Em Ter, 2009-11-10 às 15:14 +0100, Steve escreveu:
> -------- Original-Nachricht --------
> > Datum: Tue, 10 Nov 2009 09:30:24 -0200
> > Von: Felipe Szczesny Rout <felipe.r...@al.rs.gov.br>
> > An: Steve <steeeeev...@gmx.net>
> > CC: dspam-user@lists.sourceforge.net
> > Betreff: Re: [Dspam-user] can\'t remove address from whitelist
>
> >
> > > Computing the whilelist token for that sender:
> > > theia ~ # dspam_crc 'From*"Carta IEDI" <ca...@iedi.org.br>'
> > > TOKEN: 'From*"Carta IEDI" <ca...@iedi.org.br>' CRC: 17185162547590275985
> > > theia ~ #
> > >
> > > And then search for that token in your DSPAM database:
> > > SELECT * FROM `dspam_token_data` WHERE `token` = '17185162547590275985'
> > >
> > > What result do you have?
> >
> > This select result a "empty set", but I did the follow:
> >
> > dspam_crc From*"Carta IEDI <ca...@iedi.org.br>"
> > TOKEN: 'From*Carta IEDI <ca...@iedi.org.br>' CRC: 6322142184428839436
> >
> > mysql> select * from dspam_token_data where token='6322142184428839436';
> >
> > The result was:
> >
> > +-----+---------------------+-----------+---------------+------------+
> > | uid | token | spam_hits | innocent_hits | last_hit |
> > +-----+---------------------+-----------+---------------+------------+
> > | 24 | 6322142184428839436 | 0 | 29 | 2009-11-06 |
> > | 28 | 6322142184428839436 | 0 | 25 | 2009-11-06 |
> > | 29 | 6322142184428839436 | 0 | 25 | 2009-11-06 |
> > +-----+---------------------+-----------+---------------+------------+
> >
> > Uid 24 is the user I'm trying to fix, but probably others have same
> > issue.
> >
> UID 28 and 29 have the same issue. Anyway... you wrote that you learned that
> message as SPAM. Right?
Yes, I learned that message many times as spam. I use forward mail to
address s...@... to train, but I have Web-UI working too. Before send to
retrain a I see the e-mail as "Whitelist" in Web-UI and after I see the
"Retrained".
I'm using postfix as a mail gateway for M$ Exchange. I will append my
conf files in this e-mail.
Uid 24 preferences are:
+-----+------------------------+-------------+
| uid | preference | value |
+-----+------------------------+-------------+
| 24 | dailyQuarantineSummary | off |
| 24 | enableBNR | on |
| 24 | enableWhitelist | on |
| 24 | optIn | off |
| 24 | optOut | off |
| 24 | showFactors | on |
| 24 | signatureLocation | message |
| 24 | spamAction | quarantine |
| 24 | spamSubject | ***DSPAM*** |
| 24 | statisticalSedation | 5 |
| 24 | trainingMode | TUM |
+-----+------------------------+-------------+
My group definition is very simple:
cat /var/spool/dspam/group
base_co...@al.rs.gov.br:merged:*
>
> There are many possible reasons why the whitelisting is not working right.
> Allow me to think loud:
> - The sending IP is in LocalMX or in 127., 10., 172.16., 192.168. or 169.254.
I will take a look to be sure postfix is not messing ip address.
> - You have a group definition that is doing whitelisting on classification
> but not on learnings
No, I use a merged group to be a start point for all my users. I make
all initial training for a fake user I called base_comum (uid 2) and
create and grouped my users to use this in merged group. The database
for this fake user is now static.
> - You have disabled enableWhitelist for the user
No.
> - You have IgnoreHeader in place disabling the From header line
No.
>
> Does any of the above ring a bell? If not then allow me to ask how your setup
> is? Could you post your dspam.conf, your group definition and the default
> preference and the preference for UID 24 (if you are using preference
> extension). Could you post how you have integrated DSPAM with your MTA? Could
> you post how you do training (Web-UI, forwarding, other methods)?
