贡献一份自己搭建的emos1.3+dspam+clamd
dspam+clamav安装设置本文完整内容见[url]http://www.extmail.org/forum/thread-10674-1-1.html[/url]
参考文献
[url]http://www.extmail.org/forum/thread-6357-1-1.html[/url]
[url]http://www.extmail.org/forum/thread-9165-1-1.html[/url]
[url]http://blog.chinaunix.net/u2/75232/showart_1195937.html[/url]
感谢少波、疯狂老头、hzqbbc、远东、archer支持
安装说明:以下安装是以 EMOS 1.3 版本为基础,邮件系统默认使用postfix,只写出修改或增加的部分,其他参数按默认
域名为fanzhengyuan.18corp.cn
主机名称:mail.fanzhengyuan.18corp.cn
转载请注明出处
by:邻居
[email]fzhy163@163.com[/email]
QQ:6562157
原理
先说明一下dspam的基本原理和一个非常重要的概念:user
dspam刚安装完成的时候,还不能识别垃圾邮件,因为没训练它。对它的训练,就是喂给他一些邮件,并注明是垃圾邮件还是不是垃圾邮件。dspam把垃圾或非垃圾邮件的特征存储下来,以备后面识别使用。
当dspam开始上岗工作的时候,它从标准输入里读取邮件内容,根据之前识别的数据和一些算法来确定邮件是否是spam,然后根据配置文件进行下一步的操作(给邮件打标记或扔到隔离区等)。
现在问题来了,如果一个用户总是把某些邮件训练为垃圾邮件,而另外一些用户不认为是垃圾邮件,就会造成识别混乱。所以dspam在训练或识别的时候,都需要加一个参数user ,通过不同的user参数,把不用的用户的特征数据分开。设置–enable-virtual-users后,user参数只是一个字符符号,可以任意来取,不和系统账号或邮件账号必然对应。
下面的问题:怎么设定user?
基本的就两种方式:
1. 每个邮箱账号对应一个训练和识别user,user的名字可以设置成邮箱账号([email]user@domain.com[/email]),每个用户自己训练dspam识别垃圾邮件。
2. 系统使用一个全局固定的user,由管理员来训练识别垃圾邮件,这个全局user来为所有的邮箱账号服务。
上面的方案各有利弊:
方案1优点是用户自己训练邮件,不会造成有异议识别,缺点就是每个用户得自己亲自来训练。如果用户账号数目很多,n多的user管理也是个麻烦事。
方案2的优点是用户不必自己训练了,由管理员代劳,但可能会造成误识别。比如管理员认为某邮件是垃圾邮件,而一些用户则认为不是。
如果确定使用方案1,可以加上参数 –enable-domain-scale,这样user的数据可以存储为$HOME/data/domain.com/user,否则就是 $HOME/data/user。(个人认为如果涉及到多域名则需要开启此设置)
本文后面用是方案2
注意屏蔽amavisd相关信息
/etc/postfix/master.cf中的10025端口信息
#127.0.0.1:10025 inet n - n - - smtpd
# -o content_filter=
# -o local_recipient_maps=
# -o relay_recipient_maps=
# -o smtpd_restriction_classes=
# -o smtpd_client_restrictions=
# -o smtpd_helo_restrictions=
# -o smtpd_sender_restrictions=
# -o smtpd_recipient_restrictions=permit_mynetworks,reject
# -o mynetworks=127.0.0.0/8
# -o strict_rfc821_envelopes=yes
# -o smtpd_error_sleep_time=0
# -o smtpd_soft_error_limit=1001
# -o smtpd_hard_error_limit=1000
# -o receive_override_options=
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
注释掉main.cf参数
# Content-Filter
#content_filter = smtp:[127.0.0.1]:10024
#receive_override_options = no_address_mappings
停止amavisd杀毒软件运行
#service amavisd stop
不允许amavisd杀毒软件随系统运行
#setup
进入设置窗口选择system services > 勾空 amavisd程序 一路确认即可
[Postfix] (LMTP) -> [DSPAM] [Postfix] -> { Delivery }
|___ (SMTP Reinjection) ____|
本人使用:通过socket(套接字)方式传递给dspam + dspam以SMTP方式回传给postfix
一. 安装dspam
为dspam建立用户、组dspam:dspam
# /usr/sbin/groupadd -g 2000 dspam
# /usr/sbin/useradd -g dspam -u 2000 dspam
解压、安装dspam
# tar dspam-3.8.0.tar.gz
# cd dspam-3.8.0
# ./configure --enable-daemon --enable-clamav --enable-debug --enable-syslog --enable-preferences-extension --enable-long-usernames --enable-domain-scale --enable-virtual-users --with-dspam-home-owner=dspam --with-dspam-home-group=dspam --with-dspam-mode=2510 --with-dspam-owner=dspam --with-dspam-group=dspam --with-storage-driver=mysql_drv,mysql_drv --with-mysql-includes=/usr/include/mysql --with-mysql-libraries=/usr/lib/mysql --with-logdir=/usr/local/dspam/log/ --prefix=/usr/local/dspam --with-delivery-agent=/usr/sbin/sendmail
# make
# make install
相关说明:
