This document describes how to install and test all the components needed for the Axigen aURIBL filter on a Linux server running an Axigen 10.3 version or later. In case your Axigen working directory is not the default one (/var/opt/axigen), please adapt the instructions below to your specific location.
Solution
Run these steps as root:
1. Install python prerequisites
- RPM based systems: # yum update
- For older systems with Python 2: # yum install python-pip
- For newer systems with Python 3: # yum install python3-pip
- Deb based systems: # apt update
# apt install python-pip - Update PIP (Package Installer for Python) and install Beautiful Soup (Python HTML parsing library):
- For older systems with Python 2: # pip install --upgrade pip
# pip install bs4 - For newer systems with Python 3: # pip3 install --upgrade pip
# pip3 install bs4
- For older systems with Python 2: # pip install --upgrade pip
2. Download filter components
# cd /var/opt/axigen/filters
# curl -L https://support.axigen.com/axi-uribl/axi-uribl.afsl -O
# chown axigen:axigen axi-uribl.afsl
# mkdir -p /opt/axigen/scripts
# cd /opt/axigen/scripts
# curl -L https://support.axigen.com/axi-uribl/axi-uribl.py -O
# chmod +x axi-uribl.py
# curl -L https://support.axigen.com/axi-uribl/config_uribl.py -O
3. Configure the filter
Edit config_uribl.py and change the following parameters:
- > OUR_DOMAINS with the values you like to whitelist (if any)
- > AURIBL_KEY with the value specific to your project
Please only use the first part of the license (like auribl-XXXXXXXX-XXXXXXXX-XXXXXXXX)
4. Check to see if the filter is properly configured
# cd /opt/axigen/scripts
# ./axi-uribl.py check test test-test-test 127.0.0.2 2.0.0.127 127.0.0.127
Command mode detected - checking domains: ['test', 'test-test-test', '127.0.0.2', '2.0.0.127', '127.0.0.127']
test = 127.0.0.2 (aURIBL)
127.0.0.127 = 127.0.0.2 (aURIBL)
test-test-test = 127.0.0.2 (aURIBL)
2.0.0.127 = 127.0.0.2 (aURIBL)
Only continue if you are receiving similar results (otherwise, contact the Axigen support team for further clarifications).
5. Configure Axigen
# cd /var/opt/axigen/run
# cp -p axigen.cfg axigen.cfg.backup-$(date '+%s')
# sed -i 's|socketFilters = (|socketFilters = (\n\t{\n\t\t'\
'name = "AXI-URIBL"\n\t\taddress = "inet://127.0.0.1:8899"\n\t\t'\
'protocolFile = "/var/opt/axigen/filters/axi-uribl.afsl"\n\t\t'\
'idleTimeout = 300\n\t\tactionOnMatch = pass\n\t\t'\
'maxConnections = 10\n\t\tmaxMessageSize = 10240\n\t}|' axigen.cfg
If the default prefix [SUSPECT] has to be changed, this could be done by editing the specific Axigen AFSL file: filters/axiuribl.afsl
6. Configure the AXI-URIBL service
# cat << 'EOF' > /etc/systemd/system/axi-uribl.service
[Unit]
Description=Axigen URIBL service
After=network.target
[Service]
Type=simple
Restart=always
RestartSec=1
StartLimitInterval=0
ExecStart=/opt/axigen/scripts/axi-uribl.py 2> >(logger -p mail.err) > >(/dev/null)
[Install]
WantedBy=multi-user.target
EOF
7. Enable, start, and check the status of the new service
# systemctl daemon-reload
# systemctl enable axi-uribl
# systemctl start axi-uribl
# systemctl status axi-uribl
8. Check to see if the service is running properly by sending a ping command and receiving pong answer
# telnet 0 8899
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.
welcome 0.0.13 on 140529880467200:00000001
ping
pong
quit
Connection closed by foreign host.
9. Reload the configuration for the Axigen service
# /etc/init.d/axigen reload
10. Enable the AXI-URIBL filter from the Axigen WebAdmin
To enable the filter, log into WebAdmin and navigate to Security & Filtering → Antivirus & AntiSpam → Supported Applications.
11. Check that the filter is running correctly
Send an internal message that includes https://test-test-test in its body
Expected results in message headers (check out the two examples below):
Subject: >> Prefixed with [SUSPECT]
X-AXI-URIBL: 1
X-AXI-URIBL-INFO: test-test-test = 127.0.0.2 (aURIBL
These are two examples with their traces in the logs:
- Syslog – /var/log/maillog Apr 23 16:48:36 mail axi-uribl.py[8257]: 140529880467200:00000002 Info: **\
Apr 23 16:48:36 mail axi-uribl.py[8257]: 140529880467200:00000002 Connected with 127.0.0.1:55094
Apr 23 16:48:36 mail axi-uribl.py[8257]: 140529880467200:00000002 filter|/var/opt/axigen//queue
/03/D1AD4.03|/var/opt/axigen//queue/03/D1AD4.04|5.10.20.40|mail.domain.org|sender@domain.org
Apr 23 16:48:36 mail axi-uribl.py[8257]: 140529880467200:00000002 test-test-test = 127.0.0.2
(aURIBL)
Apr 23 16:48:36 mail axi-uribl.py[8257]: 140529880467200:00000002 File /var/opt/axigen//queue/03
/D1AD4.03 processed in 130 ms result: 1 (2,1)
Apr 23 16:48:36 mail axi-uribl.py[8257]: 140529880467200:00000002 Disconnected from 127.0.0.1:
55094
Apr 23 16:48:36 mail axi-uribl.py[8257]: 140529880467200:00000002 Info: **/
...
