Fine-tunning Spamassassin and Citadel

This is actually a follow-up article of the previous publication: RPi Home Mail Server Project.

Unfortunately there are not enough articles regarding the configuration needed in order to integrate the open source spam filter Spamassassin and Citadel mail server.

First of all you should install Spamassassin by issuing the following commands:

> apt-get update

> apt-get install spamassassin spampd

Spam daemon (spampd) works as an incoming MTA which scans the emails and then forwards them to the mail server. By default, spampd listens to port 10025 and connects to port 10026, after the relevant processing.

Following this architecture, your firewall should forward SMTP and SMTPS incoming connections to spampd at port 10025 (one simple scenario is by creating a port forwarding rule) and then forward them to Citadel mail server at port 25. 

In order to achieve this, you have to edit /etc/default/spampd and change value DESTPORT from 10026 to 25. 

And you are done! Enjoy!

RPi Home Mail Server Project

It has been a while since I last updated my blog. I am quite happy to write another article regarding my latest project: my own mail server based on my Raspberry Pi.

The reason is quite simple: since Google, Microsoft, or whatever provider, considers that it has the right to read my emails, the only way to "revoke" this right is by discontinuing the use of those providers' services. However, bear in mind that putting an email server into your internal network poses a great risk and you should be aware of the means how to mitigate those risks (implement DMZ, VLANs, buying firewalls, etc.). Those means cost money of course.

After a research regarding the most appropriate software for home -and RPi- use, I chose Citadel. I haven't tested it yet under extreme circumstances.

In order to configure Citadel you can use this very useful tutorial:
http://www.ducky-pond.com/posts/2012/Jul/installing-citadel-on-rpi/

Citadel offers integration with ClamAV, an open source antivirus and Spamassasin, an open source antispam software.

ClamAV

Unfortunately Citadel website offers only a high-level configuration guide for both ClamAV and SpamAssassin. As a consequence we have to dive a little bit deeper in order to make them work together.

We can install ClamAV by issuing the following commands:

> apt-get install clamav-daemon
> apt-get install clamav

Make sure you have included the following lines on /etc/clamav/clamd.conf:

TCPSocket 3310
TCPAddr 127.0.0.1

Make sure clamAV deamon is running:
/etc/init.d/clamav-daemon start

Then, add the localhost address on Citadel's administration page as mentioned on the guide.

SpamAssassin

Installing SpamAssassin by issuing the following commands:
> apt-get install spampd
> apt-get install spamassassin

Make sure you reconfigure the listening address and port for spamassassin (I have searched for a conf file but I didn't find it. So I include the following workaround.)

Edit /etc/init.d/spampd script and locate the following lines:

[ -n "${LISTENPORT}" ] && ARGS="${ARGS} --port=${LISTENPORT}"
[ -n "${LISTENHOST}" ] && ARGS="${ARGS} --host=${LISTENHOST}"


Alter them according to the following ones:

[ -n "${LISTENPORT}" ] && ARGS="${ARGS} --port=783"
[ -n "${LISTENHOST}" ] && ARGS="${ARGS} --host=127.0.0.1"

Spamassassin must listen on port 783 in order to cooperate with Citadel.

Now the only thing to do is to configure accordingly your domain name and MX records in order to send and receive emails.

Last but not least, consider implementing PGP keys in order to communicate safely. Bear in mind that the email service is plaintext, anyone suitably positioned on the Internet (ISPs, network administrators, etc.) can intercept and read your emails.

Enjoy your email service!

Kali Linux on Raspberry Pi

I finally found some time and installed Kali linux, the Backtrack successor, on my Raspberry Pi!
Here is the screenshot:

Below, I will provide the high level steps in order to install and configure the Kali Linux on your RP! 

"Ingredients" :p

• Raspberry Pi, 256MB RAM
• 16GB SD card Class 10

High level steps:

1. Download kali linux image from here.
2. Write on SD following the instructions provided by kali website or by Raspberry Pi website.
3. Change your root password. Note that SSH is enabled by default, so theoretically you will not need to plug in a HDMI monitor.
4. Expand the partition to fill all the SD card space. Because I am a little bit lazy, I used the raspi-config script with success!

Kali seems to run flawlessly up to this time. The following weeks I am going to test more features of Kali and see how I can take advantage of the flexibility provided by Raspberry Pi!

So stay tuned! :)

Me, My Raspberry Pi and I

In this post, I would like to share my raspberry experiment. I don't want to write another post of "How to do <this> with raspberry pi", but instead, share my experience. First of all:

What is Raspberry Pi?

