# Using amavisd with postfix, can't resend ham email

## torrance

I've been using http://www.gentoo.org/doc/en/mailfilter-guide.xml as my guide. I have everything working smoothly, except i have to be able to resend my false positive emails to my recipients. The procmail filter is setup and moving messages as it should, my problems are as follows..

1) I can't get courier-imap emerged, it gives me this error :

Linking libauthpam.la

nm: libmisc.a: File format not recognized

nm: libmisc.a: File format not recognized

/usr/lib/libshadow.a: member /usr/lib/libshadow.a(libmisc.a) in archive is not an object

collect2: ld returned 1 exit status

that's for courier-authlib

2) I have "#$defang_spam = 1;  # default is false: don't modify mail body" in my /etc/amavisd.conf, yet i still get the original email as an attachment in both my spam notify email and my spamtrap@myhostname quarantine. 

I need a way of extracting the original email from my quarantine, so i can mark it as ham and resend it. I can't really live with-out imap either, as i would like to be able to move messages from my .maildir/.spam-found folder to my .maildir/.resend folder ...

Any help would be greatly appreciated, if i can't get this functionality going soon... we're going to have to scrap the whole project...

----------

## steveb

What anti-spam solution do you use? Spamassassin or DSPAM?

cheers

SteveB

----------

## torrance

I'm using spamassassin.

Did i miss a config entry somewhere you think?

----------

## steveb

A # infront of a line is a remark in amavis. If you want the $defrag_spam stuff to be active, then remove the # at the beginning of the line.

cheers

SteveB

----------

## torrance

Yeah, i've tried it both ways.. with =0 and =1, same results   :Sad:  It's rem'd out now because i was hoping the default would turn it off.

Anyone have any ideas about my courier-imap probs???

----------

## langthang

 *torrance wrote:*   

> Anyone have any ideas about my courier-imap probs???

 

https://bugs.gentoo.org/show_bug.cgi?id=110602

re-emerge shadow

----------

## steveb

 *torrance wrote:*   

> Yeah, i've tried it both ways.. with =0 and =1, same results   It's rem'd out now because i was hoping the default would turn it off.
> 
> Anyone have any ideas about my courier-imap probs???

 

Did you read my post???? NO # infront of the line is the solution!!

```
$defang_spam = 1; # default is false: don't modify mail body
```

cheers

SteveB

----------

## torrance

Yeah i wish it was that simple. I had the # taken-out and tried it with =1 and =0, no change in attachments. I decided to put the # back in as that's the default and by default, it shouldn't modify the messages. No change there either.. 

    I've been looking @ a couple perl scripts that strip-out the attached messages and then resend the message to the original recipient. That's not going well either as the script i have doesn't completely strip all the header info that's injected from SA and amasivd. I also have no idea how the script will handle a message that say has a jpg or doc attachment.

----------

## steveb

 *torrance wrote:*   

> Yeah i wish it was that simple. I had the # taken-out and tried it with =1 and =0, no change in attachments. I decided to put the # back in as that's the default and by default, it shouldn't modify the messages. No change there either.. 
> 
>     I've been looking @ a couple perl scripts that strip-out the attached messages and then resend the message to the original recipient. That's not going well either as the script i have doesn't completely strip all the header info that's injected from SA and amasivd. I also have no idea how the script will handle a message that say has a jpg or doc attachment.

 

Why all this stress? Would it not be esyer to get something like DSPAM and use amavis only for virus and content filtering and add DSPAM as a content filter into Postfix?

I currently have such a setup:

```
--[internet]--> postfix --> amavis --> dspam --> virtual/local delivery -->
```

Beside beeing able to use global ham/spam aliases, the user can go into DSPAM WebUI and change there the satus of a message (change it to innocent/spam) without sending the message back to Postfix/DSPAM.

I know, that I could include DSPAM into amavis. But exluding SPAM Filtering from amavis gives me greater controll of what messages to filter and what not (in my setup I do not filter local network inbound/outbound messages and I do not filter outbound messages at all).

Anyway... maybe someone with more SA experiance can help you better then me.

cheers

SteveB

----------

## torrance

Thank you for changing my mind on this. I've got Dspam and the webinterface installed. How would you suggest i run dspam? Using the "mailbox_command = /usr/bin/dspam --user ${user} --deliver=innocent" in postfix, or somehow calling it from amavisd? 

This is running on a mta gateway btw, it's relaying to an exchange server.

I've still got to do a lot more reading on this program, it does look like it has lots of potential though.

----------

## steveb

 *torrance wrote:*   

> Thank you for changing my mind on this. I've got Dspam and the webinterface installed. How would you suggest i run dspam? Using the "mailbox_command = /usr/bin/dspam --user ${user} --deliver=innocent" in postfix, or somehow calling it from amavisd? 
> 
> This is running on a mta gateway btw, it's relaying to an exchange server.
> 
> I've still got to do a lot more reading on this program, it does look like it has lots of potential though.

 

I could quickly post my setup.

