A surbl processor reads Email messages, extracts http/https URL’s from them and checks them against a URI blacklist.
We use tsurbl as surbl processor with qmail.
This is exotic software, only we are using it.
See:
Requirements
sudo apt-get install tcl8.6 tcl-trf tcl-tls tcl-udp tcllib safecat ucspi-tcp-ipv6
Installation
cd /opt
darcs get http://at.magma-soft.at/darcs/tsurbl
for p in sodic tsurbl; do
chmod +x /opt/tsurbl/$p.tcl
ln -fs /opt/tsurbl/$p.tcl /usr/local/bin/$p
done
chmod +x /opt/tsurbl/qqtsurbl.tcpclient
ln -fs /opt/tsurbl/qqtsurbl.tcpclient /usr/local/bin/qqtsurbl
Set up
sudo true
# Create working directory
sudo install -d -m 2775 -o root -g staff /var/qmail/tsurbl
cd /var/qmail/tsurbl
ln -fs /opt/tsurbl/Makefile.tsurbl Makefile
for f in blacklist.site whitelist.site whitelist.basic whitelist.standard; do
ln -fs /opt/tsurbl/$f .
done
sudo make -k setup
# This fails on the cache, we fix it
for d in tag redirect blacklist whitelist; do
sudo install -d -m 2770 -o qmaild -g staff cache/$d
done
# update public suffix lists
make update-all
Create tsurbl service
sudo true
# Create tsurbl service directory
sudo install -d -m 2775 -o root -g staff /etc/tsurbl
cd /etc/tsurbl || cat >&2
mkdir env
cat > run <<'EOF'
#!/bin/sh
# leg20171008
# tsurbl server
LOGLEVEL=Debug
MAXCONNECT=3
BACKLOG=0
exec 2>&1
exec chpst -U qmaild -e env -n 10 \
tcpsvd -v -u qmaild -l0 \
127.4.5.1 4510 \
tsurbl -l $LOGLEVEL --server
EOF
chmod +x run
sudo install -d -m 2775 -o root -g staff /var/lib/supervise/tsurbl
ln -nfs /var/lib/supervise/tsurbl supervise
# Create tsurbl log service directory
mkdir log
cd log || cat >&2
cat > run <<EOF
#!/bin/sh
exec chpst -u log svlogd -t ./main
EOF
chmod +x run
sudo install -d -m 2775 -o root -g staff /var/lib/supervise/tsurbl.log
ln -nfs /var/lib/supervise/tsurbl.log supervise
# Log directory
sudo install -d -m 2750 -o log -g adm /var/log/tsurbl
ln -nfs /var/log/tsurbl main
Activate tsurbl service
cd /etc/tsurbl
tail -F log/main/current&
ln -nfs `pwd` /service
ToDo
- Get diet-libc safecat in /package
- Get diet-libc ucsip-tcp-ipv6 in /package
- Does
safecat.tclhave an extra ‘}’ at the end? We use Debian package anyways qqtsurblas QMAILQUEUE says: ?Tcl WaitForEvent: unable to start notifier thread @400000005c410db01bbf14ac Aborted <- not anymore after using Debian safecat.