Using DSPAM for Spam Filtering: Difference between revisions

m (future status?)
mNo edit summary
Line 1: Line 1:
Beginning with 4.5.1, DSPAM is disabled when you install or upgrade ZCS because it was frequently interrupting mail delivery.
Some stability issues we're found in 4.0.3
So beginning with 4.5.1, DSPAM is disabled when you install or upgrade ZCS because it was frequently interrupting mail delivery.


http://bugzilla.zimbra.com/show_bug.cgi?id=12185  
http://bugzilla.zimbra.com/show_bug.cgi?id=12185  


http://bugzilla.zimbra.com/show_bug.cgi?id=12079  
http://bugzilla.zimbra.com/show_bug.cgi?id=12079  
http://bugzilla.zimbra.com/show_bug.cgi?id=13962


http://www.zimbra.com/forums/administrators/6322-upgraded-4-5-os-edition-now-no-dspam.html
http://www.zimbra.com/forums/administrators/6322-upgraded-4-5-os-edition-now-no-dspam.html


(Though I do not know it's status for v5Beta4)
Also be aware of: http://bugzilla.zimbra.com/show_bug.cgi?id=20555
 
-Though I do not know it's status for v5Beta4, but after one year gap we had a new version:
 
3.6.8 - June 7, 2006 
 
3.8.0 - March 19, 2007 


---[[User:Mmorse|Mmorse]] 18:19, 20 September 2007 (CDT)
---[[User:Mmorse|Mmorse]] 18:19, 20 September 2007 (CDT)

Revision as of 20:05, 28 September 2007

Some stability issues we're found in 4.0.3 So beginning with 4.5.1, DSPAM is disabled when you install or upgrade ZCS because it was frequently interrupting mail delivery.

http://bugzilla.zimbra.com/show_bug.cgi?id=12185

http://bugzilla.zimbra.com/show_bug.cgi?id=12079

http://bugzilla.zimbra.com/show_bug.cgi?id=13962

http://www.zimbra.com/forums/administrators/6322-upgraded-4-5-os-edition-now-no-dspam.html

Also be aware of: http://bugzilla.zimbra.com/show_bug.cgi?id=20555

-Though I do not know it's status for v5Beta4, but after one year gap we had a new version:

3.6.8 - June 7, 2006

3.8.0 - March 19, 2007

---Mmorse 18:19, 20 September 2007 (CDT)


As of Zimbra release 3.1 GA (April 2006) DSPAM is fully integrated by default.

---KevinH 14:37, 6 April 2006 (PDT)


Original HOW-TO Follows:

---JoshPrismon 12:18, 6 March 2006 (PST)



I saw that there was a request the other day for using DSPAM with Zimbra. I am not done yet, but I have it working at this point. Here are the steps I took:

Download and decompress DSPAM

Note, everything I am doing here, I do as the user zimbra. If I need super user, I use sudo.

The configuration options I used were: .

./configure \
   --prefix=/opt/dspam \
   --sysconfdir=/opt/dspam/conf \
   --with-dspam-home=/var/dspam \
   --with-dspam-home-mode=2770 \
   --with-dspam-home-owner=zimbra \
   --with-dspam-home-group=zimbra \
   --with-storage-driver=mysql_drv \
   --enable-preferences-extension \
   --with-mysql-includes=/usr/include/mysql \
   --with-mysql-libraries=/usr/lib/mysql \
   --enable-signature-headers \
   --without-delivery-agent \
   --without-quarantine-agent \
   --with-dspam-owner=zimbra \
   --with-dspam-group=zimbra
make

(as root)

make install


After this login as the zimbra user. Make sure that MySQL is running. Then create a new table for DSPAM related info:

mysqladmin create dspam

After that load the schema for the dspam tables

mysql dspam < ~/dspam-3.6.1/src/tools.mysql_drv/mysql_objects-4.1.sql

We don't want to use the same user that we use for zimbra for dspam for the database. So create a new user:

mysql
grant all on dspam.* to dspam@localhost identified by 'ThisIsMyPassword';

(Obviously change your password)

Inside of your dspam.conf add the following lines (they are commented out be default)

MySQLServer        /opt/zimbra/db/mysql.sock
MySQLPort			7306
MySQLUser          dspam
MySQLPass          ThisIsMyPassword
MySQLDb            dspam


Now we have to tell amavisd-new (which serves as a pipeline for various steps proccessing email before zimbra's java code sees emails) to enable dspam Search for the $path and $dspam variables and replace them.

To make things a bit tricky, dspam uses auto-generated files, so modify the file amavisd.conf.in rather then amavisd.conf.