--enable-daemon,启用后台守护进程
--enable-clamav,启用dspam内置clamav病毒查杀程序
--enable-debug,启用调试模式
--enable-syslog,支持系统日志
--enable-preferences-extension,启动mysql参数扩展功能,衔接mysql其他用户写入数据库
--enable-long-usernames,支持长用户名
--enable-domain-scale,这样user的数据可以存储为 $HOME/data/domain.com/user,否则就是 $HOME/data/user
--enable-virtual-users,支持虚拟用户,与操作系统用户隔离,user参数只是一个字符符号,可以任意来取,不和系统账号或邮件账号必然对应
--with-dspam-home-owner=dspam,dspam安装目录所属用户为dspam
--with-dspam-home-group=dspam,dspam安装目录所属组为dspam
--with-dspam-mode=2510,
--with-dspam-owner=dspam,dspam 在apache的需要有读写权限
--with-dspam-group=dspam,dspam拥有者组为apache组,webui下需要读写权限
--with-storage-driver=mysql_drv,指定mysql为存储数据库
--with-mysql-includes=/usr/include/mysql,指定/usr/include/mysql数据为存储目录
--with-mysql-libraries=/usr/lib/mysql,指定/usr/lib/mysql为mysql数据库引擎
--with-logdir=/usr/local/dspam/log/,指定日志存储目录
--prefix=/usr/local/dspam,预装dspam相关文件位置
--with-delivery-agent=/usr/sbin/sendmail,支持第三方投递代理sendmail
创建mysql数据库、分配权限、导入表
# mysql -u root -p -e "create database dspam"
# mysql -u root -p -e "grant all on dspam.* to dspam@localhost identified by '123456'"
给导入库文件指定放在新建的dspam库目录
# cd src/tools.mysql_drv
# vi mysql_objects-4.1.sql
增加一行内容到最上面:
use dspam;
# vi virtual_users.sql
增加一行内容到最上面:
use dspam;
使用dspam用户导入库文件
# mysql -u dspam -p < mysql_objects-4.1.sql
# mysql -u dspam -p < virtual_users.sql
随着时间的增长,dpsam的不断使用和学习,他的token数据库和特征库也在不断的增长,所以需要定时的对过时的或者无用的数据进行清理。
# purge-4.1.sql 清理数据库无用的学习数据,支持>mysql4.1版本的脚本
# dspam_logrotate 清理过滤日志记录
#cp purge-4.1.sql /usr/local/dspam/purge-4.1.sql
#crontab –e
0 0 * * * /usr/bin/mysql -u dspam -p'123456' dspam < /usr/local/dspam/purge-4.1.sql
0 0 * * * dspam /usr/local/dspam/bin/dspam_logrotate -a 30 -d /usr/local/dspam/var/dspam/data
二. 配置 dspam参数
修改配置文件所属主
# chown –Rf dspam:dspam /usr/local/dspam/etc/dspam.conf
# vi /usr/local/dspam/etc/dspam.conf (以下只写出修改或增加的部分)
Trust dspam
# spamAction表示识别为垃圾邮件后的动作,quarantine:扔到隔离区;tag:给邮件Subject增加标记;deliver:直接投递
# quarantine 需要设置 QuarantineAgent
# Preference "spamAction=quarantine"
Preference "spamAction=tag"
# spamSubject tag操作的时候给邮件标记的字符
Preference "spamSubject=***SPAM***"
# signatureLocation: dspam给每个识别后的邮件编个号码,将来可以用作重新训练;‘message’: 使DSPAM签名写入邮件体;‘headers’: 使DSPAM签名写入邮件头
Preference "signatureLocation=message" # ‘message' or ‘headers’
# 邮件头中标记X-DSPAM-Factors过滤时相关因素提示,仅在调试过程中使用
Preference "showFactors=on"
MySQLServer /var/lib/mysql/mysql.sock
MySQLUser dspam
MySQLPass 123456
MySQLDb dspam
MySQLCompress true
MySQLUIDInSignature on
#查杀病毒邮件需单独安装ClamAV软件,dspam支持在处理垃圾邮件时衔接ClamAV杀毒软件查杀病毒再投递邮件。
ClamAVPort 3310
ClamAVHost 127.0.0.1
ClamAVResponse spam
三. postfix传输给dspam的配置
postfix可以通过两种方式把邮件传递给dspam:
A. 通过socket(套接字)方式传递给dspam,配置如下
(1). postfix中更改master.cf中配置:
Change:
smtp inet n - n - - smtpd
To:
smtp inet n - n - - smtpd
-o content_filter=lmtp:unix:/tmp/dspam.sock
一定要把lmtp取消chroot如下信息,不然即使/tmp/dspam.sock建立了,postfix也会提示找不到这个文件
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
