DSPAM with Exim

You may be interested in Exim with Virtual Users.

Alternatively, you might want to also have SpamAssassin train DSPAM. In which case, see Exim and SpamAssassin.

DspamWithEximLocalScan contains some useful information on setting Exim up using Local Scan API, DSPAM, ClamAV & MySQL Authentication.

Compilation

Depending on your OS, the path to the exim binary may differ. I (Washington) use FreeBSD and the path should normally be /usr/local/sbin/exim. Please change the path to match yours.

It's also upto you to decide whether you would like to use domain scale or large scale. Actually, the options you pass to ./configure really depend on you. Mine is to deal more with Exim than anything else. Here is how I configured mine: 

./configure
--enable-neural-networking \
--disable-bias \
--enable-virtual-users \
--with-storage-driver=mysql_drv \
--with-mysql-includes=/usr/local/include/mysql \
--with-mysql-libraries=/usr/local/lib/mysql \
--enable-debug \
--with-dspam-home-owner=exim \
--with-dspam-group=mail \
--with-delivery-agent=/usr/local/sbin/exim \
--with-quarantine-agent=/usr/local/sbin/exim \
--enable-experimental

I have to stress the fact that the above setting for dspam-home-owner needs to be reviewed by the reader as it will later have some issues with the CGI client. Well, this is a Wiki. Someone will change that ;).

Well, --enable-domain-scale is an option you add if you want to use dspam in a virtual domain hosting environment.

Exim configuration

Three routers are required: dspam_router passes mail into dspam. Since exim is the TrustedDeliveryAgent, it will reinject the mail back for delivery. dspam_addspam and dspam_falsepositive are routers used for reclassification.

In Exim, the order matters for routers.

In my setup, these dspam-* routers are placed immediately after the userforward router. YMMV.

Routers

dspam_router:
   no_verify
   check_local_user
   # When to scan a message :
   # - it isn't already flagged as spam from Spamassassin
   # - it isn't already flagged as spam from DSPAM
   # - it isn't already scanned
   # - it isn't local
   # - it isn't from one internal domain user to another
   # - it is less than 512k in size
   condition   = "${if and { \
                           {!def:h_X-Spam-Flag:} \
                           {!def:h_X-FILTER-DSPAM:} \
                           {!eq {$received_protocol}{local}} \
                           { <= {$message_size}{512k}} \
                           }\
                           {1}{0}}"
   headers_add  = "X-FILTER-DSPAM: by $primary_hostname on $tod_full"
   driver       = accept
   transport    = dspam_spamcheck
   # Which users to run dspam for.
   #local_parts = /usr/local/etc/exim/dspam-testers
dspam_addspam_router:
 driver            = accept
 local_part_prefix = spam-
 transport         = dspam_addspam
dspam_falsepositive_router:
 driver            = accept
 local_part_prefix = nospam-
 transport         = dspam_falsepositive

Transports

dspam_spamcheck:
 driver = pipe
 command = "/usr/local/bin/dspam --deliver=innocent --user ${lc:$local_part} -f \
           '$sender_address' -- %u"
 home_directory = "/tmp"
 current_directory = "/tmp"
 user = exim
 group = mail
 log_output = true
 return_fail_output = true
 return_path_add = false
 message_prefix =
 message_suffix =

dspam_addspam:
 driver = pipe
 command = "/usr/local/bin/dspam --class=spam --source=error --user \
            ${lc:$local_part} -f '$sender_address' -- %u"
 home_directory = "/tmp"
 current_directory = "/tmp"
 user = exim
 group = mail
 log_output = true
 return_fail_output = true
 return_path_add = false
 message_prefix =
 message_suffix =

dspam_falsepositive:
 driver = pipe
 command = "/usr/local/bin/dspam --class=innocent --source=error \
           --deliver=innocent,spam --user ${lc:$local_part}\
           -f '$sender_address' -- %u"
 home_directory = "/tmp"
 current_directory = "/tmp"
 user = exim
 group = mail
 log_output = true
 return_fail_output = true
 return_path_add = false
 message_prefix =
 message_suffix =

Credit for these routers and transports goes to Troy Engel who initially crafted them. His original posting regarding the integration of DSPAM and Exim (though it was for dspam-2.x) can be found here: http://www.exim.org/pipermail/exim-users/Week-of-Mon-20040510/071459.html

CGI Configuration

Exim uses the "-d" flag to turn on debug mode. The following entry in configure.pl needs to be changed, but I am not sure what needs to replace the -d, since if you remove it, Exim konks! 

