# Stuck with manual "HOWTO Spam Filtering with DSPAM/Postfix"

## MaartenZzZ

Dear community,

I'm following the manual of http://gentoo-wiki.com/HOWTO_Spam_Filtering_with_DSPAM_and_Postfix

Did all the stuff, only, when I want to start dspam, I cannot find the binary!

 *Quote:*   

> At this point we have a configured, but not running, DSPAM. /etc/init.d/dspam start should fire it up and have it listening on the socket mentioned above.

 

There is no /etc/init.d/dspam?

So I wont have a second deamon running at port 10025 as told in the manual (below the quote mentioned above).

 *Quote:*   

> netstat -tunlp | grep master
> 
> tcp        0      0 127.0.0.1:10025         0.0.0.0:*               LISTEN      30772/master
> 
> tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      30772/master

 

Will give me:

 *Quote:*   

> NewYork ~ # netstat -tunlp | grep master
> 
> tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      15761/master
> 
> NewYork ~ #
> ...

 

I'm using:

- mail-mta/postfix-2.4.5

- net-mail/courier-imap-4.0.6-r2

- mail-filter/dspam-3.8.0-r9.

Thank your for reading, and helping me.

----------

## magic919

Interesting stuff.

The init script and the binary are 2 separate things.  Do you actually have the binary - which is /usr/bin/dspam?  I think it is because you lack the USE word daemon.  Run emerge -pv dspam to check.

Postfix listens on 10025, not DSPAM.  You should still have the second listening instance of Postfix on port 10025.  Maybe you need a

postfix reload

to have it read in master.cf and see the changes.

Let me know how you get on.

----------

## MaartenZzZ

I have:

```
NewYork ~ # /usr/bin/dspam

dspam            dspam_admin      dspam_crc        dspam_logrotate  dspam_stats      dspamc

dspam_2sql       dspam_clean      dspam_dump       dspam_merge      dspam_train

```

Current USE flags for DSPAM are:

```
USE="mysql sqlite -clamav -daemon -debug -large-domain -ldap -postgres -syslog -user-homedirs -virtual-users"
```

Shall I remerge with deamon?

I have this in my master.cfg:

```
 127.0.0.1:10025 inet    n       -       n       -       -       smtpd

  -o smtpd_authorized_xforward_hosts=127.0.0.0/8

  -o smtpd_client_restrictions=

  -o smtpd_helo_restrictions=

  -o smtpd_sender_restrictions=

  -o smtpd_recipient_restrictions=permit_mynetworks,reject

  -o mynetworks=127.0.0.0/8

  -o receive_override_options=no_unknown_recipient_checks

```

But still no second deamon when I reload. I have reloaded and restarted postfix.

----------

## magic919

Yes, please add daemon.  Mine is like this

```

grep dspam /etc/portage/package.use

mail-filter/dspam mysql clamav daemon

```

as I also use clamav.

Your master.cf looks ok.  I presume it is master.cf, not .cfg per your post.  Do you maybe have whitespace to left of 127.0.0.1?  Because it looks fine otherwise.  Mine -

```

127.0.0.1:10025 inet    n       -       n       -       -       smtpd

  -o smtpd_authorized_xforward_hosts=127.0.0.0/8

  -o smtpd_client_restrictions=

  -o smtpd_helo_restrictions=

  -o smtpd_sender_restrictions=

  -o smtpd_recipient_restrictions=permit_mynetworks,reject

  -o mynetworks=127.0.0.0/8

  -o receive_override_options=no_unknown_recipient_checks

```

----------

## MaartenZzZ

Okay, after a remerge, the init script works:

```
NewYork ~ # /etc/init.d/dspam start

 * Starting DSPAM ... [ ok ]
```

I will show you my complete master.cf (Sorry for the *.cfg!)

```
#

# Postfix master process configuration file.  For details on the format

# of the file, see the master(5) manual page (command: "man 5 master").

#

# ==========================================================================

# service type  private unpriv  chroot  wakeup  maxproc command + args

#               (yes)   (yes)   (yes)   (never) (100)

# ==========================================================================

smtp      inet  n       -       n       -       -       smtpd

#submission inet n       -       n       -       -       smtpd

#  -o smtpd_enforce_tls=yes

#  -o smtpd_sasl_auth_enable=yes

#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

#smtps     inet  n       -       n       -       -       smtpd

#  -o smtpd_tls_wrappermode=yes

#  -o smtpd_sasl_auth_enable=yes

#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

#628      inet  n       -       n       -       -       qmqpd

pickup    fifo  n       -       n       60      1       pickup

cleanup   unix  n       -       n       -       0       cleanup

qmgr      fifo  n       -       n       300     1       qmgr

#qmgr     fifo  n       -       n       300     1       oqmgr

tlsmgr    unix  -       -       n       1000?   1       tlsmgr

rewrite   unix  -       -       n       -       -       trivial-rewrite

bounce    unix  -       -       n       -       0       bounce

defer     unix  -       -       n       -       0       bounce

trace     unix  -       -       n       -       0       bounce

verify    unix  -       -       n       -       1       verify

flush     unix  n       -       n       1000?   0       flush

proxymap  unix  -       -       n       -       -       proxymap

smtp      unix  -       -       n       -       -       smtp

# When relaying mail as backup MX, disable fallback_relay to avoid MX loops

relay     unix  -       -       n       -       -       smtp

   -o fallback_relay=

#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5

showq     unix  n       -       n       -       -       showq

error     unix  -       -       n       -       -       error

retry     unix  -       -       n       -       -       error

discard   unix  -       -       n       -       -       discard

local     unix  -       n       n       -       -       local

virtual   unix  -       n       n       -       -       virtual

lmtp      unix  -       -       n       -       -       lmtp

anvil     unix  -       -       n       -       1       anvil

scache     unix   -   -   n   -   1   scache

dspam     unix  -       -       n       -       10      lmtp

#

# ====================================================================

# Interfaces to non-Postfix software. Be sure to examine the manual

# pages of the non-Postfix software to find out what options it wants.

#

# Many of the following services use the Postfix pipe(8) delivery

# agent.  See the pipe(8) man page for information about ${recipient}

# and other message envelope options.

# ====================================================================

#

# maildrop. See the Postfix MAILDROP_README file for details.

# Also specify in main.cf: maildrop_destination_recipient_limit=1

#

#maildrop  unix  -       n       n       -       -       pipe

#  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}

#

# ====================================================================

#

# The Cyrus deliver program has changed incompatibly, multiple times.

#

#old-cyrus unix  -       n       n       -       -       pipe

#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}

#

# ====================================================================

#

# Cyrus 2.1.5 (Amos Gouaux)

# Also specify in main.cf: cyrus_destination_recipient_limit=1

#

#cyrus     unix  -       n       n       -       -       pipe

#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}

#

# ====================================================================

#

# See the Postfix UUCP_README file for configuration details.

#

#uucp      unix  -       n       n       -       -       pipe

#  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)

#

# ====================================================================

#

# Other external delivery methods.

#

#ifmail    unix  -       n       n       -       -       pipe

#  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)

#

#bsmtp     unix  -       n       n       -       -       pipe

#  flags=Fq. user=bsmtp argv=/usr/sbin/bsmtp -f $sender $nexthop $recipient

#

#scalemail-backend unix -       n       n       -       2       pipe

#  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store

#  ${nexthop} ${user} ${extension}

#

#mailman   unix  -       n       n       -       -       pipe

#  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py

#  ${nexthop} ${user}

 127.0.0.1:10025 inet    n       -       n       -       -       smtpd

  -o smtpd_authorized_xforward_hosts=127.0.0.0/8

  -o smtpd_client_restrictions=

  -o smtpd_helo_restrictions=

  -o smtpd_sender_restrictions=

  -o smtpd_recipient_restrictions=permit_mynetworks,reject

  -o mynetworks=127.0.0.0/8

  -o receive_override_options=no_unknown_recipient_checks

