687
edits
Changes
From SME Server
Jump to navigationJump to searchCreated page with "<span id="_top">Qpsmtpd#Plugins</span> = NAME = dspam - dspam integration for qpsmtpd = DESCRIPTION = Uses dspam to classify messages. Use '''sp..."
<span id="_top">[[Qpsmtpd#Plugins]]</span>
= [[#___top|NAME]] =
dspam - dspam integration for qpsmtpd
= [[#___top|DESCRIPTION]] =
Uses dspam to classify messages. Use '''spamassassin''', '''karma''', and '''naughty''' to train dspam.
Adds the X-DSPAM-Result and X-DSPAM-Signature headers to messages. The latter is essential for training dspam and the former is useful to MDAs, MUAs, and humans.
Adds a transaction note to the qpsmtpd transaction. The note is a hashref with at least the 'class' field (Spam,Innocent,Whitelisted). It will normally contain a probability and confidence rating.
= [[#___top|TRAINING DSPAM]] =
If you enable dspam rejection without training first, you will lose valid mail. The dspam false positive rate is high when untrained. The good news is; dspam learns very, very fast.
The best method way to train dspam is to feed it two large equal sized corpuses of spam and ham from your mail server. The dspam authors suggest avoiding public corpuses. I train dspam as follows:
<dl>
<dt>learn from SpamAssassin
<dd><p>See the SPAMASSASSIN section.</p>
<dt>periodic training
<dd><p>I have a script that searches the contents of every users maildir. Any read messages that have changed since the last processing run are learned as ham or spam.</p>
<p>The ham message list consists of read messages in any folder not named like Spam, Junk, Trash, or Deleted. This catches messages that users have read and left in their inbox or filed away into subfolders.</p>
<dt>on-the-fly training
<dd><p>The dovecot IMAP server has an antispam plugin that will train dspam when messages are moved to/from the Spam folder.</p></dl>
= [[#___top|CONFIG]] =
== [[#___top|dspam_bin]] ==
The path to the dspam binary. If yours is installed somewhere other than /usr/local/bin/dspam, set this.
== [[#___top|autolearn [ naughty | karma | spamassassin | any ]]] ==
; naughty
: learn naughty messages as spam (see plugins/naughty)
; karma
: learn messages with negative karma as spam (see plugins/karma)
; spamassassin
: learn from spamassassins messages with autolearn=(ham|spam). See SPAMASSASSIN.
; any
: all of the above, and any future tests too!
== [[#___top|reject]] ==
Set to a floating point value between 0 and 1.00 where 0 is no confidence and 1.0 is 100% confidence.
If dspam's confidence is greater than or equal to this threshold, the message will be rejected. The default is 1.00.
<pre> dspam reject .95</pre>
To only reject mail if dspam and spamassassin both think the message is spam, set ''reject agree''.
== [[#___top|reject_type]] ==
<pre> reject_type [ perm | temp | disconnect ]</pre>
By default, rejects are permanent (5xx). Set ''reject_type temp'' to defer mail instead of rejecting it.
Set ''reject_type disconnect'' if you'd prefer to immediately disconnect the connection when a spam is encountered. This prevents the remote server from issuing a reset and attempting numerous times in a single connection.
= [[#___top|dspam.conf]] =
dspam must be configured and working properly. I had to modify the following settings on my system:
mysql storage
Trust smtpd
TrainingMode tum
Tokenizer osb
Preference "trainingMode=TOE"
Preference "spamAction=deliver"
Preference "signatureLocation=headers"
TrainPristine off
ParseToHeaders off
Of those changes, the most important is the signature location. This plugin only supports storing the signature in the headers. If you want to train dspam after delivery (ie, users moving messages to/from spam folders), then the dspam signature must be in the headers.
When using the dspam MySQL backend, use InnoDB tables. DSPAM training is dramatically slowed by MyISAM table locks and dspam requires a lot of training. InnoDB has row level locking and updates are much faster.
