IntegrateISPManWithDSPAM

From ISPMan


This page is currently under development by
PedroAlgarvio
This information maybe incomplete or wrong so please use this information at your own risk. Thank you.
Feel free to make suggestions or edit this page.


[edit]

What should be done

  • It should create 2 addresses, spam@daomin.tld and nonspam@domain.tld
  • It should set OptOut to on and OptIn to off for those 2 addresses
  • Probably create the dspam-alias-pcre.cf and dspam-tranport_maps.cf for every new added domain. But, if we use pcre maps, this should only be done if both maps are non existant.

Actually, there's no need to do any ISPMan modifications, you only need to setup your dspam, and change parts of postfix(minor things).

[edit]

Installing DSPAM

I install DSPAM trough an ebuild that I created myself for Gentoo, but the configure options it uses are:

./configure --prefix=/usr \
--host=i386-pc-linux-gnu \
--mandir=/usr/share/man \
--infodir=/usr/share/info \
--datadir=/usr/share \
--sysconfdir=/etc \
--localstatedir=/var/lib \
--with-logdir=/var/log/dspam \
--with-dspam-mode=02510 \
--with-dspam-owner=dspam \
--with-dspam-group=dspam \
--enable-long-username \
--enable-large-scale \
--with-dspam-home=/var/spool/dspam \
--with-dspam-home-mode=770 \
--with-dspam-home-owner=dspam \
--with-dspam-home-group=dspam \
--sysconfdir=/etc/mail/dspam \
--enable-clamav \
--enable-ldap \
--enable-debug \
--enable-verbose-debug \
--enable-bnr-debug \
--enable-daemon \
--with-storage-driver=mysql_drv \
--with-mysql-includes=/usr/include/mysql \
--with-mysql-libraries=/usr/lib/mysql \
--enable-preferences-extension \
--enable-virtual-users \
--build=i386-pc-linux-gnu

For the DSPAM's web UI part to work, all files can be owned by the user running your webserver but it IS required that the user belongs to the dspam group. Optionally if using apache you can use SuExec to run the web UI with user/group dspam:dspam.

My Gentoo ebuild also creates some dirs, which I dont know if DSPAM creates if not found and those are:

mode owner group file/dir
770 dspam dspam /var/spool/dspam
770 dspam dspam /var/spool/dspam/opt-in
770 dspam dspam /var/spool/dspam/opt-out
770 dspam dspam /var/spool/dspam/txt
770 dspam dspam /etc/mail/dspam
775 dspam dspam /var/run/dspam
770 dspam dspam /var/log/dspam

You can/should also:

txt/* /var/spool/dspam/txt

The web UI files can be installed in diferent ways. You can copy everying to for example /var/www/localhost/htdocs or split cgi files and normal web files between the cgi-bin dir and the htdocs dir, it's all up to you.

Some usefull files are:

File: /etc/logrotate.d/dspam
/var/log/dspam/sql.errors /var/log/dspam/system.log /var/log/dspam/dspam.debug /var/log/dspam/dspam.messages {
    weekly
    compress
    create 0644 dspam dspam
}


File: /etc/cron.daily/dspam.cron
#!/bin/bash
# Remove old signatures and unimportant tokens from the DSPAM database

for foo in awk head tail cut sed
do
    DSPAM_Check_App="$(${foo} --version 2>&1)"
    if [[ "${DSPAM_Check_App/ *}" == "bash:" ]]
    then
        echo "Command ${foo} not found."
        exit 1
    fi
done

DSPAM_HOMEDIR="$(grep ^dspam /etc/passwd|awk -F : '{print $6}')"
[[ ! -d "${DSPAM_HOMEDIR}" ]] && exit 2
if [ ! -f ${DSPAM_HOMEDIR}/*.data ]
then
    if [ -f /etc/mail/dspam/*.data ]
    then
        DSPAM_HOMEDIR="/etc/mail/dspam"
    fi
fi

if [[ -f "${DSPAM_HOMEDIR}/mysql.data" ]]
then
    [[ ! -f "/usr/bin/mysql_config" ]] && exit 4
    DSPAM_MySQL_PURGE_SQL=""
    DSPAM_MySQL_VER="$(mysql_config --version | sed "s:\([^0-9\.]*\)::g")"
    DSPAM_MySQL_MAJOR="$(echo "${DSPAM_MySQL_VER}" | cut -d. -f1)"
    DSPAM_MySQL_MINOR="$(echo "${DSPAM_MySQL_VER}" | cut -d. -f2)"
    DSPAM_MySQL_MICRO="$(echo "${DSPAM_MySQL_VER}" | cut -d. -f3)"
    DSPAM_MySQL_INT="$((DSPAM_MySQL_MAJOR * 65536 + DSPAM_MySQL_MINOR * 256 + DSPAM_MySQL_MICRO))"