lmtp unix - - n - - lmtp
(2). 设置dspam,使dspam以deamon方式启动
在/usr/local/dspam/etc/dspam.conf中加入
ServerPID /var/run/dspam.pid
ServerMode auto
ServerParameters "--user dspam --deliver=innocent,spam"
ServerDomainSocketPath "/tmp/dspam.sock"
B. 以pipe(管道)方式传给dspam,配置如下
(1). postfix中更改master.cf中配置
smtp inet n - n - - smtpd
-o content_filter=dspam:
dspam unix - n n - 10 pipe
flags=Ru user=dspam argv=/usr/local/dspam/bin/dspam --deliver=innocent,spam --user dspam -i -f $sender -- $recipient
# dspam就是用来识别处理垃圾邮件的transport
# argv是运行参数的字符串数组
# user=dspam 是识别分析垃圾邮件的用户
# --deliver=innocent 表示对非垃圾邮件进行投递
# --user ${recipient}指定处理后转发收件人,这里也可定义为一个邮件帐号如:[email]user01@fanzhengyuan.18corp.cn[/email]
# -f $sender -- $recipient 告诉dspam发信人和收信人地址
交给dspam的邮件,dspam先根据user参数取出之前训练产生的特征数据进行识别,识别后会调用 /usr/sbin/sendmail 再送给postfix,postfix则会交给maildrop等mda将邮件投入邮箱。
(2). 指定具有筛选权限的 用户:组,/./ 是个正则表达式,表示匹配所有主机和ip。
vi /etc/postfix/dspam_filter_access
/./ FILTER dspam:dspam
(3). 在main.cf中需要增加:
vi /etc/postfix/main.cf
dspam_destination_recipient_limit = 1 //告诉postfix每次只是传一个收件人给dspam,这个跟postfix调用maildrop一样,dspam不用特别针对pipe方式做设置
# smtpd related config
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unauth_pipelining,
reject_invalid_hostname,
check_policy_service inet:127.0.0.1:10030
若以pipe(管道)方式传给dspam,postfix中没有更改master.cf以下配置
smtp inet n - n - - smtpd
-o content_filter=dspam:
需在main.cf中增加如下内容
smtpd_client_restrictions =
permit_mynetworks,
permit_sasl_authenticated, //避免了对SMTP用户认证通过的和mynetworks的客户端的垃圾邮件识别。
check_client_access pcre:/etc/postfix/dspam_filter_access
#local_recipient_maps = proxy:unix:passwd.byname $transport_maps $alias_maps //仅使用系统列表用户
更新dspam_filter_access生成dspam_filter_access.db
#postmap /etc/postfix/dspam_filter_access
四. dspam检测完邮件后的投递方法配置
dspam完成检测后分别有两种方式进行投递:
A. dspam以SMTP方式回传给postfix
(1). 设置postfix,新建立一个监听端口,等待dspam回传
在master.cf中加入
localhost:10026 inet n - n - - smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
(2). dspam以SMTP方式,回传给postfix,在/usr/local/dspam/etc/dspam.conf中加入
DeliveryHost 127.0.0.1
DeliveryPort 10026
DeliveryIdent localhost
DeliveryProto SMTP
ParseToHeaders on
ChangeModeOnParse on
ChangeUserOnParse full
完成以上其中一种配置后,重启postfix服务,使配置生效
/etc/rc.d/init.d/postfix restart
或
#service postfix restart
使用以下命令启动dspam,使其在后台守护进程运行
# /usr/local/dspam/bin/dspam --daemon &
# 查看dspam启动进程
#ps –aux|grep dspam
root 23054 0.0 0.7 5332 1744 pts/0 S 16:35 0:00 /usr/local/dspam/bin/dspam -–daemon
root 23059 0.0 0.2 6136 660 pts/0 S+ 16:36 0:00 grep dspam
可以看到以上信息,说明dspam已经启动成功。
把dspam加载入系统启动项
#echo “/usr/local/dspam/bin/dspam –-daemon &” >> /etc/rc.local
装好clamav,并启动(emos1.3系统自带)
#vi /etc/clamd.conf
TCPSocket 3310
#service clamd restart
或
#/etc/init.d/clamd restart
注意:
若postfix以pipe方式传递给dspam,/usr/local/dspam/etc/dspam.conf需去掉
DeliveryHost 127.0.0.1
DeliveryPort 10026
DeliveryIdent localhost
DeliveryProto SMTP
/etc/postfix/master.cf去掉
localhost:10026 inet n - n - - smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
