Using DSPAM for Spam Filtering: Difference between revisions
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
As of Zimbra release 3.1 GA (April 2006) DSPAM is fully integrated by default. Original HOW-TO Follows. | '''As of Zimbra release 3.1 GA (April 2006) DSPAM is fully integrated by default. Original HOW-TO Follows.''' ---[[User:KevinH|KevinH]] 14:37, 6 April 2006 (PDT) | ||
------------------------------------------------------------------------------- | ------------------------------------------------------------------------------- |
Revision as of 21:37, 6 April 2006
As of Zimbra release 3.1 GA (April 2006) DSPAM is fully integrated by default. Original HOW-TO Follows. ---KevinH 14:37, 6 April 2006 (PDT)
I saw that there was a request the other day for using DSPAM with Zimbra. I am not done yet, but I have it working at this point. Here are the steps I took:
Download and decompress DSPAM
Note, everything I am doing here, I do as the user zimbra. If I need super user, I use sudo.
The configuration options I used were:
./configure \ --prefix=/opt/dspam \ --sysconfdir=/opt/dspam/conf \ --with-dspam-home=/var/dspam \ --with-dspam-home-mode=2770 \ --with-dspam-home-owner=zimbra \ --with-dspam-home-group=zimbra \ --with-storage-driver=mysql_drv \ --enable-preferences-extension \ --with-mysql-includes=/usr/include/mysql \ --with-mysql-libraries=/usr/lib/mysql \ --enable-signature-headers \ --without-delivery-agent \ --without-quarantine-agent \ --with-dspam-owner=zimbra \ --with-dspam-group=zimbra
make
(as root)
make install
After this login as the zimbra user. Make sure that MySQL is running. Then create a new table for DSPAM related info:
mysqladmin create dspam
After that load the schema for the dspam tables
mysql dspam < ~/dspam-3.6.1/src/tools.mysql_drv/mysql_objects-4.1.sql
We don't want to use the same user that we use for zimbra for dspam for the database. So create a new user:
mysql grant all on dspam.* to dspam@localhost identified by 'ThisIsMyPassword';
(Obviously change your password)
Inside of your dspam.conf add the following lines (they are commented out be default)
MySQLServer /opt/zimbra/db/mysql.sock MySQLPort 7306 MySQLUser dspam MySQLPass ThisIsMyPassword MySQLDb dspam
Now we have to tell amavisd-new (which serves as a pipeline for various steps proccessing email before zimbra's java code sees emails) to enable dspam Search for the $path and $dspam variables and replace them.
To make things a bit tricky, dspam uses auto-generated files, so modify the file amavisd.conf.in rather then amavisd.conf.
$path = '/opt/zimbra/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin:/opt/dspam/bin'; $dspam = 'dspam';
I suggest you run amavisd once by hand with the debug options to make sure everything works:
/opt/zimbra/amavisd/sbin/amavisd -c /opt/zimbra/conf/amavisd.conf debug
And if everything is happy you should see lines like:
Nov 16 18:57:32 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: starting. /opt/zimbra/amavisd/sbin/amavisd at bldmail01 amavisd-new-2.3.1 (20050509), Unicode aware, LANG=en_US.UTF-8 Nov 16 18:57:32 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: user=515, EUID: 515 (515); group=, EGID: 515 516 515 5 (515 516 515 5) Nov 16 18:57:32 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: Perl version 5.008006 Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: Net::Server: 2005/11/16-18:57:33 Amavis (type Net::Server::PreForkSimple) starting! pid(31241) Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: Net::Server: Binding to TCP port 10024 on host 127.0.0.1 Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: Net::Server: Group Not Defined. Defaulting to EGID '515 516 515 5' Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: Net::Server: User Not Defined. Defaulting to EUID '515' Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: Net::Server: Setting up serialization via flock Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: Module Amavis::Conf 2.038 Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: Module Archive::Tar 1.26 Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: Module Archive::Zip 1.16 [LINES DELETED] Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: No primary av scanner: Norman Virus Control v5 / Linux Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: No primary av scanner: Panda Antivirus for Linux Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: No primary av scanner: NAI McAfee AntiVirus (uvscan) Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: No primary av scanner: VirusBuster Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: No primary av scanner: CyberSoft VFind Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: No primary av scanner: Ikarus AntiVirus for Linux Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: No primary av scanner: BitDefender Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: Found secondary av scanner ClamAV-clamscan at /usr/local/bin/clamscan Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: No secondary av scanner: FRISK F-Prot Antivirus Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: No secondary av scanner: Trend Micro FileScanner Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: No secondary av scanner: drweb - DrWeb Antivirus Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: No secondary av scanner: KasperskyLab kavscanner Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: Creating db in /opt/zimbra/amavisd/db/; BerkeleyDB 0.26, libdb 4.3 Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: SpamControl: initializing Mail::SpamAssassin Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: SpamControl: done Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: Net::Server: Beginning prefork (5 processes) Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: Net::Server: Starting "5" children Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31242]: Net::Server: Child Preforked (31242) Nov 16 18:57:34 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31242]: TIMING [total 19 ms] - bdb-open: 19 (100%)100, rundown: 0 (0%)100 Nov 16 18:57:34 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31243]: Net::Server: Child Preforked (31243)\ Nov 16 18:57:34 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31243]: TIMING [total 10 ms] - bdb-open: 10 (100%)100, rundown: 0 (0%)100 Nov 16 18:57:34 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31244]: Net::Server: Child Preforked (31244) Nov 16 18:57:34 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31244]: TIMING [total 10 ms] - bdb-open: 10 (100%)100, rundown: 0 (0%)100 Nov 16 18:57:34 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31245]: Net::Server: Child Preforked (31245) Nov 16 18:57:34 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31245]: TIMING [total 9 ms] - bdb-open: 9 (100%)100, rundown: 0 (0%)100 Nov 16 18:57:34 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31246]: Net::Server: Child Preforked (31246) Nov 16 18:57:34 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: Net::Server: Parent ready for children. Nov 16 18:57:34 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31246]: TIMING [total 12 ms] - bdb-open: 12 (100%)100, rundown: 0 (0%)100
That should get you to where both DSPAM and SpamAssassin check for spams.
Later once DSPAM's own database has been built up, I suggest that you add the following lines to one of SpamAssassin's rule files (salocal.cf?) to filter out mail that DSPAM thinks is bogus:
header DSPAM_SPAM X-DSPAM-Result =~ /^Spam$/ describe DSPAM_SPAM DSPAM claims it is spam score DSPAM_SPAM 0.5 header DSPAM_HAM X-DSPAM-Result =~ /^Innocent$/ describe DSPAM_HAM DSPAM claims it is ham score DSPAM_HAM -0.1
Anyways, what I write here is my own, with the exceptions that I lifted off of the amavis-new list, esp this message: [url]http://sourceforge.net/mailarchive/message.php?msg_id=11025890[/url]
This works for me so far, filtering seems to work, and seems to be effective. I will post about training as soon as I have finished up doing it.
- JoshPrismon 12:18, 6 March 2006 (PST)