***needs formatting***
I found a handful of howto's for dspam, but none of them catered for exim with virtual users. After hunting around, I eventually have it working on a cPanel server. Busy with integration into the cPanel webmail section...
My setup:
dspam version 3.6.8, using mysql driver.
exim version 4.
mysql 4.1
CentOS (2.6.9-023stab033.9-enterprise)
Download the source, configure and compile:
cd /usr/local/src
wget http://dspam.nuclearelephant.com/sources/dspam-3.6.8.tar.gz
tar -zxf dspam-3.6.8.tar.gz
cd dspam-3.6.8Configure,replacing user/groups with your web-server user (web / apache /nobody), and use your mysql-include / library paths (will needmysql-devel on rh based systems).#./configure --prefix=/opt/dspam-3.6.8 --with-local-delivery-agent=/usr/sbin/exim \ --with-storage-driver=mysql_drv --with-userdir=/var/spool/mail/dspam \ --with-userdir-owner=nobody --with-userdir-group=nobody --with-dspam-mode=none \ --with-dspam-owner=nobody --with-dspam-group=nobody --enable-whitelist \ --enable-spam-delivery --enable-alternative-bayesian --disable-dependency-tracking \ --enable-virtual-users --with-mysql-includes=/usr/include/mysql \ --with-mysql-libraries=/usr/lib/mysql/ --with-dspam-home=/opt/dspam-3.6.8/var/dspam# make && make install Copy the web interface to a web directory:# cp webui/cgi-bin /opt/dspam -r# cp webui/htdocs/* /usr/local/apache/htdocs/
Setup authentication for the cgi (either using .htaccess files or throughhttpd.conf configuration). You will need to add users to match emailaddresses for per-user configuration. Once configured, create yourpassword file.
# /usr/local/apache/bin/htpasswd -c /opt/dspam/cgi-bin/.htpasswd user@domain.com
# /usr/local/apache/bin/htpasswd /opt/dspam/cgi-bin/.htpasswd admin_user
Here is my /opt/dspam/cgi-bin/.htaccess file:
AuthName "Dspam" AuthType Basic AuthUserFile /usr/local/apache/cgi-bin/.htpasswd require valid-user
Edit httpd.conf, add the following config (web ui will not work until /opt/dspam-version is symlinked - read on):ScriptAlias /dspam/ /opt/dspam/cgi-bin <Directory /opt/dspam/cgi-bin>
Options None AllowOverride AuthConfig Order allow,deny Allow from all
</Directory>
Set up admin user:#echo "admin_user" >> /opt/dspam/cgi-bin/admins
Set up mysqlmysqladmin -p create dspamdb mysql -p >grant all privileges on dspamdb.* to dspamuser@localhost identified by dspampass; >flush privileges; > \c; - this clears buffer, to get rid of passwords. not necessary >exit;
Create tables:mysql -p dspam < /usr/local/src/dspam-3.6.8/src/tools.mysql_drv/mysql_objects_speed.sql mysql -p dspam < /usr/local/src/dspam-3.6.8/src/tools.mysql_drv/virtual_users.sql
Link dspam in opt for easy versioning:ln -s dspam-3.6.8 /opt/dspam
Permissions: I would suggest reading the README over dspam to get a full understanding of the permissions required for running of dspam. My config is as follows: # ll /opt/dspam/var/dspam drwxrwx--- 17 nobody mail 1024 Mar 21 00:54 data/ # ll /opt/dspam/etc/ -rw-r--r-- 1 nobody mail 27907 Mar 20 23:30 dspam.conf
This is what I ran:# chown nobody:mail /opt/dspam/var/dspam -R # chown nobody:mail /opt/dspam/etc/dspam.conf
Edit dspam.conf (in /opt/dspam/etc/. I have only listed the parameters I changed here...):TrustedDeliveryAgent "/usr/sbin/exim -oMr spam-scanned"
Trust: root Trust: mail Trust: nobody / httpd #choose 1 - what ever your webserver runs as - ps axu | grep httpd to find out
#Use the same details as you did for the "grant all privileges on...." statement in mysql. MySQLServer /var/lib/mysql/mysql.sock MySQLPort MySQLUser dspamuser MySQLPass dspampass MySQLDb dspamdb MySQLCompress true
MySQLVirtualTable dspam_virtual_uids MySQLVirtualUIDField uid MySQLVirtualUsernameField username
Almost there.... Confirm that mysql is configure to listen on a socket in /etc/my.cnf (or whereever your config file is):# cat /etc/my.cnf [mysqld] datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock ........
Now the final step - exim configuration. This is the part that took the longest, hopefully it works for you. Just as I read in the howto's I used for this, please please please dont just copy and paste - you stand a good chance of breaking your mail server if you make changes without understanding. Be warned.
My config file is /etc/exim.conf.#Routers - Add these before your user delivery (or before virtual_user delivery / user delivery router). dspam_router:
no_verify #uncomment the next line to disable dspam for virtual users. # check_local_user condition = "${if and { \
{!def:h_X-Spam-Flag:} \ {!def:h_X-FILTER-DSPAM:} \ {!eq {$sender_address_domain}{$domain}} \ {!eq {$received_protocol}{local}} \ {!eq {$received_protocol}{spam-scanned}} \
} }"
headers_add = "X-FILTER-DSPAM: by $primary_hostname on $tod_full" driver = accept transport = dspam_spamcheck
# spam-username dspam_addspam_router:
driver = accept local_part_prefix = spam- transport = dspam_addspam
# nospam-username dspam_falsepositive_router:
driver = accept local_part_prefix = notspam- transport = dspam_falsepositive
#this adds the spam-scanned protocol header, so when it is passed back to exim after being processed by dspam, it doesnt get stuck in a loop. dspam_spamcheck:
driver = pipe command = "/usr/sbin/exim -oMr spam-scanned -bS" transport_filter = "/opt/dspam/bin/dspam --stdout --deliver=innocent,spam --user $local_part@$domain" use_bsmtp = true home_directory = "/tmp" current_directory = "/tmp" user = nobody group = mail log_output = true return_fail_output = true return_path_add = false message_prefix = message_suffix =
dspam_addspam:
driver = pipe command = "/opt/dspam/bin/dspam --user $local_part@$domain --class=spam --source=error" home_directory = "/tmp" current_directory = "/tmp" user = nobody group = mail log_output = true return_fail_output = true return_path_add = false message_prefix = message_suffix =
dspam_falsepositive:
driver = pipe command = "/opt/dspam/bin/dspam --user $local_part@$domain --class=innocent --source=error" home_directory = "/tmp" current_directory = "/tmp" user = nobody group = mail log_output = true return_fail_output = true return_path_add = false message_prefix = message_suffix =
That SHOULD be it. I made these changes through WHM's Exim Configuration editor, putting the routers just before the section with virtual_user_delivery.
If you have set up authentication correctly as well, then you should be able to openhttp://yourhost/cgi-bin/dspam.cgiand log in - if you add your login details to the "admins" file, you can configure defaults, etc.
Watch exim_mainlog after this - you should pick up what transports and routers are being used.
One last warning, dspam can really hammer a system - mysql, cpu and memory usage will go up a bit, especially on busy production servers.
Other settings: add /opt/dspam/man to MANPATH in /etc/man.config or move dspam man directory to an existing man directory.