/etc/postfix/master.cf:

```
#[STEVEB]#===================================================================

#smtp      inet  n       -       n       -       -       smtpd

<external ip address>:smtp      inet  n       -       n       -       -       smtpd

   -o content_filter=smtp-amavis:[127.0.0.1]:10024

   -o cleanup_service_name=pre-cleanup

<internal ip address>:smtp        inet  n       -       n       -       -       smtpd

127.0.0.1:smtp            inet  n       -       n       -       -       smtpd

#===========================================================================

#submission inet n      -       n       -       -       smtpd

#       -o smtpd_etrn_restrictions=reject

#       -o smtpd_client_restrictions=permit_sasl_authenticated,reject

#smtps    inet  n       -       n       -       -       smtpd

#  -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes

#[STEVEB]#===================================================================

<external ip address>:ssmtp     inet  n       -       n       -       -       smtpd

   -o content_filter=smtp-amavis:[127.0.0.1]:10024

   -o cleanup_service_name=pre-cleanup

   -o smtpd_tls_wrappermode=yes

   -o smtpd_sasl_auth_enable=yes

<internal ip address>:ssmtp       inet  n       -       n       -       -       smtpd

   -o smtpd_tls_wrappermode=yes

   -o smtpd_sasl_auth_enable=yes

127.0.0.1:ssmtp           inet  n       -       n       -       -       smtpd

#===========================================================================

#submission   inet    n       -       n       -       -       smtpd

#  -o smtpd_etrn_restrictions=reject

#  -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes

#628      inet  n       -       n       -       -       qmqpd

pickup    fifo  n       -       n       60      1       pickup

#[STEVEB]#===================================================================

# We do our own cleanup service

#cleanup   unix  n       -       n       -       0       cleanup

#===========================================================================

qmgr      fifo  n       -       n       300     1       qmgr

#qmgr     fifo  n       -       n       300     1       oqmgr

tlsmgr    unix  -       -       n       1000?   1       tlsmgr

rewrite   unix  -       -       n       -       -       trivial-rewrite

bounce    unix  -       -       n       -       0       bounce

defer     unix  -       -       n       -       0       bounce

trace     unix  -       -       n       -       0       bounce

verify    unix  -       -       n       -       1       verify

flush     unix  n       -       n       1000?   0       flush

proxymap  unix  -       -       n       -       -       proxymap

smtp      unix  -       -       n       -       -       smtp

# When relaying mail as backup MX, disable fallback_relay to avoid MX loops

relay     unix  -       -       n       -       -       smtp

        -o fallback_relay=

#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5

showq     unix  n       -       n       -       -       showq

error     unix  -       -       n       -       -       error

discard   unix  -       -       n       -       -       discard

#[STEVEB]#===================================================================

#local     unix  -       n       n       -       -       local

#===========================================================================

virtual   unix  -       n       n       -       -       virtual

lmtp      unix  -       -       n       -       -       lmtp

anvil     unix  -       -       n       -       1       anvil

scache    unix  -       -       n       -       1       scache

#

# ====================================================================

# Interfaces to non-Postfix software. Be sure to examine the manual

# pages of the non-Postfix software to find out what options it wants.

#

# Many of the following services use the Postfix pipe(8) delivery

# agent.  See the pipe(8) man page for information about ${recipient}

# and other message envelope options.

# ====================================================================

#

# maildrop. See the Postfix MAILDROP_README file for details.

# Also specify in main.cf: maildrop_destination_recipient_limit=1

#

maildrop  unix  -       n       n       -       -       pipe

  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}

#

# The Cyrus deliver program has changed incompatibly, multiple times.

#

old-cyrus unix  -       n       n       -       -       pipe

  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}

# Cyrus 2.1.5 (Amos Gouaux)

# Also specify in main.cf: cyrus_destination_recipient_limit=1

cyrus     unix  -       n       n       -       -       pipe

  user=cyrus argv=/usr/lib/cyrus/deliver -e -r ${sender} -m ${extension} ${user}

#

# See the Postfix UUCP_README file for configuration details.

#

uucp      unix  -       n       n       -       -       pipe

  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)

#

# Other external delivery methods.

#

ifmail    unix  -       n       n       -       -       pipe

  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)

bsmtp     unix  -       n       n       -       -       pipe

  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient

#[STEVEB]#===================================================================

# AV scan filter

smtp-amavis unix -      -       n       -       2       lmtp

    -o lmtp_data_done_timeout=1200

    -o lmtp_send_xforward_command=yes

    -o disable_dns_lookups=yes

    -o max_use=20

# For injecting mail back into postfix from the filter

127.0.0.1:10025 inet n  -       n       -       -       smtpd

    -o cleanup_service_name=cleanup

    -o local_recipient_maps=

    -o relay_recipient_maps=

    -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks

    -o smtpd_restriction_classes=

    -o smtpd_client_restrictions=

    -o smtpd_helo_restrictions=

    -o smtpd_sender_restrictions=

    -o smtpd_recipient_restrictions=permit_mynetworks,reject

    -o mynetworks=127.0.0.0/8

    -o mynetworks_style=host

    -o smtpd_authorized_xforward_hosts=127.0.0.0/8

    -o strict_rfc821_envelopes=yes

    -o smtpd_error_sleep_time=0

    -o smtpd_soft_error_limit=1001

    -o smtpd_hard_error_limit=1000

    -o smtp_send_xforward_command=yes

    -o content_filter=dspam:dummy

# For injecting mail back into postfix from the filter

127.0.0.1:10026 inet n  -       n       -       -       smtpd

    -o local_recipient_maps=

    -o relay_recipient_maps=

    -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks

    -o smtpd_restriction_classes=

    -o smtpd_client_restrictions=

    -o smtpd_helo_restrictions=

    -o smtpd_sender_restrictions=

    -o smtpd_recipient_restrictions=permit_mynetworks,reject

    -o mynetworks=127.0.0.0/8

    -o mynetworks_style=host

    -o strict_rfc821_envelopes=yes

    -o smtpd_error_sleep_time=0

    -o smtpd_authorized_xforward_hosts=127.0.0.0/8

    -o smtpd_soft_error_limit=1001

    -o smtpd_hard_error_limit=1000

    -o content_filter=

# The first cleanup step. This do the header_checks, body_checks and mime_header_check

pre-cleanup     unix  n  -       n       -        0     cleanup

    -o virtual_alias_maps=

    -o canonical_maps=

    -o sender_canonical_maps=

    -o recipient_canonical_maps=

    -o masquerade_domains=

    -o always_bcc=

    -o sender_bcc_maps=

    -o recipient_bcc_maps=

# The second cleanup step. This is used so that no header_checks, body_checks or

# mime_header_checks are performed again. Otherwise a loop is created when a spam

# is found in the checks.

cleanup         unix  n  -        n       -        0     cleanup

    -o mime_header_checks=

    -o nested_header_checks=

    -o body_checks=

    -o header_checks=

    -o cleanup_service_name=cleanup

local           unix  -  n        n       -       -       local

    -o content_filter=

    -o myhostname=localhost

    -o local_recipient_maps=

    -o relay_recipient_maps=

    -o mynetworks=127.0.0.0/8

    -o mynetworks_style=host

    -o smtpd_restriction_classes=

    -o smtpd_client_restrictions=

    -o smtpd_helo_restrictions=

    -o smtpd_sender_restrictions=

    -o smtpd_recipient_restrictions=permit_mynetworks,reject

vacation        unix   -      n       n       -       -       pipe

   flags=DRhu user=vacation:vacation argv=/var/spool/vacation/vacation_new.pl

# SPF

spf-smtpd-policy   unix   -      n       n       -       -       spawn

   user=nobody argv=/usr/bin/perl /etc/postfix/spf-smtpd-policy.pl

## DSPAM Agent :: delivering spam and innocent

#

#dspam           unix   -      n       n       -        -      pipe

#   flags=Rhq user=dspam argv=/usr/bin/dspam

#   --mode=teft

#   --deliver=spam,innocent,summary

#   --feature=ch,no,wh,tb=5

#   -i -f ${sender} -- %u --user ${recipient}

#

#dspamdel        unix   -      n       n       -       -       pipe

#   flags=Rhq user=dspam argv=/usr/bin/dspam

#   --user ${nexthop}

#   --class=innocent

#   --source=error

#   --deliver=spam,innocent,summary

#   --stdout

#

#dspamadd        unix   -      n       n       -       -       pipe

#   flags=Rhq user=dspam argv=/usr/bin/dspam

#   --user ${nexthop}

#   --class=spam

#   --source=error

#   --deliver=spam,innocent,summary

#   --stdout

#

#dspam-retrain   unix   -      n       n       -       -       pipe

#   flags=Rhq user=dspam argv=/usr/bin/dspam

#   --user globaluser

#   --class=$nexthop

#   --source=error

#   --deliver=spam,innocent

#   --stdout

## DSPAM Agent :: delivering spam and innocent

#

#dspam           unix   -      n       n       -        -      pipe

#   flags=Rhqu user=dspam argv=/usr/bin/dspamc

#   --client

#   --mode=teft

#   --deliver=spam,innocent

#   --feature=ch,no,wh,tb=5

#   --user ${recipient}

#   -i -f ${sender} -- ${recipient}

#

#dspamdel        unix   -      n       n       -       -       pipe

#   flags=Rhq user=dspam argv=/usr/bin/dspamc

#   --client

#   --user ${nexthop}

#   --class=innocent

#   --source=error

#   --deliver=spam,innocent

#   --stdout

#

#dspamadd        unix   -      n       n       -       -       pipe

#   flags=Rhq user=dspam argv=/usr/bin/dspamc

#   --client

#   --user ${nexthop}

#   --class=spam

#   --source=error

#   --deliver=spam,innocent

#   --stdout

#

#dspam-retrain   unix   -      n       n       -       -       pipe

#   flags=Rhq user=dspam argv=/usr/bin/dspamc

#   --user globaluser

#   --class=$nexthop

#   --source=error

#   --deliver=spam,innocent

#   --stdout

## DSPAM Agent - client/server mode :: delivering innocent

#

dspam           unix   -      n       n       -        -      pipe

   flags=Rhqu user=dspam argv=/usr/bin/dspamc

   --client

   --mode=teft

   --deliver=innocent

   --feature=ch,no,wh,tb=5

   --user ${recipient}

   -i -f ${sender} -- ${recipient}

dspamdel        unix   -      n       n       -       -       pipe

   flags=Rhq user=dspam argv=/usr/bin/dspamc

   --client

   --user ${nexthop}

   --class=innocent

   --source=error

   --deliver=spam,innocent

   --stdout

dspamadd        unix   -      n       n       -       -       pipe

   flags=Rhq user=dspam argv=/usr/bin/dspamc

   --client

   --user ${nexthop}

   --class=spam

   --source=error

   --deliver=spam,innocent

   --stdout

dspam-retrain   unix   -      n       n       -       -       pipe

   flags=Rhq user=dspam argv=/usr/bin/dspamc

   --user globaluser

   --class=$nexthop

   --source=error

   --deliver=spam,innocent

   --stdout

#===========================================================================
```