$path = '/opt/zimbra/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin:/opt/dspam/bin';
$dspam = 'dspam';

I suggest you run amavisd once by hand with the debug options to make sure everything works:

/opt/zimbra/amavisd/sbin/amavisd -c /opt/zimbra/conf/amavisd.conf debug

And if everything is happy you should see lines like:


Nov 16 18:57:32 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: starting.  /opt/zimbra/amavisd/sbin/amavisd at bldmail01 amavisd-new-2.3.1 (20050509), Unicode aware, LANG=en_US.UTF-8
Nov 16 18:57:32 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: user=515, EUID: 515 (515);  group=, EGID: 515 516 515 5 (515 516 515 5)
Nov 16 18:57:32 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: Perl version               5.008006
Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: Net::Server: 2005/11/16-18:57:33 Amavis (type  Net::Server::PreForkSimple) starting! pid(31241)
Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: Net::Server: Binding to TCP port 10024 on host 127.0.0.1
Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: Net::Server: Group Not Defined.  Defaulting to EGID '515 516 515 5'
Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: Net::Server: User Not Defined.  Defaulting to EUID '515'
Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: Net::Server: Setting up serialization via flock
Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: Module Amavis::Conf        2.038
Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: Module Archive::Tar        1.26
Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: Module Archive::Zip        1.16
[LINES DELETED]
Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: No primary av scanner: Norman Virus Control v5 / Linux
Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: No primary av scanner: Panda Antivirus for Linux
Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: No primary av scanner: NAI McAfee AntiVirus (uvscan)
Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: No primary av scanner: VirusBuster
Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: No primary av scanner: CyberSoft VFind
Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: No primary av scanner: Ikarus AntiVirus for Linux
Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: No primary av scanner: BitDefender
Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: Found secondary av scanner ClamAV-clamscan at /usr/local/bin/clamscan
Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: No secondary av scanner: FRISK F-Prot Antivirus
Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: No secondary av scanner: Trend Micro FileScanner
Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: No secondary av scanner: drweb - DrWeb Antivirus
Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: No secondary av scanner: KasperskyLab kavscanner
Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: Creating db in /opt/zimbra/amavisd/db/; BerkeleyDB 0.26, libdb  4.3
Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: SpamControl: initializing Mail::SpamAssassin
Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: SpamControl: done
Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: Net::Server: Beginning prefork (5 processes)
Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: Net::Server: Starting "5" children
Nov 16 18:57:33 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31242]: Net::Server: Child Preforked (31242)
Nov 16 18:57:34 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31242]: TIMING [total 19 ms] - bdb-open: 19 (100%)100, rundown: 0 (0%)100
Nov 16 18:57:34 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31243]: Net::Server: Child Preforked (31243)\
Nov 16 18:57:34 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31243]: TIMING [total 10 ms] - bdb-open: 10 (100%)100, rundown: 0 (0%)100
Nov 16 18:57:34 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31244]: Net::Server: Child Preforked (31244)
Nov 16 18:57:34 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31244]: TIMING [total 10 ms] - bdb-open: 10 (100%)100, rundown: 0 (0%)100
Nov 16 18:57:34 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31245]: Net::Server: Child Preforked (31245)
Nov 16 18:57:34 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31245]: TIMING [total 9 ms] - bdb-open: 9 (100%)100, rundown: 0 (0%)100
Nov 16 18:57:34 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31246]: Net::Server: Child Preforked (31246)
Nov 16 18:57:34 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31241]: Net::Server: Parent ready for children.
Nov 16 18:57:34 bldmail01 /opt/zimbra/amavisd/sbin/amavisd[31246]: TIMING [total 12 ms] - bdb-open: 12 (100%)100, rundown: 0 (0%)100

That should get you to where both DSPAM and SpamAssassin check for spams.

Later once DSPAM's own database has been built up, I suggest that you add the following lines to one of SpamAssassin's rule files (salocal.cf?) to filter out mail that DSPAM thinks is bogus:

    header DSPAM_SPAM X-DSPAM-Result =~ /^Spam$/
    describe DSPAM_SPAM DSPAM claims it is spam
    score DSPAM_SPAM 0.5

    header DSPAM_HAM X-DSPAM-Result =~ /^Innocent$/
    describe DSPAM_HAM DSPAM claims it is ham
    score DSPAM_HAM -0.1

Anyways, what I write here is my own, with the exceptions that I lifted off of the amavis-new list, esp this message: [url]http://sourceforge.net/mailarchive/message.php?msg_id=11025890[/url]

This works for me so far, filtering seems to work, and seems to be effective. I will post about training as soon as I have finished up doing it.

Jump to: navigation, search