B. dspam直接使用LDA把邮件投递到收件人邮箱
#vi /usr/local/dspam/etc/dspam.conf
TrustedDeliveryAgent "/usr/bin/maildrop -d %u"
UntrustedDeliveryAgent "/usr/bin/maildrop -d %u" 五. 测试dspam工作是否正常
随便发一封测试邮件,邮件信头有如下说明正常:
X-DSPAM-Result: Innocent
X-DSPAM-Processed: Tue Mar 31 23:10:45 2009
X-DSPAM-Confidence: 0.9899
X-DSPAM-Probability: 0.0000
X-DSPAM-Signature: 6,49d2327561612102913816
X-DSPAM-Factors: 27,
Received*mail.fanzhengyuan.18corp.cn+(Postfix, 0.01000,
Content-Type*charset="us, 0.01000,
Content-Type*charset="us, 0.01000,
equiv=Content+Type, 0.01000,
Date*Apr, 0.01000,
size=2> , 0.01000,
HEIGHT, 0.01000,
Received*Tue, 0.01000,
Return-Path*<user01, 0.01000,
Received*by+fanzhengyuan.18corp.cn), 0.01000,
X-mailer*103, 0.01000,
Received*fanzhengyuan.18corp.cn)+with, 0.01000,
Return-Path*<user01+fanzhengyuan.18corp.cn>, 0.01000,
Received*ESMTP, 0.01000,
SIZE=2>, 0.01000,
Received*(Postfix, 0.01000,
Received*31, 0.01000,
message, 0.01000,
From*"user01+fanzhengyuan.18corp.cn", 0.01000,
Date*Fri, 0.01000,
Subject*dspam, 0.01000,
Date*0800, 0.01000,
align=left+SIZE=2>, 0.01000,
style="WIDTH, 0.01000,
0px+margin, 0.01000,
0px+margin, 0.01000,
<META+content="MSHTML, 0.01000
使用25端口发送邮件会看到经过dspam信息,而是用10026端口发送邮件则无过滤信息,注意使用10026端口发送邮件需在邮件服务器发送,否则按照安全规则无权限连接。
提醒:使用webmail发送邮件不会经过dspam过滤邮件。
六. 测试 ClamAV
首先在/etc/clamav.conf文件中设置支持病毒邮件查杀确认 ScanMail yes ,重新启动clamav程序后,使用邮件客户端连接服务器发送一封带有病毒字符串的信件(包含 EICAR 病毒字符串的文件附件[url]http://www.eicar.org/anti_virus_test_file.htm[/url])。下面字符串用于触发病毒扫描程序在没有附加实际病毒的情况下识别已感染病毒的电子邮件:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
当前在/usr/local/dspam/etc/dspam.conf中设置:
# ClamAVResponse: //clamav响应:
# reject (reject or drop the message with a permanent failure) //拒绝通过;拒绝或丢弃此邮件同时作为永久性错误
# accept (accept the message and quietly drop the message) //接收通过;接收并丢弃此邮件
# spam (treat as spam and quarantine/tag/whatever) //判断为垃圾邮件;当做垃圾邮件条件对待,隔离、加标记等
#
ClamAVPort 3310
ClamAVHost 127.0.0.1
ClamAVResponse spam
扫描时没有发现病毒不会产生任何记录;
扫描时发现病毒邮件会直接删除,clamav会在日志中记录不反馈其他提示,/var/log/clamav/clamd.log中可以查看到类似记录:
Mon May 25 18:15:01 2009 -> stream 2015: Eicar-Test-Signature FOUND
若clamd病毒查杀程序停止工作,任何信件收发均不会受到影响,但会在当前登录终端有类似提示:
3143: [05/25/2009 18:36:05] Connection to 127.0.0.1:3310 failed: Connection refused
七. 配置maildrop根据标记分拣邮件
Postfix把dspam打分标记过的邮件传递给maildrop,通过标记判断来投递不同目录,正常邮件投递到收件箱($HOME/Maildir/.),垃圾邮件投递到垃圾邮件($HOME/Maildir/.Junk/.)
#vi /etc/maildroprc
内容如下:
#/etc/maildroprc
# Decoder for high quality key word filtering
# Author: hzqbbc <[email]hzqbbc@hzqbbc.com[/email]> - ExtMail Dev Team
DECODER="/var/www/extsuite/extmail/tools/decode -v"
if ((/^(From|Sender|Return-Path):.*MAILER\-DAEMON/))
{
BADSENDER=1
}
# Auto deliver to Junk mailbox support if there is no custom
# mailfilter, need test command and correct PATH env
`test -f $HOME/.mailfilter && exit 1 || exit 0`
# No customize filtering rules
if ( $RETURNCODE == 0 )
{
if (/^X-Spam-Flag:.*YES/ || /^X-DSPAM-Result:.*Spam/ || /^X-DSPAM-Result:.Virus/)
{
exception {
to "$HOME/Maildir/.Junk/."
