On Wed, 25 Aug 2010 16:45:22 +0700 Reza Muhammad <rez...@sixceedinc.com> wrote:
> Hi, > Hello Reza, > I've been meaning to try dspam for a while but always have been hesitant to > try because of somewhat confusing documentation, but finally I tried it > today, and it seems to work, barely. > > Before I have dspam, my mail server setup is running: > > smtp -> dkim-filter -> dovecot with sieve plugin (virtual user with > psql) > > > By having dspam, I imagine, I would have it somewhat like this: > > smtp -> dkim-filter -> dspam -> dovecot with sieve plugin > > > Before I talk about my problems, let me show my configurations: > The server itself is running on: > - Ubuntu 8.04 LTS > - Dspam 3.6.8 installed via Ubuntu repo > Ohhh boy. Please, please, please take a more recent version. 3.8.0 or better. Julien Valroff has packages for Debian which you can find here: http://packages.kirya.net/debian/pool/main/d/dspam/ > - Postfix 2.5.1 > - Dovecot 1.0.10 > - dkim-filter 2.5.4 > > in /etc/dspam/dspam.conf, I have: > StorageDriver /usr/lib/dspam/libpgsql_drv.so > TrustedDeliveryAgent "/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}" > UntrustedDeliveryAgent "/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}" > DeliveryHost 127.0.0.1 > DeliveryPort 10026 > DeliveryIdent localhost > DeliveryProto SMTP > OnFail error > Trust root > Trust dspam > Trust vmail > Trust postfix > Trust dovecot > TrainingMode teft > TestConditionalTraining on > Feature chained > Feature whitelist > Algorithm graham burton > PValue graham > SupressWebStats on > Preference "spamAction=tag" > Preference "signatureLocation=headers" # 'message' or 'headers' > Preference "showFactors=off" > Preference "spamSubject=[SPAM]" > ServerMode auto > ServerParameters "--deliver=innocent" > ServerIdent "localhost.localdomain" > ServerDomainSocketPath "/var/spool/postfix/var/run/dspam.sock" > When you take a new version of DSPAM then I would suggest you to switch tokenizer to OSB and training mode to TOE. > in /etc/dspam/dspam.d/pgsql.conf, I have: > PgSQLServer 127.0.0.1 > #PgSQLPort 5432 > PgSQLUser ... > PgSQLPass ... > PgSQLDb ... > PgSQLUIDInSignature on > PgSQLVirtualTable dspam_virtual_uids > PgSQLVirtualUIDField uid > PgSQLVirtualUsernameField username > > with this setup, dspam is running fine. > > Then, I hooked it up to Postfix by having these... > > master.cf: > smtp inet n - - - - smtpd > -o content_filter=lmtp:unix:/var/run/dspam.sock > Okay. You configured DSPAM as a static content filter for SMTP using LMTP. > [..... and right before the dovecot line, I have:] > > dspam unix - n n - - pipe > flags=Ru user=dspam argv=/usr/bin/dspam > --client > --deliver=innocent,spam > --user ${recipient} > --mail-from=${sender} > Here you have setup a service for DSPAM using PIPE. > localhost:10026 inet n - n - - smtpd > -o content_filter= > -o > receive_override_options=no_unknown_recipient_checks,no_header_body_checks > -o smtpd_helo_restrictions= > -o smtpd_client_restrictions= > -o smtpd_sender_restrictions= > -o smtpd_recipient_restrictions=permit_mynetworks,reject > -o mynetworks=127.0.0.0/8 > -o smtpd_authorized_xforward_hosts=127.0.0.0/8 > And here another service on port 10026 that you use to inject mail back to Postfix. > dspam-retrain unix - n n - 10 pipe > flags=Rhq user=dspam argv=/usr/bin/dspamc --client --mode=teft > --class=${nexthop} --source=error --u ser ${sender} > And here a DSPAM retraining service. > some additions to main.cf: > virtual_mailbox_maps = pgsql:/etc/postfix/pgsql/virtual_mailbox_maps.cf > hash:/etc/postfix/dspam_aliases > transport_maps = hash:/etc/postfix/transport > dspam_destination_recipient_limit = 1 > > smtpd_recipient_restrictions = > permit_mynetworks, > permit_sasl_authenticated, > reject_non_fqdn_hostname, > reject_non_fqdn_recipient, > reject_unauth_destination, > reject_rbl_client zen.spamhaus.org, > check_recipient_access pcre:/etc/postfix/dspam_filter_access > permit > > my /etc/postfix/dspam_aliases: > s...@mydomain.com x > nos...@mydomain.com x > > my /etc/postfix/transport: > s...@mydomain.com dspam-retrain:spam > nos...@mydomain.com dspam-retrain:innocent > > my /etc/postfix/dspam_filter_access: > /./ FILTER dspam:dspam > Well... that FILTER is going to overwrite your -o content_filter you have specified for the smtp service. Why this double path? Why not using either content_filter or FILTER? > > Again, with these setups, both dspam and postfix can run, but not without its > problems. Hence, my questions :) > > 1. Whenever there's an incoming mail, I think I perceive it as mail being > transferred to smtp, gets redirected to dspam, then reinjected to smtp, then > dovecot for delivery. my /var/log/mail.log looks like this: > > Aug 25 15:22:59 myhostname postfix/smtpd[24554]: connect from > web55008.mail.re4.yahoo.com[206.190.58.142] > Aug 25 15:23:03 myhostname postfix/smtpd[24554]: NOQUEUE: filter: RCPT > from web55008.mail.re4.yahoo.com[206.190.58.142]: <rez...@mydomain.com>: > Recipient address triggers FILTER dspam:dspam; > from=<rez...