```

My main.cf:

```
# Global Postfix configuration file. This file lists only a subset

# of all parameters. For the syntax, and for a complete parameter

# list, see the postconf(5) manual page (command: "man 5 postconf").

#

# For common configuration examples, see BASIC_CONFIGURATION_README

# and STANDARD_CONFIGURATION_README. To find these documents, use

# the command "postconf html_directory readme_directory", or go to

# http://www.postfix.org/.

#

# For best results, change no more than 2-3 parameters at a time,

# and test if Postfix still works after every change.

# SOFT BOUNCE

#

# The soft_bounce parameter provides a limited safety net for

# testing.  When soft_bounce is enabled, mail will remain queued that

# would otherwise bounce. This parameter disables locally-generated

# bounces, and prevents the SMTP server from rejecting mail permanently

# (by changing 5xx replies into 4xx replies). However, soft_bounce

# is no cure for address rewriting mistakes or mail routing mistakes.

#

#soft_bounce = no

# LOCAL PATHNAME INFORMATION

#

# The queue_directory specifies the location of the Postfix queue.

# This is also the root directory of Postfix daemons that run chrooted.

# See the files in examples/chroot-setup for setting up Postfix chroot

# environments on different UNIX systems.

#

queue_directory = /var/spool/postfix

# The command_directory parameter specifies the location of all

# postXXX commands.

#

command_directory = /usr/sbin

# The daemon_directory parameter specifies the location of all Postfix

# daemon programs (i.e. programs listed in the master.cf file). This

# directory must be owned by root.

#

daemon_directory = /usr/lib64/postfix

# QUEUE AND PROCESS OWNERSHIP

#

# The mail_owner parameter specifies the owner of the Postfix queue

# and of most Postfix daemon processes.  Specify the name of a user

# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS

# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM.  In

# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED

# USER.

#

mail_owner = postfix

# The default_privs parameter specifies the default rights used by

# the local delivery agent for delivery to external file or command.

# These rights are used in the absence of a recipient user context.

# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.

#

#default_privs = nobody

# INTERNET HOST AND DOMAIN NAMES

# 

# The myhostname parameter specifies the internet hostname of this

# mail system. The default is to use the fully-qualified domain name

# from gethostname(). $myhostname is used as a default value for many

# other configuration parameters.

#

#myhostname = host.domain.tld

#myhostname = virtual.domain.tld

myhostname = mail.maartenz.org

# The mydomain parameter specifies the local internet domain name.

# The default is to use $myhostname minus the first component.

# $mydomain is used as a default value for many other configuration

# parameters.

#

#mydomain = domain.tld

mydomain = maartenz.org

# SENDING MAIL

# 

# The myorigin parameter specifies the domain that locally-posted

# mail appears to come from. The default is to append $myhostname,

# which is fine for small sites.  If you run a domain with multiple

# machines, you should (1) change this to $mydomain and (2) set up

# a domain-wide alias database that aliases each user to

# user@that.users.mailhost.

#

# For the sake of consistency between sender and recipient addresses,

# myorigin also specifies the default domain name that is appended

# to recipient addresses that have no @domain part.

#

#myorigin = $myhostname

#myorigin = $mydomain

myorigin = $myhostname

# RECEIVING MAIL

# The inet_interfaces parameter specifies the network interface

# addresses that this mail system receives mail on.  By default,

# the software claims all active interfaces on the machine. The

# parameter also controls delivery of mail to user@[ip.address].

#

# See also the proxy_interfaces parameter, for network addresses that

# are forwarded to us via a proxy or network address translator.

#

# Note: you need to stop/start Postfix when this parameter changes.

#

#inet_interfaces = all

#inet_interfaces = $myhostname

#inet_interfaces = $myhostname, localhost

inet_interfaces = all

# The proxy_interfaces parameter specifies the network interface

# addresses that this mail system receives mail on by way of a

# proxy or network address translation unit. This setting extends

# the address list specified with the inet_interfaces parameter.

#

# You must specify your proxy/NAT addresses when your system is a

# backup MX host for other domains, otherwise mail delivery loops

# will happen when the primary MX host is down.

#

#proxy_interfaces =

#proxy_interfaces = 1.2.3.4

# The mydestination parameter specifies the list of domains that this

# machine considers itself the final destination for.

#

# These domains are routed to the delivery agent specified with the

# local_transport parameter setting. By default, that is the UNIX

# compatible delivery agent that lookups all recipients in /etc/passwd

# and /etc/aliases or their equivalent.

#

# The default is $myhostname + localhost.$mydomain.  On a mail domain

# gateway, you should also include $mydomain.

#

# Do not specify the names of virtual domains - those domains are

# specified elsewhere (see VIRTUAL_README).

#

# Do not specify the names of domains that this machine is backup MX

# host for. Specify those names via the relay_domains settings for

# the SMTP server, or use permit_mx_backup if you are lazy (see

# STANDARD_CONFIGURATION_README).

#

# The local machine is always the final destination for mail addressed

# to user@[the.net.work.address] of an interface that the mail system

# receives mail on (see the inet_interfaces parameter).

#

# Specify a list of host or domain names, /file/name or type:table

# patterns, separated by commas and/or whitespace. A /file/name

# pattern is replaced by its contents; a type:table is matched when

# a name matches a lookup key (the right-hand side is ignored).

# Continue long lines by starting the next line with whitespace.

#

# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".

#

#mydestination = $myhostname, localhost.$mydomain, localhost

#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,

#   mail.$mydomain, www.$mydomain, ftp.$mydomain

mydestination = $myhostname, localhost.$mydomain, $mydomain

# REJECTING MAIL FOR UNKNOWN LOCAL USERS

#

# The local_recipient_maps parameter specifies optional lookup tables

# with all names or addresses of users that are local with respect

# to $mydestination, $inet_interfaces or $proxy_interfaces.

#

# If this parameter is defined, then the SMTP server will reject

# mail for unknown local users. This parameter is defined by default.

#

# To turn off local recipient checking in the SMTP server, specify

# local_recipient_maps = (i.e. empty).

#

# The default setting assumes that you use the default Postfix local

# delivery agent for local delivery. You need to update the

# local_recipient_maps setting if:

#

# - You define $mydestination domain recipients in files other than

#   /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.

#   For example, you define $mydestination domain recipients in    

#   the $virtual_mailbox_maps files.

#

# - You redefine the local delivery agent in master.cf.

#

# - You redefine the "local_transport" setting in main.cf.

#

# - You use the "luser_relay", "mailbox_transport", or "fallback_transport"

#   feature of the Postfix local delivery agent (see local(8)).

#

# Details are described in the LOCAL_RECIPIENT_README file.

#

# Beware: if the Postfix SMTP server runs chrooted, you probably have

# to access the passwd file via the proxymap service, in order to

# overcome chroot restrictions. The alternative, having a copy of

# the system passwd file in the chroot jail is just not practical.

#

# The right-hand side of the lookup tables is conveniently ignored.

# In the left-hand side, specify a bare username, an @domain.tld

# wild-card, or specify a user@domain.tld address.

# 

#local_recipient_maps = unix:passwd.byname $alias_maps

#local_recipient_maps = proxy:unix:passwd.byname $alias_maps

#local_recipient_maps =

# The unknown_local_recipient_reject_code specifies the SMTP server

# response code when a recipient domain matches $mydestination or

# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty

# and the recipient address or address local-part is not found.

#

# The default setting is 550 (reject mail) but it is safer to start

# with 450 (try again later) until you are certain that your

# local_recipient_maps settings are OK.

#

unknown_local_recipient_reject_code = 550

# TRUST AND RELAY CONTROL

# The mynetworks parameter specifies the list of "trusted" SMTP

# clients that have more privileges than "strangers".

#

# In particular, "trusted" SMTP clients are allowed to relay mail

# through Postfix.  See the smtpd_recipient_restrictions parameter

# in postconf(5).

#

# You can specify the list of "trusted" network addresses by hand

# or you can let Postfix do it for you (which is the default).

#

# By default (mynetworks_style = subnet), Postfix "trusts" SMTP

# clients in the same IP subnetworks as the local machine.

# On Linux, this does works correctly only with interfaces specified

# with the "ifconfig" command.

# 

# Specify "mynetworks_style = class" when Postfix should "trust" SMTP

# clients in the same IP class A/B/C networks as the local machine.

# Don't do this with a dialup site - it would cause Postfix to "trust"

# your entire provider's network.  Instead, specify an explicit

# mynetworks list by hand, as described below.

#  

# Specify "mynetworks_style = host" when Postfix should "trust"

# only the local machine.

# 

#mynetworks_style = class

#mynetworks_style = subnet

#mynetworks_style = host

# Alternatively, you can specify the mynetworks list by hand, in

# which case Postfix ignores the mynetworks_style setting.

#

# Specify an explicit list of network/netmask patterns, where the

# mask specifies the number of bits in the network part of a host

# address.

#

# You can also specify the absolute pathname of a pattern file instead

# of listing the patterns here. Specify type:table for table-based lookups

# (the value on the table right-hand side is not used).

#

#mynetworks = 168.100.189.0/28, 127.0.0.0/8

#mynetworks = $config_directory/mynetworks

#mynetworks = hash:/etc/postfix/network_table

# The relay_domains parameter restricts what destinations this system will

# relay mail to.  See the smtpd_recipient_restrictions description in

# postconf(5) for detailed information.

#

# By default, Postfix relays mail

# - from "trusted" clients (IP address matches $mynetworks) to any destination,

# - from "untrusted" clients to destinations that match $relay_domains or

#   subdomains thereof, except addresses with sender-specified routing.

# The default relay_domains value is $mydestination.

# 

# In addition to the above, the Postfix SMTP server by default accepts mail

# that Postfix is final destination for:

# - destinations that match $inet_interfaces or $proxy_interfaces,

# - destinations that match $mydestination

# - destinations that match $virtual_alias_domains,

# - destinations that match $virtual_mailbox_domains.

# These destinations do not need to be listed in $relay_domains.

# 

# Specify a list of hosts or domains, /file/name patterns or type:name

# lookup tables, separated by commas and/or whitespace.  Continue

# long lines by starting the next line with whitespace. A file name

# is replaced by its contents; a type:name table is matched when a

# (parent) domain appears as lookup key.

#

# NOTE: Postfix will not automatically forward mail for domains that

# list this system as their primary or backup MX host. See the

# permit_mx_backup restriction description in postconf(5).

#

#relay_domains = $mydestination

# INTERNET OR INTRANET

# The relayhost parameter specifies the default host to send mail to

# when no entry is matched in the optional transport(5) table. When

# no relayhost is given, mail is routed directly to the destination.

#

# On an intranet, specify the organizational domain name. If your

# internal DNS uses no MX records, specify the name of the intranet

# gateway host instead.

#

# In the case of SMTP, specify a domain, host, host:port, [host]:port,

# [address] or [address]:port; the form [host] turns off MX lookups.

#

# If you're connected via UUCP, see also the default_transport parameter.

#

#relayhost = $mydomain

#relayhost = [gateway.my.domain]

#relayhost = [mailserver.isp.tld]

#relayhost = uucphost

#relayhost = [an.ip.add.ress]

# REJECTING UNKNOWN RELAY USERS

#

# The relay_recipient_maps parameter specifies optional lookup tables

# with all addresses in the domains that match $relay_domains.

#

# If this parameter is defined, then the SMTP server will reject

# mail for unknown relay users. This feature is off by default.

#

# The right-hand side of the lookup tables is conveniently ignored.

# In the left-hand side, specify an @domain.tld wild-card, or specify

# a user@domain.tld address.

# 

#relay_recipient_maps = hash:/etc/postfix/relay_recipients

# INPUT RATE CONTROL

#

# The in_flow_delay configuration parameter implements mail input

# flow control. This feature is turned on by default, although it

# still needs further development (it's disabled on SCO UNIX due

# to an SCO bug).

# 

# A Postfix process will pause for $in_flow_delay seconds before

# accepting a new message, when the message arrival rate exceeds the

# message delivery rate. With the default 100 SMTP server process

# limit, this limits the mail inflow to 100 messages a second more

# than the number of messages delivered per second.

# 

# Specify 0 to disable the feature. Valid delays are 0..10.

# 

#in_flow_delay = 1s

# ADDRESS REWRITING

#

# The ADDRESS_REWRITING_README document gives information about

# address masquerading or other forms of address rewriting including

# username->Firstname.Lastname mapping.

# ADDRESS REDIRECTION (VIRTUAL DOMAIN)

#

# The VIRTUAL_README document gives information about the many forms

# of domain hosting that Postfix supports.

# "USER HAS MOVED" BOUNCE MESSAGES

#

# See the discussion in the ADDRESS_REWRITING_README document.

# TRANSPORT MAP

#

# See the discussion in the ADDRESS_REWRITING_README document.

# ALIAS DATABASE

#

# The alias_maps parameter specifies the list of alias databases used

# by the local delivery agent. The default list is system dependent.

#

# On systems with NIS, the default is to search the local alias

# database, then the NIS alias database. See aliases(5) for syntax

# details.

# 

# If you change the alias database, run "postalias /etc/aliases" (or

# wherever your system stores the mail alias file), or simply run

# "newaliases" to build the necessary DBM or DB file.

#

# It will take a minute or so before changes become visible.  Use

# "postfix reload" to eliminate the delay.

#

#alias_maps = dbm:/etc/aliases

#alias_maps = hash:/etc/aliases

#alias_maps = hash:/etc/aliases, nis:mail.aliases

#alias_maps = netinfo:/aliases

# The alias_database parameter specifies the alias database(s) that

# are built with "newaliases" or "sendmail -bi".  This is a separate

# configuration parameter, because alias_maps (see above) may specify

# tables that are not necessarily all under control by Postfix.

#

#alias_database = dbm:/etc/aliases

#alias_database = dbm:/etc/mail/aliases

#alias_database = hash:/etc/aliases

#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases

# ADDRESS EXTENSIONS (e.g., user+foo)

#

# The recipient_delimiter parameter specifies the separator between

# user names and address extensions (user+foo). See canonical(5),

# local(8), relocated(5) and virtual(5) for the effects this has on

# aliases, canonical, virtual, relocated and .forward file lookups.

# Basically, the software tries user+foo and .forward+foo before

# trying user and .forward.

#

#recipient_delimiter = +

# DELIVERY TO MAILBOX

#

# The home_mailbox parameter specifies the optional pathname of a

# mailbox file relative to a user's home directory. The default

# mailbox file is /var/spool/mail/user or /var/mail/user.  Specify

# "Maildir/" for qmail-style delivery (the / is required).

#

#home_mailbox = Mailbox

#home_mailbox = Maildir/

 

# The mail_spool_directory parameter specifies the directory where

# UNIX-style mailboxes are kept. The default setting depends on the

# system type.

#

#mail_spool_directory = /var/mail

#mail_spool_directory = /var/spool/mail

# The mailbox_command parameter specifies the optional external

# command to use instead of mailbox delivery. The command is run as

# the recipient with proper HOME, SHELL and LOGNAME environment settings.

# Exception:  delivery for root is done as $default_user.

#

# Other environment variables of interest: USER (recipient username),

# EXTENSION (address extension), DOMAIN (domain part of address),

# and LOCAL (the address localpart).

#

# Unlike other Postfix configuration parameters, the mailbox_command

# parameter is not subjected to $parameter substitutions. This is to

# make it easier to specify shell syntax (see example below).

#

# Avoid shell meta characters because they will force Postfix to run

# an expensive shell process. Procmail alone is expensive enough.

#

# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN

# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.

#

#mailbox_command = /some/where/procmail

#mailbox_command = /some/where/procmail -a "$EXTENSION"

# The mailbox_transport specifies the optional transport in master.cf

# to use after processing aliases and .forward files. This parameter

# has precedence over the mailbox_command, fallback_transport and

# luser_relay parameters.

#

# Specify a string of the form transport:nexthop, where transport is

# the name of a mail delivery transport defined in master.cf.  The

# :nexthop part is optional. For more details see the sample transport

# configuration file.

#

# NOTE: if you use this feature for accounts not in the UNIX password

# file, then you must update the "local_recipient_maps" setting in

# the main.cf file, otherwise the SMTP server will reject mail for    

# non-UNIX accounts with "User unknown in local recipient table".

#

#mailbox_transport = lmtp:unix:/file/name

#mailbox_transport = cyrus

# The fallback_transport specifies the optional transport in master.cf

# to use for recipients that are not found in the UNIX passwd database.

# This parameter has precedence over the luser_relay parameter.

#

# Specify a string of the form transport:nexthop, where transport is

# the name of a mail delivery transport defined in master.cf.  The

# :nexthop part is optional. For more details see the sample transport

# configuration file.

#

# NOTE: if you use this feature for accounts not in the UNIX password

# file, then you must update the "local_recipient_maps" setting in

# the main.cf file, otherwise the SMTP server will reject mail for    

# non-UNIX accounts with "User unknown in local recipient table".

#

#fallback_transport = lmtp:unix:/file/name

#fallback_transport = cyrus

#fallback_transport =

# The luser_relay parameter specifies an optional destination address

# for unknown recipients.  By default, mail for unknown@$mydestination,

# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned

# as undeliverable.

#

# The following expansions are done on luser_relay: $user (recipient

# username), $shell (recipient shell), $home (recipient home directory),

# $recipient (full recipient address), $extension (recipient address

# extension), $domain (recipient domain), $local (entire recipient

# localpart), $recipient_delimiter. Specify ${name?value} or

# ${name:value} to expand value only when $name does (does not) exist.

#

# luser_relay works only for the default Postfix local delivery agent.

#

# NOTE: if you use this feature for accounts not in the UNIX password

# file, then you must specify "local_recipient_maps =" (i.e. empty) in

# the main.cf file, otherwise the SMTP server will reject mail for    

# non-UNIX accounts with "User unknown in local recipient table".

#

#luser_relay = $user@other.host

#luser_relay = $local@other.host

#luser_relay = admin+$local

  

# JUNK MAIL CONTROLS

# 

# The controls listed here are only a very small subset. The file

# SMTPD_ACCESS_README provides an overview.

# The header_checks parameter specifies an optional table with patterns

# that each logical message header is matched against, including

# headers that span multiple physical lines.

#

# By default, these patterns also apply to MIME headers and to the

# headers of attached messages. With older Postfix versions, MIME and

# attached message headers were treated as body text.

#

# For details, see "man header_checks".

#

#header_checks = regexp:/etc/postfix/header_checks

# FAST ETRN SERVICE

#

# Postfix maintains per-destination logfiles with information about

# deferred mail, so that mail can be flushed quickly with the SMTP

# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld".

# See the ETRN_README document for a detailed description.

# 

# The fast_flush_domains parameter controls what destinations are

# eligible for this service. By default, they are all domains that

# this server is willing to relay mail to.

# 

#fast_flush_domains = $relay_domains

# SHOW SOFTWARE VERSION OR NOT

#

# The smtpd_banner parameter specifies the text that follows the 220

# code in the SMTP server's greeting banner. Some people like to see

# the mail version advertised. By default, Postfix shows no version.

#

# You MUST specify $myhostname at the start of the text. That is an

# RFC requirement. Postfix itself does not care.

#

#smtpd_banner = $myhostname ESMTP $mail_name

#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)

# PARALLEL DELIVERY TO THE SAME DESTINATION

#

# How many parallel deliveries to the same user or domain? With local

# delivery, it does not make sense to do massively parallel delivery

# to the same user, because mailbox updates must happen sequentially,

# and expensive pipelines in .forward files can cause disasters when

# too many are run at the same time. With SMTP deliveries, 10

# simultaneous connections to the same domain could be sufficient to

# raise eyebrows.

# 

# Each message delivery transport has its XXX_destination_concurrency_limit

# parameter.  The default is $default_destination_concurrency_limit for

# most delivery transports. For the local delivery agent the default is 2.

#local_destination_concurrency_limit = 2

#default_destination_concurrency_limit = 20

# DEBUGGING CONTROL

#

# The debug_peer_level parameter specifies the increment in verbose

# logging level when an SMTP client or server host name or address

# matches a pattern in the debug_peer_list parameter.

#

debug_peer_level = 2

# The debug_peer_list parameter specifies an optional list of domain

# or network patterns, /file/name patterns or type:name tables. When

# an SMTP client or server host name or address matches a pattern,

# increase the verbose logging level by the amount specified in the

# debug_peer_level parameter.

#

#debug_peer_list = 127.0.0.1

#debug_peer_list = some.domain

# The debugger_command specifies the external command that is executed

# when a Postfix daemon program is run with the -D option.

#

# Use "command .. & sleep 5" so that the debugger can attach before

# the process marches on. If you use an X-based debugger, be sure to

# set up your XAUTHORITY environment variable before starting Postfix.

#

debugger_command =

    PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin

    xxgdb $daemon_directory/$process_name $process_id & sleep 5

# If you can't use X, use this to capture the call stack when a

# daemon crashes. The result is in a file in the configuration

# directory, and is named after the process name and the process ID.

#

# debugger_command =

#   PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont;

#   echo where) | gdb $daemon_directory/$process_name $process_id 2>&1

#   >$config_directory/$process_name.$process_id.log & sleep 5

#

# Another possibility is to run gdb under a detached screen session.

# To attach to the screen sesssion, su root and run "screen -r

# <id_string>" where <id_string> uniquely matches one of the detached

# sessions (from "screen -list").

#

# debugger_command =

#   PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen

#   -dmS $process_name gdb $daemon_directory/$process_name

#   $process_id & sleep 1

# INSTALL-TIME CONFIGURATION INFORMATION

#

# The following parameters are used when installing a new Postfix version.

# 

# sendmail_path: The full pathname of the Postfix sendmail command.

# This is the Sendmail-compatible mail posting interface.

# 

sendmail_path = /usr/sbin/sendmail

# newaliases_path: The full pathname of the Postfix newaliases command.

# This is the Sendmail-compatible command to build alias databases.

#

newaliases_path = /usr/bin/newaliases

# mailq_path: The full pathname of the Postfix mailq command.  This

# is the Sendmail-compatible mail queue listing command.

# 

mailq_path = /usr/bin/mailq

# setgid_group: The group for mail submission and queue management

# commands.  This must be a group name with a numerical group ID that

# is not shared with other accounts, not even with the Postfix account.

#

setgid_group = postdrop

# html_directory: The location of the Postfix HTML documentation.

#

html_directory = /usr/share/doc/postfix-2.4.5/html

# manpage_directory: The location of the Postfix on-line manual pages.

#

manpage_directory = /usr/share/man

# sample_directory: The location of the Postfix sample configuration files.

# This parameter is obsolete as of Postfix 2.1.

#

sample_directory = /etc/postfix

# readme_directory: The location of the Postfix README files.

#

readme_directory = /usr/share/doc/postfix-2.4.5/readme

home_mailbox = .maildir/

smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous

broken_sasl_auth_clients = yes

smtpd_recipient_restrictions =

        permit_sasl_authenticated

        ,reject_unauth_destination

