Debian Tutorials

Debian Tutorials


Step by step tutorials showing you how to install and configure various applications and services on Debian based Linux distros.

April 2021
M T W T F S S
 1234
567891011
12131415161718
19202122232425
2627282930  

Categories


Installing DSPAM with ClamAV for Postfix on lenny

Ástþór IPÁstþór IP

DSPAM is a scalable and open-source content-based spam filter designed for multi-user enterprise systems. On a properly configured system, many users experience results between 99.5% – 99.95%, or one error for every 200 to 2000 messages.

Install and configure the DSPAM daemon

1. Install DSPAM daemon with MySql storage driver and ClamAV. The installer will create a database and required table structure.

apt-get install DSPAM libdspam7-drv-mysql clamav
> Yes
> Type the password for the root user in MySql
> Select a strong password or allow a random password to be generated

2. Configure DSPAM to deliver mail to the Postfix mail server on port 10025, use ClamAV for virus filtering and more. You should read the config file carefully and adjust as needed. (pico /etc/dspam/dspam.conf)

StorageDriver /usr/lib/dspam/libmysql_drv.so
DeliveryHost 127.0.0.1
DeliveryPort 10025
DeliveryIdent dspam
DeliveryProto SMTP
Preference "signatureLocation=headers"
Preference "spamSubject=SPAM"
Opt out
TrackSources spam
ClamAVPort 3310
ClamAVHost 127.0.0.1
ClamAVResponse accept
ServerMode auto
ServerPass.Relay1 "secret"
ServerParameters "--deliver=innocent -d %u"
ServerDomainSocketPath "/var/run/dspam/dspam.sock"

3. Enable the DSPAM daemon (pico /etc/default/dspam)

START=yes

4. Restart the DSPAM daemon

/etc/init.d/dspam restart

 

Install and configure Postfix mail system

1. Install Postfix mail system if not already installed. The postfix-pcre package is required for the dspam_filter_access and dspam_check_aliases files created later.

apt-get install postfix postfix-pcre

2. We only want to filter incoming mail (pico /etc/postfix/dspam_filter_access)

/^(spam|ham)@.*$/ OK
/./ FILTER dspam:dspam

Set correct permissions on the newly created file

chown root.postfix /etc/postfix/dspam_filter_access

3. Set up special aliases to train DSPAM (pico /etc/aliases)

ham: [email protected]
spam: [email protected]

postalias /etc/aliases

Add entries into the transports file (pico /etc/postfix/transports)

spam.spam dspam-retrain:spam
ham.ham dspam-retrain:innocent

postmap /etc/postfix/transports

Create a filter to prevent unwanted use of the spam and ham aliases (pico /etc/postfix/dspam_check_aliases)

/^.*(spam|ham)@.*$/ REJECT

postmap /etc/postfix/dspam_check_aliases

4. Configure Postfix (pico /etc/postfix/main.cf)

smtpd_client_restrictions = check_client_access pcre:/etc/postfix/dspam_filter_access
dspam_destination_recipient_limit = 1
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access pcre:/etc/postfix/dspam_check_aliases, check_sender_access pcre:/etc/postfix/dspam_check_aliases
transport_maps = hash:/etc/postfix/transports

If you have changed the config of your mail server from the default ones, you may need to append the new values instead of replacing the whole line.

Append these lines to the master.cf file (pico /etc/postfix/master.cf)

dspam unix - n n - - pipe
flags=Ru user=dspam argv=/usr/bin/dspam --client --deliver=innocent,spam --user ${recipient} --mail-from=${sender}
 
dspam-retrain unix - n n - - pipe
flags=Rhq user=dspam argv=/usr/bin/dspam --client --mode=teft --class=$nexthop --source=error --user dspam
 
localhost:10025 inet n - n - - smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8

 

Train DSPAM

1. Install bzip2

apt-get install bzip2

2. Download training content

cd /tmp
wget http://spamassassin.apache.org/publiccorpus/20050311_spam_2.tar.bz2
wget http://spamassassin.apache.org/publiccorpus/20030228_easy_ham_2.tar.bz2

3. Extract the training content

tar xvfj 20050311_spam_2.tar.bz2
tar xvfj 20030228_easy_ham_2.tar.bz2

4. Start the training. This may take a few minutes.

dspam_train test spam_2/ easy_ham_2/

You’re all set, now you should have a fully function mail system with powerful spam and virus filtering.

Comments 2
  • Greg
    Posted on

    Greg Greg

    Author

    Great tute. It’s not the most in-depth, but it’s the most helpful Debain/DSPAM tutorial I’ve seen to date.

    One question though…….
    You don’t setup any global groups, yet you do the initial training with user “test”. Without a group or user named test, how is the training going to help?


  • Sina Mashek
    Posted on

    Sina Mashek Sina Mashek

    Author

    Do you know of an updated version of this for Wheezy or Sid? This tutorial nets me the same results as others:

    It seems like the newest dspam is having issues with the testing.
    [test: nonspam] easy_ham_2//00083.e0e7d1493ad397 result: PASS
    [test: spam ] spam_2//00340.582105f82cc7d1d35e result: BROKEN result!!
    [test: nonspam] easy_ham_2//00909.4030b6c4e4c01f result: PASS
    [test: spam ] spam_2//00464.d2f719c667d192af86 result: BROKEN result!!
    [test: nonspam] easy_ham_2//01277.d7a43a4dd78dc4 result: PASS
    [test: spam ] spam_2//01271.c74d2888efc2f1897e result: BROKEN result!!
    [test: nonspam] easy_ham_2//00960.32448b09e83c0a result: PASS
    [test: spam ] spam_2//00703.9fd09a1270c8dab92e result: BROKEN result!!
    [test: nonspam] easy_ham_2//00446.d8f63fcbc175d6 result: PASS
    [test: spam ] spam_2//01048.a8581a98e46532472f result: BROKEN result!!
    [test: nonspam] easy_ham_2//00798.f0b6d4915a856b result: PASS
    [test: spam ] spam_2//01058.c5bf6182a887f34297 result: BROKEN result!!
    [test: nonspam] easy_ham_2//00786.7d159de800532f result: PASS
    [test: spam ] spam_2//01307.270e0fd3d0f0a14a59 result: BROKEN result!!
    [test: nonspam] easy_ham_2//01308.27ef6351cd2bcf result: PASS
    [test: spam ] spam_2//00640.564b03520087bb4595 result: BROKEN result!!