On 27/08/2012 02:02, Stevan Bajić wrote:
>> Thanks for the tip. Actually i did everything with a PHP script, but it
>> works more or less in the same way;
>> dspam is working in "opt-out" mode, but it's ok to use optin and the
>> preferences.
> in opt-out mode EVERYONE is INCLUDED in filtering (even outbound
> mail/mail leaving your server) and users need explicitly to OPT OUT from
> filtering.
> In opt-in mode EVERYONE is EXCLUDED from filtering and users wanting to
> use the filter need to OPT IN.
>
> Understand?
yes!
using the pcre method the outgoing mail didn't even pass through dspam,
i suppose..
>
>
>>>> I have dspam configured as a transport
>>>>
>>>> dspam unix - n n - - pipe
>>>> flags=Ru user=dspam argv=/usr/bin/dspam --client --deliver=innocent
>>>> --user ${recipient} --mail-from=${sender}
>>> I have made bad experience in the past when calling the binary and not
>>> using the client/server mode. I know that the kind of issues I had in
>>> the past (many, many years ago) do not exist any more, but I now prefer
>>> using client/server mode than calling directly the binary.
>> Ok,
>> So it's better to use a -o content_filter=lmtp:unix:path/to/dspam.sock
>> in the smtp service?
> Better is the wrong word. It is different. With the pipe you start the
> DSPAM binary with every delivery while with the socket approach you let
> your MTA (postfix) deliver the mail over normal LMTP. That can have
> speed and scalability impacts. And in the past we had issues where
> sending something over a pipe could result in DSPAM truncating the
> message (because of dot stuffing and such things).
Good, i think i will use the lmtp method then.
>
>
>>>> and i use check_client_access pcre in smtpd_client restrictions.
>>>>
>>>> /var/spool/dspam/group contains (and the Home in dspam.conf is correct)
>>>> global:shared:*
>>>>
>>>> There is a virtual uid on mysql dspam database named "global" with uid
>>>> 1, that i have trained with "dspam_train global spam ham" using some
>>>> spamasssin spam.
>>> The SA public corpus? With that you will not get very far. Getting corpi
>>> with spam is ultra easy ( for example:http://www.untroubled.org/spam/ )
>>> but getting ham is harder. So if you have a lot of ham laying around
>>> then I would suggest you to do more training with that ham data and use
>>> for spam data the stuff you download from the above link.
>> Thanks, i've followed here and there some (old) howto-s, actually that
>> spam&ham is really old.
>>
>>
>>>> I have just one virtual user,"t...@lanserver.it" for testing.
>>>>
>>>> dspam actually *works*, but it seems i'm unable to get the global group
>>>> work. I tried with merge and with shared but no way - even the debug
>>>> doesn't show me that the user is being "associated" to that group
>>>>
>>>> The stats are correct for the global group:
>>>>
>>>> global TP: 2350 TN: 485 FP: 15 FN: 201 SC: 0
>>>> NC: 0
>>>> t...@lanserver.it TP: 0 TN: 3 FP: 0 FN: 0 SC: 0
>>>> NC: 0
>>>>
>>>> Did I do something wrong? Misunderstood something?
>>> Don't know. Hard to tell with the information you provided. What would
>>> help is to post your dspam.conf.
>>> And another info you could provide to us is what you try to accomplish
>>> with groups? Do you want to accelerate accuracy? Do you want to minimize
>>> learning? etc, etc, etc.... what is your goal?
>> It's just strange, in posted logs i've seen the "user was associated to
>> group xxx" but i'm not seeing anything like that.
> Try running DSPAM with the option "--debug". That should print out those
> messages.
DSPAM was already in debug mode, as per the log attached in my first mail
maybe i'm just worrying for nothing, and the "user was associated to
group xxx" isn't showing in debug log. But that's strange...
>
>> My goal is to accelerate accuracy, all users use the same language and
>> more or less the same type of mails, so i was thinking about a "global"
>> group pre-trained with corpus, and re-train it with user's spam&ham that
>> they put in their folders.
> Shared group is then okay for you. Will you use quarantine? If so then
> should each user see his/her own quarantine or do you have one user
> managing all the other users?
> Here you can find more info about groups:
> http://dspam.git.sourceforge.net/git/gitweb.cgi?p=dspam/dspam;a=blob;f=README;hb=HEAD#l1363
I think the "one user managing the other users" approach is better, but
i'll take a look to understand better.
>
>> I know, dspam is absolutely not spamassassin: but i'm trying to
>> accomplish the same things - users are not power users and they just
>> don't want spam ( .. who wants?) just "out of the box"
> Okay. The best technique is to kill the spam as soon as possible. So do
> yourself a good thing and install/configure postscreen. DSPAM is okay
> but if your users don't want spam then kill that thing and prevent it
> entering your queue.
I'm already filtering with sqlgrey, spamhaus's sbl-xbl and some
recipient, helo and sender restrictions. Was thinking to use
policyd-weight too, but didn't have time to test it.
>> Here is my dspam.conf:
>>
>>
>> Home /var/spool/dspam
>> StorageDriver /usr/lib/x86_64-linux-gnu/dspam/libmysql_drv.so
>> DeliveryHost 127.0.0.1
>> DeliveryPort 10026
>> DeliveryIdent localhost
>> DeliveryProto SMTP
>> EnablePlusedDetail on
>> PlusedCharacter +
>> PlusedUserLowercase on
>> OnFail unlearn
>> Trust root
>> Trust dspam
>> Trust mail
>> Trust daemon
>> Trust vmail
>> TrainingMode teft
> NO! Don't do that! Use TOE instead.
OK!