$CONFIG{'DSPAM_ARGS'} = "--deliver=innocent --class=innocent " .
                        "--source=error --user $ENV{'REMOTE_USER'} -d %u";

Edit by Chris Bond: 

$CONFIG{'DSPAM_ARGS'}   = "--deliver=innocent --class=innocent " .
                          "--source=error --user $ENV{'REMOTE_USER'} -bm %u";

That seems to work well for me dont get the annoying Exim debug mode then.

DSPAM and Exim3

I want to give a short info on how I got dspam/exim3 running.

Compilation

With recent dspam most parameters can be set in /etc/dspam.conf, you just have to select the storage driver, the sysconfdir, logdir.

The configuration here contains the following Agents: 

TrustedDeliveryAgent "/usr/sbin/exim -oi -oMr spam-scanned $u"
QuarantineAgent "/usr/sbin/exim -oi -oMr spam-scanned $u"

as we only want to tag spams, but not quarantine them. Users are free to filter it by themselves.

The entries in exim.conf are similar to version 4, but not completely:

Transports

To report spam/falsepos the user has to bounce the email to spam-<user> or falsepos-<user>, resp. 

dspamcheck:
  driver = pipe
  command = "/usr/local/bin/dspam --deliver=innocent --user $local_part"
  user = mail
  group = mail
  home_directory = "/var/dspam"
  current_directory = "/var/dspam"  
  return_path_add = false
  log_output = true
  return_fail_output = true
addspam:
     driver = pipe
     command = "/usr/local/bin/dspam --user $local_part --class=spam --source=error --mode=toe"
     return_path_add = false  
     return_fail_output = true  
     log_output = true  
     home_directory = "/var/dspam"
     current_directory = "/var/dspam"  
     user = mail  
     group = mail  
     prefix = ""  
     suffix = ""
falsepositive:  
     driver = pipe  
     command = "/usr/local/bin/dspam --user $local_part --mode=toe --class=innocent --source=error --deliver=innocent"
     return_path_add = false  
     return_fail_output = true  
     log_output = true  
     home_directory = "/var/dspam" 
     current_directory = "/var/dspam"
     user = mail  
     group = mail  
     prefix = ""  
     suffix = ""

Routers

Please note that the condition here is missing, as there are several ways to check. We get all our mails from a bastion router, so we check only emails from the bastion router, all others are local and not checked. You could also check for the spam-scanned protocol (set with -oMr in the Agents). 

dspam_addspam:  
  prefix = spam-
  driver = localuser
  transport = addspam
dspam_falsepositive:  
  prefix = falsepos-
  driver = localuser
  transport = falsepositive
spamscan:
  no_verify
  condition = "to be filled in"
  driver = smartuser
  transport = dspamcheck
  require_files = /var/dspam:\
    +/usr/local/bin/dspam

The dot on a line problem

I don't know wether it happens with other versions of exim, too, or with other ways to implement it, but if you do not add the -oi option to the Agent call of exim, it may happen that exim stops reading the message if there is a lonely dot on a line, interpreting this as end-of-message. The option -oi disables this.

Pitfalls

Virtual Users: If you enable virtual users, you will be able to use whatever format you want for the --user part of the dspam command. Dspam simply creates a new user every time in encounters a new "user" on the command line. Everything will seem to work until you try to log in to the web interface -- unless your real users can login in the exact format of the dspam virtual user they won't be able to see their control panel. If you can't do it that way you don't need to enable virtual users and you should make sure that the dspam command in your exim transport is just. 

--user '${lc:$local_part}'

not 

--user '${lc:$local_part}@${lc:$domain}'

as it was on a different howto page I found.

Aliases: If you use the 'spam' alias for retraining, permissions are a an interesting thing. The gentoo ebuild of dspam seems to do this automatically but the standard tarball does not... What worked is the following... 

-r-x--s--x 1 root dspam 86960 Jul 17 08:21 /usr/local/bin/dspam

Otherwise when people send to your alias exim will barf with something like 

Child process of address_pipe transport returned 127 (could mean unable to exec or command does not exist) from command: /usr/local/bin/dspam

Note the execute bit turned on for world. As I understand it, exim probably drops all privileges just before executing a pipe, so if world cannot execute, exim cannot execute.

Logging: Turning on debug via the dspam.conf file seems to do precisely nothing. You have to do it in the command line in the exim transport. Logging happens in $DSPAM_HOME/log, not in /tmp/dspam.debug as specified in the dspam man page.

First Time Users should expect to use #dspam on irc.freenode.net at least a bit. The documentation for this excellent product is unfortunately not as excellent.

last edited 2007-07-22 14:03:05 by RayKlassen