= [[#___top|DSPAM periodic maintenance]] =
Install this cron job to clean up your DSPAM database.
http://dspam.git.sourceforge.net/git/gitweb.cgi?p=dspam/dspam;a=tree;f=contrib/dspam_maintenance;hb=HEAD
= [[#___top|SPAMASSASSIN]] =
DSPAM can be trained by SpamAssassin. This relationship between them requires attention to several important details:
<ol>
<li><p>dspam must be listed '''after''' spamassassin in the config/plugins file. Because SA runs first, I set the SA reject_threshold up above 100 so that all spam messages will be used to train dspam.</p>
<p>Once dspam is trained and errors are rare, I plan to run dspam first and reduce the SA load.</p></li>
<li><p>For ''autolearn spamassassin'' to work, autolearn must be enabled and configured in SpamAssassin. SA autolearn will determine if a message is learned by dspam. The settings to pay careful attention to in your SA local.cf file are ''bayes_auto_learn_threshold_spam'' and ''bayes_auto_learn_threshold_nonspam''. Make sure they are set to conservative values that will yield no false positives.</p>
<p>If you are using ''autolearn spamassassin'' and ''reject'', messages that exceed the SA threshholds will cause dspam to reject them. Again I say, make sure the SA autolearn threshholds are set high enough to avoid false positives.</p></li></ol>
= [[#___top|MULTIPLE RECIPIENT BEHAVIOR]] =
For messages with multiple recipients, the user that dspam is running as will be the dspam username.
When messages have a single recipient, the recipient address is used as the dspam username. For dspam to trust qpsmtpd with modifying the username, you '''must''' add the username that qpsmtpd is running to to the dspamd.conf file.
ie, (Trust smtpd).
= [[#___top|CHANGES]] =
2012-06 - Matt Simerson - added karma & naughty learning support - worked around the DESTROY bug in dspam_process
= [[#___top|AUTHOR]] =
2012 - Matt Simerson
<!-- Generated Mon Apr 8 09:02:57 EDT 2019 using
perldoc -T -ohtml $plugins/$1 \|pandoc -f html -t mediawiki \|sed '1 i\\n\n\n<span id="_top">[[Qpsmtpd#Plugins]]</span>' \|sed -e 's#</d.>##'
-->
----
[[Category:Qpsmtpd|dspam]]
= [[#___top|NAME]] =
dspam - dspam integration for qpsmtpd
= [[#___top|DESCRIPTION]] =
Uses dspam to classify messages. Use '''spamassassin''', '''karma''', and '''naughty''' to train dspam.
Adds the X-DSPAM-Result and X-DSPAM-Signature headers to messages. The latter is essential for training dspam and the former is useful to MDAs, MUAs, and humans.
Adds a transaction note to the qpsmtpd transaction. The note is a hashref with at least the 'class' field (Spam,Innocent,Whitelisted). It will normally contain a probability and confidence rating.
= [[#___top|TRAINING DSPAM]] =
If you enable dspam rejection without training first, you will lose valid mail. The dspam false positive rate is high when untrained. The good news is; dspam learns very, very fast.
The best method way to train dspam is to feed it two large equal sized corpuses of spam and ham from your mail server. The dspam authors suggest avoiding public corpuses. I train dspam as follows:
<dl>
<dt>learn from SpamAssassin
<dd><p>See the SPAMASSASSIN section.</p>
<dt>periodic training
<dd><p>I have a script that searches the contents of every users maildir. Any read messages that have changed since the last processing run are learned as ham or spam.</p>
<p>The ham message list consists of read messages in any folder not named like Spam, Junk, Trash, or Deleted. This catches messages that users have read and left in their inbox or filed away into subfolders.</p>
<dt>on-the-fly training
<dd><p>The dovecot IMAP server has an antispam plugin that will train dspam when messages are moved to/from the Spam folder.</p></dl>
= [[#___top|CONFIG]] =
== [[#___top|dspam_bin]] ==
The path to the dspam binary. If yours is installed somewhere other than /usr/local/bin/dspam, set this.