Apr 23 16:51:32 mail axi-uribl.py[8257]: 140529880467200:00000005 Info: *******\
Apr 23 16:51:32 mail axi-uribl.py[8257]: 140529880467200:00000005 Connected with 127.0.0.1:33532
Apr 23 16:51:32 mail axi-uribl.py[8257]: 140529880467200:00000005 filter|/var/opt/axigen//queue
/27/D9AAB.02|/var/opt/axigen//queue/27/D9AAB.03|193.193.193.193|smtp.company.com|billing@company.
com
Apr 23 16:51:32 mail axi-uribl.py[8257]: 140529880467200:00000005 File /var/opt/axigen//queue/27
/D9AAB.02 processed in 407 ms result: 0 (26,7)
Apr 23 16:51:32 mail axi-uribl.py[8257]: 140529880467200:00000005 Disconnected from 127.0.0.1:
33532
Apr 23 16:51:32 mail axi-uribl.py[8257]: 140529880467200:00000005 Info: *******/Observe the result format of x (y,z) meaning that:
- y individual URLs where detected
- out of which there are z unique hostnames (only these ones are checked into the aURIBL DNS service)
- out of which x are found to be suspect.
The first message was detected as suspect (x=1, y=2, z=1) and the second as clean (x=0, y=26, z=7).
Any message filtered by AXI-URIBL will have at least an X-AXI-URIBL header, set with the value of x.
- Axigen Processing log 2020-04-23 16:48:36 +0300 08 mail PROCESSING:00031AD4: Start filter AXI-URIBL of type socket
filter from server
2020-04-23 16:48:36 +0300 16 mail PROCESSING:00031AD4: << welcome 0.0.12 on 140529880467200:
00000002
2020-04-23 16:48:36 +0300 16 mail PROCESSING:00031AD4: >> filter|
2020-04-23 16:48:36 +0300 16 mail PROCESSING:00031AD4: >> /var/opt/axigen//queue/03/D1AD4.03
2020-04-23 16:48:36 +0300 16 mail PROCESSING:00031AD4: >> |
2020-04-23 16:48:36 +0300 16 mail PROCESSING:00031AD4: >> /var/opt/axigen//queue/03/D1AD4.04
2020-04-23 16:48:36 +0300 16 mail PROCESSING:00031AD4: >> |
2020-04-23 16:48:36 +0300 16 mail PROCESSING:00031AD4: >> 5.10.20.40
2020-04-23 16:48:36 +0300 16 mail PROCESSING:00031AD4: >> |
2020-04-23 16:48:36 +0300 16 mail PROCESSING:00031AD4: >> mail.domain.org
2020-04-23 16:48:36 +0300 16 mail PROCESSING:00031AD4: >> |
2020-04-23 16:48:36 +0300 16 mail PROCESSING:00031AD4: >> sender@domain.org
2020-04-23 16:48:36 +0300 16 mail PROCESSING:00031AD4: << info: X-AXI-URIBL-INFO: test-test-test
= 127.0.0.2 (aURIBL)
2020-04-23 16:48:36 +0300 16 mail PROCESSING:00031AD4: << info: X-AXI-URIBL: 1
2020-04-23 16:48:36 +0300 16 mail PROCESSING:00031AD4: << present
2020-04-23 16:48:36 +0300 08 mail PROCESSING:00031AD4: Filter AXI-URIBL(127.0.0.1:8899):[PASS]:
pass - present
2020-04-23 16:48:36 +0300 08 mail PROCESSING:00031AD4: Finished filtering mail object 031AD4
with filter: AXI-URIBL of type socket filter from server
...
2020-04-23 16:51:32 +0300 08 mail PROCESSING:00279AAB: Start filter AXI-URIBL of type socket
filter from server
2020-04-23 16:51:32 +0300 16 mail PROCESSING:00279AAB: << welcome 0.0.12 on 140529880467200:
00000005
2020-04-23 16:51:32 +0300 16 mail PROCESSING:00279AAB: >> filter|
2020-04-23 16:51:32 +0300 16 mail PROCESSING:00279AAB: >> /var/opt/axigen//queue/27/D9AAB.02
2020-04-23 16:51:32 +0300 16 mail PROCESSING:00279AAB: >> |
2020-04-23 16:51:32 +0300 16 mail PROCESSING:00279AAB: >> /var/opt/axigen//queue/27/D9AAB.03
2020-04-23 16:51:32 +0300 16 mail PROCESSING:00279AAB: >> |
2020-04-23 16:51:32 +0300 16 mail PROCESSING:00279AAB: >> 193.193.193.193
2020-04-23 16:51:32 +0300 16 mail PROCESSING:00279AAB: >> |
2020-04-23 16:51:32 +0300 16 mail PROCESSING:00279AAB: >> smtp.company.com
2020-04-23 16:51:32 +0300 16 mail PROCESSING:00279AAB: >> |
2020-04-23 16:51:32 +0300 16 mail PROCESSING:00279AAB: >> billing@company.com
2020-04-23 16:51:32 +0300 16 mail PROCESSING:00279AAB: << done
2020-04-23 16:51:32 +0300 08 mail PROCESSING:00279AAB: Filter AXI-URIBL(127.0.0.1:8899):[PASS]:
pass - no changes
2020-04-23 16:51:32 +0300 08 mail PROCESSING:00279AAB: Finished filtering mail object 279AAB
with filter: AXI-URIBL of type socket filter from server