Postfix邮箱(九)：安装反垃圾邮件系统DSPAM

luyj

1、DSpam介绍

    DSPAM是一个专为企业设计的可扩展并且基于开放源码的垃圾邮件过滤器.在正确配置系统，过滤成功率达99.5 ％ － 99.95％。
    DSPAM是很流行的防垃圾工具之一，DSPAM能够学习每个用户的不同邮件的习性，根据这些习性告诉过滤器什么是垃圾邮件。
    DSPAM提供了一个能够学习每个用户的邮件习性的管理维护功能，这些习性可能会有些误判。

官方网站：
http://dspam.nuclearelephant.com/
官方下载：

http://ncu.dl.sourceforge.net/pr ... dspam-3.10.2.tar.gz
配置参考：

http://wiki.extmail.org/dspam_for_emos
http://www.extmail.org/forum/thread-10393-1-1.html
技术博客：

http://blog.dspam.org.cn/

说明：
    目前已更新至2012年的3.10.2版本，EMOS配置的是2009年的3.8版本，
为了不过于依赖extmail制做的rpm包以及mini-http，
本文档使用源码方式安装最新版本以及配置apache进行web访问。

2、安装DSpam

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30

[iyunv@mail ~]#cd /usr/local/src [iyunv@mail src]#wget http://ncu.dl.sourceforge.net/pr ... dspam-3.10.2.tar.gz [iyunv@mail src]#tar zxvf dspam-3.10.2.tar.gz [iyunv@mail src]#cd dspam-3.10.2 [iyunv@mail dspam-3.10.2]# ./configure \ --enable-debug \ --enable-daemon \ --enable-clamav \ --enable-syslog \ --enable-large-scale \ --disable-domain-scale \ --enable-virtual-users \ --enable-long-usernames \ --enable-external-lookup \ --enable-preferences-extension \ --prefix=/usr/local/dspam \ --with-dspam-mode=2511 \ --with-dspam-home-mode=770 \ --with-logdir=/var/log \ --with-dspam-owner=vmail \ --with-dspam-group=vmail \ --with-dspam-home-owner=vmail \ --with-dspam-home-group=vmail \ --with-mysql-libraries=/usr/lib64/mysql \ --with-mysql-includes=/usr/include/mysql \ --with-storage-driver=mysql_drv,hash_drv #这里没有新建dspam的用户，直接使用vmail账号和组。 [iyunv@mail dspam-3.10.2]#make [iyunv@mail dspam-3.10.2]#make install

3、配置 DSpam

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103

[iyunv@mail dspam-3.10.2]# vi /usr/local/dspam/etc/dspam.conf #后面带#号的表示要修改的参数 Home /usr/local/dspam/var/dspam StorageDriver /usr/local/dspam/lib/dspam/libmysql_drv.so TrustedDeliveryAgent "/usr/bin/procmail" DeliveryHost 127.0.0.1  # DeliveryPort 10024      # DeliveryIdent localhost # DeliveryProto SMTP      # OnFail error Trust root Trust vmail             #添加信任用户 Trust extmail           # Trust amavis            # TrainingMode teft TestConditionalTraining on Feature whitelist       #自动白名单，同一发件人10封正常邮件0封垃圾邮件时，该记录标为白名单 Algorithm graham burton Tokenizer chain PValue bcr WebStats on Preference "trainingMode=TEFT" Preference "spamAction=deliver"       # Preference "spamSubject=[SPAM]" Preference "statisticalSedation=5" Preference "enableBNR=on" Preference "enableWhitelist=on" Preference "signatureLocation=headers"#只在信头显示!DSPAM:1,49179586289971925617086!标识 Preference "tagSpam=off" Preference "tagNonspam=off" Preference "showFactors=off" Preference "optIn=off" Preference "optOut=off" Preference "whitelistThreshold=10" Preference "makeCorpus=off" Preference "storeFragments=off" Preference "localStore=" Preference "processorBias=on" Preference "fallbackDomain=off" Preference "trainPristine=off" Preference "optOutClamAV=off" Preference "ignoreRBLLookups=off" Preference "RBLInoculate=off" Preference "notifications=off" AllowOverride enableBNR AllowOverride enableWhitelist AllowOverride fallbackDomain AllowOverride ignoreGroups AllowOverride ignoreRBLLookups AllowOverride localStore AllowOverride makeCorpus AllowOverride optIn AllowOverride optOut AllowOverride optOutClamAV AllowOverride processorBias AllowOverride RBLInoculate AllowOverride showFactors AllowOverride signatureLocation AllowOverride spamAction AllowOverride spamSubject AllowOverride statisticalSedation AllowOverride storeFragments AllowOverride tagNonspam AllowOverride tagSpam AllowOverride trainPristine AllowOverride trainingMode AllowOverride whitelistThreshold AllowOverride dailyQuarantineSummary AllowOverride notifications MySQLServer /var/lib/mysql/mysql.sock MySQLUser dspam           # MySQLPass dspam           # MySQLDb dspam             # MySQLCompress true        # MySQLReconnect true       # MySQLConnectionCache 10   # MySQLUIDInSignature on    # Notifications off PurgeSignatures 14 PurgeNeutral 90 PurgeUnused 90 PurgeHapaxes 30 PurgeHits1S 15 PurgeHits1I 15 LocalMX 127.0.0.1 SystemLog on UserLog on Opt out MaxMessageSize 1048576    #限制检查的邮件最大大小 ServerHost 127.0.0.1      # ServerPort 10028          # ServerQueueSize 32        # ServerPID /var/run/dspam.pid # ServerMode auto              # ServerPass.Relay1 "secret"   # ServerParameters "--user extmail --deliver=innocent,spam -d %u"  # ServerIdent "localhost.localdomain"   # ClientHost 127.0.0.1         # ClientPort 10028             # ClientIdent "secret@Relay1"  # ProcessorURLContext on ProcessorBias on StripRcptDomain off

