全部博文(59)
分类: LINUX
2010-07-22 13:28:07
After setting up dspam, we have to tell postfix to use it! There are plenty ways of doing that. If you have installed the dspam-doc packages, one is documented in /usr/share/doc/dspam-doc/postfix.txt.gz and example configuration files under /usr/share/doc/dspam-doc/postfix/.
Instead of a simple content filter, I have chosen to follow an approach brought by Richard Patterson on dspam mailing list allowing to filter incoming mail only. This method requires the postfix-pcre package. To sum up:
# Everything beginning with either ham or spam avoids the filter /^(spam|ham)@.*$/ OK # The rest is redirected to be filtered /./ FILTER dspam:dspam
dspam unix - n n - - pipe
flags=Ru user=dspam argv=/usr/bin/dspam --client --deliver=innocent,spam --user ${recipient} --mail-from=${sender}You also need to make sure Dspam only gets once address at a time by adding: dspam_destination_recipient_limit = 1 to postfix main.cf.
You’ll also need to configure Postfix to listen on a local port for re-injection. This is where DSPAM sends back the “good” mail (or alternatively, tagged mail also). Add this to your master.cf:
localhost:10026 inet n - n - - smtpd -o content_filter= -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o smtpd_authorized_xforward_hosts=127.0.0.0/8
Append the aliases to /etc/aliases:
ham: ham@ham.ham spam: spam@spam.spam
and run postalias /etc/alias to refresh postfix database.
Then, a special transport has to be configured in /etc/postfix/transports:
spam.spam dspam-retrain:spam ham.ham dspam-retrain:innocent
You need to add transport_maps = hash:/etc/postfix/transports in main.cf and run postmap /etc/postfix/transports.
Then add the following to /etc/postfix/master.cf:
dspam-retrain unix - n n - - pipe flags=Rhq user=dspam argv=/usr/bin/dspam --client --mode=teft --class=$nexthop --source=error --user dspam
You cannot set up simple aliases using a pipe to dspam as the permissions of the configuration files are too restrictive, and this setup would require setuid executables somewhere.
The transport approach allows to run dspam under the dspam user UID (user=dspam). Note that the other --user dspam parameter has to be changed if you use several shared groups (or no group at all).
So as to prevent duplicate X-DSPAM-Signature headers which would prevent the signature to be retrieved for spam reporting. This does happen when you receive messages from a server already running Dspam, or could be used by spammers to prevent you from training your database, by forging the headers.
To avoid this issue, I was proposed to ignore the “previous” headers before mail is passed
to dspam. with postfix header_checks, this is:
/^(X-DSPAM-.*)/ IGNORE
Also add:nested_header_checks= in your main.cf file so that postfix doesn’t delete the X-DSPAM-* headers in the attached messages. Without this line, the signatures cannot be retrieved from the nested message.
Another useful tip is to prevent unwanted use of the dspam aliases. In my case, I only accept mail sent to spam@ and ham@ from my local network (or any authenticated user):
/^.*(spam|ham)@.*$/ REJECT
check_recipient_access pcre:/etc/postfix/dspam_check_aliases, check_sender_access pcre:/etc/postfix/dspam_check_aliases
Be sure you have the permit_mynetworks (or permit_sasl_authenticated if using SASL) before these lines.
This way, mail sent by or from spam@ or ham@ aliases will be rejected by Postfix (error code 554), except if the mail is sent from your local network.
Edit /etc/default/dspam to change the START=no variable to START=yes.
Note that it may be worth to activate debug in this file for the testing process. Debug logs are stored in /var/log/dspam/dspam.debug.
After (re)starting both dspam and postfix, you should be able to see that dspam runs as the headers of incoming mail contain things like:
X-DSPAM-Result: Innocent X-DSPAM-Processed: Sun Apr 16 09:06:11 2006 X-DSPAM-Confidence: 0.9928 X-DSPAM-Probability: 0.0000 X-DSPAM-Signature: 4441ece3267971621324435
If it is not the case, look in your mail logs and dspam debug logs.