On Jul 25, 2007, at 13:41, Lisa Casey wrote:
> Hi,
>
> I am really new to Dspam (I have used mimedefang/spamassassin in
> the past). My mailserver is Sendmail running on FreeBSD with
> Procmail as the LDA. I installed Dspam from the FreeBSD ports using
> daemon mode and the hash storage driver, and am in the process of
> configuring it. There are several things I don't understand real
well.
I am using Dspam on FreeBSD with sendmail.
>
> 1. The cgi user (www) and the MTA user (mailnull) need to be able
> to do certain things (execute the dspam binary, etc.). Do I justy
> need to specify these users as trusted users in dspam.conf for that
> to work?
I don't use the supplied cgi stuff so don't know about www. I have
mailnull specified as a trusted user and it works. I never tried it
without that.
>
> 2. user aliases: I really don't want to have to create mail aliases
> for every user on the system (there are about 600 mailboxes at
> present). I'm not using MySQL or PgSQL so I can't use "The Simple
> Way" mentioned in the Dspam README so I'm trying to figure out The
> Kind-of-Simple Way. I need to set up a subdomain like
> relearn.jellico.com Do I need an A record for that in my DNS zone
> file?
> The dspam readme states: set up a subdomain catch-all directly
> into DSPAM. For example:
> @relearn.domain.tld "|/usr/local/bin/dspam"
I have a similar situation but with quite a few more users. Each
user has a home directory and the hash database is stored in there
which I find quite handy. I have an entry in /etc/mail/aliases:
spamuser: "|/usr/local/bin/dspam --class=spam --source=error"
In /etc/mail/virtusers (thats not the default - but the virtusertable
source):
@spam.lafn.org spamuser
I handle mail for several domains and this approach controls mail for
the main domain using dspam. I also have the outgoing mailserver on
a different machine than the incoming mail server so it has to
forward the mail to the incoming server.
I believe the simpler approach in the documentation works fine in a
single domain situation. I never tested that though.
>
> Do I put that into dspam.conf? Then I set the appropriate
> ParseToHeaders and related options in dspam.conf and have my users
> forward spam and ham to (example) [EMAIL PROTECTED] and
> [EMAIL PROTECTED] Is that it? I'm afraid I don't
> understand this very well.
I use the following in dspam.conf:
ParseToHeaders on
ChangeModeOnParse on
ChangeUserOnParse user
I believe those are the only settings that will work in this situation.
>
> 3. The webui: When I installed DSPAM it created the subdirectory /
> usr/local/www/vhosts/dspam containing the following files:
> -r-xr-xr-x 1 root wheel 22764 Jul 25 14:49 admin.cgi
> -r-xr-xr-x 1 root wheel 3396 Jul 25 14:58 admingraph.cgi
> -r--r--r-- 1 root wheel 10 Jul 25 14:45 admins
> -r--r--r-- 1 root wheel 5 Jul 25 11:56 admins.sample
> -r--r--r-- 1 root wheel 2772 Jul 25 11:56 base.css
> -r-xr-xr-x 1 root wheel 2704 Jul 25 14:47 configure.pl
> -r-xr-xr-x 1 root wheel 2713 Jul 25 11:56 configure.pl.sample
> -r--r--r-- 1 root wheel 1383 Jul 25 12:55 default.prefs
> -r--r--r-- 1 root wheel 1383 Jul 25 11:56 default.prefs.sample
> -r--r--r-- 1 root wheel 4792 Jul 25 11:56 dspam-logo-small.gif
> -r-xr-xr-x 1 root wheel 42736 Jul 25 14:50 dspam.cgi
> -r-xr-xr-x 1 root wheel 2887 Jul 25 14:51 graph.cgi
> -r--r--r-- 1 root wheel 17168 Jul 25 11:56 rgb.txt
> drwxr-xr-x 2 root wheel 512 Jul 25 11:56 templates
>
> The README states that I need to copy the files from the dspam/
> webui directory into my document root and cgi-bin. Can I assume
> that having these files in /usr/local/www/vhost/dspam is sufficient
> or do I need to copy these files into my real cgi-bin directory? If
> so, are there any files that need to go into cgi-bin bedides
> the .cgi's and .pl's? What files need to go into Apache's document
> root?
I don't use the cgi-bin stuff as it is very high overhead on the
server. I rewrote it in C to avoid that problem.
>
> 4. The README states: "If you are running procmail, this will
> become a problem as procmail requires root privileges to deliver.
> The easiest hack around this is to create a procmail.dspam binary
> and make it setuid root, then make it executable only by the mail
> group (or whatever group DSPAM and the CGI run in)." I found this
> info on the web. Is this what I need to do to comply with what the
> README says about Procmail?
>
> cp /usr/bin/procmail /usr/local/bin/procmail.dspam
> chown root.dspam /usr/local/bin/procmail.dspam
> chmod 550 /usr/local/bin/procmail.dspam
> chmod u+s /usr/local/bin/procmail.dspam
I believe that should work. I use tmda as my LDA and had to write a
similar program for it. However, it had to be a bit more
sophisticated as it has to determine which spam blocking approach my
user is using and deliver with tmda or mail.local as appropriate. It
uses similar approach as above to function
>
> Which brings up another point - the dspam installation did not
> create a dspam user. Was I supposed to do that by hand?
I don't have a dspam user.
>
> I'm sorry for all the questions but I really want to use dspam and
> don't yet feel comfortable that I understand what I'm doing as far
> as setting it up goes.
You will want to have a test system where you can set it up just like
the production system but turn on debug. That is a real help in
figuring out what is going wrong. Enabling debug on a production
system will bring it down. It generates a ton of data. The only
"interesting" aspect of the debug system is that if dspam is unable
to convert a uid to a home directory, it does not record anything in
the debug files for the message. It does return the error to the
originator but it doesn't really give that much help. Otherwise the
debug info is really helpful.
>
> Thanks so much,
>
> Lisa Casey
>
>
>
zoot#