You will probably not need vacation and the SPF stuff. If you are using DSPAM daemon mode, then you could use dspamc, else you can use the dspam binary. When they introduced the dspamc binary, calls with it where much faster then with the normal dspam binary. Today this is allmost equal in speed. Calling dspamc or dspam does not make a big difference at all.

I did not enabled DSPAM in amavis. I like to controll DSPAM from outside and not from inside amavis. The important part in amavisd.conf is:

```
$forward_method = 'smtp:[127.0.0.1]:10025';  # where to forward checked mail

$notify_method = 'smtp:[127.0.0.01]:10026';  # where to submit notifications

@bypass_spam_checks_maps = (1);  # uncomment to DISABLE anti-spam code
```

When I started with amavis, I had all the stuff inside amavisd.conf. Now I use MySQL as data backend for amavis and I can easy configure amavis on a per user basis. If you are interessed in that part, then I could post what does need to be done for getting amavis to store policy and other stuff in MySQL.

The significant part of my main.cf:

```
#[STEVEB]###################################################

mydomain                                                = <domainname>

myhostname                                              = mail.$mydomain

inet_interfaces                                         = all

mydestination                                           = $myhostname, localhost.$mydomain $mydomain

mynetworks_style                                        = class

mynetworks                                              = <external ip in CIDR notation>, 192.168.0.0/24, 127.0.0.0/8

home_mailbox                                            = .maildir/

###########################################################

default_destination_concurrency_limit                   = 20

local_destination_concurrency_limit                     = 1

lmtp_destination_concurrency_limit                      = $default_destination_concurrency_limit

relay_destination_concurrency_limit                     = $default_destination_concurrency_limit

smtp_destination_concurrency_limit                      = $default_destination_concurrency_limit

virtual_destination_concurrency_limit                   = $default_destination_concurrency_limit

###########################################################

maildrop_destination_recipient_limit                    = 1

mailman_destination_recipient_limit                     = 1

transport_destination_recipient_limit                   = 1

vacation_destination_recipient_limit                    = 1

dspamdel_destination_recipient_limit                    = 1

dspamadd_destination_recipient_limit                    = 1

dspam_destination_recipient_limit                       = 1

dspam-retrain_destination_recipient_limit               = 1

###########################################################

smtpd_hard_error_limit                                  = 5

smtpd_helo_required                                     = yes

disable_vrfy_command                                    = yes

###########################################################

smtpd_sasl_auth_enable                                  = yes

smtpd_sasl2_auth_enable                                 = yes

smtpd_sasl_security_options                             = noanonymous

broken_sasl_auth_clients                                = yes

smtpd_sasl_local_domain                                 =

## smtp_sasl_password_maps                                      = hash:/etc/postfix/saslpass

###########################################################

smtpd_restriction_classes =

        greylist_policy

        spf_policy

        internal_check_service_access

        from_freemail_host

smtpd_client_restrictions =

smtpd_helo_restrictions =

smtpd_sender_restrictions =

#       warn_if_reject

#       reject_non_fqdn_hostname

internal_check_service_access =

        permit_sasl_authenticated

        check_client_access cidr:/etc/postfix/vunet_private_domain_mx_records.cidr

        reject

greylist_policy =

        check_policy_service inet:127.0.0.1:2501

spf_policy =

        check_policy_service unix:private/spf-smtpd-policy

from_freemail_host =

        check_client_access pcre:/etc/postfix/freemail_access.pcre

smtpd_data_restrictions =

        permit_mynetworks

        reject_unauth_pipelining

        permit

smtpd_recipient_restrictions =

        check_recipient_access pcre:/etc/postfix/check_special_recipient_access.pcre

        permit_sasl_authenticated

        check_client_access hash:/etc/postfix/pop-before-smtp

        permit_tls_clientcerts

        permit_mynetworks

        reject_invalid_hostname

        warn_if_reject

        reject_non_fqdn_hostname

        reject_non_fqdn_sender

        reject_non_fqdn_recipient

        reject_unknown_sender_domain

        reject_unknown_recipient_domain

        check_sender_mx_access cidr:/etc/postfix/verisign_hijacked_domain.cidr

        reject_unauth_destination

        check_helo_access pcre:/etc/postfix/check_helo_access.pcre

        check_recipient_access pcre:/etc/postfix/allow_abuse_postmaster.pcre

        reject_rhsbl_client rabl.nuclearelephant.com

        reject_rhsbl_sender rabl.nuclearelephant.com

        reject_rhsbl_client blackhole.securitysage.com

        reject_rhsbl_sender blackhole.securitysage.com

        reject_rhsbl_client rhsbl.sorbs.net

        reject_rhsbl_sender rhsbl.sorbs.net

        reject_rbl_client sbl-xbl.spamhaus.org

        reject_rbl_client list.dsbl.org

        reject_rbl_client relays.ordb.org

        reject_rbl_client ix.dnsbl.manitu.net

        check_recipient_access pcre:/etc/postfix/check_recipient_access.pcre

        check_recipient_access proxy:mysql:/etc/postfix/greylist_enabled_domain.mysql

        check_recipient_access regexp:/etc/postfix/greylist_enabled_users_for_disabled_domains.regex

        check_recipient_access pcre:/etc/postfix/sqlgrey_recipient_access.pcre

        check_sender_access pcre:/etc/postfix/freemail_access.pcre

        permit

##

#http://www.securitysage.com/antispam/hedchek.html

##

header_checks =

        pcre:/etc/postfix/header_checks.pcre

###########################################################

smtpd_use_tls                                           = yes

#smtpd_tls_ask_ccert                                    = yes

#smtpd_tls_auth_only                                    = yes

smtpd_tls_key_file                                      = /etc/postfix/newreq.pem

smtpd_tls_cert_file                                     = /etc/postfix/newcert.pem

smtpd_tls_CAfile                                        = /etc/postfix/cacert.pem

smtpd_tls_loglevel                                      = 1

smtpd_tls_received_header                               = yes

smtpd_tls_session_cache_timeout                         = 3600s

tls_daemon_random_source                                = dev:/dev/urandom

tls_random_source                                       = dev:/dev/urandom

###########################################################

smtp_use_tls                                            = yes

smtp_tls_note_starttls_offer                            = yes

###########################################################

proxy_read_maps =

        $local_recipient_maps

        $mydestination

        $virtual_alias_maps

        $virtual_alias_domains

        $virtual_mailbox_maps

        $virtual_mailbox_domains

        $relay_recipient_maps

        $relay_domains

        $canonical_maps

        $sender_canonical_maps

        $recipient_canonical_maps

        $relocated_maps

        $transport_maps

        $mynetworks

        $virtual_mailbox_limit_maps

        proxy:mysql:/etc/postfix/greylist_enabled_domain.mysql

alias_maps =

        hash:/usr/local/mailman/data/aliases

        hash:/etc/mail/aliases

alias_database =

        hash:/usr/local/mailman/data/aliases

        hash:/etc/mail/aliases

local_recipient_maps =

        $alias_maps

        unix:passwd.byname

virtual_alias_maps =

        hash:/usr/local/mailman/data/virtual-mailman

        proxy:mysql:/etc/postfix/mailman_domains.mysql

        proxy:mysql:/etc/postfix/virtual_alias_maps.mysql

transport_maps =

        pcre:/etc/postfix/transport.pcre

        proxy:mysql:/etc/postfix/virtual_transport_maps.mysql

relay_domains =

        proxy:mysql:/etc/postfix/mailman_domains.mysql

        proxy:mysql:/etc/postfix/relay_domains_maps.mysql

recipient_canonical_maps =

        hash:/etc/postfix/recipient_canonical_maps.hash

###########################################################

local_transport                                         = local

virtual_transport                                       = virtual

fallback_transport                                      = virtual

###########################################################

##virtual_alias_domains                                 = proxy:mysql:/etc/postfix/mailman_domains.mysql

###########################################################

virtual_gid_maps                                        = static:1003

virtual_mailbox_base                                    = /home/vmail

virtual_mailbox_domains                                 = proxy:mysql:/etc/postfix/virtual_mailbox_domains.mysql

virtual_mailbox_maps                                    = proxy:mysql:/etc/postfix/virtual_mailbox_maps.mysql

virtual_minimum_uid                                     = 1000

virtual_uid_maps                                        = static:1003

## [QUOTA] ################################################

virtual_mailbox_limit                                   = 107374182400

virtual_create_maildirsize                              = yes

virtual_mailbox_extended                                = yes

virtual_mailbox_limit_maps                              = proxy:mysql:/etc/postfix/virtual_mailbox_limit_maps.mysql

virtual_mailbox_limit_override                          = yes

virtual_maildir_limit_message                           = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.

virtual_overquota_bounce                                = yes

###########################################################

masquerade_domains                                      = $mydomain

###########################################################

smtpd_banner                                            = $myhostname ESMTP $mail_name ($mail_version) [NO UCE, NO UBE, C=CH, L=ZU]

smtpd_delay_reject                                      = yes

strict_rfc821_envelopes                                 = yes

###########################################################

##content_filter                                                = smtp-amavis:[127.0.0.1]:10024

###########################################################

##mailbox_command                                               = /usr/bin/maildrop

###########################################################

max_use                                                 = 10

###########################################################

owner_request_special                                   = no

recipient_delimiter                                     = +

###########################################################

##fallback_relay                                                = 192.168.0.120

##fallback_relay                                                = 192.168.0.254

###########################################################

message_size_limit                                      = 52428800

mailbox_size_limit                                      = 0

###########################################################
```