>
>
> // Steve
dspam.conf:
## $Id: dspam.conf.in,v 1.83 2007/12/07 00:11:51 mjohnson Exp $
## dspam.conf -- DSPAM configuration file
##
#
# DSPAM Home: Specifies the base directory to be used for DSPAM storage
#
Home /var/spool/dspam
#
# StorageDriver: Specifies the storage driver backend (library) to use.
# You'll only need to set this if you are using dynamic storage driver
plugins
# from a binary distribution. The default build statically links the
storage
# driver (when only one is specified at configure time), overriding this
# setting, which only comes into play if multiple storage drivers are
specified
# at configure time. When using dynamic linking, be sure to include the
path
# to the library if necessary, and some systems may use an extension
other
# than .so (e.g. OSX uses .dylib).
#
# Options include:
#
# libmysql_drv.so libpgsql_drv.so libsqlite_drv.so
# libsqlite3_drv.so libhash_drv.so
#
# IMPORTANT: Switching storage drivers requires more than merely
changing
# this option. If you do not wish to lose all of your data, you will
need to
# migrate it to the new backend before making this change.
#
StorageDriver /usr/lib/dspam/libmysql_drv.so
#
# Trusted Delivery Agent: Specifies the local delivery agent DSPAM
should call
# when delivering mail as a trusted user. Use %u to specify the user
DSPAM is
# processing mail for. It is generally a good idea to allow the MTA to
specify
# the pass-through arguments at run-time, but they may also be specified
here.
#
# Most operating system defaults:
#TrustedDeliveryAgent "/usr/bin/procmail" # Linux
#TrustedDeliveryAgent "/usr/bin/mail" # Solaris
#TrustedDeliveryAgent "/usr/libexec/mail.local" # FreeBSD
#TrustedDeliveryAgent "/usr/bin/procmail" # Cygwin
#
# Other popular configurations:
#TrustedDeliveryAgent "/usr/cyrus/bin/deliver" # Cyrus
#TrustedDeliveryAgent "/bin/maildrop" # Maildrop
#TrustedDeliveryAgent "/usr/local/sbin/exim -oMr spam-scanned" # Exim
#
#TrustedDeliveryAgent "/usr/bin/procmail"
#
# Untrusted Delivery Agent: Specifies the local delivery agent and
arguments
# DSPAM should use when delivering mail and running in untrusted user
mode.
# Because DSPAM will not allow pass-through arguments to be specified
to
# untrusted users, all arguments should be specified here. Use %u to
specify
# the user DSPAM is processing mail for. This configuration parameter is
only
# necessary if you plan on allowing untrusted processing.
#
#UntrustedDeliveryAgent "/usr/bin/procmail -d %u"
