IntegrateISPManWithDSPAM
From ISPMan
-
- This page is currently under development by
- PedroAlgarvio
- This information maybe incomplete or wrong so please use this information at your own risk. Thank you.
- Feel free to make suggestions or edit this page.
What should be done
- It should create 2 addresses, spam@daomin.tld and nonspam@domain.tld
- It should set OptOut to on and OptIn to off for those 2 addresses
- Probably create the dspam-alias-pcre.cf and dspam-tranport_maps.cf for every new added domain. But, if we use pcre maps, this should only be done if both maps are non existant.
Actually, there's no need to do any ISPMan modifications, you only need to setup your dspam, and change parts of postfix(minor things).
Installing DSPAM
I install DSPAM trough an ebuild that I created myself for Gentoo, but the configure options it uses are:
./configure --prefix=/usr \ --host=i386-pc-linux-gnu \ --mandir=/usr/share/man \ --infodir=/usr/share/info \ --datadir=/usr/share \ --sysconfdir=/etc \ --localstatedir=/var/lib \ --with-logdir=/var/log/dspam \ --with-dspam-mode=02510 \ --with-dspam-owner=dspam \ --with-dspam-group=dspam \ --enable-long-username \ --enable-large-scale \ --with-dspam-home=/var/spool/dspam \ --with-dspam-home-mode=770 \ --with-dspam-home-owner=dspam \ --with-dspam-home-group=dspam \ --sysconfdir=/etc/mail/dspam \ --enable-clamav \ --enable-ldap \ --enable-debug \ --enable-verbose-debug \ --enable-bnr-debug \ --enable-daemon \ --with-storage-driver=mysql_drv \ --with-mysql-includes=/usr/include/mysql \ --with-mysql-libraries=/usr/lib/mysql \ --enable-preferences-extension \ --enable-virtual-users \ --build=i386-pc-linux-gnu
For the DSPAM's web UI part to work, all files can be owned by the user running your webserver but it IS required that the user belongs to the dspam group. Optionally if using apache you can use SuExec to run the web UI with user/group dspam:dspam.
My Gentoo ebuild also creates some dirs, which I dont know if DSPAM creates if not found and those are:
mode | owner | group | file/dir |
---|---|---|---|
770 | dspam | dspam | /var/spool/dspam |
770 | dspam | dspam | /var/spool/dspam/opt-in |
770 | dspam | dspam | /var/spool/dspam/opt-out |
770 | dspam | dspam | /var/spool/dspam/txt |
770 | dspam | dspam | /etc/mail/dspam |
775 | dspam | dspam | /var/run/dspam |
770 | dspam | dspam | /var/log/dspam |
You can/should also:
txt/* /var/spool/dspam/txt
The web UI files can be installed in diferent ways. You can copy everying to for example /var/www/localhost/htdocs or split cgi files and normal web files between the cgi-bin dir and the htdocs dir, it's all up to you.
