# DSPAM doesn't catch any spam [SOLVED]

## streamkid

Hello,

I've configured DSPAM to work with postfix using this tutorial: http://gentoo-wiki.com/HOWTO_Spam_Filtering_with_DSPAM_and_Postfix

Everything seems to work ok, except spam checking. All mail gets through. Any ideas?

DSPAM checks the emails (it also applies its headers), but it doesn't understand that it's spam. Everything gets whitelisted.

Relative config files:

http://streamkid.net/~streamkid/gentoo/mail/Last edited by streamkid on Mon Jan 21, 2008 5:45 pm; edited 1 time in total

----------

## magic919

You need to train it.  

It won't normally whiltelist addresses that it has seen spam from.  It's rare for spammers to send mail with the same from address that often.  I hope that doesn't mean you are sending it the spam...

----------

## streamkid

>> You need to train it. 

How? You mean by sending spam emails back?

>>  I hope that doesn't mean you are sending it the spam...

What do you mean? I sent some spam from my other email to test it.

----------

## magic919

 *streamkid wrote:*   

> >> You need to train it. 
> 
> How? You mean by sending spam emails back?
> 
> 

 

Personally I'd say use the DSPAM webgui to re-train the messages.  It is possible to forward them to a special address.  My method is I put them in an IMAP folder and have a cronjob re-train them by unning a script.  Start with the web interface though.

 *streamkid wrote:*   

> 
> 
> >>  I hope that doesn't mean you are sending it the spam...
> 
> What do you mean? I sent some spam from my other email to test it.

 

That's exactly what I mean.  You should avoid forwarding spam to it.  It is watching the 'from' address and it means it will have contradictory data.

 *From the wiki wrote:*   

> 
> 
> Resist the urge to start doing anything other than training it as you go along.
> 
> 

 

----------

## streamkid

I'm having problems to set up the training stuff.

I'll tell you what I did so you can point out errors:

I use postfix with virtual domains (+1 local).

The local is streamkid.net, and as virtual let's take one only, streamkid.gr.

There are two email addresses: streamkid@streamkid.net (UID 1000) and alex@streamkid.gr (UID 1001).

Using a tutorial on the gentoo-wiki, all virtual domains users are with UID 1001, user vmail.

For using the webstats, I did

htpasswd -c /var/www/dspam_vhost/passwd streamkid

and gave a password.

(How would I sign in for alex@streamkid.gr? If I did "htpasswd2 /var/www/dspam_vhost/passwd vmail", this would be the same for all virtual users/domains. So??)

Now, when I log in in the web ui, on the preferences tab, nothing is configured. I configure it (to quarantine the messages, etc.).  When looking on the mysql db dspam uses, everything that was created on the last step, has a UID of 1008.

This is wrong, right?

Of course, nothing works. I don't see anything at all neither on my 'History', nor in the 'Quarantine' templates.

Thanks in advance for your help!!

----------

## magic919

Okay.  If you followed the Gentoo wiki DSPAM, you'll be processing all mail as username filter.  You need to log into DSPAM web interface as that user.  (OR add streamkid to file called admins in DSPAM cgi-bin. ) You should find that UID 1008 ties up with the filter user.

Once you have the webui user sorted you ought to be able to see history and stuff.

----------

## streamkid

The problem was that 'streamkid' was just a username. I created a 'complete username' (streamkid@mydomain.net). Now when I log on with this, I can see everything. 

When I log on with plain 'filter' (no 'filter@mydomain.net'), it also shows. I don't understand why.

Also, right now, on dspam's db my user has a UID of 1, which makes me think that it's like an internal (for dspam housekeeping) UID; nothing to do with the system's (if the user exist).

Seems that the only thing that's left is training.

 *magic919 wrote:*   

> Personally I'd say use the DSPAM webgui to re-train the messages.  It is possible to forward them to a special address.  My method is I put them in an IMAP folder and have a cronjob re-train them by unning a script.  Start with the web interface though.

 

How can I put them in an IMAP folder?

magic919, your support was more than critical!

Thanks in advance mate!  :Smile: 

----------

## magic919

For training, I always create a folder called Spam.  Then I run a cronjob

```

0,15,30,45 * * * * /usr/sbin/dspam_retrain.sh -d=/var/vmail -u=filter -s=Spam -i=false -v > /dev/null 2>&1

```

This fires up a script that I found on the net.  -d tells it where the mail directories are.  -s is the name of the spam folder - Spam (case sensitive).  -i would tell it where to retrain innocent messages it had marked as spam (I don't actually do that).

Run it on the commandline first to check what happens.

You will get an error unless you have installed dev-perl/Getopt-Mixed.

```

#!/usr/bin/perl

#

# Train DSPAM from imap folders

# Norman Maurer <nm@byteaction.de> or <nm@spam-box.de>

##################################################

use Getopt::Mixed;

Getopt::Mixed::getOptions("d:s h v u:s s:s i:s user>u domain-dir>d 

spam-dir>s innocent-dir>i help>h verbose>v");

my $spam_dir = $opt_s;

my $innocent_dir = $opt_i;

my $domain_dir = $opt_d;

my $user = $opt_u;

my $spam_opts = "--class=spam --source=error";

my $innocent_opts = "--class=innocent --source=error";

my $spam_count = 0;

my $innocent_count = 0;

&help if (defined $opt_h || !defined $opt_u || !defined $opt_s || 

!defined $opt_i || !defined $opt_d);

&train_spam;

&train_innocent;

exit 0;

sub help

{

        print "\nUsage:\n";

        print "-d\t--domain-dir\tdirecotry where the domains are 

keept.\n";

        print "-u\t--user\tuser which should use for train 

dspam.\n";

        print "-s\t--spam-dir\tname of the directory where the 

users store their missing spam\n";

        print "-i\t--innocent-dir\tname of the firectory where the 

users store their false positives\n";

        print "-v\t--verbose\tgive verbose output\n";

        print "-h\t--help\tshow this help\n";

        print "\n";

        print "Example:\n";

        print "$0 -d=/var/qmail/vpopmail/domains -u=byteaction.de 

-s=spam-missing -i=false-positive -v\n\n";

        exit 0;

}

sub train_spam

{

        my @spam_array = split(/\n/, `find $domain_dir -regex 

'.*\.$spam_dir/cur/.*'`);

        foreach my $spam (@spam_array)

        {

                system("dspam $spam_opts --user $opt_u --client < 

$spam");

                system("rm -f $spam");

                $spam_count++;

        }

        if (defined $opt_v)

        {

                print "$0: Trained $spam_count missed spams\n";

        }

}

sub train_innocent

{

        my @innocent_array = split(/\n/, `find $domain_dir -regex 

'.*\.$innocent_dir/cur/.*'`);

        foreach my $innocent (@innocent_array)

        {

                system("dspam $innocent_opts --user $opt_u 

--client < $innocent");

                system("rm -f $innocent");

                $innocent_count++;

        }

        if (defined $opt_v)

        {

                print "$0: Trained $innocent_count false 

positives\n";

        }

}

```

Hope this helps.

----------

## streamkid

Right now I'm having some issues with courier-imap (can't create folders out of INBOX), but as soon as I fix this, I'll try the script too.

----------

## magic919

Ok.  I use Dovecot, so cannot help with that.  Catch you later.

----------