#
# SMTP or LMTP Delivery: Alternatively, you may wish to use SMTP or
LMTP
# delivery to deliver your message to the mail server instead of using a
# delivery agent. You will need to configure with --enable-daemon to use
host
# delivery, however you do not need to operate in daemon mode. Specify
an IP
# address or UNIX path to a domain socket below as a host.
#
# If you would like to set up DeliveryHost's on a per-domain basis, use
# the syntax: DeliveryHost.domain.com 1.2.3.4
#
DeliveryHost 127.0.0.1
DeliveryPort 10026
DeliveryIdent localhost
DeliveryProto SMTP
#
# FallbackDomains: If you want to specify certain domains as fallback
domains,
# enable this option. For example, you could create a user @domain.com,
and
# if b...@domain.com does not resolve to a known user on the system, the
user
# could default to your @domain.com user. NOTE: This also requires
designating
# fallbackDomain for the domain name;
# e.g. dspam_admin ch pref domain.com fallbackDomain on
#
#FallbackDomains on
#
# Quarantine Agent: DSPAM's default behavior is to quarantine all mail
it
# thinks is spam. If you wish to override this behavior, you may specify
# a quarantine agent which will be called with all messages DSPAM thinks
is
# spam. Use %u to specify the user DSPAM is processing mail for.
#
#QuarantineAgent "/usr/bin/procmail -d spam"
#
# DSPAM can optionally process "plused users" (addresses in the user
+detail
# form) by truncating the username just before the "+", so all internal
# processing occurs for "user", but delivery will be performed for
# "user+detail". This is only useful if the LDA can handle "plused
users"
# (for example Cyrus IMAP) and when configured for LMTP delivery above
#
#EnablePlusedDetail on
#
# Quarantine Mailbox: DSPAM's LMTP code can send spam mail using LMTP to
a
# "plused" mailbox (such as user+quarantine) leaving quarantine
processing
# for retraining or deletion to be performed by the LDA and the mail
client.
# "plused" mailboxes are supported by Cyrus IMAP and possibly other
LDAs.
# The mailbox name must have the +
#
#QuarantineMailbox +quarantine
#
# OnFail: What to do if local delivery or quarantine should fail. If set
# to "unlearn", DSPAM will unlearn the message prior to exiting with an
# un successful return code. The default option, "error" will not
unlearn
# the message but return the appropriate error code. The unlearn option
# is use-ful on some systems where local delivery failures will cause
the
# message to be requeued for delivery, and could result in the message
# being processed multiple times. During a very large failure, however,
# this could cause a significant load increase.
#
OnFail error
#
# Trusted Users: Only the users specified below will be allowed to
perform
# administrative functions in DSPAM such as setting the active user and
# accessing tools. All other users attempting to run DSPAM will be
restricted;
# their uids will be forced to match the active username and they will
not be
# able to specify delivery agent privileges or use tools.
#
Trust postfix
Trust root
Trust dspam
Trust apache
Trust mail
Trust mailnull
Trust smmsp
Trust daemon
Trust www-data
Trust nobody
Trust nots...@al.rs.gov.br
#
# Debugging: Enables debugging for some or all users. IMPORTANT: DSPAM
must
# be compiled with debug support in order to use this option. DSPAM
should
# never be running in production with debug active unless you are
# troubleshooting problems.
#
# DebugOpt: One or more of: process, classify, spam, fp, inoculation,
corpus
# process standard message processing
# classify message classification using --classify
# spam error correction of missed spam
# fp error correction of false positives
# inoculation message inoculations (source=inoculation)
# corpus corpusfed messages (source=corpus)
#
#Debug *
#
#DebugOpt process spam fp corpus classify inoculation
#
# ClassAlias: Alias a particular class to spam/nonspam. This is useful
if
# classifying things other than spam.
#
ClassAliasSpam spam
ClassAliasNonspam inocente
#
# Training Mode: The default training mode to use for all operations,
when
# one has not been specified on the commandline or in the user's
preferences.
# Acceptable values are:
# toe Train on Error (Only)
# teft Train Everything (Trains on every message)
# tum Train Until Mature (Train only tokens without enough data)
# notrain Do not train or store signatures (large ISP systems,
post-train)
#
#TrainingMode teft
TrainingMode tum
#
# TestConditionalTraining: By default, dspam will retrain certain errors
# until the condition is no longer met. This usually accelerates
learning.
# Some people argue that this can increase the risk of errors, however.
#
TestConditionalTraining on
#
# Features: Specify features to activate by default; can also be
specified
# on the commandline. See the documentation for a list of available
features.
# If _any_ features are specified on the commandline, these are ignored.
#
#Feature noise
Feature whitelist
# Training Buffer: The training buffer waters down statistics during
training.