    # For MySQL >= 4.1 use the new purge script
    if [[ "${DSPAM_MySQL_INT}" -ge "262400" ]]
    then
        [[ -f "${DSPAM_HOMEDIR}/config/mysql_purge-4.1.sql" ]] && \
            DSPAM_MySQL_PURGE_SQL="${DSPAM_HOMEDIR}/config/mysql_purge-4.1.sql"
        [[ -f "${DSPAM_HOMEDIR}/mysql_purge-4.1.sql" ]] && \
            DSPAM_MySQL_PURGE_SQL="${DSPAM_HOMEDIR}/mysql_purge-4.1.sql"
    else
        [[ -f "${DSPAM_HOMEDIR}/config/mysql_purge.sql" ]] && \
            DSPAM_MySQL_PURGE_SQL="${DSPAM_HOMEDIR}/config/mysql_purge.sql"
        [[ -f "${DSPAM_HOMEDIR}/mysql_purge.sql" ]] && \
            DSPAM_MySQL_PURGE_SQL="${DSPAM_HOMEDIR}/mysql_purge.sql"
    fi

    [[ "${DSPAM_MySQL_PURGE_SQL}" == "" ]] && exit 3
    [[ ! -f "/usr/bin/mysql" ]] && exit 4
    DSPAM_MySQL_HOST="$(cat ${DSPAM_HOMEDIR}/mysql.data|head -n 1|tail -n 1)"
    DSPAM_MySQL_PORT="$(cat ${DSPAM_HOMEDIR}/mysql.data|head -n 2|tail -n 1)"
    DSPAM_MySQL_USER="$(cat ${DSPAM_HOMEDIR}/mysql.data|head -n 3|tail -n 1)"
    DSPAM_MySQL_PWD="$(cat ${DSPAM_HOMEDIR}/mysql.data|head -n 4|tail -n 1)"
    DSPAM_MySQL_DB="$(cat ${DSPAM_HOMEDIR}/mysql.data|head -n 5|tail -n 1)"
    (/usr/bin/mysql -u ${DSPAM_MySQL_USER} \
        -p"${DSPAM_MySQL_PWD}" ${DSPAM_MySQL_DB} < \
        ${DSPAM_MySQL_PURGE_SQL}) 1>/dev/null 2>&1
    MYRC="$?"
    for foo in $(/usr/bin/mysql -u ${DSPAM_MySQL_USER} \
        -p"${DSPAM_MySQL_PWD}" ${DSPAM_MySQL_DB} -e 'SHOW TABLES;' 2>&1 | \
        grep -v "^+\|^Tables_in_${DSPAM_MySQL_DB}")
    do
        (/usr/bin/mysql -u ${DSPAM_MySQL_USER} \
            -p"${DSPAM_MySQL_PWD}" ${DSPAM_MySQL_DB} -e \
            "OPTIMIZE TABLE ${foo};") 1>/dev/null 2>&1
    done
    exit ${MYRC}
elif [[ -f "${DSPAM_HOMEDIR}/pgsql.data" ]]
then
    DSPAM_PgSQL_PURGE_SQL=""
    [[ -f "${DSPAM_HOMEDIR}/config/pgsql_purge.sql" ]] && \
        DSPAM_PgSQL_PURGE_SQL="${DSPAM_HOMEDIR}/config/pgsql_purge.sql"
    [[ -f "${DSPAM_HOMEDIR}/pgsql_purge.sql" ]] && \
        DSPAM_PgSQL_PURGE_SQL="${DSPAM_HOMEDIR}/pgsql_purge.sql"
    [[ "${DSPAM_PgSQL_PURGE_SQL}" == "" ]] && exit 3
    [[ ! -f "/usr/bin/psql" ]] && exit 4
    DSPAM_PgSQL_HOST="$(cat ${DSPAM_HOMEDIR}/pgsql.data|head -n 1|tail -n 1)"
    DSPAM_PgSQL_PORT="$(cat ${DSPAM_HOMEDIR}/pgsql.data|head -n 2|tail -n 1)"
    DSPAM_PgSQL_USER="$(cat ${DSPAM_HOMEDIR}/pgsql.data|head -n 3|tail -n 1)"
    DSPAM_PgSQL_PWD="$(cat ${DSPAM_HOMEDIR}/pgsql.data|head -n 4|tail -n 1)"
    DSPAM_PgSQL_DB="$(cat ${DSPAM_HOMEDIR}/pgsql.data|head -n 5|tail -n 1)"
    (PGUSER=${DSPAM_PgSQL_USER} PGPASSWORD=${DSPAM_PgSQL_PWD} \