Some usefull files are:
File: /etc/logrotate.d/dspam |
/var/log/dspam/sql.errors /var/log/dspam/system.log /var/log/dspam/dspam.debug /var/log/dspam/dspam.messages { weekly compress create 0644 dspam dspam } |
File: /etc/cron.daily/dspam.cron |
#!/bin/bash # Remove old signatures and unimportant tokens from the DSPAM database for foo in awk head tail cut sed do DSPAM_Check_App="$(${foo} --version 2>&1)" if [[ "${DSPAM_Check_App/ *}" == "bash:" ]] then echo "Command ${foo} not found." exit 1 fi done DSPAM_HOMEDIR="$(grep ^dspam /etc/passwd|awk -F : '{print $6}')" [[ ! -d "${DSPAM_HOMEDIR}" ]] && exit 2 if [ ! -f ${DSPAM_HOMEDIR}/*.data ] then if [ -f /etc/mail/dspam/*.data ] then DSPAM_HOMEDIR="/etc/mail/dspam" fi fi if [[ -f "${DSPAM_HOMEDIR}/mysql.data" ]] then [[ ! -f "/usr/bin/mysql_config" ]] && exit 4 DSPAM_MySQL_PURGE_SQL="" DSPAM_MySQL_VER="$(mysql_config --version | sed "s:\([^0-9\.]*\)::g")" DSPAM_MySQL_MAJOR="$(echo "${DSPAM_MySQL_VER}" | cut -d. -f1)" DSPAM_MySQL_MINOR="$(echo "${DSPAM_MySQL_VER}" | cut -d. -f2)" DSPAM_MySQL_MICRO="$(echo "${DSPAM_MySQL_VER}" | cut -d. -f3)" DSPAM_MySQL_INT="$((DSPAM_MySQL_MAJOR * 65536 + DSPAM_MySQL_MINOR * 256 + DSPAM_MySQL_MICRO))" # For MySQL >= 4.1 use the new purge script if [[ "${DSPAM_MySQL_INT}" -ge "262400" ]] then [[ -f "${DSPAM_HOMEDIR}/config/mysql_purge-4.1.sql" ]] && \ DSPAM_MySQL_PURGE_SQL="${DSPAM_HOMEDIR}/config/mysql_purge-4.1.sql" [[ -f "${DSPAM_HOMEDIR}/mysql_purge-4.1.sql" ]] && \ DSPAM_MySQL_PURGE_SQL="${DSPAM_HOMEDIR}/mysql_purge-4.1.sql" else [[ -f "${DSPAM_HOMEDIR}/config/mysql_purge.sql" ]] && \ DSPAM_MySQL_PURGE_SQL="${DSPAM_HOMEDIR}/config/mysql_purge.sql" [[ -f "${DSPAM_HOMEDIR}/mysql_purge.sql" ]] && \ DSPAM_MySQL_PURGE_SQL="${DSPAM_HOMEDIR}/mysql_purge.sql" fi [[ "${DSPAM_MySQL_PURGE_SQL}" == "" ]] && exit 3 [[ ! -f "/usr/bin/mysql" ]] && exit 4 DSPAM_MySQL_HOST="$(cat ${DSPAM_HOMEDIR}/mysql.data|head -n 1|tail -n 1)" DSPAM_MySQL_PORT="$(cat ${DSPAM_HOMEDIR}/mysql.data|head -n 2|tail -n 1)" DSPAM_MySQL_USER="$(cat ${DSPAM_HOMEDIR}/mysql.data|head -n 3|tail -n 1)" DSPAM_MySQL_PWD="$(cat ${DSPAM_HOMEDIR}/mysql.data|head -n 4|tail -n 1)" DSPAM_MySQL_DB="$(cat ${DSPAM_HOMEDIR}/mysql.data|head -n 5|tail -n 1)" (/usr/bin/mysql -u ${DSPAM_MySQL_USER} \ -p"${DSPAM_MySQL_PWD}" ${DSPAM_MySQL_DB} < \ ${DSPAM_MySQL_PURGE_SQL}) 1>/dev/null 2>&1 MYRC="$?" for foo