Hi,
I'm sorry to repost but the first was in HTML format and it seems not to be
publish correctly in the mailing-list.
Regards,
Jacques
Hi everyone,
I've two problems with our Dspam configuration when users use WebUI to deliver
a false positive :
1) User selects a message in the quarantine and click on "Deliver the selected
message" button, the next lines are logged in /var/log/maillog :
Jan 16 17:23:24 ks385766 dspam[4218]: Signature retrieval for
'3,4ee28e34323536203127301' failed
Jan 16 17:23:24 ks385766 dspam[4218]: Unable to find a valid signature.
Aborting.
Jan 16 17:23:24 ks385766 dspam[4218]: process_message returned error -5.
dropping message.
We googled for this issue and we find lots of answers : maybe the aliases
spam-us...@mydomain.com and notspam-us...@mydomain.com don't work, maybe use
dspam-retrain-forward.pl script instead of dspam binary to retrain message,
etc. but nothing works;
2) However, the above lines disappear if we config signature in the body and
not the headers : we think that Dspam can't "extract" the X-Dspam-signature
from the headers but why ?... Unfortunately, if we fix the first issue by
changing signatureLocation (from headers to message), the message in the
quarantine seems to be delivered (the message disappears from the quarantine)
but postmaster receives a non-delivery notification : the recipient is very
strange (in our case : <?t...@mydomain.com>: user unknown
We check the To field from the mbox file of the user, this field does'nt
contain any strange character. We try with others users quarantine, we can
reproduce the same problem (the recipient is different : <?s...@mydomain.com>,
<??d...@mydomain.com>, .)
Hum and there is a big problem : the false positive that it seemed to be
delivered is lost :(((
Thank for your help !
Jacques
Our configuration :
- OS : CentOS v6 64x ;
- Dspam v3.10.1 (RPM) ;
- PostFix v2.8.7 ;
/etc/dspam.conf
---------------------
Home /var/lib/dspam
StorageDriver /usr/lib64/dspam/libmysql_drv.so
TrustedDeliveryAgent "/usr/bin/procmail"
UntrustedDeliveryAgent "/usr/bin/procmail -d %u"
DeliveryHost 127.0.0.1
DeliveryPort 25251
DeliveryIdent localhost
DeliveryProto SMTP
QuarantineAgent "/usr/bin/procmail -d spam"
OnFail error
Trust root
Trust mail
Trust mailnull
Trust smmsp
Trust daemon
Trust dspam
Trust default
Trust retrain
Debug *
DebugOpt process classify spam fp inoculation corpus
TrainingMode teft
TestConditionalTraining on
Feature noise
Feature whitelist
Feature tb=5
Algorithm graham burton
Tokenizer sbph
PValue markov
WebStats on
ImprobabilityDrive on
Preference "trainingMode=TEFT" # { TOE | TUM | TEFT | NOTRAIN } ->
default:teft
Preference "spamAction=quarantine" # { quarantine | tag | deliver } ->
default:quarantine
Preference "spamSubject=[SPAM]" # { string } -> default:[SPAM]
Preference "statisticalSedation=5" # { 0 - 10 } -> default:0
Preference "enableBNR=on" # { on | off } -> default:off
Preference "enableWhitelist=on" # { on | off } -> default:on
Preference "signatureLocation=headers" # { message | headers } ->
default:message
Preference "tagSpam=on" # { on | off }
Preference "tagNonspam=off" # { on | off }
Preference "showFactors=on" # { on | off } -> default:offPreference
"optIn=off" # { on | off }
Preference "optOut=on" # { on | off }
Preference "whitelistThreshold=10" # { Integer } -> default:10
Preference "makeCorpus=off" # { on | off } -> default:off
Preference "storeFragments=off" # { on | off } -> default:off
Preference "localStore=" # { on | off } -> default:username
Preference "processorBias=on" # { on | off } -> default:on
Preference "fallbackDomain=off" # { on | off } -> default:off
Preference "trainPristine=off" # { on | off } -> default:off
Preference "optOutClamAV=on" # { on | off } -> default:off
Preference "ignoreRBLLookups=off" # { on | off } -> default:off
Preference "RBLInoculate=off" # { on | off } -> default:off
AllowOverride enableBNR
AllowOverride enableWhitelist
AllowOverride fallbackDomain