        /usr/bin/psql -U ${DSPAM_PgSQL_USER} -d ${DSPAM_PgSQL_DB} -p \
        ${DSPAM_PgSQL_PORT} -h ${DSPAM_PgSQL_HOST} -f \
        ${DSPAM_PgSQL_PURGE_SQL}) 1>/dev/null 2>&1
    exit $?
elif [[ -f "${DSPAM_HOMEDIR}/oracle.data" ]]
then
    DSPAM_Oracle_PURGE_SQL=""
    [[ -f "${DSPAM_HOMEDIR}/config/ora_purge.sql" ]] && \
        DSPAM_Oracle_PURGE_SQL="${DSPAM_HOMEDIR}/config/ora_purge.sql"
    [[ -f "${DSPAM_HOMEDIR}/ora_purge.sql" ]] && \
    DSPAM_Oracle_PURGE_SQL="${DSPAM_HOMEDIR}/ora_purge.sql"
    [[ "${DSPAM_Oracle_PURGE_SQL}" == "" ]] && exit 3
    [[ ! -f "/usr/bin/sqlplus" ]] && exit 4
    DSPAM_Oracle_DBLINK="$(cat ${DSPAM_HOMEDIR}/oracle.data|head -n 1|tail -n 1)"
    DSPAM_Oracle_USER="$(cat ${DSPAM_HOMEDIR}/oracle.data|head -n 2|tail -n 1)"
    DSPAM_Oracle_PWD="$(cat ${DSPAM_HOMEDIR}/oracle.data|head -n 3|tail -n 1)"
    DSPAM_Oracle_SCHEMA="$(cat ${DSPAM_HOMEDIR}/oracle.data|head -n 4|tail -n 1)"
    (/usr/bin/sqlplus -s ${DSPAM_Oracle_USER}/${DSPAM_Oracle_PWD} \
        @${DSPAM_Oracle_PURGE_SQL}) 1>/dev/null 2>&1
    exit $?
else
    [[ ! -f "/usr/bin/dspam_clean" ]] && exit 4
    /usr/bin/dspam_clean -s -p -u 1>/dev/null 2>&1
    exit $?
fi


[edit]

Files

This is my dspam.conf. Only snippets of comments are included, or none at all, you really should read all info on the one that DSPAM generates on src/dspam.conf.

File: /etc/mail/dspam/dspam.conf
#
# DSPAM Home: Specifies the base directory to be used for DSPAM storage
#
Home /var/spool/dspam

# StorageDriver: Specifies the storage driver backend (library) to use.
# (...)
StorageDriver /usr/lib/libmysql_drv.so

# Where are we re-injecting the parsed messages
DeliveryHost        10.1.0.50
DeliveryPort        10026
DeliveryIdent       ispman
DeliveryProto       SMTP

OnFail error

#
# Trusted Users: Only the users specified below will be allowed to perform
# administrative functions in DSPAM such as setting the active user and
# accessing tools. All other users attempting to run DSPAM will be restricted;
# their uids will be forced to match the active username and they will not be
# able to specify delivery agent privileges or use tools.
#
Trust root
Trust dspam
Trust apache

#
# Debugging: Enables debugging for some or all users. IMPORTANT: DSPAM must
# be compiled with debug support in order to use this option. DSPAM should
# never be running in production with debug active unless you are
# troubleshooting problems.
Debug *
DebugOpt process

# Training Mode: The default training mode to use for all operations, when
# one has not been specified on the commandline or in the user's preferences.
TrainingMode teft

