Kyle Johnson wrote: > Lars Stavholm wrote: >> Hi all, >> >> apologies for the newbie question, but... >> >> question: how do I get dspam to process incoming mail only? >> With my setup as described below I get dspam processing both >> incoming and outgoing mails. Feels a bit confusing and resource >> consuming, so I'd like to tweak it a bit. >> >> I was aiming for the following (but I seem to have missed the target:): >> >> incoming -> smtp (postfix) -> dspam -> imap (cyrus) -> user. >> >> I have the following setup: >> >> Postfix: >> >> main.cf: >> mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp >> >> master.cf: >> smtp inet n - n - - smtpd -ocontent_filter=lmtp:unix:/var/tmp/dspam.sock >> >> localhost:10026 inet n - n - - smtpd >> -o content_filter= >> -o >> receive_override_options=no_unknown_recipient_checks,no_header_body_checks >> >> -o smtpd_helo_restrictions= >> -o smtpd_client_restrictions= >> -o smtpd_sender_restrictions= >> -o smtpd_recipient_restrictions=permit_mynetworks,reject >> -o mynetworks=127.0.0.0/8 >> -o smtpd_authorized_xforward_hosts=127.0.0.0/8 >> >> dspam.conf: >> Home /var/lib/dspam >> TrustedDeliveryAgent "/usr/lib/cyrus/bin/deliver" >> DeliveryHost 127.0.0.1 >> DeliveryPort 10026 >> DeliveryIdent localhost >> DeliveryProto SMTP >> OnFail error >> Trust root >> Trust mail >> Trust dspam >> Trust wwwrun >> TrainingMode teft >> TestConditionalTraining on >> Feature noise >> Feature chained >> Feature whitelist >> Algorithm graham burton >> PValue graham >> ImprobabilityDrive on >> Preference "spamAction=deliver" >> Preference "signatureLocation=headers" # 'message' or 'headers' >> Preference "showFactors=off" >> AllowOverride trainingMode >> AllowOverride spamAction >> AllowOverride spamSubject >> AllowOverride statisticalSedation >> AllowOverride enableBNR >> AllowOverride enableWhitelist >> AllowOverride signatureLocation >> AllowOverride showFactors >> AllowOverride optIn optOut >> AllowOverride whitelistThreshold >> HashRecMax 98317 >> HashAutoExtend on >> HashMaxExtents 0 >> HashExtentSize 49157 >> HashMaxSeek 100 >> HashConnectionCache 10 >> Lookup "rabl.nuclearelephant.com" >> RBLInoculate on >> Notifications off >> PurgeSignatures 14 # Stale signatures >> PurgeNeutral 90 # Tokens with neutralish probabilities >> PurgeUnused 90 # Unused tokens >> PurgeHapaxes 30 # Tokens with less than 5 hits (hapaxes) >> PurgeHits1S 15 # Tokens with only 1 spam hit >> PurgeHits1I 15 # Tokens with only 1 innocent hit >> LocalMX 127.0.0.1 >> SystemLog on >> UserLog on >> TrainPristine on >> Opt out >> ClamAVPort 3310 >> ClamAVHost 127.0.0.1 >> ClamAVResponse spam >> ServerPID /var/run/dspam.pid >> ServerMode auto >> ServerParameters "--deliver=innocent" >> ServerIdent "mail.telcotec.se" >> ServerDomainSocketPath "/var/tmp/dspam.sock" >> ClientHost /var/tmp/dspam.sock >> ProcessorBias on >> >> Cheers >> /L > This is because mail is passing through the smtp server when you both > send and receive mail. Two (of many) choices > > 1. Use an optIn solution: You'll have to manually optIn each of your > users, which will prevent mail from being scanned for outgoing > users, as they are not opted in. > 2. Scan only outgoing mail: You can try something like adding > check_client_access pcre:/etc/postfix/spam-filter.cf to > smtpd_recipient_restrictions, in main.cf, such as: > 1. smtpd_recipient_restrictions = > reject_non_fqdn_recipient, > reject_non_fqdn_sender, > reject_unknown_sender_domain, > reject_unknown_recipient_domain, > permit_sasl_authenticated, > permit_mynetworks, > reject_non_fqdn_hostname, > reject_unauth_destination, > reject_unlisted_recipient, > reject_invalid_hostname, > check_client_access pcre:/etc/postfix/spam-filter.cf > permit > 2. /etc/postfix/spam-filter.cf contains /./ FILTER > lmtp:unix:/tmp/dspam.sock > > Hope this helps,
It did, I went for the optIn solution and it all seems to work great now. Thank you /Lars