I use Postfix.Admin to administer my domain. The most part of the *.mysql references are descriptions for reading up the user and domain related stuff.

I have added as well some stuff to prevent the missuse of my system as a open relay or to prevent spam getting in. Mainly Greylisting and other stuff. The SPF stuff is inside the main.cf but not used, since I had very bad experiance with it (I need to forward mails to other mail servers outside my domain and SPF breaks terribly when doing this).

For Greylisting I use SQLGrey. It is a very good package and it holds about 70% to 80% of spam even getting into the system.

Some of the stuff in the *.pcre files is redundant and I did not have time to clean it up. I am anyway movint the mail server to be on another system. I will then clean up stuff. Anyway... here are the important *.pcre files:

allow_abuse_postmaster.pcre:

```
# SQLgrey whitelist for mail recipients

# -------------------------------------

# sqlgrey_recipient_access.pcre

#

/^postmaster@\@/                        OK

/^hostmaster@\@/                        OK

/^abuse@\@/                             OK

```

check_helo_access.pcre:

```
# /etc/postfix/check_helo_access.pcre

#

/number\.number\.number\.number/        REJECT You are not xxx.xxx.xxx.xxx

/mx1\.domain\.tld/                      REJECT You are not mx1.domain.tld

/mail\.domain\.tld/                     REJECT You are not mail.domain.tld

/mail1\.domain\.tld/                    REJECT You are not mail1.domain.tld

/domain-number\.sdsl_isp-domain\.tld/   REJECT You are not domain-number.sdsl_isp-domain.tld

#/localhost/                            REJECT You are not localhost

```

check_recipient_access.pcre:

```
# smtpd_recipient_restrictions = check_recipient_access check_recipient_access.pcre

#

# http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt

#

/^\@/                   550 Invalid address format

/[!%\@].*\@/            550 This server disallows weird address syntax

/^postmaster\@/         OK

/^hostmaster\@/         OK

/^abuse\@/              OK

```

check_sender_access_for_our_clients_using_broken_ms_software.pcre:

```
# /etc/postfix/check_sender_access_for_our_clients_using_broken_ms_software.pcre

#

# shity Microsoft Outlook does send wrong helo command

#

/^user1\@domain\.tld$/  OK

/^user2\@domain\.tld$/  OK

/^user3\@domain\.tld$/  OK

/^user4\@domain\.tld$/  OK

```

check_special_recipient_access.pcre:

```
## /etc/postfix/check_special_recipient_access.pcre

#

# Description: Only allow SASL authentificated

#              users to use certain services.

#

# main.cf:

# smtpd_restriction_classes =

#   internal_check_service_access

#

# internal_check_service_access =

#   permit_sasl_authenticated

#   reject

#

# smtpd_recipient_restrictions =

#   check_recipient_access pcre:/etc/postfix/check_special_recipient_access.pcre

#   ...

##

# HylaFax email to fax gateway

# -> limit the fax number to be 9 to 13 digits only and it needs

#    to start with a zero.

#

/^[\w\-.%]+\@0[\d]{8,12}\.fax$/                         internal_check_service_access

/^.*\.fax$/                                             REJECT You are not allowed to use the Fax Service!

# DSPAM SPAM-/NOTSPAM reports

# -> address needs to start with: spam, dspam, nospam or notspam

#

/^(d|no|not)*spam\-(add|del)\-([\w\-.%]+\@[\w.-]+)$/    internal_check_service_access

/^.*spam\-(add|del)\-.*\@.*$/                           REJECT You are not allowed to use the Anti-SPAM Service!