@yahoo.com> to=<rez...@mydomain.com> proto=SMTP > helo=<web55008.mail.re4.yahoo.com> > Aug 25 15:23:03 myhostname postfix/smtpd[24554]: 4923E11C368: > client=web55008.mail.re4.yahoo.com[206.190.58.142] > Aug 25 15:23:05 myhostname postfix/cleanup[24568]: 4923E11C368: > message-id=<420173.20101...@web55008.mail.re4.yahoo.com> > Aug 25 15:23:05 myhostname dkim-filter[22819]: 4923E11C368 external > host web55008.mail.re4.yahoo.com attempted to send as yahoo.com > Aug 25 15:23:06 myhostname dkim-filter[22819]: 4923E11C368: bad > signature data > Aug 25 15:23:06 myhostname postfix/qmgr[24572]: 4923E11C368: > from=<rez...@yahoo.com>, size=1908, nrcpt=1 (queue active) > Aug 25 15:23:07 myhostname postfix/smtpd[24554]: disconnect from > web55008.mail.re4.yahoo.com[206.190.58.142] > Aug 25 15:23:08 myhostname postfix/smtpd[24579]: connect from > myhostname.mydomain.com[127.0.0.1] > Aug 25 15:23:08 myhostname postfix/smtpd[24579]: 566A011C3A4: > client=myhostname.mydomain.com[127.0.0.1] > Aug 25 15:23:08 myhostname postfix/cleanup[24568]: 566A011C3A4: > message-id=<420173.20101...@web55008.mail.re4.yahoo.com> > Aug 25 15:23:08 myhostname postfix/qmgr[24572]: 566A011C3A4: > from=<rez...@yahoo.com>, size=2381, nrcpt=1 (queue active) > Aug 25 15:23:08 myhostname postfix/smtpd[24579]: disconnect from > myhostname.mydomain.com[127.0.0.1] > Aug 25 15:23:08 myhostname postfix/pipe[24573]: 4923E11C368: > to=<rez...@mydomain.com>, relay=dspam, delay=6.9, delays=5.3/0.01/0/1.6, > dsn=2.0.0, status=sent (delivered via dspam service) > Aug 25 15:23:08 myhostname postfix/qmgr[24572]: 4923E11C368: removed > Aug 25 15:23:08 myhostname postfix/pipe[24581]: 566A011C3A4: > to=<rez...@mydomain.com>, relay=dovecot, delay=0.35, delays=0.15/0.01/0/0.19, > dsn=2.0.0, status=sent (delivered via dovecot service) > Aug 25 15:23:08 myhostname postfix/qmgr[24572]: 566A011C3A4: removed > > So it looks like the incoming mail is received a few times.. > It's at least queued a bunch of times. > Is this normal? > Yes. Read this here to understand why: http://www.postfix.org/FILTER_README.html > Would this cause a "bottleneck" when there are lots of incoming mail at the > same time? Do you guys have any better solution? > I avoid FILTER as much as I can. I don't like it because FILTER is overwriting other content_filters and this is something that I can not use. I use content_filter and the DSPAM opt-in/out functionality to decide who to filter and who not. > 2. I still can't seem to get dspam-retrain to work whenever I forward an > uncaught spam message to s...@mydomain.com. When I forward the message, I > would get: > > Aug 25 16:31:25 myhostname postfix/qmgr[24572]: E13E511C3A4: > from=<rez...@mydomain.com>, size=2854, nrcpt=1 (queue active) > Aug 25 16:31:25 myhostname dspam[24476]: Unable to find a valid > signature. Aborting. > Aug 25 16:31:25 myhostname dspam[24476]: process_message returned error > -5. dropping message. > Aug 25 16:31:25 myhostname postfix/lmtp[26099]: E13E511C3A4: > to=<s...@mydomain.com>, relay=myhostname.mydomain.com[/var/run/dspam.sock], > delay=1, delays=0.92/0.01/0/0.08, dsn=2.6.0, status=sent (250 2.6.0 > <s...@mydomain.com> Message accepted for delivery) > > But, when I looked at the header of the message I was forwarding, it had a > "X-DSPAM-Signature". But why didn't it see it as a valid signature? > I would suggest you to use the retraining script that you can find in the contrib directory of DSPAM 3.9.1 or GIT. Or get it here if you insist in using your old 3.6.8 installation: http://dspam.git.sourceforge.net/git/gitweb.cgi?p=dspam/dspam;a=tree;f=contrib/dspam_alias_retraining;hb=HEAD > 3. The last thing I notice is, whenever there's a warning or error (like the > message above, or if there's a ehlo required error), dspam would spit > something like this on stdout: > > WARNING: nonstandard use of \\ in a string literal > LINE 1: ... '2,4c74dee8244761101518019', 3492, CURRENT_DATE, > '\\000\\00... > ^ > HINT: Use the escape string syntax for backslashes, e.g., E'\\'. > > I assume it was caused by the pgsql_objects.sql but I have no idea how to fix > them. > Try the latest GIT version of DSPAM. A bunch of things have been done on the PostgreSQL driver to avoid that kind of messages. > I hope I gave enough information on where I'm having problems with, and I > really appreciate your help to assist me to sort out my problems. > > Thank you, > Reza -- Kind Regards from Switzerland, Stevan Bajić ------------------------------------------------------------------------------ Sell apps to millions through the Intel(R) Atom(Tm) Developer Program Be part of this innovative community and reach millions of netbook users worldwide. Take advantage of special opportunities to increase revenue and speed time-to-market. Join now, and jumpstart your future. http://p.sf.net/sfu/intel-atom-d2d _______________________________________________ Dspam-user mailing list Dspam-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspam-user