# It is designed to prevent false positives, but can also dramatically
reduce
# dspam's catch rate during initial training. This can be a number from
0
# (no buffering) to 10 (maximum buffering). If you are paranoid about
false
# positives, you should probably enable this option.
#
#Feature tb=5
#
# Algorithms: Specify the statistical algorithms to use, overriding any
# defaults configured in the build. The options are:
# naive Naive-Bayesian (All Tokens)
# graham Graham-Bayesian ("A Plan for Spam")
# burton Burton-Bayesian (SpamProbe)
# robinson Robinson's Geometric Mean Test (Obsolete)
# chi-square Fisher-Robinson's Chi-Square Algorithm
#
# You may have multiple algorithms active simultaneously, but it is
strongly
# recommended that you group Bayesian algorithms with other Bayesian
# algorithms, and any use of Chi-Square remain exclusive.
#
# NOTE: For standard "CRM114" Markovian weighting, use 'naive', or
consider
# using 'burton' for slightly better accuracy
#
# Don't mess with this unless you know what you're doing
#
#Algorithm chi-square
#Algorithm naive
Algorithm graham burton
#
# Tokenizer: Specify the tokenizer to use. The tokenizer is the piece
# responsible for parsing the message into individual tokens. Depending
on
# how many resources you are willing to trade off vs. accuracy, you may
# choose to use a less or more detailed tokenizer:
# word uniGram (single word) tokenizer
# Tokenizes message into single individual words/tokens
# example: "free" and "viagra"
# chain biGram (chained tokens) tokenizer (default)
# Single words + chains adjacent tokens together
# example: "free" and "viagra" and "free viagra"
# sbph Sparse Binary Polynomial Hashing tokenizer
# Creates sparse token patterns across sliding window of
5-tokens
# example: "the quick * fox jumped" and "the * * fox jumped"
# osb Orthogonal Sparse biGram
# Similar to SBPH, but only uses the biGrams
# example: "the * * fox" and "the * * * jumped"
#
Tokenizer chain
#
# PValue: Specify the technique used for calculating Probability
Values,
# overriding any defaults configured in the build. These options are:
# bcr Bayesian Chain Rule (Graham's Technique - "A Plan for
Spam")
# robinson Robinson's Technique (used in Chi-Square)
# markov Markovian Weighted Technique (for Markovian
discrimination)
#
# Unlike the "Algorithms" property, you may only have one of these
defined.
# Use of the chi-square algorithm automatically changes this to
robinson.
#
# Don't mess with this unless you know what you're doing.
#
#PValue robinson
#PValue markov
PValue bcr
#
# WebStats: Enable this if you are using the CGI, which writes .stats
files
WebStats on
#
# ImprobabilityDrive: Calculate odds-ratios for ham/spam, and add to
# X-DSPAM-Improbability headers
#
#ImprobabilityDrive on
#
# Preferences: Specify any preferences to set by default, unless
otherwise
# overridden by the user (see next section) or a default.prefs file.
# If user or default.prefs are found, the user's preferences will
override any
# defaults.
#
#Preference "spamAction=quarantine"
#Preference "spamAction=deliver"
Preference "signatureLocation=message"
#Preference "signatureLocation=headers"
Preference "showFactors=on"
Preference "spamAction=tag"
#Preference "spamSubject=*** PROVÁVEL SPAM ***"
Preference "spamSubject=***DSPAM***"
#
# Overrides: Specifies the user preferences which may override
configuration
# and commandline defaults. Any other preferences supplied by an
untrusted user
# will be ignored.
#
AllowOverride trainingMode
AllowOverride spamAction spamSubject
AllowOverride statisticalSedation
AllowOverride enableBNR
AllowOverride enableWhitelist
#AllowOverride signatureLocation
AllowOverride showFactors
AllowOverride optIn optOut
AllowOverride whitelistThreshold
#AllowOverride localStore
# --- SQLite ---
#SQLitePragma "synchronous = OFF"