>
>> TestConditionalTraining on
>> Feature noise
>> Feature whitelist
>> Algorithm graham burton
>> Tokenizer osb
>> PValue bcr
>> WebStats on
>> AllowOverride enableBNR
>> AllowOverride enableWhitelist
>> AllowOverride fallbackDomain
>> AllowOverride ignoreGroups
>> AllowOverride ignoreRBLLookups
>> AllowOverride localStore
>> AllowOverride makeCorpus
>> AllowOverride optIn
>> AllowOverride optOut
>> AllowOverride optOutClamAV
>> AllowOverride processorBias
>> AllowOverride RBLInoculate
>> AllowOverride showFactors
>> AllowOverride signatureLocation
>> AllowOverride spamAction
>> AllowOverride spamSubject
>> AllowOverride statisticalSedation
>> AllowOverride storeFragments
>> AllowOverride tagNonspam
>> AllowOverride tagSpam
>> AllowOverride trainPristine
>> AllowOverride trainingMode
>> AllowOverride whitelistThreshold
>> AllowOverride dailyQuarantineSummary
>> AllowOverride notifications
>> IgnoreHeader Accept-Language
>> IgnoreHeader Authentication-Results
>> IgnoreHeader Content-Type
>> IgnoreHeader DKIM-Signature
>> IgnoreHeader Date
>> IgnoreHeader DomainKey-Signature
>> IgnoreHeader Importance
>> IgnoreHeader In-Reply-To
>> IgnoreHeader List-Archive
>> IgnoreHeader List-Help
>> IgnoreHeader List-Id
>> IgnoreHeader List-Post
>> IgnoreHeader List-Subscribe
>> IgnoreHeader List-Unsubscribe
>> IgnoreHeader Message-ID
>> IgnoreHeader Message-Id
>> IgnoreHeader Organization
>> IgnoreHeader Received
>> IgnoreHeader Received-SPF
>> IgnoreHeader References
>> IgnoreHeader Reply-To
>> IgnoreHeader Resent-Date
>> IgnoreHeader Resent-From
>> IgnoreHeader Thread-Index
>> IgnoreHeader Thread-Topic
>> IgnoreHeader User-Agent
>> IgnoreHeader X-policyd-weight
>> IgnoreHeader thread-index
>> Notifications on
>> PurgeSignatures 14 # Stale signatures
>> PurgeNeutral 90 # Tokens with neutralish probabilities
>> PurgeUnused 90 # Unused tokens
>> PurgeHapaxes 30 # Tokens with less than 5 hits (hapaxes)
>> PurgeHits1S 15 # Tokens with only 1 spam hit
>> PurgeHits1I 15 # Tokens with only 1 innocent hit
>> LocalMX 127.0.0.1
>> SystemLog on
>> UserLog on
>> Opt in
> GOOD :)
>
>> TrackSources spam
>> ParseToHeaders on
>> ChangeModeOnParse on
>> ChangeUserOnParse on
>> Broken case
>> MaxMessageSize 1048576
> Very good! Finally some one understanding that most spam mail is small
> in size.
>
>> ClamAVPort 3310
>> ClamAVHost 127.0.0.1
>> ClamAVResponse accept
>> ServerQueueSize 32
>> ServerPID /var/run/dspam/dspam.pid
>> ServerMode auto
>> ServerPass.mx1 "h7s40io3e7f60cn6i0qsihw5b0yhc4ns"
>> ServerParameters "--deliver=innocent -d %u"
>> ServerIdent "dspam.mx1.test"
>> ServerDomainSocketPath "/var/run/dspam/dspam.sock"
>> ClientHost /var/run/dspam/dspam.sock
>> ClientIdent "h7s40io3e7f60cn6i0qsihw5b0yhc4ns@mx1"
>> ProcessorURLContext on
>> ProcessorBias on
>> StripRcptDomain off
>> Include /etc/dspam/dspam.d/
>>
> I miss stuff like Preference xxxx and so on. Where is that?
whoops!
Preference "trainingMode=TEFT" # { TOE | TUM | TEFT | NOTRAIN } ->
default:teft
Preference "spamAction=tag" # { quarantine | tag | deliver } ->
default:quarantine
Preference "spamSubject=[SPAM]" # { string } -> default:[SPAM]
Preference "statisticalSedation=5" # { 0 - 10 } -> default:0
Preference "enableBNR=on" # { on | off } -> default:off
Preference "enableWhitelist=on" # { on | off } -> default:on
Preference "signatureLocation=headers" # { message | headers } ->
default:message
Preference "tagSpam=off" # { on | off }
Preference "tagNonspam=on" # { on | off }
Preference "showFactors=on" # { on | off } -> default:off
Preference "optIn=off" # { on | off }
Preference "optOut=off" # { on | off }
Preference "whitelistThreshold=10" # { Integer } -> default:10
Preference "makeCorpus=off" # { on | off } -> default:off
Preference "storeFragments=off" # { on | off } -> default:off
Preference "localStore=" # { on | off } -> default:username
Preference "processorBias=on" # { on | off } -> default:on
Preference "fallbackDomain=off" # { on | off } -> default:off
Preference "trainPristine=off" # { on | off } -> default:off
Preference "optOutClamAV=off" # { on | off } -> default:off
Preference "ignoreRBLLookups=off" # { on | off } -> default:off
Preference "RBLInoculate=off" # { on | off } -> default:off
Preference "notifications=off" # { on | off } -> default:off
I've corrected the trainingMode here, too.
Thanks again!
There is really *way* too much different howto's / tutorials / docs
about dspam, and the official one seems a little bit unclear..
>
>>> PS: I am from now on offline for about 14 days. I hope others on the
>>> list will help you.
>> Thanks again! and .. have nice vacation? :)
>>
> Yes. Vacation. :)
>
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> Dspam-user mailing list
>> Dspam-user@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/dspam-user
>
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Dspam-user mailing list
Dspam-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspam-user
