DSPAM

Primary tabs

Credits

Various bits of code, scripts, and procedures were put together with information from John Simpson's qmail.jms1.net website. It's an excellent resource on managing and setting up a Qmail server.

DSPAM is a scalable and open-source content-based spam filter designed for multi-user enterprise systems. DSPAM is an adaptive filter which means it is capable of learning and adapting to each user's email. Instead of working off of a list of "rules" to identify spam, DSPAM's probabilistic engine examines the content of each message and learns what type of content the user deems as spam (or nonspam).

Prerequisites

  • MariaDB
  • Apache webserver, compiled with:
    ./configure \
    --enable-so \
    --enable-ssl \
    --enable-rewrite \
    --enable-suexec \
    --with-suexec-docroot=/var/websites

    Before you compile, edit support/suexec.h and change the AP_HTTPD_USER from the default "www" to the "nobody" that our Apache install instructions use:

    #define AP_HTTPD_USER "nobody"
    #define AP_UID_MIN 99
    #define AP_GID_MIN 99

Installation

cd /extra/src
wget http://tcpdiag.dl.sourceforge.net/project/dspam/dspam/dspam-3.10.2/dspam-3.10.2.tar.gz
tar zxf dspam-3.10.2.tar.gz
cd dspam-3.10.2

Configure it:

export LD_LIBRARY_PATH=/usr/local/mysql/lib/mysql:${LD_LIBRARY_PATH}

./configure \
--enable-daemon \
--enable-debug \
--enable-domain-scale \
--enable-long-usernames \
--with-dspam-home=/var/dspam \
--with-dspam-home-owner=simscan \
--with-dspam-home-group=simscan \
--with-dspam-owner=simscan \
--with-dspam-group=simscan \
--with-storage-driver=mysql_drv \
--with-mysql-libraries=/usr/local/mysql/lib \
--with-mysql-includes=/usr/local/mysql/include/mysql \
--enable-preferences-extension \
--enable-virtual-users

Build and install the binaries:

make && make install

Set up MySQL database and tables:

cd src/tools.mysql_drv
/usr/local/mysql/bin/mysqladmin -u root -p create dspamdb
cat mysql_objects-4.1.sql | /usr/local/mysql/bin/mysql -u root -p dspamdb
cat virtual_users.sql | /usr/local/mysql/bin/mysql -u root -p dspamdb

Log into MySQL and assign a password for simscan to us the dspam database:

/usr/local/mysql/bin/mysql -u root -p
grant all privileges on dspamdb.* to simscan@localhost identified by 'password';
flush privileges;

Of course, change "password" to something meaningful.Be aware that the user simscan has ALL privileges (including the ability to delete the database) unless you do something otherwise.
While in MySQL, make sure the dspam database tables use the InnoDB engine:

use dspamdb;
alter table dspam_preferences engine=innodb;
alter table dspam_signature_data engine=innodb;
alter table dspam_stats engine=innodb;
alter table dspam_token_data engine=innodb;
alter table dspam_virtual_uids engine=innodb;

Also, add indexes to a couple of the tables in case you want to optimize the purge script.

alter table dspam_token_data add index(spam_hits);
alter table dspam_token_data add index(innocent_hits);
alter table dspam_token_data add index(last_hit);

Configuration
Edit /usr/local/etc/dspam.conf

EnablePlusedDetail on
PlusedCharacter -
PlusedUserLowercase on
QuarantineMailbox -quarantine

Trust root
Trust dspam
Trust vpopmail
Trust simscan
Trust qmaild

Tokenizer   osb
TrainingMode   toe
Feature   noise
Algorithm   graham burton
Tokenizer   osb
PValue   bcr

ImprobabilityDrive on
Preference "signatureLocation=headers"

MySQLServer             /tmp/mysql.sock
MySQLUser               simscan
MySQLPass               p4ssw3rd
MySQLDb                 dspamdb
MySQLCompress           true
MySQLReconnect          true

MySQLConnectionCache 10
MySQLUIDInSignature on

LocalMX 127.0.0.1

ServerPID /var/service/dspam/var/dspam.pid

ServerMode dspam
ServerPass.Relay1 "p4ssw3rd"
ServerDomainSocketPath /tmp/dspam.sock

ClientHost /tmp/dspam.sock
ClientIdent "p4ssw3rd@Relay1"

If simscan hasn't been installed yet, add a user for it:

groupadd simscan
useradd -g simscan -s /bin/false -c "SimScan Content Filter" simscan

Change the permissions on the Dspam install so that the Simscan user can access it:

chown -R simscan:simscan /var/dspam
chown simscan:simscan /usr/local/etc/dspam.conf
chown simscan:simscan /usr/local/bin/dspam

Training Mode
Ending Spam: Bayesian Content Filtering and the Art of Statistical Language Classification - description of training modes

Daemontools startup

mkdir -m 1755 /var/service/dspam
cd /var/service/dspam
mkdir -m 0750 log var
wget http://qmail.jms1.net/dspam/service-dspam-run
mv service-dspam-run run
wget http://qmail.jms1.net/dspam/service-dspam-log-run
mv service-dspam-log-run log/run
chmod 0750 run log/run
chown simscan:simscan log var
chown root:simscan run log/run

Adjust the two run files to setuidgid as simscan
Start the service:

ln -s /var/service/dspam /service/
svstat /service/dspam /service/dspam/log
tail /service/dspam/log/main/current

Additional References
http://hmonteiro.net/howtos:qmail:qmail_plus_dspam
http://wiki.linuxwall.info/doku.php/en:ressources:dossiers:dspam
http://www.wimble.info/articles/dspam-qmail-vpopmail.php
http://gentoo-wiki.com/Dspam_vpopmail
http://www.directadmin.com/forum/showthread.php?t=16015
http://mail.michscimfd.com/dspam/
http://switch.richard5.net/isp-in-a-box-v2/setting-up-dspam/training-dspam-with-scripts/

Recent Updates

  • nginx
    5 months 5 days ago
    1.27.2 update
  • lighttpd
    5 months 2 weeks ago
    Drupal 10/11 config
  • Drupal 11
    5 months 2 weeks ago
  • PHP
    5 months 2 weeks ago
    PHP 8.3.11 and AlmaLinux
  • Pound SSL Proxy
    5 months 2 weeks ago
    New version of Pound