Greetings all.
I have an old version of dspam, running on an old operating system. I
understand the right answer may be simply "upgrade," but this set-up has
been working for a long time, so I am hesitant to mess with it. I'm hoping
there is a simple fix, like resetting the training, or an explicit
whitelist. So, I seek the wisdom of the dspam list.
The problem:
Recently, some remote users have been getting failure-to-deliver bounce
messages from my system. Investigating my log files, I find the following
example:
postfix/smtpd[3542]: NOQUEUE: filter: RCPT from
mail-ie0-f180.google.com[209.85.223.180]:
<mail-ie0-f180.google.com[209.85.223.180]>: Client host triggers FILTER
dspam:dspam; from=<good_sender_i_k...@gmail.com> to=<LEGIT_USER@MY_MACHINE>
proto=ESMTP helo=<mail-ie0-f180.google.com>
("GOOD_SENDER_I_KNOW" and "LEGIT_USER@MY_MACHINE" are, of course, not the
actual values, but the rest of the log file line is verbatim)
Not all valid senders are getting this, just some, and lots of invalid mail
is correctly being bounced. So that's good. But these few false positives
are unacceptable.
My setup is postfix+dspam+dovecot+mysql, I host a couple of domains off the
same machine which handles email for each. I haven't trained the filter in
a while, but when I last did, I used the cgi web interface to do so.
Everything is run under user/group dspam:dspam.
For now, I've taken the "sledgehammer" approach of commenting out the
following line in the file /etc/postfix/dspam_filter_access
# /./ FILTER dspam:dspam
To turn off dspam entirely. This means I'll be getting a bunch of spam
until I fix this, but I can't afford false positives right now on these
addresses.
The OS is debian (lenny) and "dspam --version" produces the following info:
/var/log# dspam --version
DSPAM Anti-Spam Suite GIT (agent/library)
Copyright (c) 2002-2010 DSPAM Project
http://dspam.sourceforge.net.
DSPAM may be copied only under the terms of the GNU General Public License,
a copy of which can be found with the DSPAM distribution kit.
Configuration parameters: '--build' 'x86_64-linux-gnu'
'--host=x86_64-linux-gnu' '--prefix=/usr' '--disable-dependency-tracking'
'--includedir=/usr/include' '--mandir=/usr/share/man'
'--infodir=/usr/share/info' '--enable-split-configuration'
'--enable-static' '--enable-external-lookup' '--enable-syslog'
'--with-logdir=/var/log/dspam/' '--localstatedir=/var'
'--libexecdir=/usr/lib/dspam' '--srcdir=./'
'--with-dspam-home=/var/spool/dspam' '--sysconfdir=/etc/dspam'
'--enable-domain-scale' '--with-delivery-agent=/usr/bin/procmail'
'--enable-daemon' '--with-mysql-includes=/usr/include/mysql'
'--with-pgsql-includes=/usr/include/postgresql'
'--with-storage-driver=mysql_drv,pgsql_drv,sqlite3_drv,hash_drv'
'--enable-debug' '--enable-virtual-users' '--enable-preferences-extension'
'--enable-clamav' 'build_alias=x86_64-linux-gnu'
'host_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -O2' 'LDFLAGS=' 'CPPFLAGS='
'CXXFLAGS=-g -O2' 'FFLAGS=-g -O2'
My dspam.conf file with comments removed, and sensitive data xxx'ed out
Home /var/spool/dspam
StorageDriver /usr/lib/dspam/libmysql_drv.so
TrustedDeliveryAgent "/usr/bin/procmail"
DeliveryHost 127.0.0.1
DeliveryPort 10026
DeliveryIdent "DSPAM-Daemon"
DeliveryProto SMTP
OnFail error
Trust xxxxx
Trust xxxxx
Trust xxxxx
TrainingMode teft
TestConditionalTraining on
Feature whitelist
Algorithm graham burton
Tokenizer chain
PValue bcr
WebStats on
AllowOverride enableBNR
AllowOverride enableWhitelist
AllowOverride fallbackDomain
AllowOverride ignoreGroups
AllowOverride ignoreRBLLookups
AllowOverride localStore
AllowOverride makeCorpus
AllowOverride optIn
AllowOverride optOut
AllowOverride optOutClamAV
AllowOverride processorBias
AllowOverride RBLInoculate
AllowOverride showFactors
AllowOverride signatureLocation
AllowOverride spamAction
AllowOverride spamSubject
AllowOverride statisticalSedation
AllowOverride storeFragments
AllowOverride tagNonspam
AllowOverride tagSpam
AllowOverride trainPristine
AllowOverride trainingMode
AllowOverride whitelistThreshold
AllowOverride dailyQuarantineSummary
AllowOverride notifications
Notifications off
LocalMX 127.0.0.1
SystemLog on
UserLog on
Opt out
TrackSources spam
ClamAVPort 3310
ClamAVHost 127.0.0.1
ClamAVResponse accept
ServerHost 127.0.0.1
ServerPort 1024
ServerQueueSize 32
ServerPID /var/run/dspam/dspam.pid
ServerMode auto
ServerPass.Relay1 "xxxx"
ServerIdent "localhost.localdomain"
ServerParameters "--deliver=innocent"
ServerDomainSocketPath "/var/run/dspam/dspam.sock"
ClientHost /var/run/dspam/dspam.sock
ClientIdent "xxxxx"
ProcessorURLContext on
ProcessorBias on
StripRcptDomain off
Include /etc/dspam/dspam.d/
Before cluttering the list with any other config files, I thought I'd see
if this is enough to get an answer. If folks need further files, just ask.
Thanks for any help or guidance.
Jesse
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and
their applications. This 200-page book is written by three acclaimed
leaders in the field. The early access version is available now.
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________
Dspam-user mailing list
Dspam-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspam-user