AllowOverride ignoreGroups
AllowOverride ignoreRBLLookups
AllowOverride localStore
AllowOverride makeCorpus
AllowOverride optIn
AllowOverride optOut
AllowOverride optOutClamAV
AllowOverride processorBias
AllowOverride RBLInoculate
AllowOverride showFactors
AllowOverride signatureLocation
AllowOverride spamAction
AllowOverride spamSubject
AllowOverride statisticalSedation
AllowOverride storeFragments
AllowOverride tagNonspam
AllowOverride tagSpam
AllowOverride trainPristine
AllowOverride trainingMode
AllowOverride whitelistThreshold
AllowOverride dailyQuarantineSummary
MySQLServer.net 127.0.0.1
MySQLPort.net 3306
MySQLUser.net root
MySQLPass.net password
MySQLDb.net dspam
MySQLCompress.net true
MySQLReconnect.net true
MySQLUIDInSignature.net on
MySQLConnectionCache.net 50
MySQLVirtualTable dspam_virtual_uids
MySQLVirtualUIDField uid
MySQLVirtualUsernameField username
MySQLVirtualTable dspam_virtual_uids
MySQLVirtualUIDField uid
MySQLVirtualUsernameField usernameMySQLUIDInSignature on
HashRecMax 6291469
HashAutoExtend on
HashMaxExtents 10000000
HashExtentSize 49157
HashPctIncrease 10
HashMaxSeek 10
HashConnectionCache 10
DefaultProfile net
Failover.net sock
Failover.sock net
FailoverAttempts 4
IgnoreHeader X-Spam-Status
IgnoreHeader X-Spam-Scanned
IgnoreHeader X-Virus-Scanner-Result
Lookup "zen.spamhaus.org"
RBLInoculate on
Notifications on
PurgeSignatures 365 # Stale signatures
PurgeNeutral 90 # Tokens with neutralish probabilities
PurgeUnused 90 # Unused tokens
PurgeHapaxes 30 # Tokens with less than 5 hits (hapaxes)
PurgeHits1S 15 # Tokens with only 1 spam hit
PurgeHits1I 15 # Tokens with only 1 innocent hit
LocalMX 127.0.0.1
SystemLog on
UserLog on
TrainPristine off
Opt out
TrackSources spam nonspam virus
ParseToHeaders on
ChangeModeOnParse on
ChangeUserOnParse full
ClamAVPort 3310
ClamAVHost 127.0.0.1
ClamAVResponse reject
ServerHost 127.0.0.1
ServerPort 2525
ServerQueueSize 32
ServerPID /var/run/dspam/dspamd.pid
ServerMode auto
ServerParameters "--deliver=innocent, spam -d %u"
ServerIdent "localhost.localdomain"
ProcessorURLContext on
ProcessorBias on
StripRcptDomain off
/etc/postfix/main.cf
-------------------------
soft_bounce = no
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = smtp.mydomain.com
mydomain = mydomain.com
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual-domains.cf
unknown_local_recipient_reject_code = 550
mynetworks = xxx.xxx.xxx.xxx/32, 127.0.0.0/8
relay_domains =
virtual_gid_maps = static:500
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual-maps.cf
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-aliases.cf
virtual_uid_maps = static:500
virtual_mailbox_base = /home/vmail
virtual_mailbox_limit = 512000000
transport_maps = hash:/etc/postfix/dspam_transports
virtual_transport = dovecot
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
recipient_delimiter = -
dovecot_destination_recipient_limit = 1
canonical_maps = pcre:/etc/postfix/dspam_aliases_rewrite
home_mailbox = Maildir/
mailbox_command = /usr/libexec/dovecot/deliver -m "$EXTENSION"
mailbox_transport = dovecot
header_checks = pcre:/etc/postfix/dspam_header_checks,
regexp:/etc/postfix/postfix_header-checks.cf
nested_header_checks =
smtpd_banner = $myhostname ESMTP
local_destination_concurrency_limit = 2
default_destination_concurrency_limit = 10
debug_peer_level = 255
debug_peer_list =
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = /usr/share/doc/postfix-2.5.1-documentation/html
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.3.3/samples
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
smtpd_use_tls=yes
smtpd_tls_auth_only = yes
smtpd_tls_security = may
smtpd_tls_key_file = /etc/postfix/tls/smtpd.key
smtpd_tls_cert_file = /etc/postfix/tls/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/tls/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = cyrus
smtpd_sasl_path = smtpd
broken_sasl_auth_clients = yes
smtp_sasl_security_options = noanonymous