From Raspberry Pi's FAQ:

The Raspberry Pi is a credit-card sized computer that plugs into your TV and a keyboard. It’s a capable little PC which can be used for many of the things that your desktop PC does, like spreadsheets, word-processing and games. It also plays high-definition video. We want to see it being used by kids all over the world to learn programming.

Raspberry Pi and I

I totally agree with the FAQ's definition! And I would recommend to all parents who are PC "aware" to buy a RP for their children!

My history with RP was quite long! I had been thinking of buying a RP a long time ago. But, I have a drawback (apart from my noumerous advantages of my character! :P); if I want something badly, I want it at the same time! Therefore, I wanted to buy a RP and didn't want to wait about 3 weeks, so I ordered from ebay. Unfortunately, I had bad luck. I ordered Friday and Saturday (as far as I can remember), it was announced that RP new releases would come with 512MB RAM instead of 256MB. All customers who had order from the authorized resellers they would get the 512MB version without any extra cost. But I had ordered from ebay!... So, no luck!... Nevertheless, I didn't get disappointed.

My "Project Plan"

My experiment with RP was to create a RP to host the following:

• VPN server
• Torrent downloader
• TOR proxy
• Syslog
• Dropbox uploader
• File Server
• (I hope the list will grow!)

Getting Started

I will skip the first steps because they are well documented at RP's site here!

Initially I had an SD with 8GB RAM but unfortunatelly it was declared dead.... So, I bought a 16GB SD, class 10! :)

First steps

I will start from the classics. Change the default password and throught raspi-config, extend file system to occupy the whole SD card and enable SSH. You will need it some time!

One of the classic security basics is to change your password! Through raspi-config, change the timezone and the keyboard. Another way to do this is to edit XKBLAYOUT and set it to "us" at /etc/default/keyboard.

Update your RP

In order to keep my RP distro up to date I used RPi update. You can get it by doing the following:

> sudo apt-get install git-core

> https://github.com/Hexxeh/rpi-update

Copy it to a cron directory, according to your needs (I have copied to the cron.weekly for example).

VPN Server

I have set up a VPN server in order to get connected to website & services over unsecured WIFIs. I have used this useful guide to set it up!

Torrent Box

I use bittornado client. Generally, you can use apt-get command and install your preferable torrent client software. Here you can find a guide for installing trasmission on your RP!

TOR Proxy

TOR project is an open network which you can use in order to tunnel your requests through many proxies all over the Internet. The purpose of the project is to provide its user anonymity. Here you can find information regarding TOR project.

The installation on my RP was quite simple. Issue the command:

apt-get install tor

and your RP is hosting your TOR proxy. Now you must alter your proxy settings on your browser in order to route all your requests through the TOR software. A very nice firefox add-on is QuickProxy!

Syslog

I also use syslog service of my RP to gather all logs from my network devices. You have to un-comment the following lines from /etc/rsyslog.conf:

$ModLoad imudp

$UDPServerRun 514

and instruct the network devices to use your RP as a syslog server!

Dropbox uploader

One of my first thoughts with RP was to upload files to dropbox through RP in order to take advantage of RP's low consumption. Moreover, it won't be necessary to have my macbook powered on in order to upload large files!

I found a useful script which uploads files to Dropbox with a Bash script. It's very useful and easy to install and use! You can find it here.

File Server

My RP is always ON! So why not share some files? For example some photos? So, I created a user, installed samba and voilá; my photos are shared on my home network. I used the following sequence:

#Install samba
> apt-get install samba samba-common-bin
#Created a user
> adduser <username>
#Set user samba password
smbpasswd -a <username>
#Added the following lines in /etc/samba/smb.conf:
[Photos]
comment = Photos Folder
path = <path here>
writable = no
guest ok = no
#Restart Samba Service
> /etc/init.d/samba restart

Now, the path entered in Samba.conf file is being shared over the network!

Iptables 

Last but not least, you need to setup a firewall. Iptables is a fine solution. If your RP is exposed to the Internet, it would be wiser if you configure your iptables. Here is some of fine guided I have used to write my iptables:

http://www.cyberciti.biz/tips/linux-iptables-examples.html

http://www.garron.me/linux/iptables-manual.html

http://www.thegeekstuff.com/2011/06/iptables-rules-examples/ 

Sum-up

My adventure with the RP does not end here. I experiment a lot with my RP and currently I am working on the project Kali Linux on RP, so stay tuned!

Further Reading

1. Raspberry Pi FAQ
2. Buy Raspberry Pi from Farnell or RS.
3. RPi Tutorials list.