hello,
I'm trying to configure an installation of dspam with postfix setup in Centos6.
My problem is that I'm not able to train dspam succesfully. I've installed
dspam from rpm, so I've not compiled it.
Here is my configuration:
Postfix(25)-->Dspam(dspam.sock)-->postfix(10026)------->Remote
Postfix(25)-->Cyrus
Postfix(10026) use ldap transport map table to find which "remote postifix"
should relay the mails.
# rpm -qa | grep -iE "dspam|mysql|postfix"
mysql-5.1.61-1.el6_2.1.x86_64
dspam-mysql-3.10.2-1.el6.x86_64
mysql-libs-5.1.61-1.el6_2.1.x86_64
perl-DBD-MySQL-4.013-3.el6.x86_64
dspam-libs-3.10.2-1.el6.x86_64
dspam-devel-3.10.2-1.el6.x86_64
dspam-client-3.10.2-1.el6.x86_64
postfix-2.6.6-2.2.el6_1.x86_64
mysql-server-5.1.61-1.el6_2.1.x86_64
dspam-3.10.2-1.el6.x86_64
# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = localhost, 192.168.66.98
inet_protocols = all
local_recipient_maps = $alias_maps $transport_maps
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = pre.ddol.es
mynetworks = 192.168.66.0/24, 127.0.0.0/8
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
relay_domains = $mydestination
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
transport_maps = hash:/etc/postfix/transport
ldap:/etc/postfix/perditionMailhost_ldap
unknown_local_recipient_reject_code = 550
# cat /etc/postfix/transport
s...@pre.ddol.es dspam-retrain:spam
h...@pre.ddol.es dspam-retrain:innocent
# cat master.cf
smtp inet n - n - 200 smtpd -vvv
-o content_filter=lmtp:unix:/var/run/dspam/dspam.sock
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o smtp_fallback_relay=
-o disable_dns_lookups=yes
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
dspam-retrain unix - n n - 10 pipe
flags=Ru user=dspam argv=/usr/local/bin/dspam-retrain $nexthop $sender
$recipient
localhost:10026 inet n - n - - smtpd
-o content_filter=
-o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
# cat /usr/local/bin/dspam-retrain
#! /usr/bin/perl
# Get arguments
$class = $ARGV[0] || die; shift;
$sender = $ARGV[0] || die; shift;
$recip = $ARGV[0] || die; shift;
if ($recip =~ /^(spam|ham)-(\w+)@/) {
# username is part of the recipient
$user = $2;
} elsif ($sender =~ /^(\w+)@/) {
# username is in the sender
$user = $1;
} else {
print "Can't determine user\n";
exit 75; # EX_TEMPFAIL
}
# Pull out DSPAM signatures and send them to the dspam program
while (<>) {
if ((! $subj) && (/^Subject: /)) {
$subj = $_;
} elsif (/(!DSPAM:[a-f0-9]+!)/) {
open(F, "|/usr/bin/dspam --source=error --class=$class --user
$user");
print F "$subj\n$1\n";
close(F);
} elsif (/(X-DSPAM-Signature: [a-f0-9]+)/) {
open(F, "|/usr/bin/dspam --source=error --class=$class --user
$user");
print F "$subj\n$1\n";
close(F);
}
}
# cat /etc/dspam.conf
Home /var/lib/dspam
StorageDriver /usr/lib64/dspam/libmysql_drv.so
TrustedDeliveryAgent "/usr/bin/procmail"
DeliveryHost 127.0.0.1
DeliveryPort 10026
DeliveryIdent localhost
DeliveryProto SMTP
OnFail unlearn
Trust root
Trust dspam
Trust apache
Trust mail
Trust mailnull
Trust smmsp
Trust daemon
Debug *
TrainingMode teft
TestConditionalTraining on
Feature noise
Feature whitelist
Algorithm graham burton
Tokenizer chain
PValue bcr
WebStats on
Preference "trainingMode=TEFT" # { TOE | TUM | TEFT | NOTRAIN } ->
default:teft
Preference "spamAction=tag" # { quarantine | tag | deliver } ->
default:quarantine
Preference "spamSubject=[SPAM]" # { string } -> default:[SPAM]
Preference "statisticalSedation=5" # { 0 - 10 } -> default:0
Preference "enableBNR=on" # { on | off } -> default:off