# --- Hash ---
#
# HashRecMax: Default number of records to create in the initial segment
when
# building hash files. 100,000 yields files 1.6MB in size, but can fill
up
# fast, so be sure to increase this (to a million or more) if you're not
using
# autoextend.
#
# NOTE: If you're using a heavy-weight tokenizer, such as SBPH, you
should be
# looking for settings in the 'millions' of records.
#
# Primes List:
# 53, 97, 193, 389, 769, 1543, 3079, 6151, 12289, 24593, 49157, 98317,
196613,
# 393241, 786433, 1572869, 3145739, 6291469, 12582917, 25165843,
50331653,
# 100663319, 201326611, 402653189, 805306457, 1610612741, 3221225473,
# 4294967291
#
HashRecMax 98317
#
# HashAutoExtend: Autoextend hash databases when they fill up. This
allows
# them to continue to train by adding extents (extensions) to the file.
There
# will be a small delay during the growth process, as everything needs
to be
# closed and remapped.
#
HashAutoExtend on
#
# HashMaxExtents: The maximum number of extents that may be created in a
single
# hash file. Set this to zero for unlimited
#
HashMaxExtents 0
#
# HashExtentSize: The initial record size for newly created extents.
Creating
# this too small could result in many extents being created. Creating
this too
# large could result in excessive disk space usage. Typically, a value
close
# to half of the HashRecMax size is good.
#
HashExtentSize 49157
#
# HashPctIncrease: Increase the next extent size by n% from the size of
the
# last extent. This is useful in accommodating systems where the
default
# HashExtentSize can be too small for certain high-volume users, and can
also
# help keep seeks nice and speedy and/or prevent too many unnecessary
extents
# from being created when using a low HashMaxSeek. The default behavior,
when
# HashPctIncrease is not used, is to always use # HashExtentSize with
no
# increase.
#
HashPctIncrease 10
#
# HashMaxSeek: The maximum number of record seeks when inserting a new
record
# before failing or adding a new extent. This ultimately translates into
the
# max # of acceptable seeks per segment. Setting this too high will
exhaustively
# scan each segment and hurt performance. Typically, a low value is
acceptable
# as even older extents will continue to fill as training progresses.
#
HashMaxSeek 10
#
# HashConcurrentUser: If you are using a single, stateful hash database
in
# daemon mode, specifying a concurrent user below will cause the user to
be
# permanently mapped into memory and shared via rwlocks. This is very
fast and
# very cool if you are running a "userless" relay appliance.
#
#HashConcurrentUser user
#
# HashConnectionCache: If running in daemon mode, this is the max # of
# concurrent connections that will be supported. NOTE: If you are using
# HashConcurrentUser, this option is ignored, as all connections are
read-
# write locked instead of mutex locked.
#
HashConnectionCache 10
# -- LDAP --
#
# LDAP: Perform various LDAP functions depending on LDAPMode variable.
# Presently, the only mode supported is 'verify', which will verify the
# existence of an unknown user in LDAP prior to creating them as a new
user in
# the system. This is useful on some systems acting as gateway
machines.
#
#LDAPMode verify
#LDAPHost ldaphost.mydomain.com
#LDAPFilter "(mail=%u)"
#LDAPBase ou=people,dc=domain,dc=com
# -- Profiles --
#
# You can specify multiple storage profiles, and specify the server to
# use on the commandline with --profile. For example:
#
#Profile DECAlpha
#MySQLServer.DECAlpha 10.0.0.1
#MySQLPort.DECAlpha 3306
#MySQLUser.DECAlpha dspam
#MySQLPass.DECAlpha changeme
#MySQLDb.DECAlpha dspam
#MySQLCompress.DECAlpha true
#MySQLReconnect.DECAlpha true
#
#Profile Sun420R
#MySQLServer.Sun420R 10.0.0.2
#MySQLPort.Sun420R 3306
#MySQLUser.Sun420R dspam
#MySQLPass.Sun420R changeme
#MySQLDb.Sun420R dspam
#MySQLCompress.Sun420R false
#MySQLReconnect.Sun420R true
#
#DefaultProfile DECAlpha
#MySQLServer /var/lib/mysql/mysql.sock
#MySQLPort
#MySQLUser dspam
#MySQLPass jubanga81
#MySQLDb dspam
#MySQLCompress true
#MySQLReconnect true
#
# If you're using storage profiles, you can set failovers for each
profile.
# Of course, if you'll be failing over to another database, that
database
# must have the same information as the first. If you're using a global
# database with no training, this should be relatively simple. If you're
# configuring per-user data, however, you'll need to set up some type of
# replication between databases.
#
#Failover.DECAlpha SUN420R
#Failover.Sun420R DECAlpha
# If the storage fails, the agent will follow each profile's failover up
to
# a maximum number of failover attempts. This should be set to a maximum
of
# the number of profiles you have, otherwise the agent could loop and
try
# the same profile multiple times (unless this is your desired
behavior).
