Hello!
I did it:
---------------
begin routers
### DSPAM two routers for check and separating outgoing e-mails. ###
dspam_out_spamcheck_router:
driver = accept
domains = ! +local_domains
no_verify
condition = "${if and { {!eq {$received_protocol}{spam-scanned}} \
{!eq {$received_protocol}{local}} }
{1}{0}}"
headers_add = "X-DSPAM-FILTER: by $primary_hostname on $tod_full"
transport = dspam_out_spamcheck
remote_delivery_dspam_router:
driver = accept
domains = ! +local_domains
condition = ${if match{$h_X-DSPAM-Result:}{Spam}}
transport = remote_dspam_transport
no_more
### And DSPAM routers ###
begin transports
dspam_out_spamcheck:
driver = pipe
### dspam@our_domain - from group
global:classification:*dspam@our_domain ###
command = /usr/bin/dspam --mode=notrain
--deliver=innocent,spam,summary -f '$sender_address' --user
dspam@our_domain -- $local_part@$domain
home_directory = "/var/lib/dspam"
current_directory = "/var/lib/dspam"
user = exim
group = mail
log_output = true
return_fail_output = true
return_path_add = false
message_prefix =
message_suffix =
headers_remove = X-DSPAM-Result
remote_dspam_transport:
driver = appendfile
user = exim
group = mail
mode = 0660
mode_fail_narrower = false
envelope_to_add = true
return_path_add = true
directory = /var/mail/.Junk
maildir_format
--
best regards,
Pavlo.
27.03.13 12:53, DSPAM train написав(ла):
Hello!
There was the task to use dspam as processing outgoing mail that goes
out over RELAY (out-of-the-box).
We have run test incoming mail:
1. Dspam v3.10.2 + MySQL v5.5 + Exim 4.80.1
2. In classification trained dspam user "dspam@our_domain" in the
global group and run mode TOE:
Group is:
|global:classification:*dspam@our_domain|
The result of training:
|dspam_stats-H dspam@our_domain
dspam@our_domain:
TP True Positives: 359
TN True Negatives: 5652
FP False Positives: 6
FN False Negatives: 242
SC Spam Corpusfed: 0
NC Nonspam Corpusfed: 0
TL Training Left: 0
SHR Spam Hit Rate 59.73%
HSR Ham Strike Rate: 0.11%
PPV Positive predictive value: 98.36%
OCA Overall Accuracy: 96.04%|
3. Local users are in the dictionary "dspam@our_domain", before
forming his own dictionary.
4. Spam is saving in separated directories:
|local_delivery_dspam_transport:
driver = appendfile
group = mail
mode = 0660
mode_fail_narrower = false
envelope_to_add = true
return_path_add = true
directory = /var/mail/$domain/${local_part}/.Junk
maildir_format|
Everything would be okay, but what about the spam "out-of-the-box"
over RELAY.
There is a problem:
1. Before transport remote_smtp need to check email to spam, and if it
is found to temporarily store the selected directory, accessible only
to superuser root.
2. Should be used dictionary trained classification Users
"dspam@our_domain"
3. Do not need to record in the database dspam record the destination
email (out-of-the-box username)
What has been done:
1. Successfully tested using a mode without training "notrain",
records to tables dspam_signature_data and dspam_token_data doesn't
happens, and also spam goes to a separate directory:
|begin routers
dspam_out_spamcheck_router:
driver = accept
domains = ! +local_domains
no_verify
condition = "${if and { {!eq
{$received_protocol}{spam-scanned}} \
{!eq {$received_protocol}{local}}
} {1}{0}}"
headers_add = "X-DSPAM-FILTER: by $primary_hostname on
$tod_full"
transport = dspam_out_spamcheck
remote_delivery_dspam_router:
driver = accept
domains = ! +local_domains
condition = ${if match{$h_X-DSPAM-Result:}{Spam}}
transport = remote_delivery_dspam_transport
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more|
|begin transports
dspam_out_spamcheck:
driver = pipe
command = /usr/bin/dspam --mode=notrain
--deliver=spam,innocent,summary --user $local_part@$domain -f
'$sender_address' -- %u
home_directory = "/var/lib/dspam"
current_directory = "/var/lib/dspam"
user = exim
group = mail
log_output = true
return_fail_output = true
return_path_add = false
message_prefix =
message_suffix =
remote_delivery_dspam_transport:
driver = appendfile
group = mail
mode = 0660
mode_fail_narrower = false
envelope_to_add = true
return_path_add = true
directory = /var/mail/.Junk
maildir_format| 2. Vocabulary "dspam@our_domain" is used but the policy group always
provides training (no alternative invented). Suitably item "3" is not
executed because in the tables "dspam_virtual_uids/dspam_stats" has
been written "uid / username" (Table dspam_virtual_uids) and "TP True
Positives:" (Table dspam_stats). Eventually the tables was over fill up.
Statistics looks like:
|dspam_stats-H out.of.the....@gmail.com
out.of.the....@gmail.com:
TP True Positives: 12
TN True Negatives: 0
FP False Positives: 0
FN False Negatives: 0
SC Spam Corpusfed: 0
NC Nonspam Corpusfed: 0
TL Training Left: 2500
SHR Spam Hit Rate 100.00%
HSR Ham Strike Rate: 100.00%
PPV Positive predictive value: 100.00%
OCA Overall Accuracy: 100.00%|
Item "3" is important because as outbound traffic is large we don't
want to overload the database unnecessary transactions.
Option periodically delete records through the crontab does not offer.
Option groups combined global and merged, failed, because as we have a
lot of virtual local domains.
That's the problem, maybe someone also thinking about this, or decided
this alternative method, I would be grateful for any ideas.
Thank you.
--
best regards,
Pavlo
------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
Dspam-user mailing list
Dspam-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspam-user
