Implementation of Antispam Gateway with Dspam Engine in Ubuntu LTS


Advantage if anti-spam gateway is that, we don’t  need to make any changes in the email server and get the functionality of spam-filter. Also we can use one gateway for  multiple domains or multiple servers. DSPAM is a an engine which works based on the feedbacks from the users. Dspam claims to get more than 95% of accuracy.

This article is about  how to configure a DSPAM as a anti-spam gateway.

 

In  our setup  we are going to use   Postfix with  DSPAM  with Mysql as the database to store  DSPAM   configuration and  signatures.  Get a

new server for Antispam gateway. Please note that we are not going to touch the Email server .

1.  Install Postfix and Postfix-mysql, Mysq-Server

#aptitude  install postfix  postfix-mysql  mysql-server.

During the installation of postfix select internet mail server option without any relays. Answer the questions  on domain name details.

For mysql installation provide root user password.

2.  Install the dspam and  related components

# aptitude install  dspam dspam   dspam-doc  dspam-webfrontend     libdspam7-drv-mysql dspam-dbg

This will install DSPAM, documentation, Web frontend, and mysql driver modules.   During the installation it will ask you

to provide dspam database username and password to configure dspam mysql db. DSPAM  debug is required for the trouble-shooting

and fine-tuning of the setup.

3. Make sure apache2 is installed. The following apache,php, mysql libraries need to be installed.

# aptitude install  apache2 apache2-mpm-prefork, apache2-suexec, apache2-utils,libapache2-mod-php5, php5-mysql

4. It is also recommended to install phpmyadmin to  add table data to MySQL  easily.

# aptitude install phpmyadmin.

The advantage of this  binary package installation is that, this will automatically take care of all the file-system permissions requirement

for dspam. If we go for compile method this is really a head ache.

5.Install DSPAM MySQL Objects (With a twist)

During the installation of  libdspam7-drv-mysql, it creates the dspam database and table. Here we need to make a small modification to

take care of  multiple email address for a particular account. Ie by default it adds the table virtual_user_uids table. But to accomedate

multiple email address for single accounts we need to use virtual_user_aliases table. For this purpose we need to download the source

package and update  virtual_user_aliases.sql querie.

# wget http://space.dl.sourceforge.net/project/dspam/dspam/dspam-3.10.2/dspam-3.10.2.tar.gz

#  tar -zxvf dspam-3.10.2.tar.gz

#  cd dspam-3.10.2/src/tools.mysql_drv

Here  we need to use virtual_user_aliases.sql table to the database as below

#mysql  -u root  -p  ( Provide password on prompt)

mysql>use dspam

mysql> drop table dspam_virtual_uids;

mysql> source    /<path-to>/dspam-3.10.2/src/tools.mysql_drv/virtual_user_aliases.sql

The resulted table should be as below:

mysql> desc dspam_virtual_uids;
+———-+——————+——+—–+———+——-+
| Field    | Type             | Null | Key | Default | Extra |
+———-+——————+——+—–+———+——-+
| uid      | int(10) unsigned | NO   |     | NULL    |       |
| username | varchar(128)     | NO   | PRI | NULL    |
+———-+——————+——+—–+———+——-+

6. Configure Postfix to receive the Emails  forward to  DSPAM  based on domains.

Make sure the following entries are  filled up as per your domain settings. Please note you need to change mydomain.com with your domain.

myhostname = mx1.mydomain.com
alias_maps = hash:/etc/aliasesalias_database = hash:/etc/aliases
myorigin =  mydomain.com
mydestination = antispam.mydomain.com, localhost.localdomain, localhost, $myhostname

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

We will come to  alias_maps and alias_database  later.

virtual_transport is the link between postfix and dspam.  We need to configure dspam accordingly.

virtual_alias_domains = antispam.mydomain.com
virtual_transport       = lmtp:unix:/var/run/dspam/dspam.sock
virtual_mailbox_domains = mydomain.com
virtual_mailbox_maps    = mysql:/etc/postfix/vmailbox.cf

Please note that, here we are going to create all the domains as virtual_mailbox_domains.  This gives freedom to use the same box for any number  of  domains. Multiple domains can be either  coma separated domains or it can be in separate file.

vmailbox.cf  should look something like:
user            = [MySQL username]
password        = [MySQL password]
dbname          = [MySQL db]
hosts           =  127.0.0.1:3306
query           = SELECT username FROM dspam_virtual_uids WHERE username=’%s’

7. Configure DSPAM to receive LMTP ( Basic Configurations)

Home /var/spool/dspam        ; Home directory for dspam process

StorageDriver /usr/lib/x86_64-linux-gnu/dspam/libmysql_drv.so  ; Comment out the default hash drivar and  add this line.