```

dspam_recipient_access.pcre:

```
/^dspam-add-@(.*\..*)$/                FILTER  dspamadd:${1}

/^dspam-del-@(.*\..*)$/         FILTER  dspamdel:${1}

```

freemail_access.pcre:

```
# Stopping Forged Freemail

# -------------------------------------

# freemail_access.pcre

#

/^yahoo\.com$/                          from_freemail_host

/^earthlink\.net$/                      from_freemail_host

/^excite\.com$/                         from_freemail_host

/^gmx\.\(de\|net\)$/                    from_freemail_host

/^hotmail\.com$/                        from_freemail_host

/^gmail\.com$/                          from_freemail_host

```

freemail_hosts.pcre:

```
# Stopping Forged Freemail

# -------------------------------------

# freemail_hosts.pcre

#

/^yahoo\.com$/                          OK

/^earthlink\.net$/                      OK

/^excite\.com$/                         OK

/^excitenetwork\.com$/                  OK

/^gmx\.\(de\|net\)$/                    OK

/^hotmail\.com$/                        OK

/^google\.com$/                         OK

```

header_checks.pcre:

```
# This is a slightly modified version of the header_checks filter file for mail.securitysage.com, published by SecuritySage Inc.

# This filter is based on the work of Jeffrey Posluns <jeff@posluns.com>

# Filter Version 20040407-1

# For more information about UCE/spam and how to stop it, please see http://www.securitysage.com/guides/postfix_uce.html

# For the latest *short* header checks file please see http://www.securitysage.com/files/header_checks.short

# For the latest *short* body checks file please see http://www.securitysage.com/files/body_checks.short

# For the latest mime header checks file please see http://www.securitysage.com/files/mime_header_checks

# If you need a copy of the old header or body checks, just change short to long in the file name.

# UPDATE: These filters are no longer being updated regularly. We intend to continue updating once or twice a month, but due to the introduction of

#       new anti-spam technologies and mechanisms (see the guides in the URL above), header and body checks are nowhere near as effective as they

#       used to be. We will however maintain a *short* list of header and body checks that contain anti-spam filters, but will not contain

#       any of the spam-like strings.

# Please feel free to copy, use, discuss, link to, or modify this file in compliance with the rules below:

#  1. These filters (or portions thereof) may not be sold or included in a package (software or otherwise) for which fees are charged.

#  2. If you wish to sell or include these filters as part of a package for which fees are charged, please contact us to arrange for a redistribution license.

#  3. Leave this header information intact.

#  4. Do not change the SPAM-ID numbers. We use these numbers to help track false rejections.

#  5. if you modify this file, indicate such on the line below, so that people can be aware that the filter is not an original version.

# We use the header_checks file to remove some headers that we find undesirable.

# Return receipts and software versions are the most significant in this situation.

# For more information, please see http://www.securitysage.com/guides/postfix_anonym.html

#/^Received: from 127.0.0.1/                    IGNORE

/^Disposition-Notification-To:/                 IGNORE

# On some systems we create a custom log entry for SpamAssassin confirmed spam emails.

# If you want to drop or hold these emails, change WARN to DISCARD or HOLD respectively.

# You can also use the FILTER command to forward all spam to another process or account.

# /^X-Spam-Flag: YES/                           WARN SpamAssassin Confirmed Spam Content

# These are headers used to track some spam messages.

/^Bel-Tracking: .*/                             REJECT Confirmed spam. Go away.

/^Hel-Tracking: .*/                             REJECT Confirmed spam. Go away.

/^Kel-Tracking: .*/                             REJECT Confirmed spam. Go away.

/^BIC-Tracking: .*/                             REJECT Confirmed spam. Go away.

/^Lid-Tracking: .*/                             REJECT Confirmed spam. Go away.

# Following Will Block Spams With Many Spaces In The Subject.

/^Subject: .*            /                      REJECT Your subject had too many subsequent spaces. Please change the subject and try again.

# Emails with eronious dates (or dates far in the past) will appear at the top or bottom of your mail client.

# This is a common method that spammers use to try and get your attention on their emails.

#/^Date: .* 2004/                               REJECT Your computer still thinks it's 2004. Fix your system clock and try again.

#/^Date: .* 2003/                               REJECT Your computer still thinks it's 2003. Fix your system clock and try again.

/^Date: .* 200[0-4]/                            REJECT Your email has a date from the past. Fix your system clock and try again.

/^Date: .* 19[0-9][0-9]/                        REJECT Your email has a date from the past. Fix your system clock and try again.

# This filter will block subjects that contain ISO specifications.

# If you use any languages other than English, you might need to comment this out.

# /^Subject: .*\=\?ISO/                         REJECT We don't accept strange character sets.

# This will block messages that do not have an address in the From: header.

# Note: This may violate RFC, but blocks a very significant amount of spam. If you implement this, you risk getting listed in http://www.rfc-ignorant.org

#/^From: <>/                                    REJECT You need to specify a return address, otherwise we will not accept your email.

# Following Are Alphabetical Listings Of Subject Contents That Will Be Blocked.

# Following is a listing of known mass mailer programs.

/^X-Mailer: 0001/                               REJECT You used an email program that is used almost exclusively for spam. We do not accept email sent using this program.

/^X-Mailer: Avalanche/                          REJECT You used an email program that is used almost exclusively for spam. We do not accept email sent using this program.

/^X-Mailer: Crescent Internet Tool/             REJECT You used an email program that is used almost exclusively for spam. We do not accept email sent using this program.

/^X-Mailer: DiffondiCool/                       REJECT You used an email program that is used almost exclusively for spam. We do not accept email sent using this program.

/^X-Mailer: E-Mail Delivery Agent/              REJECT You used an email program that is used almost exclusively for spam. We do not accept email sent using this program.

/^X-Mailer: Emailer Platinum/                   REJECT You used an email program that is used almost exclusively for spam. We do not accept email sent using this program.

/^X-Mailer: Entity/                             REJECT You used an email program that is used almost exclusively for spam. We do not accept email sent using this program.

/^X-Mailer: Extractor/                          REJECT You used an email program that is used almost exclusively for spam. We do not accept email sent using this program.

/^X-Mailer: Floodgate/                          REJECT You used an email program that is used almost exclusively for spam. We do not accept email sent using this program.

/^X-Mailer: GOTO Software Sarbacane/            REJECT You used an email program that is used almost exclusively for spam. We do not accept email sent using this program.

/^X-Mailer: MailWorkz/                          REJECT You used an email program that is used almost exclusively for spam. We do not accept email sent using this program.

/^X-Mailer: MassE-Mail/                         REJECT You used an email program that is used almost exclusively for spam. We do not accept email sent using this program.

/^X-Mailer: MaxBulk.Mailer/                     REJECT You used an email program that is used almost exclusively for spam. We do not accept email sent using this program.

/^X-Mailer: News Breaker Pro/                   REJECT You used an email program that is used almost exclusively for spam. We do not accept email sent using this program.

/^X-Mailer: SmartMailer/                        REJECT You used an email program that is used almost exclusively for spam. We do not accept email sent using this program.

/^X-Mailer: StormPort/                          REJECT You used an email program that is used almost exclusively for spam. We do not accept email sent using this program.

/^X-Mailer: SuperMail-2/                        REJECT You used an email program that is used almost exclusively for spam. We do not accept email sent using this program.