```

I'm new to the mail server scene, I followed a manual for a single domain postfix install, with .maildir mail-storage. Auth trough sasl (?) so my system users can relay mail from my own server (pam). Sorry if I mix things up.

----------

## magic919

No probs.  Good to see DSPAM running.

You do need to remove that whitespace to the left of 127.0.0.1 in master.cf.

----------

## MaartenZzZ

Okay, I now have two deamons running, yeehaa!

```
NewYork ~ # netstat -tunlp | grep master

tcp        0      0 127.0.0.1:10025         0.0.0.0:*               LISTEN      7728/master

tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      7728/master

```

But, are things working now? haha, how can I test it?

Is emerging dspam-web a good idea to test it? I want to know if my current construction works.

I didn't add:

```
 smtpd_recipient_restrictions =

        permit_mynetworks

        reject_unauth_destination

        check_recipient_access pcre:/etc/postfix/dspam_incoming

        permit
```

because I have:

```
smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous

broken_sasl_auth_clients = yes

smtpd_recipient_restrictions =

        permit_sasl_authenticated

        ,reject_unauth_destination

```

Or is it no problem?

 *Quote:*   

> No, I lied. It quarantines it in a mailbox file /var/spool/dspam/data/local/dspam/dspam.mbox . If you don't like this, you can change DSPAM to deliver. All the email gets tagged in the headers.

 

I don't have that file. Am I doing things wrong?

I have:

```
NewYork dspam # ls

opt-in  opt-out

```

Thank you very much!

----------

## magic919

You will need to use the bit

```

check_recipient_access pcre:/etc/postfix/dspam_incoming

```

That's the bit that makes it scan incoming email only.

Adding it to yours would give

```

smtpd_recipient_restrictions =

        permit_sasl_authenticated

        reject_unauth_destination

        check_recipient_access pcre:/etc/postfix/dspam_incoming

```

So it allows your sasl auth email and rejects unauth_destination and then DSPAM scans the rest.

You won't have an mbox file until it quarantines your first message.

I would suggest emerging the web interface.

Sounds like you are on track.

----------

## MaartenZzZ

All done. Reloaded Postfix. Now waiting for some spam   :Wink: 

----------

## MaartenZzZ

Woops... incoming mail isn't working!

Can you give me some hints?  :Smile: 

----------

## magic919

If you have a fairly standard setup then Postfix will be logging to /var/log/maillog.  I'd basically tail the Postfix log as Postfix and DSPAM will both be logging there.  Watch for errors.

----------

## MaartenZzZ

These are the errors:

```
Jan  4 20:09:28 [postfix/smtpd] fatal: open /etc/postfix/dspam_incoming: No such file or directory

Jan  4 20:09:29 [postfix/master] warning: process /usr/lib64/postfix/smtpd pid 13265 exit status 1

Jan  4 20:09:29 [postfix/master] warning: /usr/lib64/postfix/smtpd: bad command startup -- throttling

Jan  4 20:09:30 [postfix/postfix-script] stopping the Postfix mail system

Jan  4 20:09:30 [postfix/master] terminating on signal 15

Jan  4 20:09:30 [postfix/postfix-script] starting the Postfix mail system

Jan  4 20:09:30 [postfix/master] daemon started -- version 2.4.5, configuration /etc/postfix

Jan  4 20:09:30 [postfix/smtpd] fatal: open /etc/postfix/dspam_incoming: No such file or directory

Jan  4 20:09:31 [postfix/master] warning: process /usr/lib64/postfix/smtpd pid 13381 exit status 1

Jan  4 20:09:31 [postfix/master] warning: /usr/lib64/postfix/smtpd: bad command startup -- throttling

Jan  4 20:10:31 [postfix/smtpd] fatal: open /etc/postfix/dspam_incoming: No such file or directory

Jan  4 20:10:32 [postfix/master] warning: process /usr/lib64/postfix/smtpd pid 13467 exit status 1

Jan  4 20:10:32 [postfix/master] warning: /usr/lib64/postfix/smtpd: bad command startup -- throttling

Jan  4 20:11:32 [postfix/smtpd] fatal: open /etc/postfix/dspam_incoming: No such file or directory

Jan  4 20:11:34 [postfix/master] warning: process /usr/lib64/postfix/smtpd pid 13469 exit status 1

Jan  4 20:11:34 [postfix/master] warning: /usr/lib64/postfix/smtpd: bad command startup -- throttling

Jan  4 20:12:34 [postfix/smtpd] fatal: open /etc/postfix/dspam_incoming: No such file or directory

```

```
NewYork dspam # cd /var/log/dspam/

NewYork dspam # ls

```

Noting in it?

----------

## magic919

Looks like you missed a step from the wiki.

```

fatal: open /etc/postfix/dspam_incoming: No such file or directory

```

You need to create the file /etc/postfix/dspam_incoming.  At the bottom of here

http://gentoo-wiki.com/HOWTO_Spam_Filtering_with_DSPAM_and_Postfix#Are_we_there_yet.3F

----------

## MaartenZzZ

It's running.. only, I get this e-mail: (Cron <root@NewYork> test -x /usr/sbin/run-crons && /usr/sbin/run-crons)

 *Quote:*   

> ERROR 1146 (42S02) at line 5: Table 'dspam.dspam_token_data' doesn't exist
> 
> MySQL purge script returned error code 1

 

The database content is not copied to the database. Normal?  :Smile: 

/var/log/mail/current says:

```
Jan  5 04:04:58 [postfix/smtpd] NOQUEUE: filter: RCPT from relais-ias91.francetelecom.com[193.251.215.91]: <maartenz@mydomain>: Recipient address triggers FILTER dspam:unix:/var/run/dspam/dspam.sock; from=<> to=<maartenz@mydomain> proto=ESMTP helo=<relais-inet.francetelecom.com>

```

And:

```
Jan  5 04:04:59 [postfix/lmtp] D4CD28226E2: to=<maartenz@mydomain>, relay=mail.mydomain[/var/run/dspam/dspam.sock], delay=0.29, delays=0.06/0/0/0.22, dsn=2.6.0, status=sent (250 2.6.0 <maartenz@mydomain> Message accepted for delivery)

```

Looks good?

Thanks!

----------

## magic919

You could check the dspam database for tables.  Mine has

```

mysql> show tables;

+----------------------+

| Tables_in_dspam      |

+----------------------+

| dspam_preferences    |

| dspam_signature_data |

| dspam_stats          |

| dspam_token_data     |

| dspam_virtual_uids   |

+----------------------+

5 rows in set (0.00 sec)

```

Might just be your lack of data.

Looks to be doing stuff from the log.

Run dspam_stats -H to see the emails scoring.

----------

## MaartenZzZ

Mine is totally empty.

```
NewYork ~ # dspam_stats -H

NewYork ~ #

```

 :Sad: 

----------

## steveb

You probably missed the following command:

```
emerge --config =dspam-3.8.0-r9
```

Could you post your /etc/mail/dspam/dspam.conf file?