#
#FailoverAttempts 1
#
# Ignored headers: If DSPAM is behind other tools which may add a header
to
# incoming emails, it may be beneficial to ignore these headers -
especially
# if they are coming from another spam filter. If you are _not_ using
one of
# these tools, however, leaving the appropriate headers commented out
will
# allow DSPAM to use them as telltale signs of forged email.
#
#IgnoreHeader X-Spam-Status
#IgnoreHeader X-Spam-Scanned
#IgnoreHeader X-Virus-Scanner-Result
IgnoreHeader X-policyd-weight
IgnoreHeader Received-SPF
IgnoreHeader X-Greylist
#
# Lookup: Perform lookups on streamlined blackhole list servers (see
# http://www.nuclearelephant.com/projects/sbl/). The streamlined
blacklist
# server is machine-automated, unsupervised blacklisting system designed
to
# provide real-time and highly accurate blacklisting based on network
spread.
# When performing a lookup, DSPAM will automatically learn the inbound
message
# as spam if the source IP is listed. Until an official public RABL
server is
# available, this feature is only useful if you are running your own
# streamlined blackhole list server for internal reporting among
multiple mail
# servers. Provide the name of the lookup zone below to use.
#
# This function performs standard reverse-octet.domain lookups, and
while it
# will function with many RBLs, it's strongly discouraged to use those
# maintained by humans as they're often inaccurate and could hurt filter
# learning and accuracy.
#
#Lookup "sbl.yourdomain.com"
#
# RBLInoculate: If you want to inoculate the user from RBL'd messages it
would
# have otherwise missed, set this to on.
#
#RBLInoculate off
#
# Notifications: Enable the sending of notification emails to users
(first
# message, quarantine full, etc.)
#
Notifications off
#
# Purge configuration: Set dspam_clean purge default options, if not
otherwise
# specified on the commandline
#
#PurgeSignatures 14 # Stale signatures
#PurgeNeutral 90 # Tokens with neutralish probabilities
#PurgeUnused 90 # Unused tokens
#PurgeHapaxes 30 # Tokens with less than 5 hits (hapaxes)
#PurgeHits1S 15 # Tokens with only 1 spam hit
#PurgeHits1I 15 # Tokens with only 1 innocent hit
#
# Purge configuration for SQL-based installations using purge.sql
#
PurgeSignature off # Specified in purge.sql
PurgeNeutral 90
PurgeUnused off # Specified in purge.sql
PurgeHapaxes off # Specified in purge.sql
PurgeHits1S off # Specified in purge.sql
PurgeHits1I off # Specified in purge.sql
#
# Local Mail Exchangers: Used for source address tracking, tells DSPAM
which
# mail exchangers are local and therefore should be ignored in the
Received:
# header when tracking the source of an email. Note: you should use the
address
# of the host as appears between brackets [ ] in the Received header.
#
LocalMX 127.0.0.1
#
# Logging: Disabling logging for users will make usage graphs
unavailable to
# them. Disabling system logging will make admin graphs unavailable.
#
SystemLog on
UserLog on
#
# TrainPristine: for systems where the original message remains server
side
# and can therefore be presented in pristine format for retraining. This
option
# will cause DSPAM to cease all writing of signatures and DSPAM headers
to the
# message, and deliver the message in as pristine format as possible.
This mode
# REQUIRES that the original message in its pristine format (as of
delivery)
# be presented for retraining, as in the case of webmail, imap, or
other
# applications where the message is actually kept server-side during
reading,
# and is preserved. DO NOT use this switch unless the original message
can be
# presented for retraining with the ORIGINAL HEADERS and NO
MODIFICATIONS.