}
}
}
八. 训练识别
比如我们手头有个垃圾邮件的样本: spam01.eml,可以这样训练它
cat spam01.eml | /usr/local/bin/dspam –-mode=teft --source=corpus –-class=spam –-feature=noise –-user dspam
# –source=corpus 与 –source=error 对应的设置
# –class=spam 表示训练识别垃圾邮件,训练识别非垃圾邮件则用参数 –class=innocent
# –user dspam 训练的user,dspam会自动创建。
dspam提供了一个批量训练邮件的命令:
dspam_train [username] [spam_dir] [nonspam_dir]
username是训练用的user,spam_dir和nonspam_dir是垃圾邮件和非垃圾邮件存储的目录。目录下每个邮件一个文件。
例如:
# cd /usr/local/dspam/bin
# ./dspam_train dspam /home/spam /home/nonspam
注意:
在[url]http://www.ccert.edu.cn/spam/sa/2005-Jun.tar.gz[/url]下载学习样本。
dspam_train spam ham/ spam/ (dspam_train username spam_dir ham_dir)
我的训练结果,如果训练过程中哪封信出现错误,直接删除掉重新训练即可。
更改垃圾邮件训练结果目录权限
chown –Rf dspam:dspam /usr/local/dspam/var/dspam/data/local/
九. 配置DSPAM Web Control界面
DSPAM Web Control 功能是让dspam识别用户设置个人参数、查看识别邮件记录,并且还可以重新训练识别错误的邮件。
登陆用户通过Apache的HTTP Auth来登录,所以要把dspam识别用户加到AuthUserFile里。(前面提到的方案1在这里会有很大的问题)
进入dspam解压缩目录将base.css和dspam-logo-small.gif拷贝到apache的dspam目录
#mkdir /var/www/extsuite/dspam
#cp -Rf webui/cgi-bin/* /var/www/extsuite/dspam
#cp webui/htdocs/base.css /var/www/extsuite/dspam
#cp webui/htdocs/dspam-logo-small.gif /var/www/extsuite/dspam
需具有网站管理身份
#chown -Rf dspam:dspam /var/www/extsuite/dspam
更改webui访问权限,特别要注意不更改可能会出现无法访问,日志文件显示
#chmod –Rf 755 /var/www/extsuite/dspam
增加apache配置文件,衔接dspam配置文件,在最后一行追加信息
#vi /etc/httpd/conf/httpd.conf
NameVirtualHost *:81
Include conf/81_*.conf
建立dspam虚拟主机配置文件
#vi /etc/httpd/conf/81_dspam.conf
Listen 81
<VirtualHost *:81>
ServerName mail.fanzhengyuan.18corp.cn
DocumentRoot /var/www/extsuite/dspam
SuexecUserGroup dspam dspam
ErrorLog /usr/local/dspam/log/dspam_error.log
CustomLog /usr//local/dspam/log/dspam_access.log common
<Directory "/var/www/extsuite/dspam/">
DirectoryIndex dspam.cgi
Options ExecCGI
Options -Indexes
AddHandler cgi-script cgi pl
Order deny,allow
Allow from all
AuthType Basic
AuthName "DSPAM Control Center"
AuthUserFile /var/www/extsuite/dspam/htpasswd
Require valid-user
</Directory>
</VirtualHost>
修改/var/www/extsuite/dspam/admins 界面管理员为dspam
echo “dspam” > admins
给dspam建立认证用户dspam及密码(前文提及到登陆dspam web control认证文件为htpasswd)
htpasswd -c /var/www/extsuite/dspam/htpasswd dspam
修改 /var/www/extsuite/dspam/configure.pl
#指定dspam安装目录
$CONFIG{’DSPAM_HOME’} = “/usr/local/dspam/var/dspam”;
$CONFIG{’DSPAM_BIN’} = “/usr/local/dspam/bin”;
#修改过滤域名标识
# Add customized settings below
$CONFIG{’LOCAL_DOMAIN’} = “fanzhengyuan.18corp.cn”;
#下面两个根据编译参数修改
#$CONFIG{’LARGE_SCALE’} = 0;
$CONFIG{’DOMAIN_SCALE’} = 1;
若无法显示dspam_webui,可以查看apache错误日志
/var/log/httpd/error.log
File does not exist: #目录权限问题
Premature end of script headers: #webui目录所属主问题
dspam webui中Performance页面会显示转发垃圾邮件汇报地址默认为spam-邮件地址,此处需要去掉“spam-”内容,修改/var/www/extsuite/dspam/templates/nav_performance.html第32行。
change:
<strong>spam-$REMOTE_USER$@yourdomain.com</strong>
to:
<strong>$REMOTE_USER$@yourdomain.com</strong>
更改后显示信息:
If you receive a message in your e-mail application that was not caught by the filter, please forward it to [email]dspam@fanzhengyuan.18corp.cn[/email] so that it can be analyzed and learned as SPAM. This will improve the filter's accuracy in the future.
Reporting mistakes
________________________________________
Note: If you are using Maildirs and IMAP, a nice alternative way to retrain DSPAM is described here. With that setup you also do not need any signatures in the message bodies.
________________________________________
Users need a way to report spam that gets through, in order to better train Dspam. The Dspam README suggests creating a "spam" user users can mail, inserting their username into the address somehow, such as `"spam-neale@example.org"`. I just know my users are going to be confused by this, though. Far simpler would be to tell them to forward all their spam to `"spam@example.org"`.
The Dspam README suggests using `/etc/aliases` for this task. I don't like that suggestion, since Postfix will run commands specified there as nobody, and that would require setuid executables somewhere. Instead, I created a new `dspam-retrain` transport which, like the `dspam` transport, is run as the `dspam` user by Postfix. The DspamRetrainScript is described on its own page, since it can be used with other MDAs.