// SteveB

----------

## MaartenZzZ

```
## $Id: dspam.conf.in,v 1.82 2006/06/23 03:11:31 jonz Exp $

## dspam.conf -- DSPAM configuration file

##

#

# DSPAM Home: Specifies the base directory to be used for DSPAM storage

#

Home /var/spool/dspam

#

# StorageDriver: Specifies the storage driver backend (library) to use.

# You'll only need to set this if you are using dynamic storage driver plugins

# from a binary distribution. The default build statically links the storage

# driver (when only one is specified at configure time), overriding this

# setting, which only comes into play if multiple storage drivers are specified

# at configure time. When using dynamic linking, be sure to include the path 

# to the library if necessary, and some systems may use an extension other 

# than .so (e.g. OSX uses .dylib).

#

# Options include:

#

#   libmysql_drv.so     libpgsql_drv.so   libsqlite_drv.so

#   libsqlite3_drv.so   libhash_drv.so

#

# IMPORTANT: Switching storage drivers requires more than merely changing

# this option. If you do not wish to lose all of your data, you will need to

# migrate it to the new backend before making this change.

#

StorageDriver /usr/lib64/dspam/libmysql_drv.so

#

# Trusted Delivery Agent: Specifies the local delivery agent DSPAM should call 

# when delivering mail as a trusted user. Use %u to specify the user DSPAM is 

# processing mail for. It is generally a good idea to allow the MTA to specify 

# the pass-through arguments at run-time, but they may also be specified here.

#

# Most operating system defaults:

#TrustedDeliveryAgent "/usr/bin/procmail"       # Linux

#TrustedDeliveryAgent "/usr/bin/mail"           # Solaris

#TrustedDeliveryAgent "/usr/libexec/mail.local" # FreeBSD

#TrustedDeliveryAgent "/usr/bin/procmail"       # Cygwin

#

# Other popular configurations:

#TrustedDeliveryAgent "/usr/cyrus/bin/deliver"   # Cyrus

#TrustedDeliveryAgent "/bin/maildrop"      # Maildrop

#TrustedDeliveryAgent "/usr/local/sbin/exim -oMr spam-scanned" # Exim

#

TrustedDeliveryAgent "/usr/bin/procmail"

#

# Untrusted Delivery Agent: Specifies the local delivery agent and arguments

# DSPAM should use when delivering mail and running in untrusted user mode.

# Because DSPAM will not allow pass-through arguments to be specified to 

# untrusted users, all arguments should be specified here. Use %u to specify

# the user DSPAM is processing mail for. This configuration parameter is only 

# necessary if you plan on allowing untrusted processing.

#

#UntrustedDeliveryAgent "/usr/bin/procmail -d %u"

#

# SMTP or LMTP Delivery: Alternatively, you may wish to use SMTP or LMTP 

# delivery to deliver your message to the mail server instead of using a

# delivery agent. You will need to configure with --enable-daemon to use host 

# delivery, however you do not need to operate in daemon mode. Specify an IP 

# address or UNIX path to a domain socket below as a host.

#

# If you would like to set up DeliveryHost's on a per-domain basis, use

# the syntax: DeliveryHost.domain.com 1.2.3.4

#

#DeliveryHost        127.0.0.1

#DeliveryPort        24

#DeliveryIdent       localhost

#DeliveryProto       LMTP

DeliveryHost        127.0.0.1

DeliveryPort        10025

DeliveryIdent       localhost

DeliveryProto       SMTP

#

# FallbackDomains: If you want to specify certain domains as fallback domains,

# enable this option. For example, you could create a user @domain.com, and

# if bob@domain.com does not resolve to a known user on the system, the user

# could default to your @domain.com user. NOTE: This also requires designating

# fallbackDomain for the domain name; 

# e.g. dspam_admin ch pref domain.com fallbackDomain on 

#

#FallbackDomains on

#

# Quarantine Agent: DSPAM's default behavior is to quarantine all mail it 

# thinks is spam. If you wish to override this behavior, you may specify

# a quarantine agent which will be called with all messages DSPAM thinks is

# spam. Use %u to specify the user DSPAM is processing mail for.

#

#QuarantineAgent   "/usr/bin/procmail -d spam"

#

# DSPAM can optionally process "plused users" (addresses in the user+detail

# form) by truncating the username just before the "+", so all internal

# processing occurs for "user", but delivery will be performed for

# "user+detail". This is only useful if the LDA can handle "plused users"

# (for example Cyrus IMAP) and when configured for LMTP delivery above

#

#EnablePlusedDetail   on

#

# Quarantine Mailbox: DSPAM's LMTP code can send spam mail using LMTP to a 

# "plused" mailbox (such as user+quarantine) leaving quarantine processing

# for retraining or deletion to be performed by the LDA and the mail client.

# "plused" mailboxes are supported by Cyrus IMAP and possibly other LDAs.

# The mailbox name must have the +

#

#QuarantineMailbox   +quarantine

#

# OnFail: What to do if local delivery or quarantine should fail. If set

# to "unlearn", DSPAM will unlearn the message prior to exiting with an

# un successful return code. The default option, "error" will not unlearn

# the message but return the appropriate error code. The unlearn option

# is use-ful on some systems where local delivery failures will cause the

# message to be requeued for delivery, and could result in the message

# being processed multiple times. During a very large failure, however, 

# this could cause a significant load increase.

#

OnFail error

#

# Trusted Users: Only the users specified below will be allowed to perform

# administrative functions in DSPAM such as setting the active user and

# accessing tools. All other users attempting to run DSPAM will be restricted;

# their uids will be forced to match the active username and they will not be

# able to specify delivery agent privileges or use tools.

#

Trust root

Trust dspam

Trust apache

Trust mail

Trust mailnull 

Trust smmsp

Trust daemon

#Trust nobody

#Trust majordomo

Trust filter

#

# Debugging: Enables debugging for some or all users. IMPORTANT: DSPAM must

# be compiled with debug support in order to use this option. DSPAM should

# never be running in production with debug active unless you are 

# troubleshooting problems.

#

# DebugOpt: One or more of: process, classify, spam, fp, inoculation, corpus

#   process     standard message processing

#   classify    message classification using --classify

#   spam        error correction of missed spam

#   fp          error correction of false positives

#   inoculation message inoculations (source=inoculation)

#   corpus      corpusfed messages (source=corpus)

#

#Debug *

#Debug bob bill

#

#DebugOpt process spam fp

#

# ClassAlias: Alias a particular class to spam/nonspam. This is useful if

# classifying things other than spam.

#

#ClassAliasSpam badstuff

#ClassAliasNonspam goodstuff

#

# Training Mode: The default training mode to use for all operations, when

# one has not been specified on the commandline or in the user's preferences.

# Acceptable values are: 

#     toe     Train on Error (Only)

#     teft    Train Everything (Trains on every message)

#     tum     Train Until Mature (Train only tokens without enough data)

#     notrain Do not train or store signatures (large ISP systems, post-train)

#

TrainingMode teft

#

# TestConditionalTraining: By default, dspam will retrain certain errors

# until the condition is no longer met. This usually accelerates learning.

# Some people argue that this can increase the risk of errors, however.

#

TestConditionalTraining on

#

# Features: Specify features to activate by default; can also be specified

# on the commandline. See the documentation for a list of available features.

# If _any_ features are specified on the commandline, these are ignored.

#

#Feature noise

Feature whitelist

# Training Buffer: The training buffer waters down statistics during training.

# It is designed to prevent false positives, but can also dramatically reduce

# dspam's catch rate during initial training. This can be a number from 0

# (no buffering) to 10 (maximum buffering). If you are paranoid about false

# positives, you should probably enable this option.

#

#Feature tb=5

#

# Algorithms: Specify the statistical algorithms to use, overriding any

# defaults configured in the build. The options are:

#    naive       Naive-Bayesian (All Tokens)

#    graham      Graham-Bayesian ("A Plan for Spam")

#    burton      Burton-Bayesian (SpamProbe)

#    robinson    Robinson's Geometric Mean Test (Obsolete)

#    chi-square  Fisher-Robinson's Chi-Square Algorithm

#

# You may have multiple algorithms active simultaneously, but it is strongly

# recommended that you group Bayesian algorithms with other Bayesian

# algorithms, and any use of Chi-Square remain exclusive.

#

# NOTE: For standard "CRM114" Markovian weighting, use 'naive', or consider

#       using 'burton' for slightly better accuracy

#

# Don't mess with this unless you know what you're doing

#

#Algorithm chi-square

#Algorithm naive

Algorithm graham burton

#

# Tokenizer: Specify the tokenizer to use. The tokenizer is the piece

# responsible for parsing the message into individual tokens. Depending on

# how many resources you are willing to trade off vs. accuracy, you may

# choose to use a less or more detailed tokenizer:

#   word    uniGram (single word) tokenizer

#           Tokenizes message into single individual words/tokens

#           example: "free" and "viagra"

#   chain   biGram (chained tokens) tokenizer (default)

#           Single words + chains adjacent tokens together

#           example: "free" and "viagra" and "free viagra"

#   sbph    Sparse Binary Polynomial Hashing tokenizer

#           Creates sparse token patterns across sliding window of 5-tokens

#           example: "the quick * fox jumped" and "the * * fox jumped"

#   osb     Orthogonal Sparse biGram

#           Similar to SBPH, but only uses the biGrams

#           example: "the * * fox" and "the * * * jumped"

#

Tokenizer chain

#

# PValue: Specify the technique used for calculating Probability Values, 

# overriding any defaults configured in the build. These options are:

#    bcr         Bayesian Chain Rule (Graham's Technique - "A Plan for Spam")

#    robinson    Robinson's Technique (used in Chi-Square) 

#    markov      Markovian Weighted Technique (for Markovian discrimination)

#

# Unlike the "Algorithms" property, you may only have one of these defined. 

# Use of the chi-square algorithm automatically changes this to robinson.

#

# Don't mess with this unless you know what you're doing.

#

#PValue robinson

#PValue markov

PValue bcr

#

# WebStats: Enable this if you are using the CGI, which writes .stats files

WebStats on

#

# ImprobabilityDrive: Calculate odds-ratios for ham/spam, and add to

# X-DSPAM-Improbability headers

#

#ImprobabilityDrive on

#

# Preferences: Specify any preferences to set by default, unless otherwise

# overridden by the user (see next section) or a default.prefs file.

# If user or default.prefs are found, the user's preferences will override any

# defaults.

#

Preference "spamAction=quarantine"

Preference "signatureLocation=message"   # 'message' or 'headers'

#Preference "showFactors=on"

Preference "showFactors=off" # changed from on

#Preference "spamAction=tag"

#Preference "spamSubject=SPAM"

#

# Overrides: Specifies the user preferences which may override configuration

# and commandline defaults. Any other preferences supplied by an untrusted user

# will be ignored.

#

AllowOverride trainingMode

AllowOverride spamAction spamSubject

AllowOverride statisticalSedation

AllowOverride enableBNR

AllowOverride enableWhitelist

AllowOverride signatureLocation

AllowOverride showFactors

AllowOverride optIn optOut

AllowOverride whitelistThreshold

# --- MySQL ---

#

# Storage driver settings: Specific to a particular storage driver. Uncomment

# the configuration specific to your installation, if applicable.

#

MySQLServer       /var/run/mysqld/mysqld.sock

MySQLPort 3306

MySQLUser            dspam

MySQLPass          1761218102256192588

MySQLDb              dspam

MySQLCompress      false

#MySQLReconnect      true

# If you are using replication for clustering, you can also specify a separate

# server to perform all writes to.

#

#MySQLWriteServer   /var/lib/mysql/mysql.sock

#MySQLWritePort      

#MySQLWriteUser      dspam

#MySQLWritePass      changeme

#MySQLWriteDb      dspam_write

MySQLCompress      false

#MySQLReconnect      true

# If your replication isn't close to real-time, your retraining might fail if 

# the  signature isn't found. One workaround for this is to use the write

# database for all signature reads:

#

#MySQLReadSignaturesFromWriteDb   on

# Use this if you have the 4.1 quote bug (see doc/mysql.txt)

#MySQLSupressQuote   on

# If you're running DSPAM in client/server (daemon) mode, uncomment the

# setting below to override the default connection cache size (the number

# of connections the server pools between all clients). The connection cache

# represents the maximum number of database connections *available* and should

# be set based on the maximum number of concurrent connections you're likely

# to have. Each connection may be used by only one thread at a time, so all

# other threads _will block_ until another connection becomes available.

#

#MySQLConnectionCache   10

# If you're using vpopmail or some other type of virtual setup and wish to

# change the table dspam uses to perform username/uid lookups, you can over-

# ride it below

#MySQLVirtualTable          dspam_virtual_uids

#MySQLVirtualUIDField       uid

#MySQLVirtualUsernameField  username

# UIDInSignature: MySQL supports the insertion of the user id into the DSPAM 

# signature. This allows you to create one single spam or fp alias 

# (pointing to some arbitrary user), and the uid in the signature will

# switch to the correct user. Result: you need only one spam alias 

#MySQLUIDInSignature    on

# --- PostgreSQL ---

#PgSQLServer       127.0.0.1

#PgSQLPort         5432

#PgSQLUser         dspam

#PgSQLPass         changeme

#PgSQLDb           dspam

# If you're running DSPAM in client/server (daemon) mode, uncomment the

# setting below to override the default connection cache size (the number

# of connections the server pools between all clients).

#

#PgSQLConnectionCache   3

# UIDInSignature: PgSQL supports the insertion of the user id into the DSPAM 

# signature. This allows you to create one single spam or fp alias 

# (pointing to some arbitrary user), and the uid in the signature will

# switch to the correct user. Result: you need only one spam alias

#PgSQLUIDInSignature   on 

# If you're using vpopmail or some other type of virtual setup and wish to

# change the table dspam uses to perform username/uid lookups, you can over-

# ride it below

#PgSQLVirtualTable          dspam_virtual_uids

#PgSQLVirtualUIDField       uid

#PgSQLVirtualUsernameField  username

# --- SQLite ---

#SQLitePragma   "synchronous = OFF"

# --- Hash ---

#

# HashRecMax: Default number of records to create in the initial segment when

# building hash files. 100,000 yields files 1.6MB in size, but can fill up

# fast, so be sure to increase this (to a million or more) if you're not using

# autoextend.

#

# NOTE: If you're using a heavy-weight tokenizer, such as SBPH, you should be

#       looking for settings in the 'millions' of records.

#

# Primes List:

#  53, 97, 193, 389, 769, 1543, 3079, 6151, 12289, 24593, 49157, 98317, 196613,

#  393241, 786433, 1572869, 3145739, 6291469, 12582917, 25165843, 50331653, 

#  100663319, 201326611, 402653189, 805306457, 1610612741, 3221225473, 

#  4294967291

#

HashRecMax      98317