#
# NOTE: You can't use this setting with dspam_trian; if you're going to
use it,
# wait until after you train any corpora.
#
#TrainPristine on
#
# Opt: in or out; determines DSPAM's default filtering behavior. If this
value
# is set to in, users must opt-in to filtering by dropping a .dspam file
in
# /var/dspam/opt-in/user.dspam (or if you have homedirs configured,
a .dspam
# folder in their home directory). The default is opt-out, which means
all
# users will be filtered unless a .nodspam file is dropped in
# /var/dspam/opt-out/user.nodspam
#
Opt out
#
# TrackSources: specify which (if any) source addresses to track and
report
# them to syslog (mail.info). This is useful if you're running a
firewall or
# blacklist and would like to use this information. Spam reporting also
drops
# RABL blacklist files (see
http://www.nuclearelephant.com/projects/rabl/).
#
TrackSources spam nonspam
#
# ParseToHeaders: In lieu of setting up individual aliases for each
user,
# DSPAM can be configured to automatically parse the To: address for
spam and
# false positive forwards. From there, it can be configured to either
set the
# DSPAM user based on the username specified in the header and/or change
the
# training class and source accordingly. The options below can be used
to
# customize most common types of header parsing behavior to avoid the
need for
# multiple aliases, or if using LMTP, aliases entirely..
#
# ParseToHeader: Parse the To: headers of an incoming message. This must
be
# set to 'on' to use either of the following features.
#
# ChangeModeOnParse: Automatically change the class (to spam or
innocent)
# depending on whether spam- or notspam- was specified, and change the
source
# to 'error'. This is convenient if you're not using aliases at all,
but
# are delivering via LMTP.
#
# ChangeUserOnParse: Automatically change the username to match that
specified
# in the To: header. For example, spam-...@domain.tld will set the
username
# to bob, ignoring any --user passed in. This may not always be
desirable if
# you are using virtual email addresses as usernames. Options:
# on or user take the portion before the @ sign only
# full take everything after the initial {spam,notspam}-.
#
ParseToHeaders on
ChangeModeOnParse on
ChangeUserOnParse user
#
# Broken MTA Options: Some MTAs don't support the proper functionality
# necessary. In these cases you can activate certain features in DSPAM
to
# compensate. 'returnCodes' causes DSPAM to return an exit code of 99 if
# the message is spam, 0 if not, or a negative code if an error has
occured.
# Specifying 'case' causes DSPAM to force the input usernames to
lowercase.
# Spceifying 'lineStripping' causes DSPAM to strip ^M's from messages
passed
# in.
#
#Broken returnCodes
Broken case
#Broken lineStripping
#
# MaxMessageSize: You may specify a maximum message size for DSPAM to
process.
# If the message is larger than the maximum size, it will be delivered
# without processing. Value is in bytes.
#
#MaxMessageSize 4194304
#
# Virus Checking: If you are running clamd, DSPAM can perform
stream-based
# virus checking using TCP. Uncomment the values below to enable virus
# checking.
#
# ClamAVResponse: reject (reject or drop the message with a permanent
failure)
# accept (accept the message and quietly drop the
message)
# spam (treat as spam and quarantine/tag/whatever)
#
ClamAVPort 3310
ClamAVHost 127.0.0.1
ClamAVResponse accept
# -- CLIENT / SERVER --
#
# Daemonized Server: If you are running DSPAM as a daemonized server
using
# --daemon, the following parameters will override the default. Use the
# ServerPass option to set up accounts for each client machine. The
DSPAM
# server will process and deliver the message based on the parameters
# specified. If you want the client machine to perform delivery, use
# the --stdout option in conjunction with a local setup.
#
#ServerPort 25
ServerQueueSize 32
ServerPID /var/run/dspam/dspam.pid
#
# ServerMode specifies the type of LMTP server to start. This can be one
of:
