is provided [13]here. Config Files * [14]zabit.conf * [15]zabit-attach.conf * [16]zabit-disattach.conf Mailing Lists * zabit _at lists.enderunix. org * Subscribe: Send a blank mail to zabit-subscribe at lists.enderunix. org * qsheff _at lists.enderunix.org * Subscribe: Send a blank mail to qsheff-subscribe at lists.enderunix. org Bug Reporting * Please report any bug report or request for enhancements to siseci at enderunix dot org. Author * Necati Ersen SISECI [ siseci at enderunix dot org ] Thanks * Enderunix Core Team Links * Acikkod.ORG: [17]http://www.acikkod.org * EnderUNIX.ORG [18]http://www.enderunix.org * EnderUNIX qSheff [19]http://www.enderunix.org/qsheff * qscanq: [20]http://www.qscanq.org * Clam Anti Virus: [21]http://www.clamav.net * qmail: [22]http://cr.yp.to/qmail.html * Ripmime: [23]http://www.pldaniels.com/ripmime/ (c) 2004, [24]EnderUNIX Software Development Team Istanbul/Turkey References 1. http://www.enderunix.org/zabit/indextr.php 2. http://www.enderunix.org/qsheff/ 3. http://www.enderunix.org/zabit/zabit/TODO 4. http://www.enderunix.org/zabit/zabit-0.7.1.tar.gz 5. http://www.enderunix.org/zabit/zabit-0.7.tar.gz 6. http://www.enderunix.org/zabit/zabit-0.6-BETA.tar.gz 7. http://www.enderunix.org/zabit/zabit-0.5-BETA.tar.gz 8. http://www.enderunix.org/zabit/zabit/INSTALL 9. http://www.enderunix.org/zabit/zabit/POST-INSTALL 10. http://www.enderunix.org/zabit/zabit/README 11. http://www.enderunix.org/docs/qsheff.html 12. http://www.enderunix.org/docs/qmail-spam-virus.html 13. http://www.enderunix.org/zabit/zabitlog-0.7.txt 14. http://www.enderunix.org/zabit/spammer.php 15. http://www.enderunix.org/zabit/zabit-attach.conf.htm 16. http://www.enderunix.org/zabit/zabit-disattach.conf.htm 17. http://www.acikkod.org/ 18. http://www.enderunix.org/ 19. http://www.enderunix.org/qsheff 20. http://www.qscanq.org/ 21. http://www.clamav.net/ 22. http://cr.yp.to/qmail.html 23. http://www.pldaniels.com/ripmime/ 24. http://www.enderunix.org/