#

# HashAutoExtend: Autoextend hash databases when they fill up. This allows

# them to continue to train by adding extents (extensions) to the file. There 

# will be a small delay during the growth process, as everything needs to be 

# closed and remapped. 

#

HashAutoExtend      on  

#

# HashMaxExtents: The maximum number of extents that may be created in a single

# hash file. Set this to zero for unlimited

#

HashMaxExtents      0

#

# HashExtentSize: The initial record size for newly created extents. Creating 

# this too small could result in many extents being created. Creating this too 

# large could result in excessive disk space usage. Typically, a value close 

# to half of the HashRecMax size is good.

#

HashExtentSize      49157

#

# HashPctIncrease: Increase the next extent size by n% from the size of the

# last extent. This is useful in accommodating systems where the default 

# HashExtentSize can be too small for certain high-volume users, and can also

# help keep seeks nice and speedy and/or prevent too many unnecessary extents 

# from being created when using a low HashMaxSeek. The default behavior, when 

# HashPctIncrease is not used, is to always use # HashExtentSize with no 

# increase.

#

HashPctIncrease 10

#

# HashMaxSeek: The maximum number of record seeks when inserting a new record

# before failing or adding a new extent. This ultimately translates into the

# max # of acceptable seeks per segment. Setting this too high will exhaustively

# scan each segment and hurt performance. Typically, a low value is acceptable

# as even older extents will continue to fill as training progresses.

#

HashMaxSeek      10

#

# HashConcurrentUser: If you are using a single, stateful hash database in

# daemon mode, specifying a concurrent user below will cause the user to be 

# permanently mapped into memory and shared via rwlocks. This is very fast and

# very cool if you are running a "userless" relay appliance.

#

#HashConcurrentUser   user

#

# HashConnectionCache: If running in daemon mode, this is the max # of

# concurrent connections that will be supported. NOTE: If you are using

# HashConcurrentUser, this option is ignored, as all connections are read-

# write locked instead of mutex locked.

#

HashConnectionCache   10

# -- LDAP --

#

# LDAP: Perform various LDAP functions depending on LDAPMode variable.

# Presently, the only mode supported is 'verify', which will verify the 

# existence of an unknown user in LDAP prior to creating them as a new user in 

# the system.  This is useful on some systems acting as gateway machines.

#

#LDAPMode   verify

#LDAPHost   ldaphost.mydomain.com

#LDAPFilter   "(mail=%u)"

#LDAPBase   ou=people,dc=domain,dc=com

# -- Profiles --

#

# You can specify multiple storage profiles, and specify the server to

# use on the commandline with --profile. For example:

#

#Profile DECAlpha

#MySQLServer.DECAlpha   10.0.0.1

#MySQLPort.DECAlpha     3306

#MySQLUser.DECAlpha     dspam

#MySQLPass.DECAlpha     changeme

#MySQLDb.DECAlpha       dspam

#MySQLCompress.DECAlpha true

#MySQLReconnect.DECAlpha   true

#

#Profile Sun420R

#MySQLServer.Sun420R    10.0.0.2

#MySQLPort.Sun420R      3306

#MySQLUser.Sun420R      dspam

#MySQLPass.Sun420R      changeme

#MySQLDb.Sun420R        dspam

#MySQLCompress.Sun420R  false

#MySQLReconnect.Sun420R   true

#

#DefaultProfile DECAlpha

#

# If you're using storage profiles, you can set failovers for each profile.

# Of course, if you'll be failing over to another database, that database

# must have the same information as the first. If you're using a global

# database with no training, this should be relatively simple. If you're

# configuring per-user data, however, you'll need to set up some type of

# replication between databases.

#

#Failover.DECAlpha      SUN420R

#Failover.Sun420R       DECAlpha

# If the storage fails, the agent will follow each profile's failover up to

# a maximum number of failover attempts. This should be set to a maximum of

# the number of profiles you have, otherwise the agent could loop and try

# the same profile multiple times (unless this is your desired behavior).

#

#FailoverAttempts       1

#

# Ignored headers: If DSPAM is behind other tools which may add a header to

# incoming emails, it may be beneficial to ignore these headers - especially

# if they are coming from another spam filter. If you are _not_ using one of

# these tools, however, leaving the appropriate headers commented out will

# allow DSPAM to use them as telltale signs of forged email.

#

#IgnoreHeader X-Spam-Status

#IgnoreHeader X-Spam-Scanned

#IgnoreHeader X-Virus-Scanner-Result

#

# Lookup: Perform lookups on streamlined blackhole list servers (see

# http://www.nuclearelephant.com/projects/sbl/). The streamlined blacklist

# server is machine-automated, unsupervised blacklisting system designed to

# provide real-time and highly accurate blacklisting based on network spread.

# When performing a lookup, DSPAM will automatically learn the inbound message 

# as spam if the source IP is listed. Until an official public RABL server is 

# available, this feature is only useful if you are running your own 

# streamlined blackhole list server for internal reporting among multiple mail 

# servers. Provide the name of the lookup zone below to use.

#

# This function performs standard reverse-octet.domain lookups, and while it

# will function with many RBLs, it's strongly discouraged to use those

# maintained by humans as they're often inaccurate and could hurt filter

# learning and accuracy.

#

#Lookup   "sbl.yourdomain.com"

#

# RBLInoculate: If you want to inoculate the user from RBL'd messages it would

# have otherwise missed, set this to on.

#

#RBLInoculate off

#

# Notifications: Enable the sending of notification emails to users (first

# message, quarantine full, etc.)

#

Notifications   off

#

# Purge configuration: Set dspam_clean purge default options, if not otherwise

# specified on the commandline

#

#PurgeSignatures 14          # Stale signatures

#PurgeNeutral    90          # Tokens with neutralish probabilities

#PurgeUnused     90          # Unused tokens

#PurgeHapaxes    30          # Tokens with less than 5 hits (hapaxes)

#PurgeHits1S   15          # Tokens with only 1 spam hit

#PurgeHits1I   15          # Tokens with only 1 innocent hit

#

# Purge configuration for SQL-based installations using purge.sql

#

PurgeSignature   off # Specified in purge.sql

PurgeNeutral   90

PurgeUnused    off # Specified in purge.sql

PurgeHapaxes   off # Specified in purge.sql

PurgeHits1S    off # Specified in purge.sql

PurgeHits1I    off # Specified in purge.sql

#

# Local Mail Exchangers: Used for source address tracking, tells DSPAM which

# mail exchangers are local and therefore should be ignored in the Received:

# header when tracking the source of an email. Note: you should use the address

# of the host as appears between brackets [ ] in the Received header.

#

LocalMX 127.0.0.1

#

# Logging: Disabling logging for users will make usage graphs unavailable to

# them. Disabling system logging will make admin graphs unavailable.

#

SystemLog on

UserLog   on

#

# TrainPristine: for systems where the original message remains server side 

# and can therefore be presented in pristine format for retraining. This option

# will cause DSPAM to cease all writing of signatures and DSPAM headers to the 

# message, and deliver the message in as pristine format as possible. This mode

# REQUIRES that the original message in its pristine format (as of delivery) 

# be presented for retraining, as in the case of webmail, imap, or other 

# applications where the message is actually kept server-side during reading, 

# and is preserved. DO NOT use this switch unless the original message can be 

# presented for retraining with the ORIGINAL HEADERS and NO MODIFICATIONS.

#

# NOTE: You can't use this setting with dspam_trian; if you're going to use it,

#       wait until after you train any corpora.

#

#TrainPristine on

#

# Opt: in or out; determines DSPAM's default filtering behavior. If this value

# is set to in, users must opt-in to filtering by dropping a .dspam file in

# /var/dspam/opt-in/user.dspam (or if you have homedirs configured, a .dspam

# folder in their home directory).  The default is opt-out, which means all 

# users will be filtered unless a .nodspam file is dropped in 

# /var/dspam/opt-out/user.nodspam

#

Opt out

#

# TrackSources: specify which (if any) source addresses to track and report

# them to syslog (mail.info). This is useful if you're running a firewall or

# blacklist and would like to use this information. Spam reporting also drops

# RABL blacklist files (see http://www.nuclearelephant.com/projects/rabl/). 

#

#TrackSources spam nonspam

#

# ParseToHeaders: In lieu of setting up individual aliases for each user,

# DSPAM can be configured to automatically parse the To: address for spam and

# false positive forwards. From there, it can be configured to either set the

# DSPAM user based on the username specified in the header and/or change the

# training class and source accordingly. The options below can be used to 

# customize most common types of header parsing behavior to avoid the need for

# multiple aliases, or if using LMTP, aliases entirely..

#

# ParseToHeader: Parse the To: headers of an incoming message. This must be

#                set to 'on' to use either of the following features.

# 

# ChangeModeOnParse: Automatically change the class (to spam or innocent)

#   depending on whether spam- or notspam- was specified, and change the source

#   to 'error'. This is convenient if you're not using aliases at all, but

#   are delivering via LMTP.

#

# ChangeUserOnParse: Automatically change the username to match that specified

#   in the To: header. For example, spam-bob@domain.tld will set the username

#   to bob, ignoring any --user passed in. This may not always be desirable if

#   you are using virtual email addresses as usernames. Options:

#     on or user   take the portion before the @ sign only

#     full      take everything after the initial {spam,notspam}-.

#

#ParseToHeaders on

#ChangeModeOnParse on

#ChangeUserOnParse on

#

# Broken MTA Options: Some MTAs don't support the proper functionality

# necessary. In these cases you can activate certain features in DSPAM to

# compensate. 'returnCodes' causes DSPAM to return an exit code of 99 if

# the message is spam, 0 if not, or a negative code if an error has occured.

# Specifying 'case' causes DSPAM to force the input usernames to lowercase.

# Spceifying 'lineStripping' causes DSPAM to strip ^M's from messages passed

# in.

#

#Broken returnCodes

#Broken case

#Broken lineStripping

#

# MaxMessageSize: You may specify a maximum message size for DSPAM to process.

# If the message is larger than the maximum size, it will be delivered 

# without processing. Value is in bytes.

#

#MaxMessageSize 4194304

#

# Virus Checking: If you are running clamd, DSPAM can perform stream-based

# virus checking using TCP. Uncomment the values below to enable virus

# checking. 

#

# ClamAVResponse: reject (reject or drop the message with a permanent failure)

#                 accept (accept the message and quietly drop the message)

#                 spam   (treat as spam and quarantine/tag/whatever)

#

#ClamAVPort   3310

#ClamAVHost   127.0.0.1

#ClamAVResponse accept

# -- CLIENT / SERVER --

#

# Daemonized Server: If you are running DSPAM as a daemonized server using

# --daemon, the following parameters will override the default. Use the

# ServerPass option to set up accounts for each client machine. The DSPAM

# server will process and deliver the message based on the parameters 

# specified. If you want the client machine to perform delivery, use

# the --stdout option in conjunction with a local setup. 

#

#ServerPort      24

#ServerQueueSize   32

#ServerPID              /var/run/dspam.pid

ServerPID /var/run/dspam/dspam.pid

#

# ServerMode specifies the type of LMTP server to start. This can be one of:

#     dspam: DSPAM-proprietary DLMTP server, for communicating with dspamc

#  standard: Standard LMTP server, for communicating with Postfix or other MTA

#      auto: Speak both DLMTP and LMTP; auto-detect by ServerPass.IDENT

#

#ServerMode dspam

ServerMode auto

# If supporting DLMTP (dspam) mode, dspam clients will require authentication 

# as they will be passing in parameters. The idents below will be used to

# determine which clients will be speaking DLMTP, so if you will be using

# both LMTP and DLMTP from the same host, be sure to use something other

# than the server's hostname below (which will be sent by the MTA during a 

# standard LMTP LHLO).

# 

#ServerPass.Relay1   "secret"

#ServerPass.Relay2   "password"

# If supporting standard LMTP mode, server parameters will need to be specified

# here, as they will not be passed in by the mail server. The ServerIdent

# specifies the 250 response code ident sent back to connecting clients and

# should be set to the hostname of your server, or an alias.

#

# NOTE: If you specify --user in ServerParameters, the RCPT TO will be

#       used only for delivery, and not set as the active user for processing.

#

#ServerParameters   "--deliver=innocent -d %u"

ServerParameters        "--deliver=innocent"

#ServerIdent      "localhost.localdomain"

# If you wish to use a local domain socket instead of a TCP socket, uncomment

# the following. It is strongly recommended you use local domain sockets if

# you are running the client and server on the same machine, as it eliminates

# much of the bandwidth overhead.

#

#ServerDomainSocketPath  "/tmp/dspam.sock"

ServerDomainSocketPath  "/var/run/dspam/dspam.sock" # socket to receive email from Postfix

#

# Client Mode: If you are running DSPAM in client/server mode, uncomment and

# set these variables. A ClientHost beginning with a / will be treated as

# a domain socket.

#

#ClientHost   /tmp/dspam.sock

#ClientIdent   "secret@Relay1"

#

#ClientHost   127.0.0.1

#ClientPort   24

#ClientIdent   "secret@Relay1"

# RABLQueue: Touch files in the RABL queue

# If you are a reporting streamlined blackhole list participant, you can

# touch ip addresses within the directory the rabl_client process is watching.

#

#RABLQueue   /var/spool/rabl

# DataSource: If you are using any type of data source that does not include

# email-like headers (such as documents), uncomment the line below. This

# will cause the entire input to be treated like a message "body"

#

#DataSource      document

# ProcessorWordFrequency: By default, words are only counted once per message.

# If you are classifying large documents, however, you may wish to count once

# per occurrence instead.

#

#ProcessorWordFrequency  occurrence

# ProcessorURLContext: By default, a URL context is generated for URLs, which

# records their tokens as separate from words found in documents. To use

# URL tokens in the same context as words, turn this feature off. 

#

ProcessorURLContext on

# ProcessorBias: Bias causes the filter to lean more toward 'innocent', and

# usually greatly reduces false positives. It is the default behavior of

# most Bayesian filters (including dspam). 

#

# NOTE: You probably DONT want this if you're using Markovian Weighting, unless

# you are paranoid about false positives.

#

ProcessorBias on

## EOF

