Fuglu is a mail scanner daemon written in Python. Installed as a postfix before-queue or after-queue filter fuglu can be used to filter spam, viruses, unwanted attachments etc.
As I'm not a mail admin, so this article will skip some mail related features. Let's install fuglu by cloning from the github repository.
$ git clone https://github.com/gryphius/fuglu.git
$ cd fuglu/fuglu
$ sudo python setup.py install
If the installation is successful, then we go to the basic configuration. Running fuglu --lint
root@localhost:/etc/fuglu# fuglu --lint
Could not drop privileges to nobody/nobody : Can not drop privileges, user nobody or group nobody does not exist
Fuglu 0.6.6-2-ge18e56b
---------- LINT MODE ----------
Checking dependencies...
sqlalchemy: not installed Optional dependency, required if you want to enable any database lookups
BeautifulSoup: V4 installed
magic: not installed Optional dependency, without python-file or python-magic the attachment plugin's automatic file type detection will easily be fooled
Loading extensions...
fuglu.extensions.sql: disabled (sqlalchemy not installed)
Loading plugins...
Plugin loading complete
Linting main configuration
OK
Linting Plugin Archive Config section: ArchivePlugin
SuspectFilter file not found: /etc/fuglu/archive.regex
ERROR
Linting Plugin Attachment Blocker Config section: FiletypePlugin
python libmagic bindings (python-file or python-magic) not available. Will only do content-type checks, no real file analysis
ERROR
Linting Plugin Debugger Config section: debug
OK
Linting Plugin Plugin Skipper Config section: PluginSkipper
SuspectFilter file not found: /etc/fuglu/skipplugins.regex
ERROR
3 plugins reported errors.
WARNING:
Skipping logging configuration check because I could not switch to user 'nobody' earlier.
please re-run fuglu --lint as privileged user
(problems in the logging configuration could prevent the fuglu daemon from starting up)
root@localhost:/etc/fuglu#
You should really fix the above lint error before continue to get a good setup for the incoming features. The solution is different for each lint error output above but for mine, I did the following.
root@localhost:/etc/fuglu# cp archive.regex.dist archive.regex
root@localhost:/etc/fuglu# cp fuglu_mrtg.cfg.dist fuglu_mrtg.cfg
root@localhost:/etc/fuglu# cp logging.conf.dist logging.conf
root@localhost:/etc/fuglu# cp skipplugins.regex.dist skipplugins.regex
root@localhost:/etc/fuglu# apt-get install python-sqlalchemy python-magic
root@localhost:/etc/fuglu# groupadd nobody
Run again the fuglu lint command
root@localhost:/etc/fuglu# fuglu --lint
Fuglu 0.6.6-2-ge18e56b
---------- LINT MODE ----------
Checking dependencies...
sqlalchemy: installed
BeautifulSoup: V4 installed
magic: found python-file/libmagic bindings (http://www.darwinsys.com/file/)
Loading extensions...
fuglu.extensions.sql: enabled (available)
Loading plugins...
Plugin loading complete
Linting main configuration
OK
Linting Plugin Archive Config section: ArchivePlugin
OK
Linting Plugin Attachment Blocker Config section: FiletypePlugin
Found python-file/libmagic bindings (http://www.darwinsys.com/file/)
No database configured. Using per user/domain file configuration from /etc/fuglu/rules
rarfile library not found, RAR support disabled
Archive scan, available file extensions: ['z', 'zip']
OK
Linting Plugin Debugger Config section: debug
OK
Linting Plugin Plugin Skipper Config section: PluginSkipper
OK
0 plugins reported errors.
Checking logging configuration....
OK
Perfect! Everything is OK. We are ready to move on. As for fuglu postfix configuration, you can refer here.This I will skip for the aforementioned reason. To start fuglu, just run the command fuglu and fuglu will run in the background. Give -f if you want to quickly test it.
root@localhost:~# fuglu
root@localhost:~#
root@localhost:~# tail -F /var/log/fuglu/fuglu.log
2016-06-23 20:44:15,178 root : INFO FuGLU Version 0.6.6-2-ge18e56b starting up
2016-06-23 20:44:15,289 fuglu.MainController: INFO Init Stat Engine
2016-06-23 20:44:15,290 fuglu.MainController: INFO Init Threadpool
2016-06-23 20:44:15,290 fuglu.MainController: INFO Starting interface sockets...
2016-06-23 20:44:15,291 fuglu.MainController: INFO starting connector smtp/10025
2016-06-23 20:44:15,291 fuglu.incoming.10025: INFO SMTP (After Queue) Server running on port 10025
2016-06-23 20:44:15,291 fuglu.MainController: INFO starting connector smtp/10099
2016-06-23 20:44:15,292 fuglu.incoming.10099: INFO SMTP (After Queue) Server running on port 10099
2016-06-23 20:44:15,292 fuglu.MainController: INFO starting connector smtp/10888
2016-06-23 20:44:15,292 fuglu.incoming.10888: INFO SMTP (After Queue) Server running on port 10888
2016-06-23 20:44:15,293 fuglu.control.fuglu_control.sock: INFO Control/Info Server running on port /tmp/fuglu_control.sock
2016-06-23 20:44:15,293 fuglu.MainController: INFO Startup complete
Started okay. Now let us print out some fuglu status.
$ sudo fuglu_control stats
Fuglu statistics
---------------
Uptime: 0:00:20.218391
Avg scan time: 0
Total msgs: 0
Ham: 0
Spam: 0
Virus: 0
$ sudo fuglu_control workerlist
Total 2 Threads
[1]: waiting for task
*******
[2]: waiting for task
The response is fast and yet the statistics are simple to understand. If you are a mail admin, I suggest you also setup fuglu so that statistics can be plotted into mrtg. Fuglu comes support with mrtg natively, you can find out how here.
To take a step further, mail admin should really read on the plugin page. It contains all various goodies you will required and if you want more, you can actually write your plugin and integrate to fuglu. You can read it here as the example given on how to write the plugin.
Last but not least, if you have question, you can reach the author in many different medium. You can find it here.
If you are mail admin, consider fuglu your mail scanner daemon!