smtpd_sasl_authenticated_header = yes
smtpd_client_restrictions =
check_client_access tcp:[127.0.0.1]:2528,
mysql:/etc/postfix/mysql-client.cf
permit_mynetworks
permit_sasl_authenticated
reject_unauth_pipelining
smtpd_helo_restrictions =
permit_mynetworks
permit_sasl_authenticated
smtpd_sender_restrictions =
permit_mynetworks
reject_unknown_sender_domain
permit_sasl_authenticated
reject_non_fqdn_sender
reject_unlisted_sender
smtpd_recipient_restrictions =
check_recipient_access pcre:/etc/postfix/dspam_filter
permit_mynetworks
permit_sasl_authenticated
reject_non_fqdn_sender
reject_non_fqdn_recipient
reject_unknown_recipient_domain
reject_unlisted_recipient
reject_unauth_destination
reject_unverified_recipient
check_policy_service inet:127.0.0.1:2501
check_recipient_access pcre:/etc/postfix/dspam_filter_rejectexternal
check_sender_access pcre:/etc/postfix/dspam_filter_rejectexternal
permit
smtpd_data_restrictions =
reject_unauth_pipelining
reject_multi_recipient_bounce
permit
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
dspam_destination_recipient_limit = 1
maps_rbl_reject_code = 554
append_at_myorigin = yes
append_dot_mydomain = no
smtpd_helo_required = yes
show_user_unknown_table_name = no
notify_classes = 2bounce, bounce, delay, policy, protocol, resource, software
strict_rfc821_envelopes = yes
policy_time_limit = 3600
127.0.0.1:2528_time_limit = 3600s
message_size_limit = 26214400
mailbox_size_limit = 0
/etc/postfix/master.cf
---------------------------
smtp inet n - n - - smtpd -v
-o smtpd_etrn_restrictions=reject
-o smtpd_sasl_auth_enable=yes
-o receive_override_options=no_address_mappings
-o smtpd_client_connection_count_limit=10
submission inet n - n - - smtpd -v
-o smtpd_etrn_restrictions=reject
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o content_filter=dksign:[127.0.0.1]:10017
-o receive_override_options=no_address_mappings
-o smtpd_sasl_authenticated_header=yes
-o
smtpd_client_restrictions=permit_sasl_authenticated,permit_mynetworks,reject
-o
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_non_fqdn_helo_hostname,reject_unknown_recipient_domain,reject_unlisted_recipient,reject_unlisted_sender
,reject_unauth_destination,reject_unverified_recipient,permit
smtps inet n - n - - smtpd -v
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
pickup fifo n - n 60 1 pickup
-o content_filter=dksign:[127.0.0.1]:10017
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o smtp_fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
maildrop unix - n n - - pipe
flags=Ru user=vmail argv=/usr/bin/maildrop -d ${recipient}
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d
${user}@${nexthop} -m ${extension}
dspam unix - n n - - pipe
flags=Rhq user=dspam argv=/usr/bin/dspamc --client
--deliver=innocent,spam --user ${user} -i -f $sender -- $recipient
dspam-retrain unix - n n - - pipe
flags=Ru user=dspam argv=/usr/bin/dspam-retrain $nexthop ${sender}
${recipient}
smtp-dspam unix - - n - 10 lmtp
-o smtp_send_xforward_command=yes
-o disable_mime_output_conversion=yes
-o smtp_generic_maps=
localhost:25251 inet n - - - - smtpd -v
-o content_filter=dksign:[127.0.0.1]:10015
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
dksign unix - - n - 4 smtp
-o smtp_send_xforward_command=yes
-o smtp_discard_ehlo_keywords=8bitmime,starttls
127.0.0.1:10016 inet n - n - 10 smtpd -v
-o content_filter=
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o receive_override_options=no_unknown_recipient_checks
-o smtpd_recipient_restrictions=permit_mynetworks,reject
127.0.0.1:10018 inet n - n - 10 smtpd -v
-o content_filter=
-o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
policy unix - n n - 0 spawn
user=nobody argv=/usr/local/lib/postfix-policyd-spf-perl
127.0.0.1:2528 inet n n n - 0 spawn
user=nobody argv=/etc/postfix/geo-reject.pl
------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________
Dspam-user mailing list
Dspam-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspam-user
