Advantage if anti-spam gateway is that, we don’t need to make any changes in the email server and get the functionality of spam-filter. Also we can use one gateway for multiple domains or multiple servers. DSPAM is a an engine which works based on the feedbacks from the users. Dspam claims to get more than 95% of accuracy.
This article is about how to configure a DSPAM as a anti-spam gateway.
In our setup we are going to use Postfix with DSPAM with Mysql as the database to store DSPAM configuration and signatures. Get a
new server for Antispam gateway. Please note that we are not going to touch the Email server .
1. Install Postfix and Postfix-mysql, Mysq-Server
#aptitude install postfix postfix-mysql mysql-server.
During the installation of postfix select internet mail server option without any relays. Answer the questions on domain name details.
For mysql installation provide root user password.
2. Install the dspam and related components
# aptitude install dspam dspam dspam-doc dspam-webfrontend libdspam7-drv-mysql dspam-dbg
This will install DSPAM, documentation, Web frontend, and mysql driver modules. During the installation it will ask you
to provide dspam database username and password to configure dspam mysql db. DSPAM debug is required for the trouble-shooting
and fine-tuning of the setup.
3. Make sure apache2 is installed. The following apache,php, mysql libraries need to be installed.
# aptitude install apache2 apache2-mpm-prefork, apache2-suexec, apache2-utils,libapache2-mod-php5, php5-mysql
4. It is also recommended to install phpmyadmin to add table data to MySQL easily.
# aptitude install phpmyadmin.
The advantage of this binary package installation is that, this will automatically take care of all the file-system permissions requirement
for dspam. If we go for compile method this is really a head ache.
5.Install DSPAM MySQL Objects (With a twist)
During the installation of libdspam7-drv-mysql, it creates the dspam database and table. Here we need to make a small modification to
take care of multiple email address for a particular account. Ie by default it adds the table virtual_user_uids table. But to accomedate
multiple email address for single accounts we need to use virtual_user_aliases table. For this purpose we need to download the source
package and update virtual_user_aliases.sql querie.
# wget http://space.dl.sourceforge.net/project/dspam/dspam/dspam-3.10.2/dspam-3.10.2.tar.gz
# tar -zxvf dspam-3.10.2.tar.gz
# cd dspam-3.10.2/src/tools.mysql_drv
Here we need to use virtual_user_aliases.sql table to the database as below
#mysql -u root -p ( Provide password on prompt)
mysql>use dspam
mysql> drop table dspam_virtual_uids;
mysql> source /<path-to>/dspam-3.10.2/src/tools.mysql_drv/virtual_user_aliases.sql
The resulted table should be as below:
mysql> desc dspam_virtual_uids;
+———-+——————+——+—–+———+——-+
| Field | Type | Null | Key | Default | Extra |
+———-+——————+——+—–+———+——-+
| uid | int(10) unsigned | NO | | NULL | |
| username | varchar(128) | NO | PRI | NULL |
+———-+——————+——+—–+———+——-+
6. Configure Postfix to receive the Emails forward to DSPAM based on domains.
Make sure the following entries are filled up as per your domain settings. Please note you need to change mydomain.com with your domain.
myhostname = mx1.mydomain.com
alias_maps = hash:/etc/aliasesalias_database = hash:/etc/aliases
myorigin = mydomain.com
mydestination = antispam.mydomain.com, localhost.localdomain, localhost, $myhostname
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
We will come to alias_maps and alias_database later.
virtual_transport is the link between postfix and dspam. We need to configure dspam accordingly.
virtual_alias_domains = antispam.mydomain.com
virtual_transport = lmtp:unix:/var/run/dspam/dspam.sock
virtual_mailbox_domains = mydomain.com
virtual_mailbox_maps = mysql:/etc/postfix/vmailbox.cf
Please note that, here we are going to create all the domains as virtual_mailbox_domains. This gives freedom to use the same box for any number of domains. Multiple domains can be either coma separated domains or it can be in separate file.
vmailbox.cf should look something like:
user = [MySQL username]
password = [MySQL password]
dbname = [MySQL db]
hosts = 127.0.0.1:3306
query = SELECT username FROM dspam_virtual_uids WHERE username=’%s’
7. Configure DSPAM to receive LMTP ( Basic Configurations)
Home /var/spool/dspam ; Home directory for dspam process
StorageDriver /usr/lib/x86_64-linux-gnu/dspam/libmysql_drv.so ; Comment out the default hash drivar and add this line.
ServerQueueSize 32
ServerPID /var/run/dspam/dspam.pid
ServerMode auto ; Srever mode can be either standard or auto. I didn’t observe any difference.
ServerParameters “–deliver=innocent”
ServerIdent “localhost.localdomain”
ServerDomainSocketPath /var/run/dspam/dspam.sock
The below entries helps Postfix to make use of common alias file for for retraining.