`/etc/postfix/master.cf`
dspam-retrain unix - n n - 10 pipe
flags=Ru user=dspam argv=/usr/local/bin/dspam-retrain $nexthop $sender $recipient
I use Postfix's transport mechanism to specify that mail to `[email]spam@example.com[/email]` and `[email]ham@example.com[/email]` should be routed through the `dspam-retrain` transport. With Postfix after 2.0, this will also get `spam+[email]username@example.com[/email]` like it says in the README (or `[email]spam-username@example.com[/email]`, depending on the value of `recipient_delimiter`.
`/etc/postfix/transport`
[email]spam@example.com[/email] dspam-retrain:spam
[email]ham@example.com[/email] dspam-retrain:innocent
The part after the colon (:) is the `${nexthop}` specified in the new transport command above.
Now, to tell Postfix to use the transport. We also need to tell it to look in the transport file when deciding whether or not to allow mail to a certain address, and we set the `recipient_delimiter` to dash (-) to allow things like `[email]spam-user@example.com[/email]`:
`/etc/postfix/main.cf`
transport_maps = hash:/etc/postfix/transport
local_recipient_maps = proxy:unix:passwd.byname $alias_maps $transport_maps
recipient_delimiter = -
`dspam-retrain` is described in DspamRetrainScript.
Finally, `/usr/local/bin/dspam-retrain` is a shell script I created. Since this is run as the `dspam` user for us by Postfix, there's no need for any Unix permissions magic.
安装图形显示组件
. GD
. GD-Graph3d
. GDGraph
. GDTextUtil
. CGI
Typically this can be accomplished on the commandline:
#perl -MCPAN -e 'install GD:: TextUtil'
#perl -MCPAN -e 'install GD::Graph3d'
#perl -MCPAN -e 'install GD::Graph'
#perl -MCPAN -e 'install GD’
#perl -MCPAN -e 'install CGI'
安装图形组件时会先初始化cpan程序,按照默认直接回车确定
洲区域指定下载选择 “(2) Asia”
Now we need to know where your favorite CPAN sites are located. Push a few sites onto the array (just in case the first on the array won't work). If you are mirroring CPAN to your local workstation, specify a file: URL.
First, pick a nearby continent and country (you can pick several of each, separated by spaces, or none if you just want to keep your existing selections). Then, you will be presented with a list of URLs of CPAN mirrors in the countries you selected, along with previously selected URLs. Select some of those URLs, or just keep the old list. Finally, you will be prompted for any extra URLs -- file:, ftp:, or http: -- that host a CPAN mirror.
(1) Africa
(2) Asia
(3) Central America
(4) Europe
(5) North America
(6) Oceania
(7) South America
Select your continent (or several nearby continents) []2
国家区域选择“(1) China”
Sorry! since you don't have any existing picks, you must make a geographic selection.
(1) China
(2) Hong Kong
(3) Indonesia
(4) Israel
(5) Japan
(6) Republic of Korea
(7) Russia
(8) Singapore
(9) Taiwan
(10) Thailand
(11) Turkey
(12) Viet Nam
Select your country (or several nearby countries) [] 1
指定服务器地址选择“(1) [url]ftp://www.perl87.cn/CPAN/[/url]”
Sorry! since you don't have any existing picks, you must make a geographic selection.
(1) [url]ftp://www.perl87.cn/CPAN/[/url]
(2) [url]http://mirrors.xueron.com/CPAN/[/url]
Select as many URLs as you like (by number),
put them on one line, separated by blanks, e.g. '1 4 5' [] 1
安装perl使用默认选项(默认情况下相关文件安装在/root/.cpan/目录下,若安装出错请直接删除此目录并重启重新安装)
打开网页 [url]http://192.168.0.99:81/dspam.cgi[/url] , 输入用户名口令登录。
Performance对应文件在/usr/local/dspam/var/dspam/data/local/dspam/dspam.stats ,目前权限660,所属主dspam:dspam
If you receive a message in your e-mail application that was not caught by the filter, please forward it to [email]dspam@fanzhengyuan.18corp.cn[/email] so that it can be analyzed and learned as SPAM. This will improve the filter's accuracy in the future.
如果您收到的邮件在您的电子邮件应用程序,并没有大的过滤器,请转发给[email]dspam@fanzhengyuan.18corp.cn[/email] ,以便它可以分析和教训为垃圾邮件。这将提高过滤器的准确度在未来。
This page lets you configure how the filter will handle your messages.
这个网页可让您配置的过滤器将如何处理您的邮件。
Alerts对应文件在/usr/local/dspam/var/dspam/data/local/dspam/dspam.alerts ,目前权限644,所属主dspam:dspam
Alerts will help you locate messages in the Quarantine list. If the text of the alert is found in a message, its row will be highlighted, helping you to identify messages that might not be SPAM.
快讯会帮助您找到邮件中的检疫名单。如果文本的警报在邮件中发现,其一行将着重突出,可帮助您确定邮件可能不为垃圾邮件。
The messages below have not been been delivered to your normal e-mail application because they are believed to be spam. Click on the Subject line to view the message or choose a sort option to change how messages are sorted. Use the checkboxes and Deliver Checked to deliver messages you want to read, or use Delete All to empty the quarantine.