```

Thank you for thinking with me   :Wink: 

----------

## steveb

 *MaartenZzZ wrote:*   

> Thank you for thinking with me  

 No problem. Have you executed the command I posted? It looks like you have done it because I see a password in your dspam.conf. BTW: dspam.conf looks okay to me. I personally would use TOE instead of TEFT (TrainingMode toe) and I would use OSB instead of chain (Tokenizer osb) and I would add naive to the algorithms (Algorithm graham burton naive). OSB is much faster in learning and has higher accuracy then chain and TOE is more gentile to the storage backend then TEFT.

// SteveB

----------

## MaartenZzZ

```
MySQLCompress (default false):

 *   Please select what kind of database you like to create:

 *     [0] Don't create the database, I will do it myself

 *     [1] Database will be hosted on a mysql-4.1 server or above

 *     [2] Space optimized database on a mysql-4.0 server or below

 *     [3] Speed optimized database on a mysql-4.0 server or below

 *

  Press 0, 1, 2 or 3 on the keyboard to select database

```

I selected [0] because I wanted to do things manually. I thought it was creating the database only, but the config fills it  :Smile: 

My bad!

Choose [1] now, restarted dspam and postfix.

Will this do more?   :Very Happy: 

----------

## MaartenZzZ

Webinterface is running, but it won't show anything. I don't think there is any communication between the web-app and DSPAM. If I stop dspam, the web-app shows nothing special? I see messages being "logged" as spam-triggered in /var/log/mail/current, but that's it. Nothing will happen with that messages.

I don't know where to look. If somebody want's to check my dspam-web page, please PM me   :Smile: 

```
NewYork cgi-bin # dspam_stats -H

NewYork cgi-bin #

```

This still aint good?

```
Jan  7 11:14:31 [postfix/smtpd] NOQUEUE: filter: RCPT from C-61-69-181-95.syd.connect.net.au[61.69.181.95]: <admin@maartenz's domain>: Recipient address triggers FILTER dspam:unix:/var/run/dspam/dspam.sock; from=<cruceanulindroos@oky.net> to=<admin@maartenz's domain> proto=ESMTP helo=<C-210-10-169-107.syd.connect.net.au>

```

But this does?

The message wasn't delivered, so thats good I guess   :Smile: 

No records in the "dspam" MySQL database, but I do have the 4 tables.

I don't think it's a dspam-web problem, but a dspam(/postfix?) prob.

Thank you!

----------

## magic919

Can you post a larger chunk of the mail log.  You need to see it hit Postfix > DSPAM > Postfix > maildir.

In the logs you may see it delivered to the maildir 'before' it goes to DSPAM, that's ok.

----------

## MaartenZzZ

I've send you a link to my mail log.

If somebody want's to have it, please post it. I won't post it in here, because of the e-mailaddresses (I want to avoid spam, this is all about DSPAM  :Wink: ).

Thank you!

----------

## magic919

Log all looks fine.  Obfuscated bit 

```

Jan  7 15:21:20 [postfix/smtpd] connect from smtp.gentoo.org[140.211.166.183]

Jan  7 15:21:20 [postfix/smtpd] NOQUEUE: filter: RCPT from smtp.gentoo.org[140.211.166.183]: <you@example.com>: Recipient address triggers FILTER dspam:unix:/var/run/dspam/dspam.sock; from=<apache@gentoo.org> to=<you@example.com> proto=ESMTP helo=<smtp.gentoo.org>

Jan  7 15:21:20 [postfix/smtpd] 5C6C080E5AC: client=smtp.gentoo.org[140.211.166.183]

Jan  7 15:21:20 [postfix/cleanup] 5C6C080E5AC: message-id=<ad83149636afb968614d6469a0b7a1f1@forums.gentoo.org>

Jan  7 15:21:20 [postfix/qmgr] 5C6C080E5AC: from=<apache@gentoo.org>, size=1822, nrcpt=1 (queue active)

Jan  7 15:21:20 [postfix/smtpd] disconnect from smtp.gentoo.org[140.211.166.183]

Jan  7 15:21:20 [postfix/smtpd] connect from localhost[127.0.0.1]

Jan  7 15:21:20 [postfix/smtpd] A418E80E5AF: client=localhost[127.0.0.1]

Jan  7 15:21:20 [postfix/cleanup] A418E80E5AF: message-id=<ad83149636afb968614d6469a0b7a1f1@forums.gentoo.org>

Jan  7 15:21:20 [postfix/qmgr] A418E80E5AF: from=<apache@gentoo.org>, size=2024, nrcpt=1 (queue active)

Jan  7 15:21:20 [postfix/local] A418E80E5AF: to=<you@example.com>, relay=local, delay=0.15, delays=0.14/0/0/0, dsn=2.0.0, status=sent (delivered to maildir)

Jan  7 15:21:20 [postfix/qmgr] A418E80E5AF: removed

Jan  7 15:21:20 [postfix/smtpd] disconnect from localhost[127.0.0.1]

Jan  7 15:21:20 [postfix/lmtp] 5C6C080E5AC: to=<you@example.com>, relay=mail.example.com[/var/run/dspam/dspam.sock], delay=0.44, delays=0.21/0/0/0.23, dsn=2.6.0, status=sent (250 2.6.0 <you@example.com> Message accepted for delivery)

Jan  7 15:21:20 [postfix/qmgr] 5C6C080E5AC: removed

```

When you examine the Gentoo email message and headers, do you see any signs of DSPAM?

Might have to suggest you rebuild DSPAM plus DEBUG keyword...

----------

## MaartenZzZ

No sign...

```
Return-Path: <apache@gentoo>

X-Original-To: me@mydomain

Delivered-To: me@mydomain

Received: from localhost (localhost [127.0.0.1])

     by mail.mydomain (Postfix) with SMTP id 51BEB80E5AF

     for <me@mydomain>; Mon, 7 Jan 2008 15:52:32 +0100 (CET)

Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])

     by mail.mydomain (Postfix) with ESMTP id 0ACE980E5AC

     for <me@mydomain>; Mon, 7 Jan 2008 15:52:32 +0100 (CET)

Received: from dove.gentoo.org (dove.gentoo.osuosl.org [140.211.166.170])

     (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))

     (No client certificate requested)

     by smtp.gentoo.org (Postfix) with ESMTP id 4A9C664C83

     for <me@mydomain>; Mon, 7 Jan 2008 14:52:29 +0000 (UTC)

Received: from apache by dove.gentoo.org with local (Exim 4.67)

     (envelope-from <apache@gentoo>)

     id 1JBtL3-0000M3-31

     for me@mydomain; Mon, 07 Jan 2008 14:52:29 +0000

To:

Subject: Melding van het plaatsen van een reactie - Stuck with manual "HOWTO Spam Filtering with DSPAM/Postfix"

Reply-to: forum-mods@gentoo

From: forum-mods@gentoo

Message-ID: <ebb5b97944f76692b754b9536bb821c8@forums.gentoo>

MIME-Version: 1.0

Content-type: text/plain; charset=UTF-8

Date: Mon, 07 Jan 2008 14:52:29 +0000

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: PHP

X-MimeOLE: Produced By phpBB2

X-FGO-type: Post reply

Content-Transfer-Encoding: quoted-printable
```

Should I remerge?

----------

## magic919

Yes, but build +DEBUG, so we can get some more data.  No doubt SteveB will chip in when he gets a moment.

----------

## MaartenZzZ

Okay, I will   :Smile: 

----------

## MaartenZzZ

```
Subject:      Cron <root@NewYork> test -x /usr/sbin/run-crons && /usr/sbin/run-crons

From:      "Cron Daemon" <root@maartenz's domain>

Date:      Tue, January 8, 2008 3:10 am

To:      root@mail.maartenz's domain

Priority:      Normal

Options:      View Full Header |  View Printable Version  | Download this as a file

ERROR 1045 (28000): Access denied for user 'dspam'@'localhost' (using password: YES)

MySQL purge script returned error code 1

```

This is weird?

When I run the config merge, won't it change both the password in MySQL ánd the dspam.conf?

----------

## magic919

Hmmm.  I'd expect it to set password and update in dspam.conf - provided you update your configs after the emerge config.

Might be simplest to fire up mysql and change dspam password to match the one in your dspam.conf.

----------

## MaartenZzZ

Changed the password, should be good now.

How can I test my settings now?   :Very Happy: 

----------

## magic919

dspam_stats -H   Does it work yet?

Send in an email from outside the LAN.  That should trigger it.

----------

## MaartenZzZ

```
NewYork ~ # dspam_stats -H

NewYork ~ #

```

 :Crying or Very sad: 

----------

## magic919

And what about logs as email comes through?  Maybe you still have an error.

**Are you running dspam_stats as root?**

----------

## MaartenZzZ

Yes, I run it with user root.

```
Jan  8 13:14:59 [postfix/smtpd] connect from smtp.gentoo.org[140.211.166.183]

Jan  8 13:15:00 [postfix/smtpd] NOQUEUE: filter: RCPT from smtp.gentoo.org[140.211.166.183]: <maartenz@maartenz's domain>: Recipient address triggers FILTER dspam:unix:/var/run/dspam/dspam.sock; from=<apache@gentoo> to=<maartenz@maartenz's domain> proto=ESMTP helo=<smtp.gentoo.org>

Jan  8 13:15:00 [postfix/smtpd] 5872980E5D1: client=smtp.gentoo.org[140.211.166.183]

Jan  8 13:15:00 [postfix/cleanup] 5872980E5D1: message-id=<43b41f0dcd1a592aa414338194720fab@forums.gentoo>

Jan  8 13:15:00 [postfix/qmgr] 5872980E5D1: from=<apache@gentoo>, size=1822, nrcpt=1 (queue active)

Jan  8 13:15:00 [postfix/smtpd] disconnect from smtp.gentoo.org[140.211.166.183]

Jan  8 13:15:00 [postfix/smtpd] connect from localhost[127.0.0.1]

Jan  8 13:15:00 [postfix/smtpd] A3BC280E5D2: client=localhost[127.0.0.1]

Jan  8 13:15:00 [postfix/cleanup] A3BC280E5D2: message-id=<43b41f0dcd1a592aa414338194720fab@forums.gentoo>

Jan  8 13:15:00 [postfix/qmgr] A3BC280E5D2: from=<apache@gentoo>, size=2024, nrcpt=1 (queue active)

Jan  8 13:15:00 [postfix/local] A3BC280E5D2: to=<maartenz@maartenz's domain>, relay=local, delay=0.15, delays=0.15/0/0/0, dsn=2.0.0, status=sent (delivered to maildir)

```

----------

## magic919

Have you got a system.log in /var/spool/dspam?  That's DSPAM's $home.

----------

## MaartenZzZ

The output:

```
NewYork ~ # ls -al /var/spool/dspam/

total 0

drwxr-xr-x 4 dspam root  33 Jan  4 10:28 .

drwxr-xr-x 7 root  root  78 Jan  4 10:27 ..

drwxrwx--- 2 dspam dspam 38 Jan  7 19:03 opt-in

drwxrwx--- 2 dspam dspam 38 Jan  7 19:03 opt-out

NewYork ~ #

```

----------

## magic919

Have you switched on debug after you rebuilt?  dspam.conf

```

# Debugging: Enables debugging for some or all users. IMPORTANT: DSPAM must

# be compiled with debug support in order to use this option. DSPAM should

# never be running in production with debug active unless you are

# troubleshooting problems.

#

# DebugOpt: One or more of: process, classify, spam, fp, inoculation, corpus

#   process     standard message processing

#   classify    message classification using --classify

#   spam        error correction of missed spam

#   fp          error correction of false positives

#   inoculation message inoculations (source=inoculation)

#   corpus      corpusfed messages (source=corpus)

#

#Debug *

#Debug bob bill

#

#DebugOpt process spam fp 

```

----------

## MaartenZzZ

```
#

Debug *

#Debug bob bill

#

```

Restarted, now waiting?

----------

## MaartenZzZ

```
TrustedDeliveryAgent "/usr/bin/procmail"
```

Shouldn't I change this to /usr/sbin/sendmail?

Can it harm?

----------

## magic919

No.  That binary is not a delivery agent.

----------

## MaartenZzZ

No changes I guess...

----------

## magic919

Have you tried running dspam on command line?

```

cat SomeMessage | dspam --user filter --deliver=innocent --stdout

```

You should see email on console with DSPAM headers.

----------

## MaartenZzZ

```
NewYork cur # cat 1199709845.V803I30063c1M591733.NewYork:2, | dspam --user filter --deliver=innocent --stdout

Return-Path: <ArturooleomargarineMcdaniel@ghostco.org>

X-Original-To: admin@maartenz

Delivered-To: admin@maartenz

Received: from localhost (localhost [127.0.0.1])

        by mail.maartenz's domain (Postfix) with SMTP id 76C2D80BF0E

        for <admin@maartenz's domain>; Mon,  7 Jan 2008 13:44:05 +0100 (CET)

Received: from server (bl6-97-4.dsl.telepac.pt [82.155.97.4])

        by mail.maartenz's domain (Postfix) with SMTP id 1863480BF0D

        for <admin@maartenz's domain>; Mon,  7 Jan 2008 13:44:04 +0100 (CET)

Message-ID: <2162801c8512a$f43c2dc0$800101df@server>

From: "Nick Barker" <ArturooleomargarineMcdaniel@ghostco.org>

To: <admin@maartenz's domain>

Cc: <ace@maartenz's domain>

Subject: Re: Poor credit not a problem

Date: Mon, 7 Jan 2008 12:42:13 +0000

MIME-Version: 1.0

Content-Type: multipart/alternative;

        boundary="----=_NextPart_000_21624_01C8512A.F43C2DC0"

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 6.00.3790.2663

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757

This is a multi-part message in MIME format.

------=_NextPart_000_21624_01C8512A.F43C2DC0

Content-Type: text/plain;

        charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

Your your credit report does not matter to us!
```

Nothing from DSPAM?