```

sqlgrey_recipient_access.pcre:

```
# SQLgrey whitelist for mail recipients

# -------------------------------------

# sqlgrey_recipient_access.pcre

#

/^postmaster@\@/                        OK

/^hostmaster@\@/                        OK

/^abuse@\@/                             OK

```

transport.pcre:

```
# /etc/postfix/transport.pcre

#

##

## Training DSPAM with one master.cf entry. Signature

## needs to be present in message. Else DSPAM will

## drop the message. dspam.conf needs to have

## the following entries:

##   Preference "signatureLocation=headers"

##  or

##   Preference "signatureLocation=message"

##

##  and:

##   PgSQLUIDInSignature on

##  or

##   MySQLSQLUIDInSignature on

##

/^spam\@(.*)$/                                  dspam-retrain:spam

/^notspam\@(.*)$/                               dspam-retrain:innocent

/^spam-retrain-([\w\-.%]+\@[\w.-]+)$/           dspam-retrain:spam

/^notspam-retrain-([\w\-.%]+\@[\w.-]+)$/        dspam-retrain:innocent

/^dspam-add-([\w\-.%]+\@[\w.-]+)$/              dspam-retrain:spam

/^dspam-del-([\w\-.%]+\@[\w.-]+)$/              dspam-retrain:innocent

/^spam-add-([\w\-.%]+\@[\w.-]+)$/               dspam-retrain:spam

/^spam-del-([\w\-.%]+\@[\w.-]+)$/               dspam-retrain:innocent

/^(.*)\@autoreply\.vunet\.local$/               vacation:${1}

/^(.*)\@[\d]{9,14}\.fax$/                       smtp:[192.168.0.150]

```

I have HylaFax integrated into Postfix. You probably will not need that. I have as well a vacation perl script from Postfix.Admin active for my setup. If you are interessed in the script, then go to the Postfix.Admin forum and search there for posts with my nick. I have the complete code there.

Some more files:

verisign_hijacked_domain.cidr:

```
# /etc/postfix/verisign_hijacked_domain.cidr

#

# Netblock returned by Verisign domain hijacking

# .com and .net domains

64.94.110.0/24                  REJECT Verisign hijacked domain

```

vunet_networks.cidr:

```
# /etc/postfix/vunet_networks.cidr

#   http://www.stahl.bau.tu-bs.de/~hildeb/postfix/postfix_restriction_classes3_en.shtml

#

nnn.nnn.nnn.nnn/nn                      has_our_network

192.168.0.0/24                          has_our_network

127.0.0.0/8                             has_our_network

```

vunet_private_domain_mx_records.cidr:

```
# /etc/postfix/vunet_private_domain_mx_records.cidr

#

192.168.0.115/32                        OK

192.168.0.120/32                        OK

192.168.0.125/32                        OK