ServerQueueSize         32
ServerPID               /var/run/dspam/dspam.pid
ServerMode              auto                                           ; Srever mode can be either  standard or auto.  I didn’t observe any difference.
ServerParameters        “–deliver=innocent”
ServerIdent             “localhost.localdomain”
ServerDomainSocketPath  /var/run/dspam/dspam.sock

The below entries helps Postfix to make use of common alias  file for  for retraining.
ParseToHeaders on
ChangeModeOnParse on
ChangeUserOnParse full
MySQLUIDInSignature   on

8. Add a localStore preference for each user

The localStore preference defines the web directory name for each user (forthe WebUI). Since users might have multiple email addresses, you want to avoid having a directory for each alias. You can do this by setting their webdirectory to match their uid.
To do this, you’ll first need to allow the localStore override in dspam.conf:

AllowOverride   localStore

9. Configure user aliases for dspam_virtual_uids

Create  user  through the phpmyadmin or through the command line.

mysql> INSERT INTO dspam_virtual_uids (uid, username) VALUES(‘1’, ‘sandeep@mydomain.com’ ) ;

mysql> INSERT INTO dspam_virtual_uids (uid, username) VALUES(‘1’, ‘sysadmin@mydomain.com’ ) ;

Next, set the localStore preference for that user to their uid or some other unique identifier:

#dspam_admin change preference sandeep@mydomain.com localStore 1

Now, whenever any address pertaining to this user is emailed, information
will be stored in DSPAM_HOME/data/1

Postfix is now set up to do a lookup in dspam_virtual_uids. It _must_ find a valid address in this table in order to accept the message. What you’ll need to do now is to create email addresses (and spam addresses) in this table for each user behind your mail server. You will need to assign any aliases under the same UID, and you’ll also need to create a spam alias in this table. For example:

mysql> select * from dspam_virtual_uids where  uid=1;
+—–+———————-+
| uid | username             |
+—–+———————-+
|   1 | sandeep@mydomain.com |
|   1 | sysadmin@mydomain.com  |
|   1 | sysadmin@otherdomain.com             |
|   1 | groupuser               |
+—–+———————-+

When any of these destination addresses is specified, DSPAM will process mail under the same user so that only one database is used for all of these addresses. You can create as many aliases as you like, and in fact should probably write a script to pull this from your existing production system.

10.  Do the intial training dot DSPAM.

First install bzip2.

# aptitude install  bzip2

Download  anti-spam  maildir data from spam-assassin  sites;

#wget wget http://spamassassin.apache.org/publiccorpus/20050311_spam_2.tar.bz2
#wget http://spamassassin.apache.org/publiccorpus/20030228_easy_ham_2.tar.bz2

#tar xvfj 20050311_spam_2.tar.bz2
#tar xvfj 20030228_easy_ham_2.tar.bz2

Train the merged group user.

#dspam_train  groupuser spam_2/ easy_ham_2/

Where  groupuser the user  account in mysql db which will work as the  reference user for merged groups.

11. Setup Merged group  detail.

Merged group will be treated as  base dataset for all users, and provides for quicker learning and correction
than the other approachs. It is recommended merged groups are only used with   TOE-mode training so that only corrective data is stored, but       systems with   ample amounts of disk may wish to run in TUM mode to learn the user’s behavior   dynamically.
Here we need to create a  file named ‘group’ as   /var/spool/dspam/group

groupuser:merged:*

So that  it will apply to all the users in the system.  Groups need to be decided after a carefull study of  possible group and select the appropriate group.  Refer README.  available at /usr/share/doc/dspam/README.gz

12. Setup  Web frontent configuration for DSPAM.

With the installation of dspam-webfrontend  we will have the default  apache2.conf  in the  /etc/dspam directory. Modify the file

as a virtualhost with  Server name like  antispam.mydomain.com  and create a softlink  as below:

#ln -s /etc/dspam/apache2.conf  /etc/apache2/sites-enabled/dspam.conf.

Create  administrator user   with htpasswd

# htpasswd -c /etc/dsapm/passwd  admin

Make sure this admin is added to /etc/dspam/admins  file

Restart the  apache2 and then  we should be able to access the web-frontent with  admin username and password.

13. Create aliases for training.

Edit /etc/aliases and   add the following entries , where ‘spam’ and ‘notspam’ will be used for training the existing databases.

spam:”|/usr/bin/dspam –mode=teft –source=error –class=spam –user  nobody -d %u ”
notspam:”|/usr/bin/dspam –mode=teft –source=error –class=innocent –user nobody  -d %u ”

Here even though  initially  the  dspam  runs as nobody user  after  reading the signature from the mail the  username get automatically

changed to the  forwarded user. As this entries are in the antispam system, we need some setting from the mail server to forward  ‘spam@domainname.com’ and ‘notspam@domainname.com’ to be forwarded to the antispam server.  If the mail server is linux based one.

Again we can make use of the alias file to forward the emails to antispam . So on the Linux Email server aliases file the following entries need to be added:

spam:   spam@antispam.mydomain.com
notspam:   notspam@antispam.mydomain.com

As usual after editing the aliasfile  run the command  #newaliases to  get that updated.

14.  Configure dspam.conf  to  deliver the mails to email server.

Edit the following lines in the dpsam.conf   according to your email server setup.

DeliveryHost            IP Address of Mail Server
DeliveryPort            25
DeliveryIdent           mail.mydomain.com
DeliveryProto           SMTP

Restart email server and  test  antispam  by sending emails from outside. The above  document covers only the basic setup requirement

to configured DSPAM as a antispam gateway. There are lot more configuration can be done and customization options are  very high.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Leave a Reply