# DSPAM and signatures

## misc

Hi, can anyone tell me where/how signatures are stored/created? I'm using the hash driver (don't want to use mysql) and am getting the following when forwarding spam to spam@mydomain.com:

```

Feb 18 00:45:19 testbox dspam[26606]: process_message returned error -5.  dropping message.

Feb 18 00:45:19 testbox dspam[26607]: Unable to open file for reading: /var/dspam/data/someuser/somuser.sig/45d7311f265993039334502.sig: No such file or directory

Feb 18 00:45:19 testbox dspam[26607]: Signature retrieval for '45d7311f265993039334502' failed

Feb 18 00:45:19 testbox dspam[26607]: Unable to find a valid signature. Aborting.

```

The /var/dspam/data dir is chmod'd 777 for now until I can figure out what's going on. /var/dspam/data/someuser/ exists but someuser.sig/ does not. 

The following is probably irrelevant but will post it anyway. I'm using postfix. I host one domain ('mydomain.com') and forward it all to another server, unless the mail is destined for spam@mydomain.com. Very simple setup, I don't require per user filtering. I just want to forward all spam to the spam@ address so mail will get filtered exactly the same way regardless of who the mail is destined to. Here is my /etc/postfix/transport file:

```

spam@mydomain.com          dspam-retrain:spam

mydomain.com                    smtp:[10.0.0.1]

```

Relevent /etc/postfix/master.cf section:

 *Quote:*   

> 
> 
> dspam   unix    -       n       n       -       10      pipe
> 
>   flags=Ru user=dspam argv=/usr/bin/dspam --deliver=innocent --user $user -i -f $sender -- $recipient
> ...

 

grep -vE '(^#|^ *$)' /etc/dspam.conf :

 *Quote:*   

> 
> 
> Home /var/dspam
> 
> StorageDriver /usr/lib/libhash_drv.so
> ...

 

Thanks for any help. Most documents I've come across are related to using mysql signatures but I don't want that overhead. And pretty much every howto is for when the postfix server is the final destination (user accounts stored locally/virtually) rather than forwarding off to another server, although I have that part under control before dspam came into the picture. If I knew where the signatures are stored for the hash driver then that might be able to help me solve my problem.

----------

## magic919

Have for tried a search for .sig files or directories?

----------

## misc

 *magic919 wrote:*   

> Have for tried a search for .sig files or directories?

 

Good point.

updatedb && locate -r \.sig$

 *Quote:*   

> 
> 
> /var/dspam/data/spam/spam.sig
> 
> /var/dspam/data/spam/spam.sig/45d7228f143048702918568.sig
> ...

 

So they are there. Why as the 'spam' user only? I guess this means I have a misconfigured postfix or dspam configuration. In theory, this is what I want, all signatures are coming in as one user. Now I just have to get postfix/dspam to read these signatures regardless of where the mail is going to / going from.

Any ideas on how I would do that?

----------

## magic919

Looks like you just need to tweak the retrain to have the --user spam.

----------

## misc

Well, I replaced the --user $user in my master.cf with --user spam but that didn't change anything. It depends on my send address. If I send from blah@whatever.com, then it can't open /var/dspam/data/blah/blah.sig. So, I changed this line in master.cf:

```

dspam-retrain   unix    -       n       n       -       10      pipe

  flags=Ru user=dspam argv=/usr/bin/dspam-retrain $nexthop $sender $recipient

```

To this:

 *Quote:*   

> 
> 
> dspam-retrain   unix    -       n       n       -       10      pipe
> 
>   flags=Ru user=dspam argv=/usr/bin/dspam-retrain $nexthop spam $recipient
> ...

 

(replaced $sender with spam)

That stopped the error. But then I get this in my log:

```

Feb 18 02:51:56 testbox postfix/pipe[4011]: E76D39076B: to=<spam@mydomain.com>, relay=dspam-retrain, delay=0, status=deferred (temporary failure. Command output: Can't determine user )

```

----------

## magic919

I think the retrain script you are using is causing the problem.  On mine I can just specify the user.  You'll need to send the messages to spam-spam@example.com and it will take the second -spam as the user.

----------

## misc

Ah, you are right. I changed the dspam-train script slightly so that the user is always 'admin'. That got rid of the error, although I don't think it's working properly, because spam sent to another user will not be tagged.

What should the user be set to if I want the it to be updated on a global basis?

----------

## misc

Ok, I think I'm getting there. Here is my relevant postfix config:

```

smtp      inet  n       -       n       -       -       smtpd

  -o content_filter=dspam:

dspam   unix    -       n       n       -       10      pipe

  flags=Ru user=dspam argv=/usr/bin/dspam --deliver=innocent --user spam -i -f $sender -- $recipient

dspam-retrain   unix    -       n       n       -       10      pipe

  flags=Ru user=dspam argv=/usr/bin/dspam-retrain $nexthop spam $recipient

```

So, I'm specifying user 'spam' in both dspam and dspam-retrain sections which (hopefully) forces it to all be passed under the spam user. 

I understand now how signatures are being created and why the errors appear and how to get rid of them, it's all starting to come together. It's even marking messages as spam (however I'm only on a private network so have been testing very limited number of emails). 

To my understanding, I will get the signature error appear if I forward a whole bunch of spam messages into my spam@ address, because they didn't originally come into the system in the first place. Spam messages need to arrive in the system for dspam to add its signature. Then you send them to spam@ address, and the retrain app can then find the signature and process.

So am I on the right track here? I've also changed the dspam-retrain script to also run as the dspam --user spam rather than $user.

The only thing now, is that when I go to the web interface, all my setttings need to be done via the 'spam' user. This means that I can't use /admin.cgi. Probably not much of an issue. I suppose I could change all my --user spam to --user admin instead. Still experimenting.

----------

## magic919

Sounds like you are on the right track.  Only use the set-up for re-training things DSPAM has mis-classified and you'll be fine.  There are ways of training it using a bunch of existing spam (that it has never seen) but I'd avoid that personally.

Add user spam to the admins file in ~DSPAM.

----------

## misc

Alright, I'll give it a try. Thanks for all your help! Spent a whole day on this. I remember reading a HowTo that said, put 10 hours aside for the setup. I thought "yeah right!" but they were pretty close.

----------

## magic919

My first one took me days.  But it does get easier.  I use it on 5 servers now.

----------