#
# TestConditionalTraining: By default, dspam will retrain certain errors
# until the condition is no longer met. This usually accelerates learning.
# Some people argue that this can increase the risk of errors, however.
#
TestConditionalTraining on

Feature whitelist
Feature tb=0
Algorithm graham burton
Tokenizer chain
PValue bcr
WebStats on
ImprobabilityDrive on
Preference "signatureLocation=headers"  # 'message' or 'headers'
Preference "showFactors=off"
Preference "spamAction=tag"
Preference "spamSubject=SPAM"
AllowOverride trainingMode
AllowOverride spamAction spamSubject
AllowOverride statisticalSedation
AllowOverride enableBNR
AllowOverride enableWhitelist
AllowOverride signatureLocation
AllowOverride showFactors
AllowOverride optIn optOut
AllowOverride whitelistThreshold
MySQLServer     /var/run/mysqld/mysqld.sock
MySQLUser               dspam
MySQLPass               9461106572270728883
MySQLDb                 dspam
MySQLCompress           true
MySQLConnectionCache    10
MySQLUIDInSignature on
HashRecMax              98317
HashAutoExtend          on
HashMaxExtents          0
HashExtentSize          49157
HashPctIncrease 10
HashMaxSeek             10
HashConnectionCache     10

#
# LDAP: Perform various LDAP functions depending on LDAPMode variable.
# Presently, the only mode supported is 'verify', which will verify the
# existence of an unknown user in LDAP prior to creating them as a new user in
# the system.  This is useful on some systems acting as gateway machines.
#
LDAPMode        verify
LDAPHost        10.1.0.50
LDAPFilter      "(mailLocalAddress=%u)"
LDAPBase        o=ispman

# Notifications: Enable the sending of notification emails to users (first
# message, quarantine full, etc.)
#
Notifications   on

PurgeSignature  off # Specified in purge.sql
PurgeNeutral   90
PurgeUnused    off # Specified in purge.sql
PurgeHapaxes   off # Specified in purge.sql
PurgeHits1S    off # Specified in purge.sql
PurgeHits1I    off # Specified in purge.sql

# Local Mail Exchangers: Used for source address tracking, tells DSPAM which
# mail exchangers are local and therefore should be ignored in the Received:
# header when tracking the source of an email. Note: you should use the address
# of the host as appears between brackets [ ] in the Received header.
#
LocalMX 10.1.0.50

SystemLog on
UserLog   on
Opt out
TrackSources spam nonspam
ServerQueueSize 32
ServerPID              /var/run/dspam/dspam.pid
ServerMode auto
ServerPass.Relay1       "secret"
ServerParameters   "--deliver=innocent"
ServerIdent             "ispman"
ServerDomainSocketPath  "/var/run/dspam/dspam.sock"
ClientHost      /var/run/dspam/dspam.sock
ClientIdent     "secret@Relay1"
ProcessorURLContext on
ProcessorBias on


File: /etc/postfix/dspam-tranport_maps.cf
/^spam@(.*)$/                        dspam:spam
/^(nonspam|notspam|innocent)@(.*)$/  dspam:innocent

This transport map allows users to submit spam to spam@domain.tld, and non spam to nonspam@domain.tld, notspam@domain.tld and innocent@domain.tld. Note: To submit spam/nonspam the emails MUST be forwarded.

In postfix's main.cf you MUST also change $transport_maps to add this new transport map file, like for example:

File: /etc/postfix/main.cf
transport_maps = pcre:/etc/postfix/dspam-tranport_maps.cf ldap:/etc/postfix/ldap-transport-maps.cf

The user used to call the dspam binary, must exist on the dspam database, you could probably use the spam or the nonspam user.

File: /etc/postfix/master.cf
# Service to re-train DSPAM
dspam     unix  -       n       n       -       5       pipe
    flags=Rhq user=dspam:dspam argv=/usr/bin/dspam --client --user $sender --class=$nexthop --source=error
# Service to re-inject mail into postfix
10.1.0.50:10026 inet  n -       n       -       -        smtpd
    -o content_filter=
    -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
    -o smtpd_helo_restrictions=
    -o smtpd_client_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=10.1.0.0/24
    -o smtpd_authorized_xforward_hosts=10.1.0.0/24
Toolbox
Support The Bounties: