Integrating Qmail and DSPAM
Like in many things in life, there are many ways of doing things. In this document i'm going to try to describe four different ways to set up DSPAM content filtering in Qmail, but there are many others. These are those that gave me best results, each in its own situation.
Not to make the document extremely long, and since there are common steps between these configuration, i will describe those common steps only once, and i'll fork the howto along the way. Hope it doesn't get too confusing.
Common background
Although there are several types of DSPAM database backends, i'll be using the mysql driver since it's the one that allows more flexibility.
The steps reflect the install process on a Debian Etch system, but i'm sure that many of them can be also applied to other distributions.
Common required software
Common installation steps
I'll assume that you have installed Qmail already and for the matter, that you followed, or have at least read and understand the basics described on the Life with Qmail page.
First we install the required software
apt-get install dspam dspam-doc dspam-webfrontend libdspam7 libdspam7-drv-mysql maildrop
Activate DSPAM startup by editing /etc/default/dspam
START=yes
Restart DSPAM with
/etc/init.d/dspam start
Method A - Using DSPAM as LDA
The title isn't exactly the truth, but it's close. In this setup, DSPAM will be the man-in-the-middle between Qmail and your LDA of choice.
Appart from what's described in the Common installation steps, you will only need to set DSPAM to make Qmail aware of DSPAM.
Configuring DSPAM is as easy as editing your /etc/dspam/dspam.conf file, and make sure you comment in and out the following values
StorageDriver /usr/lib/dspam/libmysql_drv.so #TrustedDeliveryAgent "/usr/bin/procmail" UntrustedDeliveryAgent "/usr/bin/maildrop"
Now for Qmail. If you followed the LWQ instructions, you will be able to use the /var/qmail/control/defaultdelivery file. Just put the following in there
|/var/qmail/bin/preline /usr/bin/dspam --client --user $USER --deliver=innocent
Making the delivery of spam in a different folder is as easy as making your /etc/maildroprc look like
# Global maildrop filter file
#
# ATTENTION: This setup if for a system with real users!
########################################################
SHELL="/bin/sh"
TIMESTAMP=`date "+%b %d %H:%M:%S"`
PATH="$PATH:/var/qmail/bin"
#
# Just import all available qmail env vars
##########################################
import SENDER
import NEWSENDER
import RECIPIENT
import USER
import HOME
import HOST
import LOCAL
import EXT
import EXT2
import EXT3
import EXT4
import HOST2
import HOST3
import HOST4
import DEFAULT
import DTLINE
import RPLINE
import UFLINE
import MAILDIRQUOTA
#
# Set some defaults
###################
# Where good mail goes
MAILFOLDER="$HOME/Maildir/"
# where spam goes
SPAMFOLDER="$HOME/Maildir/.Spam/"
# maildirmake
MAILDIRMAKE="/usr/bin/maildirmake.maildrop"
# bouncesaying binary
BOUNCESAYING="/var/qmail/bin/bouncesaying"
# deliverquota binary
DELIVERQUOTA="/usr/sbin/deliverquota"
# Set warn percentage to 90%
WARNAT="90"
logfile "/var/log/maildrop"
log "$TIMESTAMP - BEGIN maildrop processing for $USER@$HOST ==="
# Create home if it doesn't exist
`test -d $HOME`
if ( $RETURNCODE == 1 )
{
log "$HOME doesn't exist. Creating!"
`mkdir -m 760 -p $HOME`
}
# Create Maildir if it doesn't exist, the default folders and
# subscribes them
`test -d $MAILFOLDER`
if ( $RETURNCODE == 1 )
{
log "$MAILFOLDER doesn't exist. Creating!"
`$MAILDIRMAKE -q $MAILDIRQUOTA $MAILFOLDER`
`$MAILDIRMAKE -f Trash $MAILFOLDER`
`$MAILDIRMAKE -f Sent $MAILFOLDER`
`$MAILDIRMAKE -f Drafts $MAILFOLDER`
`$MAILDIRMAKE -f Spam $MAILFOLDER`
log "Subscribing default mail folders."
`echo -e "Trash\nSent\nDrafts\nSpam" > $MAILFOLDER/subscriptions`
}
# Create Spam folder if it doesn't exist and subscribe it for imap
`test -d $SPAMFOLDER`
if ( $RETURNCODE == 1 )
{
`/usr/bin/maildirmake.maildrop -f Spam $MAILFOLDER`
`echo Spam >> $MAILFOLDER/subscriptions`
}
# Check SPAM tag
if (/^X-DSPAM-Result: Spam*$/)
{
log " SPAM: Attempting delivery to $SPAMFOLDER"
`test -x /usr/sbin/deliverquota`
if($RETURNCODE == 1)
{
log " SPAM: $DELIVERQUOTA doesn't exist. Delivering directly to $SPAMFOLDER"
exception {
to $SPAMFOLDER
}
}
log " SPAM: attempting quota delivery to $SPAMFOLDER"
exception {
xfilter "$DELIVERQUOTA -w $WARNAT $SPAMFOLDER $MAILDIRQUOTA"
log "$DELIVERQUOTA -w $WARNAT $SPAMFOLDER $MAILDIRQUOTA"
}
if( $RETURNCODE == 77)
{
exception {
xfilter "$BOUNCESAYING 'This mail cannot be delivered. $RECIPIENT is over quota'"
log " QUOTA FAILURE: bouncesaying 'This mail cannot be delivered. $RECIPIENT is over quota'"
}
log "=== END === success"
EXITCODE=$RETURNCODE
exit
}
}
else
{
# Try clean mail delivery in $MAILFOLDER
log " Attempting clean delivery with $DELIVERQUOTA"
`test -x /usr/sbin/deliverquota`
if($RETURNCODE == 1)
{
log "$DELIVERQUOTA doesn't exist. Delivering directly to $MAILFOLDER."
exception {
to $MAILFOLDER
# set return code and exit
EXITCODE=0
exit
}
}
exception {
log "Trying delivery of clean mail to $MAILFOLDER"
log "$DELIVERQUOTA -w $WARNAT $MAILFOLDER $MAILDIRQUOTA"
xfilter "$DELIVERQUOTA -w $WARNAT $MAILFOLDER $MAILDIRQUOTA"
}
if( $RETURNCODE == 77)
{
# Create an exception so we can keep track of the return code
exception {
xfilter "$BOUNCESAYING 'This mail cannot be delivered. $RECIPIENT is over quota'"
log " QUOTA FAILURE: bouncesaying 'This mail cannot be delivered. $RECIPIENT is over quota'"
}
log "=== END ==="
# set return code and exit
EXITCODE=$RETURNCODE
exit
}
log "Clean mail delivered to $MAILFOLDER"
log "=== END ==="
log ""
}
exit;
And that's it. You now should have DSPAM working with your Qmail install. Don't forget to read DSPAMs docs on how to teach DSPAM. The learning process is really important.
Method B - Calling DSPAM from the LDA
This method is very similar to Method A -. The only difference is that it's maildrop that interacts with DSPAM, instead of qmail directly. So appart from what's described in the Common installation steps, you will only need to make Qmail use maildrop as default method and configure maildrop accordingly.
Configuring DSPAM is as easy as editing your /etc/dspam/dspam.conf file, and make sure you comment in and out the following values
StorageDriver /usr/lib/dspam/libmysql_drv.so #TrustedDeliveryAgent "/usr/bin/procmail" UntrustedDeliveryAgent "/usr/bin/maildrop"
Now for Qmail. If you followed the LWQ instructions, you will be able to use the /var/qmail/control/defaultdelivery file. Just put the following in there
|/var/qmail/bin/preline /usr/bin/maildrop
Making the maildrop call DSPAM and make the delivery of spam in a different folder is as easy as making your /etc/maildroprc look like
# Global maildrop filter file
#
# ATTENTION: This setup if for a system with real users!
########################################################
SHELL="/bin/sh"
TIMESTAMP=`date "+%b %d %H:%M:%S"`
PATH="$PATH:/var/qmail/bin"
#
# Just import all available qmail env vars
##########################################
import SENDER
import NEWSENDER
import RECIPIENT
import USER
import HOME
import HOST
import LOCAL
import EXT
import EXT2
import EXT3
import EXT4
import HOST2
import HOST3
import HOST4
import DEFAULT
import DTLINE
import RPLINE
import UFLINE
import MAILDIRQUOTA
#
# Set some defaults
###################
# Where good mail goes
MAILFOLDER="$HOME/Maildir/"
# where spam goes
SPAMFOLDER="$HOME/Maildir/.Spam/"
# maildirmake
MAILDIRMAKE="/usr/bin/maildirmake.maildrop"
# bouncesaying binary
BOUNCESAYING="/var/qmail/bin/bouncesaying"
# deliverquota binary
DELIVERQUOTA="/usr/sbin/deliverquota"
# Set warn percentage to 90%
WARNAT="90"
logfile "/var/log/maildrop"
log "$TIMESTAMP - BEGIN maildrop processing for $USER@$HOST ==="
# Create home if it doesn't exist
`test -d $HOME`
if ( $RETURNCODE == 1 )
{
log "$HOME doesn't exist. Creating!"
`mkdir -m 760 -p $HOME`
}
# Create Maildir if it doesn't exist, the default folders and
# subscribes them
`test -d $MAILFOLDER`
if ( $RETURNCODE == 1 )
{
log "$MAILFOLDER doesn't exist. Creating!"
`$MAILDIRMAKE -q $MAILDIRQUOTA $MAILFOLDER`
`$MAILDIRMAKE -f Trash $MAILFOLDER`
`$MAILDIRMAKE -f Sent $MAILFOLDER`
`$MAILDIRMAKE -f Drafts $MAILFOLDER`
`$MAILDIRMAKE -f Spam $MAILFOLDER`
log "Subscribing default mail folders."
`echo -e "Trash\nSent\nDrafts\nSpam" > $MAILFOLDER/subscriptions`
}
# Create Spam folder if it doesn't exist and subscribe it for imap
`test -d $SPAMFOLDER`
if ( $RETURNCODE == 1 )
{
`/usr/bin/maildirmake.maildrop -f Spam $MAILFOLDER`
`echo Spam >> $MAILFOLDER/subscriptions`
}
# Call DSPAM
xfilter "/usr/bin/dspam --client --user $USER --stdout --deliver=innocent,spam"
# Check SPAM tag
if (/^X-DSPAM-Result: Spam*$/)
{
log " SPAM: Attempting delivery to $SPAMFOLDER"
`test -x /usr/sbin/deliverquota`
if($RETURNCODE == 1)
{
log " SPAM: $DELIVERQUOTA doesn't exist. Delivering directly to $SPAMFOLDER"
exception {
to $SPAMFOLDER
}
}
log " SPAM: attempting quota delivery to $SPAMFOLDER"
exception {
xfilter "$DELIVERQUOTA -w $WARNAT $SPAMFOLDER $MAILDIRQUOTA"
log "$DELIVERQUOTA -w $WARNAT $SPAMFOLDER $MAILDIRQUOTA"
}
if( $RETURNCODE == 77)
{
exception {
xfilter "$BOUNCESAYING 'This mail cannot be delivered. $RECIPIENT is over quota'"
log " QUOTA FAILURE: bouncesaying 'This mail cannot be delivered. $RECIPIENT is over quota'"
}
log "=== END === success"
EXITCODE=$RETURNCODE
exit
}
}
else
{
# Try clean mail delivery in $MAILFOLDER
log " Attempting clean delivery with $DELIVERQUOTA"
`test -x /usr/sbin/deliverquota`
if($RETURNCODE == 1)
{
log "$DELIVERQUOTA doesn't exist. Delivering directly to $MAILFOLDER."
exception {
to $MAILFOLDER
# set return code and exit
EXITCODE=0
exit
}
}
exception {
log "Trying delivery of clean mail to $MAILFOLDER"
log "$DELIVERQUOTA -w $WARNAT $MAILFOLDER $MAILDIRQUOTA"
xfilter "$DELIVERQUOTA -w $WARNAT $MAILFOLDER $MAILDIRQUOTA"
}
if( $RETURNCODE == 77)
{
# Create an exception so we can keep track of the return code
exception {
xfilter "$BOUNCESAYING 'This mail cannot be delivered. $RECIPIENT is over quota'"
log " QUOTA FAILURE: bouncesaying 'This mail cannot be delivered. $RECIPIENT is over quota'"
}
log "=== END ==="
# set return code and exit
EXITCODE=$RETURNCODE
exit
}
log "Clean mail delivered to $MAILFOLDER"
log "=== END ==="
log ""
}
exit;
And that's it. You now should have DSPAM working with your Qmail install. Don't forget to read DSPAMs docs on how to teach DSPAM. The learning process is really important.
Method C - Calling DSPAM before qmail-queue
Here we will use Inter7's Simscan software to replace the qmail-queue program. For that you will need Bruce Guenther's QMAILQUEUE patch. In this approach, you can also set up anti-virus scanning almost out-of-the box too.
- Additional patches
- Bruce Guenther's alternate QMAILQUEUE patch
I'll assume that you have installed Qmail already and for the matter, that you followed, or have at least read and understand the basics described on the Life with Qmail page. Also i assume you already applied the QMAILQUEUE patch.
Next you will need to configure DSPAM. Edit your /etc/dspam/dspam.conf file, and make sure you comment in and out the following values
StorageDriver /usr/lib/dspam/libmysql_drv.so # Needed for spam scanning with simscan Trust qmaild
Also, if you want to enable default activation for all users within DSPAM (Opt in), you will need to change that setting in dspam.conf also.
Opt out
Then we install Simscan
Simscan as a bug because it treats the lack of output from the dspam call as an error. DSPAM will not have output if you choose quarantine as spamAction in DSPAM configuration or the user preferences, and also if you choose to use ParseToHeaders option for email forwarding retraining. Not using the patch with either of those DSPAM options enabled will cause qmail-smtpd to reject temporarily the message, but making it still being processed by DSPAM. The sending server will actually be re-delivering the message over and over again.
cvs -z3 -d:pserver:anonymous@simscan.cvs.sourceforge.net:/cvsroot/simscan checkout simscan
svn co https://svn.hmonteiro.net/svn/simscan-patches/
cd simscan
cat ../simscan-patches/simscan-cvs-1.4.0-dspam-quarantine.patch | patch -p1
./configure --enable-regex=y \
--enable-spam-passthru=y \
--enable-user=clamav \
--enable-custom-smtp-reject=y \
--enable-received=y \
--enable-ripmime=/usr/bin/ripmime \
--enable-dspam=y \
--enable-per-domain=y \
--enable-dspam-path=/usr/bin/dspam \
--enable-attach=y \
--enable-clamav=y \
--enable-clamdscan=/usr/bin/clamdscan \
--enable-clamavdb-path=/var/lib/clamav \
--enable-dspam-user=y \
--enable-dspam-args="--deliver=innocent --debug"
make
make install
As you can see in the configuration flags, in the dspam args, i choose to deliver only innocent. That way you can use DSPAMs own quarantine engine. Don't worry if you still want to deliver Spam anyway, you just have to set the spamAction to other than quarantine in your dspam user preferences. If that is the case, simscan will continue to deliver the Spam messages, since we defined –enable-spam-passthru=y.
Next you need to edit your simscan control file, a general configuration would be somethin like
:clam=yes,spam=yes,trophie=no,attach=.vbs:.lnk:.scr:.wsh:.hta:.pif,spam_passthru=yes
Other options/behavior are available of course. Just check simscans documentation. The relevant bits here are spam=yes, to enable spam scanning and spam_passthru=yes, so that also simscan can deliver Spam messages.
Next make your simscam configurations available
/var/qmail/bin/simscanmk /var/qmail/bin/simscanmk -g
You need to update your tcpserver rules file to something like
:allow,QMAILQUEUE="/var/qmail/bin/simscan",SIMSCAN_DEBUG="3",NOP0FCHECK="1"
I personaly don't use p0f checking. I take care of infected Windows machines through the use of greylisting and qmail greeting delay. Legitimate windows mail servers should be able to send mail too right?
Making the delivery of spam in a different folder is as easy as making your /etc/maildroprc look like
# Global maildrop filter file
#
# ATTENTION: This setup if for a system with real users!
########################################################
SHELL="/bin/sh"
TIMESTAMP=`date "+%b %d %H:%M:%S"`
PATH="$PATH:/var/qmail/bin"
#
# Just import all available qmail env vars
##########################################
import SENDER
import NEWSENDER
import RECIPIENT
import USER
import HOME
import HOST
import LOCAL
import EXT
import EXT2
import EXT3
import EXT4
import HOST2
import HOST3
import HOST4
import DEFAULT
import DTLINE
import RPLINE
import UFLINE
import MAILDIRQUOTA
#
# Set some defaults
###################
# Where good mail goes
MAILFOLDER="$HOME/Maildir/"
# where spam goes
SPAMFOLDER="$HOME/Maildir/.Spam/"
# maildirmake
MAILDIRMAKE="/usr/bin/maildirmake.maildrop"
# bouncesaying binary
BOUNCESAYING="/var/qmail/bin/bouncesaying"
# deliverquota binary
DELIVERQUOTA="/usr/sbin/deliverquota"
# Set warn percentage to 90%
WARNAT="90"
logfile "/var/log/maildrop"
log "$TIMESTAMP - BEGIN maildrop processing for $USER@$HOST ==="
# Create home if it doesn't exist
`test -d $HOME`
if ( $RETURNCODE == 1 )
{
log "$HOME doesn't exist. Creating!"
`mkdir -m 760 -p $HOME`
}
# Create Maildir if it doesn't exist, the default folders and
# subscribes them
`test -d $MAILFOLDER`
if ( $RETURNCODE == 1 )
{
log "$MAILFOLDER doesn't exist. Creating!"
`$MAILDIRMAKE -q $MAILDIRQUOTA $MAILFOLDER`
`$MAILDIRMAKE -f Trash $MAILFOLDER`
`$MAILDIRMAKE -f Sent $MAILFOLDER`
`$MAILDIRMAKE -f Drafts $MAILFOLDER`
`$MAILDIRMAKE -f Spam $MAILFOLDER`
log "Subscribing default mail folders."
`echo -e "Trash\nSent\nDrafts\nSpam" > $MAILFOLDER/subscriptions`
}
# Create Spam folder if it doesn't exist and subscribe it for imap
`test -d $SPAMFOLDER`
if ( $RETURNCODE == 1 )
{
`/usr/bin/maildirmake.maildrop -f Spam $MAILFOLDER`
`echo Spam >> $MAILFOLDER/subscriptions`
}
# Check SPAM tag
if (/^X-DSPAM-Result: Spam*$/)
{
log " SPAM: Attempting delivery to $SPAMFOLDER"
`test -x /usr/sbin/deliverquota`
if($RETURNCODE == 1)
{
log " SPAM: $DELIVERQUOTA doesn't exist. Delivering directly to $SPAMFOLDER"
exception {
to $SPAMFOLDER
}
}
log " SPAM: attempting quota delivery to $SPAMFOLDER"
exception {
xfilter "$DELIVERQUOTA -w $WARNAT $SPAMFOLDER $MAILDIRQUOTA"
log "$DELIVERQUOTA -w $WARNAT $SPAMFOLDER $MAILDIRQUOTA"
}
if( $RETURNCODE == 77)
{
exception {
xfilter "$BOUNCESAYING 'This mail cannot be delivered. $RECIPIENT is over quota'"
log " QUOTA FAILURE: bouncesaying 'This mail cannot be delivered. $RECIPIENT is over quota'"
}
log "=== END === success"
EXITCODE=$RETURNCODE
exit
}
}
else
{
# Try clean mail delivery in $MAILFOLDER
log " Attempting clean delivery with $DELIVERQUOTA"
`test -x /usr/sbin/deliverquota`
if($RETURNCODE == 1)
{
log "$DELIVERQUOTA doesn't exist. Delivering directly to $MAILFOLDER."
exception {
to $MAILFOLDER
# set return code and exit
EXITCODE=0
exit
}
}
exception {
log "Trying delivery of clean mail to $MAILFOLDER"
log "$DELIVERQUOTA -w $WARNAT $MAILFOLDER $MAILDIRQUOTA"
xfilter "$DELIVERQUOTA -w $WARNAT $MAILFOLDER $MAILDIRQUOTA"
}
if( $RETURNCODE == 77)
{
# Create an exception so we can keep track of the return code
exception {
xfilter "$BOUNCESAYING 'This mail cannot be delivered. $RECIPIENT is over quota'"
log " QUOTA FAILURE: bouncesaying 'This mail cannot be delivered. $RECIPIENT is over quota'"
}
log "=== END ==="
# set return code and exit
EXITCODE=$RETURNCODE
exit
}
log "Clean mail delivered to $MAILFOLDER"
log "=== END ==="
log ""
}
exit;
And that's it. You now should have DSPAM working with your Qmail install. Don't forget to read DSPAMs docs on how to teach DSPAM. The learning process is really important.