Preference "enableWhitelist=on" # { on | off } -> default:on
Preference "signatureLocation=headers" # { message | headers } ->
default:message
Preference "tagSpam=off" # { on | off }
Preference "tagNonspam=off" # { on | off }
Preference "showFactors=off" # { on | off } -> default:off
Preference "optIn=off" # { on | off }
Preference "optOut=off" # { on | off }
Preference "whitelistThreshold=10" # { Integer } -> default:10
Preference "makeCorpus=off" # { on | off } -> default:off
Preference "storeFragments=off" # { on | off } -> default:off
Preference "localStore=" # { on | off } -> default:username
Preference "processorBias=on" # { on | off } -> default:on
Preference "fallbackDomain=off" # { on | off } -> default:off
Preference "trainPristine=off" # { on | off } -> default:off
Preference "optOutClamAV=off" # { on | off } -> default:off
Preference "ignoreRBLLookups=off" # { on | off } -> default:off
Preference "RBLInoculate=off" # { on | off } -> default:off
Preference "notifications=off" # { on | off } -> default:off
AllowOverride enableBNR
AllowOverride enableWhitelist
AllowOverride fallbackDomain
AllowOverride ignoreGroups
AllowOverride ignoreRBLLookups
AllowOverride localStore
AllowOverride makeCorpus
AllowOverride optIn
AllowOverride optOut
AllowOverride optOutClamAV
AllowOverride processorBias
AllowOverride RBLInoculate
AllowOverride showFactors
AllowOverride signatureLocation
AllowOverride spamAction
AllowOverride spamSubject
AllowOverride statisticalSedation
AllowOverride storeFragments
AllowOverride tagNonspam
AllowOverride tagSpam
AllowOverride trainPristine
AllowOverride trainingMode
AllowOverride whitelistThreshold
AllowOverride dailyQuarantineSummary
AllowOverride notifications
IgnoreHeader Accept-Language
IgnoreHeader Authentication-Results
IgnoreHeader Content-Type
IgnoreHeader DKIM-Signature
IgnoreHeader Date
IgnoreHeader DomainKey-Signature
IgnoreHeader Importance
IgnoreHeader In-Reply-To
IgnoreHeader List-Archive
IgnoreHeader List-Help
IgnoreHeader List-Id
IgnoreHeader List-Post
IgnoreHeader List-Subscribe
IgnoreHeader List-Unsubscribe
IgnoreHeader Message-ID
IgnoreHeader Message-Id
IgnoreHeader Organization
IgnoreHeader Received
IgnoreHeader Received-SPF
IgnoreHeader References
IgnoreHeader Reply-To
IgnoreHeader Resent-Date
IgnoreHeader Resent-From
IgnoreHeader Thread-Index
IgnoreHeader Thread-Topic
IgnoreHeader User-Agent
IgnoreHeader X-policyd-weight
IgnoreHeader thread-index
MySQLServer /var/lib/mysql/mysql.sock
MySQLPort 3306
MySQLUser dspam
MySQLPass password
MySQLDb dspam
MySQLCompress true
MySQLReconnect true
MySQLWriteServer /var/lib/mysql/mysql.sock
MySQLWritePort 3306
MySQLWriteUser dspam
MySQLWritePass password
MySQLWriteDb dspam
MySQLCompress true
MySQLReconnect true
MySQLUIDInSignature off
HashRecMax 98317
HashAutoExtend on
HashMaxExtents 0
HashExtentSize 49157
HashPctIncrease 10
HashMaxSeek 10
HashConnectionCache 10
Notifications off
PurgeSignatures 14 # Stale signatures
PurgeNeutral 90 # Tokens with neutralish probabilities
PurgeUnused 90 # Unused tokens
PurgeHapaxes 30 # Tokens with less than 5 hits (hapaxes)
PurgeHits1S 15 # Tokens with only 1 spam hit
PurgeHits1I 15 # Tokens with only 1 innocent hit
LocalMX 127.0.0.1
SystemLog on
UserLog on
Opt out
TrackSources spam
ParseToHeaders on
ChangeModeOnParse on
ChangeUserOnParse off
ServerMode auto
ServerParameters "--deliver=innocent -d %u"
ServerIdent "localhost.localdomain"
ServerDomainSocketPath "/var/run/dspam/dspam.sock"
ClientHost /var/run/dspam/dspam.sock
ClientIdent "secret@Relay1"