下面的消息尚未被发送到您的正常电子邮件应用程序,因为它们被认为是垃圾邮件。点击主题行,以查看邮件或选择一个排序选项更改邮件排序。使用复选框,并提供检查,以传达你想阅读或使用全部删除,以空的检疫。
Graphs showing the number of messages that have been processed are shown below.
图显示的邮件数量已处理如下所示。
The messages that have been processed by the filter are shown below. The most recent messages are shown first. Use the retrain options to correct errors and deliver any false positives that are still in your quarantine
邮件已处理的过滤器如下所示。最新的消息首先显示。使用的培训办法来纠正错误,并提供任何误报率仍然在您的检疫
The following graphs and tables summarize the processing done by the filter.
下面的图表总结了处理所进行的过滤器。
User Statistics对应文件在/usr/local/dspam/var/dspam/ ,目前权限755 ,所属主dspam:dspam
The following table shows the number of messages processed for each user along with their current preference settings.
下表显示了一些信息处理的每个用户以及他们目前的偏好设置。
This page lets you edit the preferences for any user. You can also edit DSPAM's default preferences by leaving the input field empty.
这个网页可让您编辑的喜好,任何用户。您也可以编辑DSPAM的默认优惠离开输入栏为空。
默认垃圾、病毒邮件tag标题标记为[SPAM],更改标记进入webui界面 Administrative Suite > Control Center 选中Tag the Subject header with 并填入自定义标记内容,点击Submit Changes按钮提交再次接收到垃圾、病毒邮件标题变更改为自定义内容。
若中文主题有乱码,将httpd.conf的AddDefaultCharset GB2312.
DSPAM若使用Hash-db数据库清理无效数据
0 0 * * * /usr/local/dspam/bin/dspam_clean [options]
若训练垃圾邮件的时候,出现以下错误:
dspam[2380]: Signature retrieval for '2,457582a423802003310769' failed
dspam[2380]: Unable to find a valid signature. Aborting.
dspam[2380]: process_message returned error -5. dropping message.
将以下三项打开
ParseToHeaders on
ChangeModeOnParse on
ChangeUserOnParse on
MySQLUIDInSignature on //此项一定要打开
webui出问题,请查看apache的error日志,里面有提示,通常是权限的问题。:)
这个问题可能是访问权限问题,可以在本目录放置一个htm文件访问尝试,若仅是cgi文件遇到错误,注意访问设置
问题出在/usr/local/dspam/var/目录所属用户、组
解决办法chown –Rf dspam:dspam /usr/local/dspam/var/
自动白名单
Dspam跟踪完整“From:” 行,如果同一From:有10(可调)封正常邮件并且0封垃圾邮件,那么该记录被标记为白名单。一旦有用户报告来自该记录的spam,这个白名单记录将被删除。
启动白名单
dspam.conf
命令行参数
Feature whitelist
Feature tb=10
[color=Red][b]建议大家使用
三.postfix传输给dspam的配置
A.通过socket(套接字)方式传递给dspam
四.dspam检测完邮件后的投递方法配置
A.dspam以SMTP方式回传给postfix[/b][/color] 顶一个:victory: 太详细了,加精华! 辛苦 了 哈哈,学习的路还很远 [quote]原帖由 [i]kangjia468[/i] 于 2009-6-9 11:46 发表 [url=http://www.extmail.org/forum/redirect.php?goto=findpost&pid=60374&ptid=10674][img]http://www.extmail.org/forum/images/common/back.gif[/img][/url]
水宜生微电解制水器 自水宜生问世以来,在社会上引起了强烈反响,中央电视台、《科技之光》、《走近科学》、省市报纸、网络等媒体纷纷大篇幅报道。进入2008年,社会上刮起了一场用“神奇水杯”的健康热潮。在短短几个月的 ... [/quote]
晕死! 确实不错,解说很好! 虚拟机上刚做完centos5.3 x64的源码安装采用的nginx+fcgi+extmail,测试正常,现在正准备配置dspam,到时候可以参考了。 [quote]原帖由 [i]wendyzh[/i] 于 2009-6-9 15:33 发表 [url=http://www.extmail.org/forum/redirect.php?goto=findpost&pid=60384&ptid=10674][img]http://www.extmail.org/forum/images/common/back.gif[/img][/url]
虚拟机上刚做完centos5.3 x64的源码安装采用的nginx+fcgi+extmail,测试正常,现在正准备配置dspam,到时候可以参考了。 [/quote]
楼上的应该把教程写一下。
其中有些问题:
1. 没有说明安装EMOS1.3时要装编译环境和mysql-devel开发包.2. 直接复制粘贴到语句到配制文件中格式可能有问题,导致postfix启动出错, 需要注意.
3. cat spam.eml |/usr/local/dspam/bin/dspam --mode=teft --source=corpus --class=spam --feature=noise --user dspam 必须用双"--".