== [[#___top|autolearn [ naughty | karma | spamassassin | any ]]] ==
; naughty
: learn naughty messages as spam (see plugins/naughty)
; karma
: learn messages with negative karma as spam (see plugins/karma)
; spamassassin
: learn from spamassassins messages with autolearn=(ham|spam). See SPAMASSASSIN.
; any
: all of the above, and any future tests too!
== [[#___top|reject]] ==
Set to a floating point value between 0 and 1.00 where 0 is no confidence and 1.0 is 100% confidence.
If dspam's confidence is greater than or equal to this threshold, the message will be rejected. The default is 1.00.
<pre> dspam reject .95</pre>
To only reject mail if dspam and spamassassin both think the message is spam, set ''reject agree''.
== [[#___top|reject_type]] ==
<pre> reject_type [ perm | temp | disconnect ]</pre>
By default, rejects are permanent (5xx). Set ''reject_type temp'' to defer mail instead of rejecting it.
Set ''reject_type disconnect'' if you'd prefer to immediately disconnect the connection when a spam is encountered. This prevents the remote server from issuing a reset and attempting numerous times in a single connection.
= [[#___top|dspam.conf]] =
dspam must be configured and working properly. I had to modify the following settings on my system:
mysql storage
Trust smtpd
TrainingMode tum
Tokenizer osb
Preference "trainingMode=TOE"
Preference "spamAction=deliver"
Preference "signatureLocation=headers"
TrainPristine off
ParseToHeaders off
Of those changes, the most important is the signature location. This plugin only supports storing the signature in the headers. If you want to train dspam after delivery (ie, users moving messages to/from spam folders), then the dspam signature must be in the headers.
When using the dspam MySQL backend, use InnoDB tables. DSPAM training is dramatically slowed by MyISAM table locks and dspam requires a lot of training. InnoDB has row level locking and updates are much faster.
= [[#___top|DSPAM periodic maintenance]] =
Install this cron job to clean up your DSPAM database.
http://dspam.git.sourceforge.net/git/gitweb.cgi?p=dspam/dspam;a=tree;f=contrib/dspam_maintenance;hb=HEAD
= [[#___top|SPAMASSASSIN]] =
DSPAM can be trained by SpamAssassin. This relationship between them requires attention to several important details:
<ol>
<li><p>dspam must be listed '''after''' spamassassin in the config/plugins file. Because SA runs first, I set the SA reject_threshold up above 100 so that all spam messages will be used to train dspam.</p>
<p>Once dspam is trained and errors are rare, I plan to run dspam first and reduce the SA load.</p></li>
<li><p>For ''autolearn spamassassin'' to work, autolearn must be enabled and configured in SpamAssassin. SA autolearn will determine if a message is learned by dspam. The settings to pay careful attention to in your SA local.cf file are ''bayes_auto_learn_threshold_spam'' and ''bayes_auto_learn_threshold_nonspam''. Make sure they are set to conservative values that will yield no false positives.</p>
<p>If you are using ''autolearn spamassassin'' and ''reject'', messages that exceed the SA threshholds will cause dspam to reject them. Again I say, make sure the SA autolearn threshholds are set high enough to avoid false positives.</p></li></ol>
= [[#___top|MULTIPLE RECIPIENT BEHAVIOR]] =
For messages with multiple recipients, the user that dspam is running as will be the dspam username.
When messages have a single recipient, the recipient address is used as the dspam username. For dspam to trust qpsmtpd with modifying the username, you '''must''' add the username that qpsmtpd is running to to the dspamd.conf file.
ie, (Trust smtpd).
= [[#___top|CHANGES]] =
2012-06 - Matt Simerson - added karma & naughty learning support - worked around the DESTROY bug in dspam_process
= [[#___top|AUTHOR]] =
2012 - Matt Simerson
<!-- Generated Mon Apr 8 09:02:57 EDT 2019 using
perldoc -T -ohtml $plugins/$1 \|pandoc -f html -t mediawiki \|sed '1 i\\n\n\n<span id="_top">[[Qpsmtpd#Plugins]]</span>' \|sed -e 's#</d.>##'
-->
----
[[Category:Qpsmtpd|dspam]]