```

EDIT: My post ist to big! Need to split it. Sorry

----------

## steveb

The dspam stuff is not much modified:

```
## $Id: dspam.conf.in,v 1.68 2006/02/11 20:13:14 jonz Exp $

## dspam.conf -- DSPAM configuration file

##

#

# DSPAM Home: Specifies the base directory to be used for DSPAM storage

#

Home /var/spool/dspam

#

# StorageDriver: Specifies the storage driver backend (library) to use.

# You'll only need to set this if you are using dynamic storage driver plugins.

# The default when one storage driver is specified is to statically link. Be

# sure to include the path to the library if necessary, and some systems may

# use an extension other than .so.

#

# Options include:

#

#   libmysql_drv.so     libpgsql_drv.so   libsqlite_drv.so

#   libsqlite3_drv.so   libora_drv.so     libdb4_drv.so

#   libdb3_drv.so       libhash_drv.so

#

# IMPORTANT: Switching storage drivers requires more than merely changing

# this option. If you do not wish to lose all of your data, you will need to

# migrate it to the new backend before making this change.

#

StorageDriver /usr/lib/libmysql_drv.so

#

# Trusted Delivery Agent: Specifies the local delivery agent DSPAM should call

# when delivering mail as a trusted user. Use %u to specify the user DSPAM is

# processing mail for. It is generally a good idea to allow the MTA to specify

# the pass-through arguments at run-time, but they may also be specified here.

#

# Most operating system defaults:

#TrustedDeliveryAgent "/usr/bin/procmail"       # Linux

#TrustedDeliveryAgent "/usr/bin/mail"           # Solaris

#TrustedDeliveryAgent "/usr/libexec/mail.local" # FreeBSD

#TrustedDeliveryAgent "/usr/bin/procmail"       # Cygwin

#

# Other popular configurations:

#TrustedDeliveryAgent "/usr/cyrus/bin/deliver"  # Cyrus

#TrustedDeliveryAgent "/bin/maildrop"           # Maildrop

#TrustedDeliveryAgent "/usr/local/sbin/exim -oMr spam-scanned" # Exim

#

TrustedDeliveryAgent "/usr/sbin/sendmail"

#

# Untrusted Delivery Agent: Specifies the local delivery agent and arguments

# DSPAM should use when delivering mail and running in untrusted user mode.

# Because DSPAM will not allow pass-through arguments to be specified to

# untrusted users, all arguments should be specified here. Use %u to specify

# the user DSPAM is processing mail for. This configuration parameter is only

# necessary if you plan on allowing untrusted processing.

#

UntrustedDeliveryAgent "/usr/sbin/sendmail"

#

# SMTP or LMTP Delivery: Alternatively, you may wish to use SMTP or LMTP

# delivery to deliver your message to the mail server. You will need to

# configure with --enable-daemon to use host delivery, however you do not need

# to operate in daemon mode. Specify an IP address or UNIX path to a domain

# socket below as a host.

#

#DeliveryHost        127.0.0.1

#DeliveryPort        24

#DeliveryIdent       localhost

#DeliveryProto       LMTP

#

# Quarantine Agent: DSPAM's default behavior is to quarantine all mail it

# thinks is spam. If you wish to override this behavior, you may specify

# a quarantine agent which will be called with all messages DSPAM thinks is

# spam. Use %u to specify the user DSPAM is processing mail for.

#

#QuarantineAgent        "/usr/bin/procmail -d spam"

#

# DSPAM can optionally process "plused users" (addresses in the user+detail

# form) by truncating the username just before the "+", so all internal

# processing occurs for "user", but delivery will be performed for

# "user+detail". This is only useful if the LDA can handle "plused users"

# (for example Cyrus IMAP) and when configured for LMTP delivery above

#

# NOTE: Plused detail presently only works when usernames are provided and

#       not fully qualified email address (@domain).

#

#EnablePlusedDetail     on

#

# Quarantine Mailbox: DSPAM's LMTP code can send spam mail using LMTP to a

# "plused" mailbox (such as user+quarantine) leaving quarantine processing

# for retraining or deletion to be performed by the LDA and the mail client.

# "plused" mailboxes are supported by Cyrus IMAP and possibly other LDAs.

# The mailbox name must have the +

#

#QuarantineMailbox      +quarantine

#

# OnFail: What to do if local delivery or quarantine should fail. If set

# to "unlearn", DSPAM will unlearn the message prior to exiting with an

# un successful return code. The default option, "error" will not unlearn

# the message but return the appropriate error code. The unlearn option

# is use-ful on some systems where local delivery failures will cause the

# message to be requeued for delivery, and could result in the message

# being processed multiple times. During a very large failure, however,

# this could cause a significant load increase.

#

OnFail error

# Trusted Users: Only the users specified below will be allowed to perform

# administrative functions in DSPAM such as setting the active user and

# accessing tools. All other users attempting to run DSPAM will be restricted;

# their uids will be forced to match the active username and they will not be

# able to specify delivery agent privileges or use tools.

#

Trust root

Trust mail

Trust mailnull

Trust smmsp

Trust daemon

Trust nobody

Trust majordomo

Trust apache

Trust mailman

Trust postfix

Trust dspam

#

# Debugging: Enables debugging for some or all users. IMPORTANT: DSPAM must

# be compiled with debug support in order to use this option. DSPAM should

# never be running in production with debug active unless you are

# troubleshooting problems.

#

# DebugOpt: One or more of: process, classify, spam, fp, inoculation, corpus

#   process     standard message processing

#   classify    message classification using --classify

#   spam        error correction of missed spam

#   fp          error correction of false positives

#   inoculation message inoculations (source=inoculation)

#   corpus      corpusfed messages (source=corpus)

#

#Debug *

#Debug bob bill

Debug me@mydomain.tld me@other.domain.tld me1@other.domain.tld me2@other.domain.tld me3@other.domain.tld

#

#DebugOpt process spam fp

DebugOpt process classify spam fp inoculation corpus

#

# ClassAlias: Alias a particular class to spam/nonspam. This is useful if

# classifying things other than spam.

#ClassAliasSpam badstuff

#ClassAliasNonspam goodstuff

#

# Training Mode: The default training mode to use for all operations, when

# one has not been specified on the commandline or in the user's preferences.

# Acceptable values are: toe, tum, teft, notrain

#

TrainingMode toe

#

# TestConditionalTraining: By default, dspam will retrain certain errors

# until the condition is no longer met. This usually accelerates learning.

# Some people argue that this can increase the risk of errors, however.

#

TestConditionalTraining on

#

# Features: Specify features to activate by default; can also be specified

# on the commandline. See the documentation for a list of available features.

# If _any_ features are specified on the commandline, these are ignored.

#

# NOTE: For standard "CRM114" Markovian weighting, use sbph

#

#Feature sbph

Feature noise

Feature chained

Feature whitelist

# Training Buffer: The training buffer waters down statistics during training.

# It is designed to prevent false positives, but can also dramatically reduce

# dspam's catch rate during initial training. This can be a number from 0

# (no buffering) to 10 (maximum buffering). If you are paranoid about false

# positives, you should probably enable this option.

Feature tb=5

#

# Algorithms: Specify the statistical algorithms to use, overriding any

# defaults configured in the build. The options are:

#    naive       Naive-Bayesian (All Tokens)

#    graham      Graham-Bayesian ("A Plan for Spam")

#    burton      Burton-Bayesian (SpamProbe)

#    robinson    Robinson's Geometric Mean Test (Obsolete)

#    chi-square  Fisher-Robinson's Chi-Square Algorithm

#

# You may have multiple algorithms active simultaneously, but it is strongly

# recommended that you group Bayesian algorithms with other Bayesian

# algorithms, and any use of Chi-Square remain exclusive.

#

# NOTE: For standard "CRM114" Markovian weighting, use 'naive', or consider

#       using 'burton' for slightly better accuracy

#

# Don't mess with this unless you know what you're doing

#

#Algorithm chi-square

#Algorithm naive

Algorithm graham burton

#

# PValue: Specify the technique used for calculating PValues, overriding any

# defaults configured in the build. These options are:

#    graham      Graham's Technique ("A Plan for Spam")

#    robinson    Robinson's Technique

#    markov      Markovian Weighted Technique

#

# Unlike algorithms, you may only have one of these defined. Use of the

# chi-square algorithm automatically changes this to robinson.

#

# Don't mess with this unless you know what you're doing.

#

#PValue robinson

#PValue markov

PValue graham

#

# SupressWebStats: Enable this if you are not using the CGI, and don't want

# .stats files written.

#SupressWebStats on

#

# ImprobabilityDrive: Calculate odds-ratios for ham/spam, and add to

# X-DSPAM-Improbability headers

ImprobabilityDrive on

#

# Preferences: Specify any preferences to set by default, unless otherwise

# overridden by the user (see next section) or a default.prefs file.

# If user or default.prefs are found, the user's preferences will override any

# defaults.

#

Preference "trainingMode=TOE"           # TEFT, TUM, TOE

Preference "spamAction=tag"             # tag, quarantine, deliver

Preference "signatureLocation=message"  # 'message' or 'headers'

Preference "spamSubject=[SPAM]"

Preference "statisticalSedation=5"      # 0 to 9

Preference "enableBNR=on"               # on, off

Preference "showFactors=off"            # on, off