4. 为什么一封邮件即使训练完了,在信头信息里还是显示X-Spam Result: Innocence? 不管--class=spam还是--class=innocent? 我怎么确定DSpam起作用没? 辛苦 了
回复 2# fzhyextmail 的帖子
[quote](3). 分别传送邮件到不同邮件进行分类增加/etc/postfix/transport文件内容如下,注意邮箱地址与标示用tab间隔vi /etc/postfix/transport
[email]spam@fanzhengyuan.18corp.cn[/email] spam
[email]nonspam@fanzhengyuan.18corp.cn[/email] nonspam[/quote]
感觉LZ的这步没有什么太多作用,“分别传送邮件到不同邮件进行分类”LZ真正实现了吗? [quote]原帖由 [i]edit[/i] 于 2009-6-23 00:35 发表 [url=http://www.extmail.org/forum/redirect.php?goto=findpost&pid=60925&ptid=10674][img]http://www.extmail.org/forum/images/common/back.gif[/img][/url]
感觉LZ的这步没有什么太多作用,“分别传送邮件到不同邮件进行分类”LZ真正实现了吗? [/quote]
起初想这样设计,但觉得没太大意义,当时只为了测试建的账号,我去更正 B. dspam直接使用LDA把邮件投递到收件人邮箱
#vi /usr/local/dspam/etc/dspam.conf
TrustedDeliveryAgent "/usr/bin/maildrop -d %u"
UntrustedDeliveryAgent "/usr/bin/maildrop -d %u"
有没有人测试过这个?是否成功?
%u好像不是收件人地址 [quote]原帖由 [i]sosogh[/i] 于 2009-7-1 14:57 发表 [url=http://www.extmail.org/forum/redirect.php?goto=findpost&pid=61283&ptid=10674][img]http://www.extmail.org/forum/images/common/back.gif[/img][/url]
B. dspam直接使用LDA把邮件投递到收件人邮箱
#vi /usr/local/dspam/etc/dspam.conf
TrustedDeliveryAgent "/usr/bin/maildrop -d %u"
UntrustedDeliveryAgent "/usr/bin/maildrop -d %u"
有没有人测试过这个?是否成 ... [/quote]
目前主要使用 socket + dspam以SMTP方式回传给postfix ,配置方式有很多,LDA方式其实并没有真正测试通。 LZ辛苦了 check_client_access [color=Red]perc[/color]:/etc/postfix/dspam_filter_access
这行有错误,需改为:
check_client_access [color=Red]pcre[/color]:/etc/postfix/dspam_filter_access [quote]原帖由 [i]疯狂老头[/i] 于 2009-8-8 11:16 发表 [url=http://www.extmail.org/forum/redirect.php?goto=findpost&pid=63446&ptid=10674][img]http://www.extmail.org/forum/images/common/back.gif[/img][/url]
check_client_access perc:/etc/postfix/dspam_filter_access
这行有错误,需改为:
check_client_access pcre:/etc/postfix/dspam_filter_access [/quote]
tks,updated!
我目前使用socket + dspam以SMTP方式回传给postfix
点webui的history出现错No historical data is available
An Error Has OccuredThe following error occured while trying to process your request:
No historical data is available
If this problem persists, please contact your administrator. [quote]原帖由 [i]denny[/i] 于 2009-8-16 08:45 发表 [url=http://www.extmail.org/forum/redirect.php?goto=findpost&pid=64010&ptid=10674][img]http://www.extmail.org/forum/images/common/back.gif[/img][/url]
An Error Has Occured
The following error occured while trying to process your request:
No historical data is available
If this problem persists, please contact your administrator. [/quote]
看这里
No historical data is available
你要注意几点
1.dspam安装目录的dspam.conf权限
2.训练后目录权限(按照本文操作应该在/usr/local/dspam/var/)
3.webui权限
所属主都应为训练者 好东西,作者辛苦了 [quote]原帖由 [i]denny[/i] 于 2009-8-16 08:45 发表 [url=http://www.extmail.org/forum/redirect.php?goto=findpost&pid=64010&ptid=10674][img]http://www.extmail.org/forum/images/common/back.gif[/img][/url]
An Error Has Occured
The following error occured while trying to process your request:
No historical data is available
If this problem persists, please contact your administrator. [/quote]
我的情况也一样啊,找不到原因。哪些属主需要更改呢? /etc/dspam/dspam.conf ServerParameters "--deliver=innocent,spam --user extmail -d %u"
webui 界面里面,Statistical SPAM Protection for 里面要填上,上面的 user :extmail 。
好像是这样,再摸索摸索。 /etc/dspam/dspam.conf ServerParameters "--deliver=innocent,spam --user extmail -d %u"
webui 界面里面,Statistical SPAM Protection for 里面要填上,上面的 user :extmail 。
好像是这样,再摸索摸索。 原来是通过客户端发送,就有了。
通过web方式,就没有。 :Q 请问一下lz:
我观察到被判断为垃圾邮件的,似乎被直接打回了。
这样做,我觉得不大妥当,也是不负责任的做法。[b]若我想要将被判断为垃圾邮件的,投递进垃圾邮件箱,请问 dspam 该如何配置呢?[/b] 噢,我看到结果了。确实是投递进 Junk 了 :Q :Q
页:
[1]
2