WebUI Configuration
As you might have noticed, the dspam-webfrontend (aka WebUI) comes with some configurations not suited for Qmail. We need to change those. But first we need to get it working. First you need to install and configure Apache with the suexec module enabled. In Apache2 you just
a2enmod suexec /etc/init.d/apache2 force-reload
Then you need to include the apache configuration file that comes with the dspam web frontend in your apache conf. Just add something like
Include /etc/dspam/dspam-apache2.conf
and do again an apache reload. For testing you can edit the dspam-apache2.conf file and comment the auth stuff. Or you can take your time and configure it. I won't cover that here.
Finally you need a /etc/dspam/webfrontend.conf kinda like this one:
# Default DSPAM enviroment
$CONFIG{'DSPAM_HOME'} = "/var/spool/dspam";
$CONFIG{'DSPAM_BIN'} = "/usr/bin";
$CONFIG{'DSPAM'} = $CONFIG{'DSPAM_BIN'} . "/dspam";
$CONFIG{'DSPAM_STATS'} = $CONFIG{'DSPAM_BIN'} . "/dspam_stats";
#$CONFIG{'DSPAM_ARGS'} = "--deliver=innocent --class=innocent " .
# "--source=error --user %CURRENT_USER% -d %u";
$CONFIG{'DSPAM_ARGS'} = "--deliver=innocent --class=innocent " .
"--source=error --user %CURRENT_USER% --stdout " .
"| /var/qmail/bin/qmail-inject %CURRENT_USER%";
$CONFIG{'TEMPLATES'} = "/usr/share/dspam/upstream-templates/"; # Location of HTML templates
$CONFIG{'ALL_PROCS'} = "ps auxw"; # use ps -deaf for Solaris
#$CONFIG{'MAIL_QUEUE'} = "mailq | grep '^[0-9,A-F]' | wc -l";
$CONFIG{'MAIL_QUEUE'} = "/var/qmail-nospam/bin/qmail-qread | grep '^[0-9,A-F]' | wc -l";
$CONFIG{'WEB_ROOT'} = "./"; # URL location of included htdocs/ files
# Default DSPAM display
#$CONFIG{'DATE_FORMAT'} = "%d.%m.%Y %H:%M"; # Date format in strftime style
# if undefined use default DSPAM display format
$CONFIG{'HISTORY_SIZE'} = 799; # Number of items in history
$CONFIG{'HISTORY_PER_PAGE'} = 100;
$CONFIG{'HISTORY_DUPLICATES'} = "yes"; # Wether to show duplicate entries in history "yes" or "no"
$CONFIG{'MAX_COL_LEN'} = 50; # Max chars in list columns
$CONFIG{'SORT_DEFAULT'} = "Rating"; # Show quarantine by "Date" or "Rating"
$CONFIG{'3D_GRAPHS'} = 1;
$CONFIG{'OPTMODE'} = "OUT"; # OUT=OptOut IN=OptIn NONE=not selectable
$CONFIG{'LOCAL_DOMAIN'} = "localhost";
# Add customized settings below
$CONFIG{'LOCAL_DOMAIN'} = "hmonteiro.net";
$ENV{'PATH'} = "$ENV{'PATH'}:$CONFIG{'DSPAM_BIN'}";
# Autodetect filesystem layout and preference options
$CONFIG{'AUTODETECT'} = 0;
# Or, if you're running dspam.cgi as untrusted, it won't be able to auto-detect
# so you will need to specify some features manually:
$CONFIG{'AUTODETECT'} = 0;
#$CONFIG{'LARGE_SCALE'} = 0;
$CONFIG{'DOMAIN_SCALE'} = 1;
$CONFIG{'PREFERENCES_EXTENSION'} = 1;
$CONFIG{'DSPAM_CGI'} = "dspam.cgi";
# Configuration was successful
1;
There's a small bug, in the webui, when using $CONFIG{'PREFERENCES_EXTENSION'} and you login with administrative rights (put your username in /etc/dspam/admins). The default preferences appear empty, just fill them at your needs and press submit. They will get in the database.
