Over the last year, I have had significant issues with spam on the phpBB3 forums that I administer. The recent blog post over at the phpBB site confirmed two things I already suspected: first that I am not alone in my spam problem and second that there is no easy way to replace the default captcha to prevent this spam. Upcoming version 3.0.6 of phpBB aims to solve both of these problems by providing a multi-purpose API to interface with any challenge-response including but no longer limited to captchas. For anyone using an earlier release of phpBB3, here is how I was able to get reCAPTCHA working. This completely eliminated the spam problem on my forums.

1. Register reCAPTCHA keys for your forum domain at http://recaptcha.net/.
2. Install bzr, Bazaar version control.
3. get phpbb3-recaptcha experimental branch. (bzr branch lp:phpbb3-recaptcha)
4. In a web broswer, browse to the phpbb3-recaptcha folder and open info.xml. A page will open with patch instructions. Follow the instructions, including for the language and style files. I found using rsync locally was helpful when copying the mod files to my phpBB installation instead of copying each file one by one.
5. Browse to the /install/index.php page of your forum in a web browser, click on the recaptcha tab and click install. Then, go to the admin control panel and click on reCAPTCHA under Board Configuration. Here you need to input your public and private reCAPTCHA keys you obtained in step 1. Enable reCAPTCHA and click save. New users will now need to solve a reCAPTCHA to register on your forum.

Note for phpBB 3.0.5

I found I had to modify the patch instructions slightly for version 3.0.5 of phpBB. In file /includes/ucp/ucp_register.php the code

‘confirm_code’ => (($config['recaptcha']) ? array(’string’, false, 0, 100) : array(’string’, !$config['enable_confirm'], 5, 8)),

should instead be

‘confirm_code’ => (($config['recaptcha']) ? array(’string’, false, 0, 100) : array(’string’, !$config['enable_confirm'], CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS)),

How-To's phpbb, phpBB3, recaptcha

Prerequisites

A current Debian system with an MTA installed and working. This guide is specific to Exim4 although many of the steps would apply to other MTA’s as well. Also, the guide assumes you store your mail in Maildir format. If you store your mail in single files (mbox), you will have to adjust some of the commands below.

Install Packages

Use aptitude or apt-get to install the packages ’spamassassin’ and ’sa-exim.’

Configuration

Create a file called .forward in your home directory with the following content. If needed, update the save command to point to the location of your junk/spam directory.

# Exim filter
if $h_X-Spam-Status: CONTAINS "Yes"
or
$h_X-Spam-Flag: CONTAINS "Yes"
then
save $home/Maildir/.Junk/
finish
endif

Edit /etc/exim4/sa-exim.conf and comment out the second SAEximRunCond attribute like so:

# Remove or comment out the following line to enable sa-exim
#SAEximRunCond: 0

Edit /etc/default/spamassassin and change the ENABLED flag to 1.

Finally, start spamassassin and configure it to start at boot if needed:

# /etc/init.d/spamassassin start
# update-rc.d spamassassin defaults

 

Optimization and Maintenence

Take a look at the log file /var/log/exim4/mainlog. You should see SpamAssassin doing its thing for any new emails coming in. You will see what spam ranking it assigns to the message and what its fate is (allowed, allowed but flagged, or permanently rejected).

A good way to increase the accuracy of SpamAssasin is to teach it. First, organize your spam and non-spam (which we will call “ham”) into separate folders. Try to make sure you don’t miscategorize any. For this to work well, you will need over a hundred of each type of email–the more the better. Then, run the ’sa-learn’ command on the folders. For example, assuming your ham is in your inbox and your spam is in a folder called Junk:

$ sa-learn --ham --showdots /home/username/Maildir/cur/*
$ sa-learn --spam --showdots /home/username/Maildir/.Junk/cur/*

Linux Administration Debian, Exim, Linux Administration, spam, SpamAssassin

Update 10/21/2008: By the way, this article now appears on the Debian Administration web site!

I recently installed Mailman on on my server to provide a mailing list for my extended family. While in the end, I was able to scrounge up the articles I needed by searching the web, many of them were woefully outdated. Here is a short article that pulls together my research and describes in one place what is needed to get Mailman running happily under Debian etch with Exim4.

Prerequisites

This guide assumes that you are running a recent release of Debian and have Exim4 installed and working.