4、导入数据库
（1）创建

1 2 3

[iyunv@mail dspam-3.10.2]# cd src/tools.mysql_drv/ [iyunv@mail tools.mysql_drv]# mysql -uroot -p123456 -e "create database dspam" [iyunv@mail tools.mysql_drv]# mysql -uroot -p123456 -e "grant all on dspam.* to dspam@localhost identified by 'dspam'"

（2）导入

1 2	[iyunv@mail tools.mysql_drv]# mysql -udspam -pdspam dspam < mysql_objects-4.1.sql [iyunv@mail tools.mysql_drv]# mysql -udspam -pdspam dspam < virtual_users.sql

5、定时清理token数据库和特征库

1 2 3 4 5 6 7

[iyunv@mail tools.mysql_drv]# cp purge-4.1.sql /usr/local/dspam/share/ [iyunv@mail tools.mysql_drv]# crontab -e #清理数据库无用的学习数据 0 0 * * * /usr/bin/mysql -u dspam -p'dspam' dspam < /usr/local/dspam/share/purge-4.1.sql #清理过滤日志记录 0 0 * * * /usr/local/dspam/bin/dspam_logrotate -a 30 -d /usr/local/dspam/var/dspam/data [iyunv@mail tools.mysql_drv]# service crond restart

6、启动

1 2 3 4 5 6 7 8 9

[iyunv@mail cgi-bin]# /usr/local/dspam/bin/dspam --daemon & [1] 52841 [iyunv@mail cgi-bin]# ps aux|grep dspam root     52842  0.0  0.2  54768  2420 pts/3    S    16:29   0:00 /usr/local/dspam/bin/dspam --daemon root     52854  0.0  0.0 103256   852 pts/3    S+   16:29   0:00 grep dspam [1]+  Done                    /usr/local/dspam/bin/dspam --daemon [iyunv@mail cgi-bin]# netstat -lntp|grep 10028 tcp        0      0 127.0.0.1:10028             0.0.0.0:*                   LISTEN      52842/dspam   [iyunv@mail cgi-bin]# cat  "/usr/local/dspam/bin/dspam --daemon &" >> /etc/rc.local

7、配置Web界面
（1）安装绘图工具

1	[iyunv@mail cgi-bin]# yum install perl-GD perl-GDTextUtil perl-GDGraph perl-GD-Graph3d

（2）配置Web目录

1 2 3 4

[iyunv@mail cgi-bin]# cd /usr/local/src/dspam-3.10.2/webui/ [iyunv@mail webui]# mkdir /var/www/extsuite/dspam [iyunv@mail webui]# cp -Rf cgi-bin/* htdocs/* /var/www/extsuite/dspam [iyunv@mail webui]# cp -Rf  htdocs/*   /var/www/extsuite/extmail/html

网页标签图标需要修改或删除，否则extmail和extman都会显示d图标：

1	[iyunv@mail webui]# rm -f /var/www/extsuite/extmail/html/favicon.ico

设置属主及其他：

1 2 3

[iyunv@mail webui]# chown -R vmail.vmail /var/www/extsuite/dspam [iyunv@mail webui]# cd /var/www/extsuite/dspam [iyunv@mail dspam]# ln -s default.prefs /usr/local/dspam/var/dspam/default.prefs

（3）删除web目录下所有Makefile开头的文件

1	[iyunv@mail dspam]# find . -type f -name "Makefile*" -exec rm -rf {} \;

（4）给执行文件添加可执行权限

1	[iyunv@mail dspam]# chmod +x *.pl *.cgi

（5）在管理员组添加用户并设置该用户的密码，用于登陆WEB UI

1 2	[iyunv@mail dspam]# echo "extmail" > admins [iyunv@mail dspam]# htpasswd -c .htpasswd extmail

（6）修改htdocs/目录下的文件路径为dspam根目录下

1 2	[iyunv@mail dspam]# vi configure.pl $CONFIG{'WEB_ROOT'}     = ".";

（7）创建虚拟主机

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18

[iyunv@mail dspam]# vi /etc/httpd/conf.d/dspam.conf # VirtualHost for Dspam Alias /dspam "/var/www/extsuite/dspam" <Directory "/var/www/extsuite/dspam/">   Options ExecCGI   Options -Indexes   Addhandler cgi-script .cgi   DirectoryIndex dspam.cgi   AllowOverride AuthConfig   Order deny,allow   AuthType Basic   AuthName "DSPAM Control Center"   AuthUserFile /var/www/extsuite/dspam/.htpasswd   Require valid-user   SuexecUserGroup dspam dspam </Directory> ErrorLog /var/log/dspam_error.log CustomLog /var/log/dspam_access.log common

（8）访问Web
http://mail.yourmail.com/dspam
账号就是htpasswd创建的extmail账号


8、配置postfix
流程：postfix通过lmtp将邮件发送给DSPAM扫描，完成后回注给postfix，再交付（Delivered）给用户。
（1）添加客户端访问限制
[iyunv@mail dspam]# vi /etc/postfix/main.cf

1 2 3 4 5 6 7 8 9 10

#取消amavisd调用的内容过滤器 #content_filter = smtp:[127.0.0.1]:10024 #receive_override_options = no_address_mappings #添加客户端限制条件，允许sasl认证的、mynetworks范围的、客户端访问表的通过 smtpd_client_restrictions =   permit_sasl_authenticated,   permit_mynetworks,   check_client_access pcre:/etc/postfix/dspam_filter_access #添加检查邮件标题内容的过滤器 header_checks = regexp:/etc/postfix/header_checks

（2）创建dspam客户端访问表，过滤进来的邮件

1 2	[iyunv@mail dspam]# vi /etc/postfix/dspam_filter_access /./ FILTER lmtp:[127.0.0.1]:10028

（3）创建标题内容过滤器

1 2 3

[iyunv@mail dspam]# vi /etc/postfix/header_checks /^(X-DSPAM-.*)/ IGNORE /^(X-Spam-.*)/ IGNORE

（4）重载配置

1	[iyunv@mail dspam]# service postfix reload

9、为SpamAssassin添加DSpam插件
说明：为SA增加DSpam插件，根据邮件头上dspam的分数结果增减不同的分数，注意不是以DSPAM的分数为准，因此你会看到信头中即有SA的分数又有DSAPM的分数。

官方地址：
http://eric.lubow.org/projects/dspam-spamassassin-plugin/
https://github.com/elubow/dspam-spamassassin
extmail地址：
http://www.extmail.org/download/misc/dspam/dspam.pm
http://www.extmail.org/download/misc/dspam/dspam.cf

先查找SA的插件目录：

1	[iyunv@mail dspam]# find / -name 'Plugin' -type d

进入目录后下载插件：

1 2 3

[iyunv@mail dspam]# cd /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin [iyunv@mail Plugin]# wget http://www.extmail.org/download/misc/dspam/dspam.pm [iyunv@mail Plugin]# cp dspam.pm /usr/local/share/perl5/Mail/SpamAssassin/Plugin

进入目录并下载配置文件：

1 2	[iyunv@mail Plugin]# cd /etc/mail/spamassassin/ [iyunv@mail spamassassin]# wget http://www.extmail.org/download/misc/dspam/dspam.cf