----------

## magic919

Ok. Try

```

echo hello | dspam --user test --deliver=innocent --classify

```

And could you post output of

```

dspam --version

```

----------

## MaartenZzZ

```
NewYork ~ # echo hello | dspam --user test --deliver=innocent --classify

NewYork ~ #

```

```

NewYork ~ # dspam --version

DSPAM Anti-Spam Suite 3.8.0 (agent/library)

Copyright (c) 2002-2006 Jonathan A. Zdziarski

http://dspam.nuclearelephant.com

DSPAM may be copied only under the terms of the GNU General Public License,

a copy of which can be found with the DSPAM distribution kit.

Configuration parameters:  '--prefix=/usr' '--host=x86_64-pc-linux-gnu' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--datadir=/usr/share' '--sysconfdir=/etc' '--localstatedir=/var/lib' '--with-storage-driver=hash_drv,sqlite3_drv,mysql_drv' '--with-dspam-home=/var/spool/dspam' '--sysconfdir=/etc/mail/dspam' '--enable-daemon' '--disable-ldap' '--disable-clamav' '--disable-large-scale' '--enable-domain-scale' '--disable-syslog' '--enable-debug' '--enable-bnr-debug' '--enable-verbose-debug' '--enable-long-usernames' '--with-dspam-group=dspam' '--with-dspam-home-group=dspam' '--with-dspam-mode=2511' '--with-logdir=/var/log/dspam' '--disable-virtual-users' '--enable-preferences-extension' '--disable-homedir' '--with-mysql-includes=/usr/include/mysql' '--with-mysql-libraries=/usr/lib64/mysql' '--libdir=/usr/lib64' '--build=x86_64-pc-linux-gnu' 'build_alias=x86_64-pc-linux-gnu' 'host_alias=x86_64-pc-linux-gnu' 'CFLAGS=-O2 -pipe -march=nocona -Wl,-z,now' 'CXXFLAGS=-O2 -pipe -march=nocona -Wl,-z,now'

NewYork ~ #

```

----------

## magic919

Well I'm out of conventional ideas.  Best emerge Strace.

----------

## MaartenZzZ

Merged Strace.

I think any "dspam_*" command won't work.

I wish I had a clue where to look.

He sees (the most) spam, he (the log) is telling me that a message triggers the spamfilter, I won't get the message (which is good) but then the message disappears in the Bermuda triangle and DSPAM is laughing at me   :Crying or Very sad: 

Strange things...

----------

## MaartenZzZ

```
Next add these lines to the /etc/postfix/transport file:

Code:

spam@mydomain.tld    dspam-retrain:spam

ham@mydomain.tld     dspam-retrain:innocent 

notspam@mydomain.tld     dspam-retrain:innocent 

To activate these transports use this command:

Code:

sudo postmap transport
```

Usefull?

http://forum.richard5.net/viewtopic.php?t=14

Checked my database settings. All alright. Can I do a "DSPAM-action" manually that talks with or writes to the database?

----------

## magic919

Some of the manual commands we have tried are using DSPAM directly.  I'd suggest putting Postfix thoughts aside and trying to get DSPAM to run alone.  Some of the commands can make it use the database.

Have a look at part 6 of this http://gentoo-wiki.com/HOWTO_Email:_A_Complete_Virtual_System_-_Final_Changes_and_Troubleshooting

Can you run some of the commands we already used, icluding dspam_stats via Strace.  You'll get lots of output and hopefully some clues.

I have found R9 DSPAM, the daemon just dies on my machine.  I run R7 again.  This may not be relevant.

I don't run any of my servers as 64 bit, so you might see problems I won't.

Good luck.

----------

## MaartenZzZ

```
NewYork ~ # strace -o dspam.txt dspam_stats

NewYork ~ #

```

```
execve("/usr/bin/dspam_stats", ["dspam_stats"], [/* 20 vars */]) = 0

brk(0)                                  = 0x605000

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ae2dc20e000

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ae2dc20f000

access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)

open("/etc/ld.so.cache", O_RDONLY)      = 3

fstat(3, {st_mode=S_IFREG|0644, st_size=22294, ...}) = 0

mmap(NULL, 22294, PROT_READ, MAP_PRIVATE, 3, 0) = 0x2ae2dc210000

close(3)                                = 0

open("/usr/lib/libdspam.so.7", O_RDONLY) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0P\0\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=91848, ...}) = 0

mmap(NULL, 2190000, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x2ae2dc40f000

mprotect(0x2ae2dc424000, 2097152, PROT_NONE) = 0

mmap(0x2ae2dc624000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15000) = 0x2ae2dc624000

close(3)                                = 0

open("/lib/libm.so.6", O_RDONLY)        = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0?\0\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=526472, ...}) = 0

mmap(NULL, 2621672, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x2ae2dc626000

mprotect(0x2ae2dc6a6000, 2093056, PROT_NONE) = 0

mmap(0x2ae2dc8a5000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x7f000) = 0x2ae2dc8a5000

close(3)                                = 0

open("/lib/libdl.so.2", O_RDONLY)       = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`\16\0\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=14528, ...}) = 0

mmap(NULL, 2109728, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x2ae2dc8a7000

mprotect(0x2ae2dc8a9000, 2097152, PROT_NONE) = 0

mmap(0x2ae2dcaa9000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x2ae2dcaa9000

close(3)                                = 0

open("/lib/libpthread.so.0", O_RDONLY)  = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\240W\0\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=131897, ...}) = 0

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ae2dcaab000

mmap(NULL, 2204528, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x2ae2dcaac000

mprotect(0x2ae2dcac1000, 2097152, PROT_NONE) = 0

mmap(0x2ae2dccc1000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15000) = 0x2ae2dccc1000

mmap(0x2ae2dccc3000, 13168, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2ae2dccc3000

close(3)                                = 0

open("/lib/libc.so.6", O_RDONLY)        = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\220\334\1\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=1293456, ...}) = 0

mmap(NULL, 3399928, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x2ae2dccc7000

mprotect(0x2ae2dcdfd000, 2093056, PROT_NONE) = 0

mmap(0x2ae2dcffc000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x135000) = 0x2ae2dcffc000

mmap(0x2ae2dd001000, 16632, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2ae2dd001000

close(3)                                = 0

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ae2dd006000

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ae2dd007000

arch_prctl(ARCH_SET_FS, 0x2ae2dd006d00) = 0

mprotect(0x2ae2dcffc000, 16384, PROT_READ) = 0

mprotect(0x2ae2dccc1000, 4096, PROT_READ) = 0

mprotect(0x2ae2dcaa9000, 4096, PROT_READ) = 0

mprotect(0x2ae2dc8a5000, 4096, PROT_READ) = 0

mprotect(0x2ae2dc624000, 4096, PROT_READ) = 0

mprotect(0x603000, 4096, PROT_READ)     = 0

mprotect(0x2ae2dc40d000, 4096, PROT_READ) = 0

munmap(0x2ae2dc210000, 22294)           = 0

set_tid_address(0x2ae2dd006d90)         = 13863

set_robust_list(0x2ae2dd006da0, 0x18)   = 0

rt_sigaction(SIGRTMIN, {0x2ae2dcab1310, [], SA_RESTORER|SA_SIGINFO, 0x2ae2dcab9ec0}, NULL, 8) = 0

rt_sigaction(SIGRT_1, {0x2ae2dcab1390, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x2ae2dcab9ec0}, NULL, 8) = 0

rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0

getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM_INFINITY}) = 0

getuid()                                = 0

brk(0)                                  = 0x605000

brk(0x626000)                           = 0x626000

socket(PF_FILE, SOCK_STREAM, 0)         = 3

fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK)    = 0

connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)

close(3)                                = 0

socket(PF_FILE, SOCK_STREAM, 0)         = 3

fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK)    = 0

connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)

close(3)                                = 0

open("/etc/nsswitch.conf", O_RDONLY)    = 3

fstat(3, {st_mode=S_IFREG|0644, st_size=508, ...}) = 0

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ae2dc210000

read(3, "# /etc/nsswitch.conf:\n# $Header:"..., 4096) = 508

read(3, "", 4096)                       = 0

close(3)                                = 0

munmap(0x2ae2dc210000, 4096)            = 0

open("/etc/ld.so.cache", O_RDONLY)      = 3

fstat(3, {st_mode=S_IFREG|0644, st_size=22294, ...}) = 0

mmap(NULL, 22294, PROT_READ, MAP_PRIVATE, 3, 0) = 0x2ae2dc210000

close(3)                                = 0

open("/lib/libnss_compat.so.2", O_RDONLY) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\260\23\0\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=31432, ...}) = 0

mmap(NULL, 2127080, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x2ae2dd008000

mprotect(0x2ae2dd00f000, 2093056, PROT_NONE) = 0

mmap(0x2ae2dd20e000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x2ae2dd20e000

close(3)                                = 0

open("/lib/libnsl.so.1", O_RDONLY)      = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@A\0\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=84800, ...}) = 0

mmap(NULL, 2190032, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x2ae2dd210000

mprotect(0x2ae2dd224000, 2093056, PROT_NONE) = 0

mmap(0x2ae2dd423000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13000) = 0x2ae2dd423000

mmap(0x2ae2dd425000, 6864, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2ae2dd425000

close(3)                                = 0

mprotect(0x2ae2dd423000, 4096, PROT_READ) = 0

mprotect(0x2ae2dd20e000, 4096, PROT_READ) = 0

munmap(0x2ae2dc210000, 22294)           = 0

open("/etc/ld.so.cache", O_RDONLY)      = 3

fstat(3, {st_mode=S_IFREG|0644, st_size=22294, ...}) = 0

mmap(NULL, 22294, PROT_READ, MAP_PRIVATE, 3, 0) = 0x2ae2dc210000

close(3)                                = 0

open("/lib/libnss_nis.so.2", O_RDONLY)  = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\300 \0\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=43392, ...}) = 0

mmap(NULL, 2139352, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x2ae2dd427000

mprotect(0x2ae2dd430000, 2097152, PROT_NONE) = 0

mmap(0x2ae2dd630000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x9000) = 0x2ae2dd630000

close(3)                                = 0

open("/lib/libnss_files.so.2", O_RDONLY) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200 \0\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=43344, ...}) = 0

mmap(NULL, 2139464, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x2ae2dd632000

mprotect(0x2ae2dd63c000, 2093056, PROT_NONE) = 0

mmap(0x2ae2dd83b000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x9000) = 0x2ae2dd83b000

close(3)                                = 0

mprotect(0x2ae2dd83b000, 4096, PROT_READ) = 0

mprotect(0x2ae2dd630000, 4096, PROT_READ) = 0

munmap(0x2ae2dc210000, 22294)           = 0

open("/etc/passwd", O_RDONLY)           = 3

fcntl(3, F_GETFD)                       = 0

fcntl(3, F_SETFD, FD_CLOEXEC)           = 0

lseek(3, 0, SEEK_CUR)                   = 0

fstat(3, {st_mode=S_IFREG|0644, st_size=1718, ...}) = 0

mmap(NULL, 1718, PROT_READ, MAP_SHARED, 3, 0) = 0x2ae2dc210000

lseek(3, 1718, SEEK_SET)                = 1718

munmap(0x2ae2dc210000, 1718)            = 0

close(3)                                = 0

open("/etc/mail/dspam/dspam.conf", O_RDONLY) = 3

fstat(3, {st_mode=S_IFREG|0640, st_size=30612, ...}) = 0

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ae2dc210000

read(3, "## $Id: dspam.conf.in,v 1.82 200"..., 4096) = 4096

read(3, "fore the \"+\", so all internal\n# "..., 4096) = 4096

read(3, "ham-Bayesian (\"A Plan for Spam\")"..., 4096) = 4096

read(3, "t fail if \n# the  signature isn\'"..., 4096) = 4096

read(3, "and speedy and/or prevent too ma"..., 4096) = 4096

read(3, "are running your own \n# streamli"..., 4096) = 4096

read(3, "ing LMTP, aliases entirely..\n#\n#"..., 4096) = 4096

read(3, "instead of a TCP socket, uncomme"..., 4096) = 1940

read(3, "", 4096)                       = 0

close(3)                                = 0

munmap(0x2ae2dc210000, 4096)            = 0

futex(0x2ae2dcaaa10c, FUTEX_WAKE, 2147483647) = 0

open("/usr/lib64/dspam/libmysql_drv.so", O_RDONLY) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360$\0\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=38600, ...}) = 0

mmap(NULL, 2134040, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x2ae2dd83d000

mprotect(0x2ae2dd846000, 2093056, PROT_NONE) = 0

mmap(0x2ae2dda45000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x8000) = 0x2ae2dda45000

close(3)                                = 0

open("/usr/lib64/mysql/tls/x86_64/libmysqlclient.so.15", O_RDONLY) = -1 ENOENT (No such file or directory)

stat("/usr/lib64/mysql/tls/x86_64", 0x7fffce8b3210) = -1 ENOENT (No such file or directory)

open("/usr/lib64/mysql/tls/libmysqlclient.so.15", O_RDONLY) = -1 ENOENT (No such file or directory)

stat("/usr/lib64/mysql/tls", 0x7fffce8b3210) = -1 ENOENT (No such file or directory)

open("/usr/lib64/mysql/x86_64/libmysqlclient.so.15", O_RDONLY) = -1 ENOENT (No such file or directory)

stat("/usr/lib64/mysql/x86_64", 0x7fffce8b3210) = -1 ENOENT (No such file or directory)

open("/usr/lib64/mysql/libmysqlclient.so.15", O_RDONLY) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@\21\2\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=1498128, ...}) = 0

mmap(NULL, 3598560, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x2ae2dda47000

mprotect(0x2ae2ddb6e000, 2093056, PROT_NONE) = 0

mmap(0x2ae2ddd6d000, 294912, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x126000) = 0x2ae2ddd6d000

mmap(0x2ae2dddb5000, 2272, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2ae2dddb5000

close(3)                                = 0

open("/usr/lib64/mysql/libz.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)

open("/etc/ld.so.cache", O_RDONLY)      = 3

fstat(3, {st_mode=S_IFREG|0644, st_size=22294, ...}) = 0

mmap(NULL, 22294, PROT_READ, MAP_PRIVATE, 3, 0) = 0x2ae2dddb6000

close(3)                                = 0

open("/lib/libz.so.1", O_RDONLY)        = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0 \35\0\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=82672, ...}) = 0

mmap(NULL, 1128808, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x2ae2dddbc000

mprotect(0x2ae2dddd0000, 1044480, PROT_NONE) = 0

mmap(0x2ae2ddecf000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13000) = 0x2ae2ddecf000

close(3)                                = 0

open("/lib/libcrypt.so.1", O_RDONLY)    = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360\t\0\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=22624, ...}) = 0

mmap(NULL, 2306464, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x2ae2dded0000

mprotect(0x2ae2dded5000, 2093056, PROT_NONE) = 0

mmap(0x2ae2de0d4000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4000) = 0x2ae2de0d4000

mmap(0x2ae2de0d6000, 184736, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2ae2de0d6000

close(3)                                = 0

mprotect(0x2ae2de0d4000, 4096, PROT_READ) = 0

mprotect(0x2ae2ddd6d000, 12288, PROT_READ) = 0

mprotect(0x2ae2dda45000, 4096, PROT_READ) = 0

munmap(0x2ae2dddb6000, 22294)           = 0

rt_sigaction(SIGINT, {0x401ac5, [INT], SA_RESTORER|SA_RESTART, 0x2ae2dccf7430}, {SIG_IGN}, 8) = 0

rt_sigaction(SIGPIPE, {0x401ac5, [PIPE], SA_RESTORER|SA_RESTART, 0x2ae2dccf7430}, {SIG_IGN}, 8) = 0

rt_sigaction(SIGTERM, {0x401ac5, [TERM], SA_RESTORER|SA_RESTART, 0x2ae2dccf7430}, {SIG_IGN}, 8) = 0

socket(PF_FILE, SOCK_STREAM, 0)         = 3

fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK)    = 0

connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)

close(3)                                = 0

socket(PF_FILE, SOCK_STREAM, 0)         = 3

fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK)    = 0

connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)

close(3)                                = 0

open("/etc/ld.so.cache", O_RDONLY)      = 3

fstat(3, {st_mode=S_IFREG|0644, st_size=22294, ...}) = 0

mmap(NULL, 22294, PROT_READ, MAP_PRIVATE, 3, 0) = 0x2ae2dddb6000

close(3)                                = 0

open("/lib64/tls/x86_64/libnss_db.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)

stat("/lib64/tls/x86_64", 0x7fffce8b3350) = -1 ENOENT (No such file or directory)

open("/lib64/tls/libnss_db.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)

stat("/lib64/tls", 0x7fffce8b3350)      = -1 ENOENT (No such file or directory)

open("/lib64/x86_64/libnss_db.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)

stat("/lib64/x86_64", 0x7fffce8b3350)   = -1 ENOENT (No such file or directory)

open("/lib64/libnss_db.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)

stat("/lib64", {st_mode=S_IFDIR|0755, st_size=8192, ...}) = 0

open("/usr/lib64/tls/x86_64/libnss_db.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)

stat("/usr/lib64/tls/x86_64", 0x7fffce8b3350) = -1 ENOENT (No such file or directory)

open("/usr/lib64/tls/libnss_db.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)

stat("/usr/lib64/tls", 0x7fffce8b3350)  = -1 ENOENT (No such file or directory)

open("/usr/lib64/x86_64/libnss_db.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)

stat("/usr/lib64/x86_64", 0x7fffce8b3350) = -1 ENOENT (No such file or directory)

open("/usr/lib64/libnss_db.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)

stat("/usr/lib64", {st_mode=S_IFDIR|0755, st_size=16384, ...}) = 0

munmap(0x2ae2dddb6000, 22294)           = 0

open("/etc/services", O_RDONLY)         = 3

fcntl(3, F_GETFD)                       = 0

fcntl(3, F_SETFD, FD_CLOEXEC)           = 0

fstat(3, {st_mode=S_IFREG|0644, st_size=35877, ...}) = 0

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ae2dddb6000

read(3, "# /etc/services\n#\n# Network serv"..., 4096) = 4096

read(3, " private\t77/tcp\t\t\t\t# any private"..., 4096) = 4096

read(3, "/udp\nimap\t\t143/tcp\t\timap2\t\t# Int"..., 4096) = 4096

read(3, "\t\t# scoi2odialog\nscoi2odialog\t36"..., 4096) = 4096

read(3, "ll\ncryptoadmin\t624/tcp\t\t\t\t# Cryp"..., 4096) = 4096

read(3, "ent\nica\t\t1494/udp\nwins\t\t1512/tcp"..., 4096) = 4096

read(3, "9/tcp\t\t\t# \nlstp\t\t2559/udp\nmon\t\t2"..., 4096) = 4096

close(3)                                = 0

munmap(0x2ae2dddb6000, 4096)            = 0

rt_sigaction(SIGPIPE, {SIG_IGN}, {0x401ac5, [PIPE], SA_RESTORER|SA_RESTART, 0x2ae2dccf7430}, 8) = 0

socket(PF_FILE, SOCK_STREAM, 0)         = 3

fcntl(3, F_SETFL, O_RDONLY)             = 0

fcntl(3, F_GETFL)                       = 0x2 (flags O_RDWR)

connect(3, {sa_family=AF_FILE, path="/var/run/mysqld/mysqld.sock"}, 110) = 0

setsockopt(3, SOL_SOCKET, SO_RCVTIMEO, "\2003\341\1\0\0\0\0\0\0\0\0\0\0\0\0", 16) = 0

setsockopt(3, SOL_SOCKET, SO_SNDTIMEO, "\2003\341\1\0\0\0\0\0\0\0\0\0\0\0\0", 16) = 0

setsockopt(3, SOL_IP, IP_TOS, [8], 4)   = -1 EOPNOTSUPP (Operation not supported)

setsockopt(3, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0

read(3, "8\0\0\0\n5.0.44-log\0\6\7\0\0dU\\NP*}X\0,\242!"..., 16384) = 60

stat("/usr/share/mysql/charsets/Index.xml", {st_mode=S_IFREG|0644, st_size=18173, ...}) = 0

brk(0x647000)                           = 0x647000

open("/usr/share/mysql/charsets/Index.xml", O_RDONLY) = 4

read(4, "<?xml version=\'1.0\' encoding=\"ut"..., 18173) = 18173

close(4)                                = 0

write(3, "A\0\0\1\215\242\0\0\0\0\0@!\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 69) = 69

read(3, "\7\0\0\2\0\0\0\2\0\0\0", 16384) = 11

poll([{fd=3, events=POLLIN|POLLPRI}], 1, 0) = 0

write(3, "%\0\0\0\3select distinct uid from ds"..., 41) = 41

read(3, "\1\0\0\1\0017\0\0\2\3def\5dspam\vdspam_stats\v"..., 16384) = 82

brk(0x643000)                           = 0x643000

poll([{fd=3, events=POLLIN|POLLPRI}], 1, 0) = 0

write(3, "\1\0\0\0\1", 5)               = 5

shutdown(3, 2 /* send and receive */)   = 0

close(3)                                = 0

munmap(0x2ae2dd83d000, 2134040)         = 0

munmap(0x2ae2dda47000, 3598560)         = 0

munmap(0x2ae2dddbc000, 1128808)         = 0

munmap(0x2ae2dded0000, 2306464)         = 0

exit_group(0)                           = ?