ProcessorURLContext on
ProcessorBias on
StripRcptDomain off
GroupConfig /var/lib/dspam/group
Once configured, incomming mails are going through dspam and headers are added
correctly:
Return-Path: <mgim...@pre.ddol.es>
Received: from ddol-test.com ([unix socket])
by cyrus1-test.ddol-test.com (Cyrus v2.4.13-Invoca-RPM-2.4.13-1.el6)
with LMTPA;
Fri, 15 Jun 2012 10:03:05 +0200
X-Sieve: CMU Sieve 2.4
Received: from mx-test.ddol-test.com (ldap2-2.ddol-test.com [192.168.66.98])
by ddol-test.com (Postfix) with ESMTP id 4BD5524284C
for <mgime...@pre.ddol.es>; Fri, 15 Jun 2012 10:03:05 +0200 (CEST)
Received: from localhost (localhost.ddol-test.com [127.0.0.1])
by mx-test.ddol-test.com (Postfix) with SMTP id 29A56228891
for <mgime...@pre.ddol.es>; Fri, 15 Jun 2012 10:03:05 +0200 (CEST)
Received: from [192.168.66.18] (unknown [192.168.66.18])
by mx-test.ddol-test.com (Postfix) with ESMTP id 0BE0D228890
for <mgime...@pre.ddol.es>; Fri, 15 Jun 2012 10:03:05 +0200 (CEST)
Message-ID: <4fdaece4.9070...@pre.ddol.es>
Date: Fri, 15 Jun 2012 10:05:56 +0200
From: mgimeno_nginx <mgim...@pre.ddol.es>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20120428
Thunderbird/12.0.1
MIME-Version: 1.0
To: mgime...@pre.ddol.es
Subject: yo
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-DSPAM-Result: Innocent
X-DSPAM-Processed: Fri Jun 15 10:03:05 2012
X-DSPAM-Confidence: 0.8952
X-DSPAM-Probability: 0.0000
X-DSPAM-Signature: 4fdaec3926143412461767
yo
But when I try to report an spam message, I forward this message to
s...@pre.ddol.es and in maillog I got:
Jun 15 10:03:15 mx-test postfix/smtpd[2629]: connect from
localhost.ddol-test.com[127.0.0.1]
Jun 15 10:03:15 mx-test postfix/smtpd[2629]: D68ED228891:
client=localhost.ddol-test.com[127.0.0.1]
Jun 15 10:03:15 mx-test postfix/cleanup[2626]: D68ED228891:
message-id=<4fdaecef.50...@pre.ddol.es>
Jun 15 10:03:15 mx-test postfix/qmgr[2600]: D68ED228891:
from=<mgime...@pre.ddol.es>, size=7817, nrcpt=1 (queue active)
Jun 15 10:03:15 mx-test dspam[2635]: Signature retrieval for
'4fdaec4326141540413857' failed
Jun 15 10:03:15 mx-test dspam[2635]: Unable to find a valid signature.
Aborting.
Jun 15 10:03:15 mx-test dspam[2635]: process_message returned error -5.
dropping message.
Jun 15 10:03:15 mx-test postfix/pipe[2633]: D68ED228891:
to=<s...@pre.ddol.es>, relay=dspam-retrain, delay=0.16,
delays=0.12/0.01/0/0.03, dsn=2.0.0, status=sent (delivered via dspam-retrain
service)
Jun 15 10:03:15 mx-test postfix/qmgr[2600]: D68ED228891: removed
Jun 15 10:03:16 mx-test postfix/smtpd[2629]: disconnect from
localhost.ddol-test.com[127.0.0.1]
Jun 15 10:03:16 mx-test postfix/lmtp[2627]: B4A83228890:
to=<s...@pre.ddol.es>, relay=mx-test.ddol-test.com[/var/run/dspam/dspam.sock],
delay=0.28, delays=0.04/0/0/0.24, dsn=2.6.0, status=sent (250 2.6.0
<s...@pre.ddol.es> Message accepted for delivery)
Jun 15 10:03:16 mx-test postfix/qmgr[2600]: B4A83228890: removed
It looks like the mail is going again to "dspam" and a new "Signature" is
created. Anyway, I think dspam is not learning anything because the
"X-DSPAM-Probability" is always 0.0000.
I'm not sure If I'm misunderstand something or I'm doing something wrong. Other
thing i'm worried about is, I'm using thunderbird to read and forward messages
and I don't if this is the correct way to do it.
If you need more information, please tell me.
Thanks & Regards.
Manel
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Dspam-user mailing list
Dspam-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspam-user