Installing and Configuring Mailman

To install mailman, simply run the following command:

apt-get install mailman

During the install, you will be prompted to choose which languages you want mailman to support.

After the install is complete, follow the instructions given during the install and setup the Mailman-specific mailing list.

newlist mailman

There are just a few changes that must be made to the basic configuration. Open /etc/mailman/mm_cfg.py and edit the following items:

# Default domain for email addresses of newly created mailing lists
DEFAULT_EMAIL_HOST = 'list.example.org'

# Default host for the web interface of newly created mailing lists
DEFAULT_URL_HOST   = 'list.example.org'

# Uncomment this. In this setup, the alias file won't need to be changed.
MTA=None   # Misnomer, suppresses alias output on newlist

The last line makes no functional changes to mailman but will stop commands like “newlist” from outputing messages we won’t need. Restart mailman so that the configuration changes take effect:

/etc/init.d/mailman restart

Now would be a good time to set up any other mailing lists you will need using the same “newlist” command. If your list will be using anything other than the DEFAULT_URL_HOST we set up earlier as its web interface hostname, make sure to pass that to newlist with the -u flag.

Exim Configuration

The classic way of integrating Mailman with your MTA is to add each mailing list address to /etc/alias as a pipe to the mailman process. This is no longer the recommended way to configure Mailman with Exim. In fact, when I did try to add a piped alias, Exim choked on it because its default configuration no longer allows these for security reasons. So instead of adding dozens of lines to our alias file, we will be following the exim.org how-to to allow all Mailman addresses to automatically be handled by Exim.

Assuming you are using the split config, you will need to create the files listed below. If you are using a single file for configuration, you will need to find the appropriate places to insert the items.

/etc/exim4/conf.d/main/04_mailman_options:

# Mailman macro definitions

# Home dir for the Mailman installation
MM_HOME=/var/lib/mailman

# User and group for Mailman
MM_UID=list
MM_GID=list

#
# Domains that your lists are in - colon separated list
# you may wish to add these into local_domains as well
domainlist mm_domains=list.example.org

# The path of the Mailman mail wrapper script
MM_WRAP=MM_HOME/mail/mailman
#
# The path of the list config file (used as a required file when
# verifying list addresses)
MM_LISTCHK=MM_HOME/lists/${lc::$local_part}/config.pck

/etc/exim4/conf.d/router/450_mailman_aliases:

mailman_router:
driver = accept
domains = +mm_domains
require_files = MM_LISTCHK
local_part_suffix_optional
local_part_suffix = -admin : \
-bounces   : -bounces+*  : \
-confirm   : -confirm+*  : \
-join      : -leave      : \
-owner     : -request    : \
-subscribe : -unsubscribe
transport = mailman_transport

/etc/exim4/conf.d/transport/40_mailman_pipe:

mailman_transport:
driver = pipe
command = MM_WRAP \
'${if def:local_part_suffix \
{${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
{post}}' \
$local_part
current_directory = MM_HOME
home_directory = MM_HOME
user = MM_UID
group = MM_GID

After you finish creating the various configuration files, run the following commands to build the updated configuration file and restart exim:

update-exim4.conf
/etc/init.d/exim4 restart

 

Apache Configuration

mailman uses CGI to create a web interface for its mailing lists. We need to configure Apache in order to get this piece working. First create a file to store some new aliases for the web server.

/etc/apache2/conf.d/mailman:

Alias /pipermail /var/lib/mailman/archives/public
Alias /images/mailman /usr/share/images/mailman
<directory /var/lib/mailman/archives/public>
DirectoryIndex index.html
</directory>

Then create (or edit) a VirtualHost entry to allow the scripts to run.

/etc/apache2/sites-available/list.example.org:

<virtualhost *:80>
ServerName list.example.org
ServerAdmin webmaster@list.example.org
DocumentRoot /var/www/
<directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
# This directive allows us to have apache2's default start page
# in /apache2-default/, but still have / go to the right place
RedirectMatch ^/$ /cgi-bin/mailman/listinfo
</directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</directory>
</virtualhost>

If this is a new file, remember to symlink it to the sites-enabled directory.

Finally, restart Apache so that the changes take effect.

/etc/init.d/apache2 restart

 

Administer your List

That completes the setup! You can begin administering your new list at http://list.example.org/cgi-bin/mailman/listinfo

Linux Administration Debian, etch, Exim, Linux Administration, Mailman