in $(/usr/bin/mysql -u ${DSPAM_MySQL_USER} \ -p"${DSPAM_MySQL_PWD}" ${DSPAM_MySQL_DB} -e 'SHOW TABLES;' 2>&1 | \ grep -v "^+\|^Tables_in_${DSPAM_MySQL_DB}") do (/usr/bin/mysql -u ${DSPAM_MySQL_USER} \ -p"${DSPAM_MySQL_PWD}" ${DSPAM_MySQL_DB} -e \ "OPTIMIZE TABLE ${foo};") 1>/dev/null 2>&1 done exit ${MYRC} elif [[ -f "${DSPAM_HOMEDIR}/pgsql.data" ]] then DSPAM_PgSQL_PURGE_SQL="" [[ -f "${DSPAM_HOMEDIR}/config/pgsql_purge.sql" ]] && \ DSPAM_PgSQL_PURGE_SQL="${DSPAM_HOMEDIR}/config/pgsql_purge.sql" [[ -f "${DSPAM_HOMEDIR}/pgsql_purge.sql" ]] && \ DSPAM_PgSQL_PURGE_SQL="${DSPAM_HOMEDIR}/pgsql_purge.sql" [[ "${DSPAM_PgSQL_PURGE_SQL}" == "" ]] && exit 3 [[ ! -f "/usr/bin/psql" ]] && exit 4 DSPAM_PgSQL_HOST="$(cat ${DSPAM_HOMEDIR}/pgsql.data|head -n 1|tail -n 1)" DSPAM_PgSQL_PORT="$(cat ${DSPAM_HOMEDIR}/pgsql.data|head -n 2|tail -n 1)" DSPAM_PgSQL_USER="$(cat ${DSPAM_HOMEDIR}/pgsql.data|head -n 3|tail -n 1)" DSPAM_PgSQL_PWD="$(cat ${DSPAM_HOMEDIR}/pgsql.data|head -n 4|tail -n 1)" DSPAM_PgSQL_DB="$(cat ${DSPAM_HOMEDIR}/pgsql.data|head -n 5|tail -n 1)" (PGUSER=${DSPAM_PgSQL_USER} PGPASSWORD=${DSPAM_PgSQL_PWD} \ /usr/bin/psql -U ${DSPAM_PgSQL_USER} -d ${DSPAM_PgSQL_DB} -p \ ${DSPAM_PgSQL_PORT} -h ${DSPAM_PgSQL_HOST} -f \ ${DSPAM_PgSQL_PURGE_SQL}) 1>/dev/null 2>&1 exit $? elif [[ -f "${DSPAM_HOMEDIR}/oracle.data" ]] then DSPAM_Oracle_PURGE_SQL="" [[ -f "${DSPAM_HOMEDIR}/config/ora_purge.sql" ]] && \ DSPAM_Oracle_PURGE_SQL="${DSPAM_HOMEDIR}/config/ora_purge.sql" [[ -f "${DSPAM_HOMEDIR}/ora_purge.sql" ]] && \ DSPAM_Oracle_PURGE_SQL="${DSPAM_HOMEDIR}/ora_purge.sql" [[ "${DSPAM_Oracle_PURGE_SQL}" == "" ]] && exit 3 [[ ! -f "/usr/bin/sqlplus" ]] && exit 4 DSPAM_Oracle_DBLINK="$(cat ${DSPAM_HOMEDIR}/oracle.data|head -n 1|tail -n 1)" DSPAM_Oracle_USER="$(cat ${DSPAM_HOMEDIR}/oracle.data|head -n 2|tail -n 1)" DSPAM_Oracle_PWD="$(cat ${DSPAM_HOMEDIR}/oracle.data|head -n 3|tail -n 1)" DSPAM_Oracle_SCHEMA="$(cat ${DSPAM_HOMEDIR}/oracle.data|head -n 4|tail -n 1)" (/usr/bin/sqlplus -s ${DSPAM_Oracle_USER}/${DSPAM_Oracle_PWD} \ @${DSPAM_Oracle_PURGE_SQL}) 1>/dev/null 2>&1 exit $? else [[ ! -f "/usr/bin/dspam_clean" ]] && exit 4 /usr/bin/dspam_clean -s -p -u 1>/dev/null 2>&1 exit $? fi |
Files
This is my dspam.conf. Only snippets of comments are included, or none at all, you really should read all info on the one that DSPAM generates on src/dspam.conf.
