Gentoo - dspam - Installation
From Kolab Wiki
I'm currently rewriting this HowTO as I go, it still has the old information if you need it.
DSpam is a flexible spam filter designed for multi-user enterprise systems. DSpam supports many modes of operations with different storage backends, I strongly suggest you read the DSPAM readme to learn more as it has a wealth of information. We will focus on global + merged mode using the mysql backend. This creates a global spam definition database to protect new users while they build their own personalized corpus.
For ease of use I create the following folder structure for each user.
- spam
- block
- unblock
Spam goes into the spam folder. Users can move legitimate email categorized as spam into the unblock folder or spam categorized as legitimate email into the block folder. To accomplish this we use plus addressing and a script which retrains dspam when it errors.
To start off we need to configure DSpam with the correct USE flags and emerge it
echo " mail-filter/dspam daemon mysql virtual-users " >> /etc/portage/package.use
emerge -av dspam
Now we must configure MySQL's root user with a password and modify some files
emerge --config dev-db/mysql
We need to increase the InnoDB log file size from 128M to 512M and comment bind-address (optional) for remote access
/etc/mysql/my.cnf
innodb_data_file_path = ibdata1:10M:autoextend:max:512M #bind-address = 127.0.0.1
Start MySQL
/etc/init.d/mysql start
The DSpam documentation suggests we use InnoDB vs MyISAM for protection against locking & corruption.
cd /etc/dspam sed -i 's/MyISAM/\InnoDB/' mysql_objects-4.1.sql sed -i 's/MyISAM/\InnoDB/' mysql_virtual_users.sql
Now we add the dspam tables to mysql, when prompted enter your mysql root password
emerge --config mail-filter/dspam
When asked choose the following: 1. mysql backend 2. choose #1 Database will be hosted on a mysql-4.1 server or above 3. choose #1 Virtual users added automatically (use it if this server is the primary MX)
everything else is the default. updating dspam will replace the password you picked with random numbers in the conf files, don't automerge the conf
setup merged global database on dspam (change yourdomain.com to your domain)
echo "global@yourdomain.com:merged:*" >> /var/spool/dspam/group chown dspam:dspam /var/spool/dspam/group
Uncomment/Change the following values in /etc/dspam/dspam.conf
DeliveryHost 127.0.0.1 DeliveryPort 10027 DeliveryIdent localhost DeliveryProto SMTP EnablePlusedDetail on QuarantineMailbox +spam TrainingMode tum ImprobabilityDrive on Preference "signatureLocation=headers" MySQLConnectionCache 10 MySQLUIDInSignature on IgnoreHeader X-DSPAM-Result IgnoreHeader X-DSPAM-Processed IgnoreHeader X-DSPAM-Confidence IgnoreHeader X-DSPAM-Probability IgnoreHeader X-DSPAM-Signature IgnoreHeader X-DSPAM-Factors ServerQueueSize 32 ServerMode standard ServerParameters "--deliver=innocent,spam -d %u" ServerIdent "localhost"
as of writing the ebuild doesn't assign the correct mysql permission to the dspam account
mysql -p GRANT SELECT,INSERT,UPDATE,DELETE ON dspam.* TO 'dspam'@'localhost' IDENTIFIED BY 'dspam_password'; FLUSH PRIVILEGES;
run the following so dspam_clean doesn't purge your global definitions because the data is old
dspam_admin add pref global@yourdomain.com trainingMode TOE
Kolab uses SpamAssassin as its default spam filter, we must disable it and configure postfix to pass mail to DSpam after amavisd.
wget http://www.aplusperfect.com/dspam/templates.tar.gz tar -zxvf templates.tar.gz mv templates/* /etc/kolab/templates kolabconf
optional mysql -p GRANT ALL ON *.* TO 'user'@'%' IDENTIFIED BY 'password';
emerge --config =dspam-3.8.0-r6
need to mention something about converting db to InnoDB to prevent corruption
our global user will be global@yourdomain.com to setup global+merged we create a file in /var/spool/dspam called group
echo "global@yourdomain.com:merged:*" >> /var/spool/dspam/group
run the following so dspam_clean doesn't purge your global definitions because the data is old
dspam_admin add pref global@yourdomain.com trainingMode TOE
Old How To is below this one.
As an overview DSPAM will receive emails from amavis-new then pass them back to postfix. Dspam will deliver SPAM to a user folder called spam through plussed addressing (ie: user+spam@mydomain.com)
Let’s start with installation
echo "mail-filter/dspam daemon" >> /etc/portage/package.use emerge –av dspam
in dspam.conf change values to the following
DeliveryHost 127.0.0.1 DeliveryPort 10026 DeliveryIdent localhost DeliveryProto SMTP EnablePlusedDetail on QuarantineMailbox +spam TrackSources spam nonspam ServerQueueSize 32 ServerMode standard ServerParameters "--deliver=innocent,spam -d %u" ServerIdent "localhost"
In master.cf after the port 10025 entry for amavis change the SMTP interface for injecting mail back into postfix from amavis from 10026 to 10027 and insert the following between the two entries
#DSpam LMTP Interface
127.0.0.1:10026 inet n - n - - smtpd
-o content_filter=lmtp:unix:/var/run/dspam/dspam.sock
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o receive_override_options=
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
Now for each user create a spam folder with block and unblock as two subfolders beneath spam. (spam MUST be lowercase) IE:
- spam
- block
- unblock
Now run
cyradm --user manager yourmaildomain.com lam user/username/spam@yourmaildomain.com
this shows you the permissions on the spam folder, currently the only person allowed to send mail to the spam folder is the user, so to change that we type
sam user/username/spam@yourdomain.com anyone p
Now we start dspam
/etc/init.d/dspam start
Restart all the kolab services and your set.
TODO: I have a nice corpus training script and error/retraining script which I’ll upload when sanitized. A word of caution for some reason all the messages are stored with \r\n in cyrus instead of \n (dos vs unix) and dspam can’t read the signature from the email correctly because of it, so you’ll have to plug in the signature manually when retraining.