ParseToHeaders on
ChangeModeOnParse on
ChangeUserOnParse full
MySQLUIDInSignature on
8. Add a localStore preference for each user
The localStore preference defines the web directory name for each user (forthe WebUI). Since users might have multiple email addresses, you want to avoid having a directory for each alias. You can do this by setting their webdirectory to match their uid.
To do this, you’ll first need to allow the localStore override in dspam.conf:
AllowOverride localStore
9. Configure user aliases for dspam_virtual_uids
Create user through the phpmyadmin or through the command line.
mysql> INSERT INTO dspam_virtual_uids (uid, username) VALUES(‘1’, ‘sandeep@mydomain.com’ ) ;
mysql> INSERT INTO dspam_virtual_uids (uid, username) VALUES(‘1’, ‘sysadmin@mydomain.com’ ) ;
Next, set the localStore preference for that user to their uid or some other unique identifier:
#dspam_admin change preference sandeep@mydomain.com localStore 1
Now, whenever any address pertaining to this user is emailed, information
will be stored in DSPAM_HOME/data/1
Postfix is now set up to do a lookup in dspam_virtual_uids. It _must_ find a valid address in this table in order to accept the message. What you’ll need to do now is to create email addresses (and spam addresses) in this table for each user behind your mail server. You will need to assign any aliases under the same UID, and you’ll also need to create a spam alias in this table. For example:
mysql> select * from dspam_virtual_uids where uid=1;
+—–+———————-+
| uid | username |
+—–+———————-+
| 1 | sandeep@mydomain.com |
| 1 | sysadmin@mydomain.com |
| 1 | sysadmin@otherdomain.com |
| 1 | groupuser |
+—–+———————-+
When any of these destination addresses is specified, DSPAM will process mail under the same user so that only one database is used for all of these addresses. You can create as many aliases as you like, and in fact should probably write a script to pull this from your existing production system.
10. Do the intial training dot DSPAM.
First install bzip2.
# aptitude install bzip2
Download anti-spam maildir data from spam-assassin sites;
#wget wget http://spamassassin.apache.org/publiccorpus/20050311_spam_2.tar.bz2
#wget http://spamassassin.apache.org/publiccorpus/20030228_easy_ham_2.tar.bz2
#tar xvfj 20050311_spam_2.tar.bz2
#tar xvfj 20030228_easy_ham_2.tar.bz2
Train the merged group user.
#dspam_train groupuser spam_2/ easy_ham_2/
Where groupuser the user account in mysql db which will work as the reference user for merged groups.
11. Setup Merged group detail.
Merged group will be treated as base dataset for all users, and provides for quicker learning and correction
than the other approachs. It is recommended merged groups are only used with TOE-mode training so that only corrective data is stored, but systems with ample amounts of disk may wish to run in TUM mode to learn the user’s behavior dynamically.
Here we need to create a file named ‘group’ as /var/spool/dspam/group
groupuser:merged:*
So that it will apply to all the users in the system. Groups need to be decided after a carefull study of possible group and select the appropriate group. Refer README. available at /usr/share/doc/dspam/README.gz
12. Setup Web frontent configuration for DSPAM.
With the installation of dspam-webfrontend we will have the default apache2.conf in the /etc/dspam directory. Modify the file
as a virtualhost with Server name like antispam.mydomain.com and create a softlink as below:
#ln -s /etc/dspam/apache2.conf /etc/apache2/sites-enabled/dspam.conf.
Create administrator user with htpasswd
# htpasswd -c /etc/dsapm/passwd admin
Make sure this admin is added to /etc/dspam/admins file
Restart the apache2 and then we should be able to access the web-frontent with admin username and password.
13. Create aliases for training.
Edit /etc/aliases and add the following entries , where ‘spam’ and ‘notspam’ will be used for training the existing databases.
spam:”|/usr/bin/dspam –mode=teft –source=error –class=spam –user nobody -d %u ”
notspam:”|/usr/bin/dspam –mode=teft –source=error –class=innocent –user nobody -d %u ”
Here even though initially the dspam runs as nobody user after reading the signature from the mail the username get automatically
changed to the forwarded user. As this entries are in the antispam system, we need some setting from the mail server to forward ‘spam@domainname.com’ and ‘notspam@domainname.com’ to be forwarded to the antispam server. If the mail server is linux based one.
Again we can make use of the alias file to forward the emails to antispam . So on the Linux Email server aliases file the following entries need to be added:
spam: spam@antispam.mydomain.com
notspam: notspam@antispam.mydomain.com
As usual after editing the aliasfile run the command #newaliases to get that updated.
14. Configure dspam.conf to deliver the mails to email server.
Edit the following lines in the dpsam.conf according to your email server setup.
DeliveryHost IP Address of Mail Server
DeliveryPort 25
DeliveryIdent mail.mydomain.com
DeliveryProto SMTP
Restart email server and test antispam by sending emails from outside. The above document covers only the basic setup requirement
to configured DSPAM as a antispam gateway. There are lot more configuration can be done and customization options are very high.