# dspam: DSPAM-proprietary DLMTP server, for communicating with
dspamc
# standard: Standard LMTP server, for communicating with Postfix or
other MTA
# auto: Speak both DLMTP and LMTP; auto-detect by ServerPass.IDENT
#
ServerMode auto
# If supporting DLMTP (dspam) mode, dspam clients will require
authentication
# as they will be passing in parameters. The idents below will be used
to
# determine which clients will be speaking DLMTP, so if you will be
using
# both LMTP and DLMTP from the same host, be sure to use something other
# than the server's hostname below (which will be sent by the MTA during
a
# standard LMTP LHLO).
#
#ServerPass.Relay1 "secret"
#ServerPass.Relay2 "password"
# If supporting standard LMTP mode, server parameters will need to be
specified
# here, as they will not be passed in by the mail server. The
ServerIdent
# specifies the 250 response code ident sent back to connecting clients
and
# should be set to the hostname of your server, or an alias.
#
# NOTE: If you specify --user in ServerParameters, the RCPT TO will be
# used only for delivery, and not set as the active user for
processing.
#
ServerParameters "--deliver=innocent"
ServerIdent "localhost.localdomain"
# If you wish to use a local domain socket instead of a TCP socket,
uncomment
# the following. It is strongly recommended you use local domain sockets
if
# you are running the client and server on the same machine, as it
eliminates
# much of the bandwidth overhead.
#
ServerDomainSocketPath "/var/spool/postfix/tmp/dspam.sock"
#
# Client Mode: If you are running DSPAM in client/server mode, uncomment
and
# set these variables. A ClientHost beginning with a / will be treated
as
# a domain socket.
#
#ClientHost /tmp/dspam.sock
#ClientIdent "sec...@relay1"
#
#ClientHost 127.0.0.1
#ClientPort 25
#ClientIdent "sec...@relay1"
# RABLQueue: Touch files in the RABL queue
# If you are a reporting streamlined blackhole list participant, you can
# touch ip addresses within the directory the rabl_client process is
watching.
#
#RABLQueue /var/spool/rabl
# DataSource: If you are using any type of data source that does not
include
# email-like headers (such as documents), uncomment the line below. This
# will cause the entire input to be treated like a message "body"
#
#DataSource document
# ProcessorWordFrequency: By default, words are only counted once per
message.
# If you are classifying large documents, however, you may wish to count
once
# per occurrence instead.
#
ProcessorWordFrequency occurrence
# ProcessorURLContext: By default, a URL context is generated for URLs,
which
# records their tokens as separate from words found in documents. To use
# URL tokens in the same context as words, turn this feature off.
#
ProcessorURLContext on
# ProcessorBias: Bias causes the filter to lean more toward 'innocent',
and
# usually greatly reduces false positives. It is the default behavior of
# most Bayesian filters (including dspam).
#
# NOTE: You probably DONT want this if you're using Markovian Weighting,
unless
# you are paranoid about false positives.
#
ProcessorBias on
# Include a directory with configuration items.
Include /etc/dspam/dspam.d/
## EOF
master.cf (postfix)
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
#
==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
#
==========================================================================
policyd-spf unix - n n - 0 spawn
user=nobody argv=/usr/bin/python /usr/bin/policyd-spf
smtp inet n - n - - smtpd
# -o smtpd_client_restrictions=cidr:/etc/postfix/dspam_control
# -o content_filter=lmtp:unix:/tmp/dspam.sock
#submission inet n - - - - smtpd
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - - - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - 120 smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX
loops
relay unix - - - - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender
$recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
policy unix - n n - - spawn
user=nobody argv=/etc/postfix/policy_script.pl
policy_spf unix - n n - - spawn
user=nobody argv=/etc/postfix/policy_script_SPF.pl
tumgreyspf unix - n n - - spawn
user=nobody argv=/usr/bin/python /usr/bin/tumgreyspf
localhost:10026 inet n - n - - smtpd
-o content_filter=
-o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
dspam-spam unix - n n - - pipe
flags=Rhq user=dspam argv=/usr/bin/dspam --user ${sender} --class=spam
--source=error
dspam-notspam unix - n n - - pipe
flags=Rhq user=dspam argv=/usr/bin/dspam --user ${sender}
--class=innocent --source=error
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
Dspam-user mailing list
Dspam-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspam-user