配置SA启用插件：

1 2 3 4

[iyunv@mail spamassassin]# vi local.cf include dspam.cf [iyunv@mail spamassassin]# vi init.pre loadplugin Mail::SpamAssassin::Plugin::dspam

10、配置amavisd调用dspam
注意：可以先跳过这一步，完成下一节的测试一后再配置。

在配置文件中的@av_scanners前添加以下内容：

1 2 3 4 5 6 7 8

[iyunv@mail spamassassin]# vi /etc/amavisd.conf $dspam = '/usr/local/dspam/bin/dspam'; @spam_scanners = (   ['SpamAssassin', 'Amavis::SpamControl::SpamAssassin'],   ['DSPAM',  'Amavis::SpamControl::ExtProg', $dspam,     [ qw(--client --stdout --deliver=spam,innocent --mode=teft --user extmail)],   ], );

重新加载：

1	[iyunv@mail spamassassin]# service amavisd reload

查看日志:

1 2	[iyunv@mail spamassassin]# tailf /var/log/maillog Dec  9 16:30:54 mail amavis[33061]: Found spam scanner DSPAM       at /usr/local/dspam/bin/dspam

说明：出现这个表示发现DSPAM扫描器了

11、开启extmail页面上的垃圾邮件举报开关

1 2 3 4 5 6

[iyunv@mail spamassassin]# /var/www/extsuite/extmail/webmail.cf SYS_SPAM_REPORT_ON = 1 SYS_SPAM_REPORT_TYPE = dspam [iyunv@mail spamassassin]# vi /usr/local/dspam/etc/dspam.conf #默认学习5次才会自动转到垃圾邮件箱，改为2次 Feature tb=2

会在WEB页面上每封邮件顶部显示“这是垃圾邮件”的按钮，
点击后移动到“垃圾邮件”目录，也可以移回来。


12、设置maidrop全局过滤
说明：以下的maildroprc 文件同时支持调用ExtMail多语言过滤器解码器，
如果用户已建立自定义过滤规则，则此条全局规则无效（以用户为准）

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23

[iyunv@mail spamassassin]# vi /etc/maildroprc # Decoder for high quality key word filtering logfile "/var/log/maildrop.log" DECODER="/var/www/extsuite/extmail/tools/decode -v" if ((/^(From|Sender|Return-Path):.*MAILER\-DAEMON/)) {   BADSENDER=1 }   # Auto deliver to Junk mailbox support if there is no custom # mailfilter, need test command and correct PATH env `test -f $HOME/.mailfilter && exit 1 || exit 0`   # No customize filtering rules if ( $RETURNCODE == 0 ) {      if (/^X-Spam-Flag:.*YES/ || /^X-DSPAM-Result:.*Spam/)   {          exception {       to "$HOME/Maildir/.Junk/."          }   } } [iyunv@mail spamassassin]# touch /var/log/maildrop.log [iyunv@mail spamassassin]# chown vmail.vmail /var/log/maildrop.log

说明：Junk表示垃圾邮件箱，由于正常邮件容易被误判，使用POP3客户端的用户无法同步到垃圾邮件箱的邮件，导致误以为没有收到；一般建议改为"$HOME/Maildir/."即收件箱中。


13、训练DSPAM
Extmail提供了一个已经预先训练好的dspam数据库文件(31.6M)，
该库是由3000封ham+3000封spam训练而成，用户只要在新的dspam系统里导入该数据库，
原理上就可免除初期搜集最新spam及最新ham并进行训练的痛苦。
导入后会生成特征库，但不会生成历史记录，因此在history中是没记录的。

1 2 3 4 5 6 7

[iyunv@mail spamassassin]# cd /usr/local/src [iyunv@mail src]# wget http://mirror.extmail.org/yum/mi ... trained-data.sql.gz gzip -d dspam-trained-data.sql.gz [iyunv@mail src]# rm -rf /var/lib/mysql/dspam/ [iyunv@mail src]# mysql -u root -p123456 -e "create database dspam" [iyunv@mail src]# mysql -u root -p123456 -e "grant all on dspam.* to dspam@localhost identified by 'dspam'" [iyunv@mail src]# mysql -u dspam -pdspam dspam < dspam-trained-data.sql

结论：安装部署完毕，下一节进行测试。
百度云附件：dspam-3.10.2.tar.gz+dspam.pm+dspam.cf.zip   

avtest123

你好
http://mail.yourmail.com/dspam
输入密码后就不显示网页了。能提供下帮助吗？
谢谢。