Retraining using IMAP
Required software
- Dovecot IMAP and POP3 Server
- Johannes Berg Antispam plugin for Dovecot
- David Phillips Qmail sendmail flagf patch
In order to do IMAP retraining, you'll need an IMAP server. My IMAP, and POP3 for the matter, server of choice is Dovecot. It's stunning fast and has an unprecedented flexibility.
To install, you just need to
apt-get install dovecot-imapd dovecot-common
Then, to enable imaps, you just need to have the protocol enabled in you /etc/devocot/dovecot.conf file
protocols = imaps
Remember, to have imaps, you'll need a server certificate. The certifcate creartion won't be discussed here. I'll assume you know how to do that and that you already have your certificate stored in the /etc/ssl/certs directory. Again in you /etc/dovecot/dovecot.conf file, define it
ssl_cert_file = /etc/ssl/certs/server-crt.pem ssl_key_file = /etc/ssl/certs/server-crt.pem
That server-crt.pem file contains the concatenated certificate and key file. If you choose to have them separately, define each of them in it's own line.
Restart dovecot and you should be able to access your user email account.
Setting up Dovecot for retraining
Now for the DSPAM training plugin. To build the plugin you'll need a configured dovecot source. The easiest way is to
mkdir tmp && cd tmp apt-get source dovecot cd dovecot-1.0.rc15 fakeroot dpkg-buildpackage
After the build is made … get the plugin source …
cd .. git clone http://git.sipsolutions.net/dovecot-antispam.git/ cd dovecot-antispam
Before you can build the plugin, you'll need to configure the backend you want to use. For DSPAM there are two possibilities. The most flexible one is the mailtrain backend, since it'll feed the retrain through the mail system again, bypassing the DSPAM security restrictions, if you were to call the dspam client directly. Also, it scales a lot better. That said, copy the sample configuration sample file to your target configuration
cp defconfig .config
and edit the new .config file. Make sure you select the following options
DOVECOT=../dovecot-1.0.rc15 DOVECOT_VERSION=1.0 BACKEND=mailtrainThen do the actual build and installation
make sudo make install
A good thing about this new plugin is that you have runtime configuration, and don't depend exclusively on compile time options.
Edit your /etc/dovecot/dovecot.conf file and put the following in the plugin section (look in the bottom of the file)
plugin {
##################
# GENERIC OPTIONS
# mail signature (used with any backend requiring a signature)
antispam_signature = X-DSPAM-Signature
# semicolon-separated list of Trash folders (default unset i.e. none)
# antispam_trash =
antispam_trash = trash;Trash;Deleted Items;Lixeira;Reciclagem
# semicolon-separated list of spam folders
antispam_spam = Spam
# semicolon-separated list of unsure folders (default unset i.e. none)
# antispam_unsure =
# Whether to allow APPENDing to SPAM folders or not. Must be set to
# "yes" (case insensitive) to be activated. Before activating, please
# read the discussion below.
# antispam_allow_append_to_spam = no
###########################
# BACKEND SPECIFIC OPTIONS
#
#===================
# dspam-exec plugin
# dspam binary
antispam_dspam_binary = /usr/bin/dspam
# semicolon-separated list of extra arguments to dspam
# (default unset i.e. none)
# antispam_dspam_args =
antispam_dspam_args = --deliver=;--user;%u@mydomain.com # % expansion done by dovecot