File: /etc/mail/dspam/dspam.conf |
# # DSPAM Home: Specifies the base directory to be used for DSPAM storage # Home /var/spool/dspam # StorageDriver: Specifies the storage driver backend (library) to use. # (...) StorageDriver /usr/lib/libmysql_drv.so # Where are we re-injecting the parsed messages DeliveryHost 10.1.0.50 DeliveryPort 10026 DeliveryIdent ispman DeliveryProto SMTP OnFail error # # Trusted Users: Only the users specified below will be allowed to perform # administrative functions in DSPAM such as setting the active user and # accessing tools. All other users attempting to run DSPAM will be restricted; # their uids will be forced to match the active username and they will not be # able to specify delivery agent privileges or use tools. # Trust root Trust dspam Trust apache # # Debugging: Enables debugging for some or all users. IMPORTANT: DSPAM must # be compiled with debug support in order to use this option. DSPAM should # never be running in production with debug active unless you are # troubleshooting problems. Debug * DebugOpt process # Training Mode: The default training mode to use for all operations, when # one has not been specified on the commandline or in the user's preferences. TrainingMode teft # # TestConditionalTraining: By default, dspam will retrain certain errors # until the condition is no longer met. This usually accelerates learning. # Some people argue that this can increase the risk of errors, however. # TestConditionalTraining on Feature whitelist Feature tb=0 Algorithm graham burton Tokenizer chain PValue bcr WebStats on ImprobabilityDrive on Preference "signatureLocation=headers" # 'message' or 'headers' Preference "showFactors=off" Preference "spamAction=tag" Preference "spamSubject=SPAM" AllowOverride trainingMode AllowOverride spamAction spamSubject AllowOverride statisticalSedation AllowOverride enableBNR AllowOverride enableWhitelist AllowOverride signatureLocation AllowOverride showFactors AllowOverride optIn optOut AllowOverride whitelistThreshold MySQLServer /var/run/mysqld/mysqld.sock MySQLUser dspam MySQLPass 9461106572270728883 MySQLDb dspam MySQLCompress true MySQLConnectionCache 10 MySQLUIDInSignature on HashRecMax 98317 HashAutoExtend on HashMaxExtents 0 HashExtentSize 49157 HashPctIncrease 10 HashMaxSeek 10 HashConnectionCache 10 # # LDAP: Perform various LDAP functions depending on LDAPMode variable. # Presently, the only mode supported is 'verify', which will verify the # existence of an unknown user in LDAP prior to creating them as a new user in # the system. This is useful on some systems acting as gateway machines. # LDAPMode verify LDAPHost 10.1.0.50 LDAPFilter "(mailLocalAddress=%u)" LDAPBase o=ispman # Notifications: Enable the sending of notification emails to users (first # message, quarantine full, etc.) # Notifications on PurgeSignature off # Specified in purge.sql PurgeNeutral 90 PurgeUnused off # Specified in purge.sql PurgeHapaxes off # Specified in purge.sql PurgeHits1S off # Specified in purge.sql PurgeHits1I off # Specified in purge.sql # Local Mail Exchangers: Used for source address tracking, tells DSPAM which # mail exchangers are local and therefore should be ignored in the Received: # header when tracking the source of an email. Note: you should use the address # of the host as appears between brackets [ ] in the Received header. # LocalMX 10.1.0.50 SystemLog on UserLog on Opt out TrackSources spam nonspam ServerQueueSize 32 ServerPID /var/run/dspam/dspam.pid ServerMode auto ServerPass.Relay1 "secret" ServerParameters "--deliver=innocent" ServerIdent "ispman" ServerDomainSocketPath "/var/run/dspam/dspam.sock" ClientHost /var/run/dspam/dspam.sock ClientIdent "secret@Relay1" ProcessorURLContext on ProcessorBias on |
File: /etc/postfix/dspam-tranport_maps.cf |
/^spam@(.*)$/ dspam:spam /^(nonspam|notspam|innocent)@(.*)$/ dspam:innocent |
This transport map allows users to submit spam to spam@domain.tld, and non spam to nonspam@domain.tld, notspam@domain.tld and innocent@domain.tld. Note: To submit spam/nonspam the emails MUST be forwarded.
In postfix's main.cf you MUST also change $transport_maps to add this new transport map file, like for example:
File: /etc/postfix/main.cf |
transport_maps = pcre:/etc/postfix/dspam-tranport_maps.cf ldap:/etc/postfix/ldap-transport-maps.cf |
The user used to call the dspam binary, must exist on the dspam database, you could probably use the spam or the nonspam user.
File: /etc/postfix/master.cf |
# Service to re-train DSPAM dspam unix - n n - 5 pipe flags=Rhq user=dspam:dspam argv=/usr/bin/dspam --client --user $sender --class=$nexthop --source=error # Service to re-inject mail into postfix 10.1.0.50:10026 inet n - n - - smtpd -o content_filter= -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=10.1.0.0/24 -o smtpd_authorized_xforward_hosts=10.1.0.0/24 |