```

This is Chinese for me   :Wink: 

```
open("/usr/lib64/mysql/tls/x86_64/libmysqlclient.so.15", O_RDONLY) = -1 ENOENT (No such file or directory)

stat("/usr/lib64/mysql/tls/x86_64", 0x7fffce8b3210) = -1 ENOENT (No such file or directory)

open("/usr/lib64/mysql/tls/libmysqlclient.so.15", O_RDONLY) = -1 ENOENT (No such file or directory)

stat("/usr/lib64/mysql/tls", 0x7fffce8b3210) = -1 ENOENT (No such file or directory)

open("/usr/lib64/mysql/x86_64/libmysqlclient.so.15", O_RDONLY) = -1 ENOENT (No such file or directory)

stat("/usr/lib64/mysql/x86_64", 0x7fffce8b3210) = -1 ENOENT (No such file or directory)

open("/usr/lib64/mysql/libmysqlclient.so.15", O_RDONLY) = 3 
```

Maybe this is useful?

----------

## magic919

Can you try the echo hello or the email pipe one instead.  Stats will be less valid as DSPAM doesn't seem to have worked yet.

----------

## MaartenZzZ

Not following this, little bit confused.

Can you tell me the command please?

Thank you   :Wink: 

----------

## magic919

No probs.  Try 2nd one 1st.

```

cat SomeMessage | dspam --user filter --deliver=innocent --stdout

echo hello | dspam --user test --deliver=innocent --classify 

```

----------

## MaartenZzZ

```
NewYork cur # echo hello | dspam --user dspam --deliver=innocent --classify

X-DSPAM-Result: dspam; result="Innocent"; class=""; probability=-1.0000; confidence=0.00; signature=N/A

NewYork cur #

```

No DSPAM tags or whatever in the message header when I try the 1st command.

----------

## magic919

With Strace....

----------

## MaartenZzZ

```
NewYork ~ # strace echo hello | dspam --user dspam --deliver=innocent --classify

execve("/bin/echo", ["echo", "hello"], [/* 20 vars */]) = 0

brk(0)                                  = 0x606000

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2afa1fa76000

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2afa1fa77000

access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)

open("/etc/ld.so.cache", O_RDONLY)      = 3

fstat(3, {st_mode=S_IFREG|0644, st_size=22294, ...}) = 0

mmap(NULL, 22294, PROT_READ, MAP_PRIVATE, 3, 0) = 0x2afa1fa78000

close(3)                                = 0

open("/lib/libc.so.6", O_RDONLY)        = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\220\334\1\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=1293456, ...}) = 0

mmap(NULL, 3399928, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x2afa1fc77000

mprotect(0x2afa1fdad000, 2093056, PROT_NONE) = 0

mmap(0x2afa1ffac000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x135000) = 0x2afa1ffac000

mmap(0x2afa1ffb1000, 16632, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2afa1ffb1000

close(3)                                = 0

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2afa1ffb6000

arch_prctl(ARCH_SET_FS, 0x2afa1ffb66f0) = 0

mprotect(0x2afa1ffac000, 16384, PROT_READ) = 0

mprotect(0x604000, 4096, PROT_READ)     = 0

mprotect(0x2afa1fc75000, 4096, PROT_READ) = 0

munmap(0x2afa1fa78000, 22294)           = 0

brk(0)                                  = 0x606000

brk(0x627000)                           = 0x627000

fstat(1, {st_mode=S_IFIFO|0600, st_size=0, ...}) = 0

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2afa1fa78000

write(1, "hello\n", 6)                  = 6

close(1)                                = 0

munmap(0x2afa1fa78000, 4096)            = 0

close(2)                                = 0

exit_group(0)                           = ?

X-DSPAM-Result: dspam; result="Innocent"; class=""; probability=-1.0000; confidence=0.00; signature=N/A

NewYork ~ #

```

```
NewYork cur # strace -o dspam.txt cat 1199817033.V803I30165f3M5266.NewYork:2, | dspam --user filter --deliver=innocent --stdout
```

Will give me a file with:

```
execve("/bin/cat", ["cat", "1199817033.V803I30165f3M5266.New"...], [/* 21 vars */]) = 0

brk(0)                                  = 0x606000

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2b8f80f26000

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2b8f80f27000

access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)

open("/etc/ld.so.cache", O_RDONLY)      = 3

fstat(3, {st_mode=S_IFREG|0644, st_size=22294, ...}) = 0

mmap(NULL, 22294, PROT_READ, MAP_PRIVATE, 3, 0) = 0x2b8f80f28000

close(3)                                = 0

open("/lib/libc.so.6", O_RDONLY)        = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\220\334\1\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=1293456, ...}) = 0

mmap(NULL, 3399928, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x2b8f81127000

mprotect(0x2b8f8125d000, 2093056, PROT_NONE) = 0

mmap(0x2b8f8145c000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x135000) = 0x2b8f8145c000

mmap(0x2b8f81461000, 16632, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2b8f81461000

close(3)                                = 0

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2b8f81466000

arch_prctl(ARCH_SET_FS, 0x2b8f814666f0) = 0

mprotect(0x2b8f8145c000, 16384, PROT_READ) = 0

mprotect(0x604000, 4096, PROT_READ)     = 0

mprotect(0x2b8f81125000, 4096, PROT_READ) = 0

munmap(0x2b8f80f28000, 22294)           = 0

brk(0)                                  = 0x606000

brk(0x627000)                           = 0x627000

fstat(1, {st_mode=S_IFIFO|0600, st_size=0, ...}) = 0

open("1199817033.V803I30165f3M5266.NewYork:2,", O_RDONLY) = 3

fstat(3, {st_mode=S_IFREG|0600, st_size=1614, ...}) = 0

read(3, "Return-Path: <quentink.clayyu@la"..., 4096) = 1614

write(1, "Return-Path: <quentink.clayyu@la"..., 1614) = 1614

read(3, "", 4096)                       = 0

close(3)                                = 0

close(1)                                = 0

close(2)                                = 0

exit_group(0)                           = ?

```

----------

## MaartenZzZ

Is there an alternative for DSPAM? I don't know how to get further   :Confused: 

----------

## magic919

If you are up for one more try you could use the same version I have R7.

```

emerge -av =mail-filter/dspam-3.8.0-r7

```

After that you'd have to look at SpamAssassin I guess.  But it's not really equivalent.

----------

## MaartenZzZ

It won't work.. decided to unmerge it. It's a shame.

Thank you for your help, really appreciate it  :Smile: 

----------

## magic919

 *MaartenZzZ wrote:*   

> 
> 
> ```
> #
> 
> ...

 

Just a thought.  Did you check /var/log/dspam for a debug log after this step??

----------