# antispam_dspam_args = --mode=teft
#=====================
# mail sending plugin
#
# Because of the way this plugin works, you can also use it
# to train via an arbitrary program that receives the message
# on standard input, in that case you can use the config
# options antispam_mail_spam and antispam_mail_notspam for
# the argument that distinguishes between ham and spam.
# For example:
# antispam_mail_sendmail = /path/to/mailtrain
# antispam_mail_sendmail_args = --for;%u
# antispam_mail_spam = --spam
# antispam_mail_notspam = --ham
# will call it, for example, like this:
# /path/to/mailtrain --for jberg --spam
# temporary directory
antispam_mail_tmpdir = /tmp
# spam/not-spam addresses (default unset which will give errors)
antispam_mail_spam = spam@mydomain.com
antispam_mail_notspam = nospam@mydomain.com
antispam_mail_sendmail = /var/qmail/bin/sendmail
antispam_mail_sendmail_args = -f;%u@mydomain.com # % expansion done by dovecot
#===================
# crm114-exec plugin
# mailreaver binary
antispam_crm_binary = /bin/false
# antispam_crm_binary = /usr/share/crm114/mailreaver.crm
# semicolon-separated list of extra arguments to dspam
# (default unset i.e. none)
# antispam_crm_args =
# antispam_crm_args = --config=/path/to/config
# NOTE: you need to set the signature for this backend
# antispam_signature = X-CRM114-CacheID
}
Also don't forget to add the newly created plugin to the list of plugins to load for imap. search for the protocol imap { definition and make sure you have in there a line like
mail_plugins = antispam
And at last, to finish, you'll have to associate the spam/ham learning actions to those spam/notspam-username@mydomain.com addresses. Go in the ~alias directory (usually /var/qmail/alias) and create two dot qmail default files. One for each type of address.
cd ~alias echo "|/var/qmail/bin/preline /usr/bin/dspam --class=spam --source=error --user \$SENDER" > .qmail-spam echo "|/var/qmail/bin/preline /usr/bin/dspam --class=innocent --source=error --user \$SENDER" > .qmail-nospam
Since the execution of those .qmail files will be handled by the alias user, in order to give it permission to specify the –user parameter, we also need to add alias to the list of users that DSPAM trustes. Edit your /etc/dspam/dspam.conf and make sure you have a line like.
# Needed for message retrain from .qmail-spam/nospam Trust alias
Restart dovecot and you're set for retraining. Just by moving messages to/from the Spam folder.
Retraining with Email forwarding
If you're providing POP3 access to your user accounts, you can either use the DSPAM WebUI to provide them access to retraining, or you can allow them to retrain by forwarding their messages to special reporting addresses.
Actually, if you already configured your system to use the above setup you are all set to use email forwarding retraining, since you've already set the .qmail-spam and .qmail-nospam files, and simscan doesn't do the scanning for those addresses, when submitted from know sources (RELAYCLIENT is set or users are authenticated).
If you didn't the part that matters for setting up email forwarding retrain only are:
Go in the ~alias directory (usually /var/qmail/alias) and create two dot qmail default files. One for each type of address.
cd ~alias echo "|/var/qmail/bin/preline /usr/bin/dspam --class=spam --source=error --user \$SENDER" > .qmail-spam echo "|/var/qmail/bin/preline /usr/bin/dspam --class=innocent --source=error --user \$SENDER" > .qmail-nospam
Since the execution of those .qmail files will be handled by the alias user, in order to give it permission to specify the –user parameter, we also need to add alias to the list of users that DSPAM trustes. Edit your /etc/dspam/dspam.conf and make sure you have line like.
# Needed for message retrain from .qmail-spam/nospam Trust alias
You just have to tell your users to forward their misclassified mail to the special training addresses.
Of course, again, there several ways to do this. DSPAM provides the ParseToHeaders configuration directive to handle reclassification itself. Simscan allows you to bypass scanning for those special address, spam/nospam@mydomain.com, and use qmail for retrain.You could even let qmail handle it all for himself. Nothing like looking at the software documentation for variations on this subject and find what best suits you.
To ease the pain of doing all those forwards, you can provide plugins and extensions to your mail clients. This way a simple push of the button does all the work.
For windows clients using M$ Outlook, you can use something like SpamGrabber. For users running Thunderbird, i usually use an extension i coded, with lot's of borrowed code from other extensions. I must warn you that it still has a few bugs, but i've been using it for quite a while now with no major surprises. Use it at your own risk! You can get it here.
If you found the information on these pages usefull, please, consider clicking on one of the sponsored links on the left.
- howtos/qmail/qmail_plus_dspam.txt · Last modified: 2008/04/23 23:13 by hmmm