Preference "enableWhitelist=on"         # on, off

Preference "whitelistThreshold=10"

#

# Overrides: Specifies the user preferences which may override configuration

# and commandline defaults. Any other preferences supplied by an untrusted user

# will be ignored.

#

AllowOverride trainingMode

AllowOverride spamAction spamSubject

AllowOverride statisticalSedation

AllowOverride enableBNR

AllowOverride enableWhitelist

AllowOverride signatureLocation

AllowOverride showFactors

AllowOverride optIn optOut

AllowOverride whitelistThreshold

# --- MySQL ---

#

# Storage driver settings: Specific to a particular storage driver. Uncomment

# the configuration specific to your installation, if applicable.

#

MySQLServer             /var/run/mysqld/mysqld.sock

MySQLPort

MySQLUser               dspam

MySQLPass               <password>

MySQLDb                 dspam

MySQLCompress           true

# Use this if you have the 4.1 quote bug (see doc/mysql.txt)

#MySQLSupressQuote      on

# If you're running DSPAM in client/server (daemon) mode, uncomment the

# setting below to override the default connection cache size (the number

# of connections the server pools between all clients). The connection cache

# represents the maximum number of database connections *available* and should

# be set based on the maximum number of concurrent connections you're likely

# to have. Each connection may be used by only one thread at a time, so all

# other threads _will block_ until another connection becomes available.

#

MySQLConnectionCache    10

# If you're using vpopmail or some other type of virtual setup and wish to

# change the table dspam uses to perform username/uid lookups, you can over-

# ride it below

#MySQLVirtualTable          dspam_virtual_uids

#MySQLVirtualUIDField       uid

#MySQLVirtualUsernameField  username

# UIDInSignature: MySQL supports the insertion of the user id into the DSPAM

# signature. This allows you to create one single spam or fp alias

# (pointing to some arbitrary user), and the uid in the signature will

# switch to the correct user. Result: you need only one spam alias

MySQLUIDInSignature     on

# --- PostgreSQL ---

#PgSQLServer            127.0.0.1

#PgSQLPort              5432

#PgSQLUser              dspam

#PgSQLPass              changeme

#PgSQLDb                dspam

# If you're running DSPAM in client/server (daemon) mode, uncomment the

# setting below to override the default connection cache size (the number

# of connections the server pools between all clients).

#

#PgSQLConnectionCache   3

# UIDInSignature: PgSQL supports the insertion of the user id into the DSPAM

# signature. This allows you to create one single spam or fp alias

# (pointing to some arbitrary user), and the uid in the signature will

# switch to the correct user. Result: you need only one spam alias

#PgSQLUIDInSignature    on

# If you're using vpopmail or some other type of virtual setup and wish to

# change the table dspam uses to perform username/uid lookups, you can over-

# ride it below

#PgSQLVirtualTable          dspam_virtual_uids

#PgSQLVirtualUIDField       uid

#PgSQLVirtualUsernameField  username

# --- Oracle ---

#OraServer       "(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=127.0.0.1)(PORT=1521))(CONNECT_DATA=(SID=PROD)))"

#OraUser         dspam

#OraPass         changeme

#OraSchema       dspam

# --- SQLite ---

#SQLitePragma   "synchronous = OFF"

# --- Hash ---

# HashRecMax: Default number of records to create in the initial segment when

# building hash files. 100,000 yields files 1.6MB in size, but can fill up

# fast, so be sure to increase this (to a million or more) if you're not using

# autoextend.

#

# Primes List:

#  53, 97, 193, 389, 769, 1543, 3079, 6151, 12289, 24593, 49157, 98317, 196613,

#  393241, 786433, 1572869, 3145739, 6291469, 12582917, 25165843, 50331653,

#  100663319, 201326611, 402653189, 805306457, 1610612741, 3221225473,

#  4294967291

#

HashRecMax              98317

# HashAutoExtend: Autoextend hash databases when they fill up. This allows

# them to continue to train by adding extents (extensions) to the file. There

# will be a small delay during the growth process, as everything needs to be

# closed and remapped.

#

HashAutoExtend          on

# HashMaxExtents: The maximum number of extents that may be created in a single

# hash file. Set this to zero for unlimited

#

HashMaxExtents          0

# HashExtentSize: The record size for newly created extents. Creating this too

# small could result in many extents being created. Creating this too large

# could result in excessive disk space usage.

#

HashExtentSize          49157

# HashMaxSeek: The maximum number of records to seek to insert a new record

# before failing or adding a new extent. Setting this too high will exhaustively

# scan each segment and kill performance. Typically, a low value is acceptable

# as even older extents will continue to fill over time.

#

HashMaxSeek             100

# HashConcurrentUser: If you are using a single, stateful hash database in

# daemon mode, specifying a concurrent user will cause the user to be

# permanently mapped into memory and shared via rwlocks.

#

#HashConcurrentUser     user

# HashConnectionCache: If running in daemon mode, this is the max # of

# concurrent connections that will be supported. NOTE: If you are using

# HashConcurrentUser, this option is ignored, as all connections are read-

# write locked instead of mutex locked.

HashConnectionCache     10

# LDAP: Perform various LDAP functions depending on LDAPMode variable.

# Presently, the only mode supported is 'verify', which will verify the existence

# of an unknown user in LDAP prior to creating them as a new user in the system.

# This is useful on some systems acting as gateway machines.

#

#LDAPMode       verify

#LDAPHost       ldaphost.mydomain.com

#LDAPFilter     "(mail=%u)"

#LDAPBase       ou=people,dc=domain,dc=com

# Optionally, you can specify storage profiles, and specify the server to

# use on the commandline with --profile. For example:

#

Profile Spok

MySQLServer.Spok                /var/run/mysqld/mysqld.sock

MySQLPort.Spok                  3306

MySQLUser.Spok                  dspam

MySQLPass.Spok                  <password>

MySQLDb.Spok                    dspam

MySQLCompress.Spok              true

MySQLUIDInSignature.Spok        on

#

#Profile DECAlpha

#MySQLServer.DECAlpha   10.0.0.1

#MySQLPort.DECAlpha     3306

#MySQLUser.DECAlpha     dspam

#MySQLPass.DECAlpha     changeme

#MySQLDb.DECAlpha       dspam

#MySQLCompress.DECAlpha true

#

#Profile Sun420R

#MySQLServer.Sun420R    10.0.0.2

#MySQLPort.Sun420R      3306

#MySQLUser.Sun420R      dspam

#MySQLPass.Sun420R      changeme

#MySQLDb.Sun420R        dspam

#MySQLCompress.Sun420R  false

#

DefaultProfile Spok

#

# If you're using storage profiles, you can set failovers for each profile.

# Of course, if you'll be failing over to another database, that database

# must have the same information as the first. If you're using a global

# database with no training, this should be relatively simple. If you're

# configuring per-user data, however, you'll need to set up some type of

# replication between databases.

#

#Failover.DECAlpha      SUN420R

#Failover.Sun420R       DECAlpha

# If the storage fails, the agent will follow each profile's failover up to

# a maximum number of failover attempts. This should be set to a maximum of

# the number of profiles you have, otherwise the agent could loop and try

# the same profile multiple times (unless this is your desired behavior).

#

#FailoverAttempts       1

#

# Ignored headers: If DSPAM is behind other tools which may add a header to

# incoming emails, it may be beneficial to ignore these headers - especially

# if they are coming from another spam filter. If you are _not_ using one of

# these tools, however, leaving the appropriate headers commented out will

# allow DSPAM to use them as telltale signs of forged email.

#

IgnoreHeader X-Amavis-Alert

IgnoreHeader X-Antispam

IgnoreHeader X-AntiVirus

IgnoreHeader X-AV-Scanned

IgnoreHeader X-Greylist

IgnoreHeader X-GMX-Antispam

IgnoreHeader X-Mailer

IgnoreHeader X-MailScanner

IgnoreHeader X-MailScanner-Information

IgnoreHeader X-MailScanner-SpamCheck

IgnoreHeader X-MDaemon-Deliver-To

IgnoreHeader X-MDAV-Processed

IgnoreHeader X-MDRemoteIP

IgnoreHeader X-MIMEOLE

IgnoreHeader X-MSMail-Priority

IgnoreHeader X-purgate

IgnoreHeader X-purgate-ID

IgnoreHeader X-purgate-Ad

IgnoreHeader X-Priority

IgnoreHeader X-SA-GROUP

IgnoreHeader X-SA-RECEIPTSTATUS

IgnoreHeader X-Spam

IgnoreHeader X-Spam-Checker-Version

IgnoreHeader X-Spam-Level

IgnoreHeader X-Spam-Processed

IgnoreHeader X-Spam-Scanned

IgnoreHeader X-Spam-Status

IgnoreHeader X-Spamcount

IgnoreHeader X-Spamsensitivity

IgnoreHeader X-SpamTest-Info

IgnoreHeader X-SpamTest-Status

IgnoreHeader X-SpamTest-Version

IgnoreHeader X-Virus-Scanned

IgnoreHeader X-Virus-Scanner-Result

IgnoreHeader X-Virus-Status

#

# Lookup: Perform lookups on streamlined blackhole list servers (see

# http://www.nuclearelephant.com/projects/sbl/). The streamlined blacklist

# server is machine-automated, unsupervised blacklisting system designed to

# provide real-time and highly accurate blacklisting based on network spread.

# When performing a lookup, DSPAM will automatically learn the inbound message

# as spam if the source IP is listed. Until an official public RABL server is

# available, this feature is only useful if you are running your own

# streamlined blackhole list server for internal reporting among multiple mail

# servers. Provide the name of the lookup zone below to use.

#

# This function performs standard reverse-octet.domain lookups, and while it

# will function with many RBLs, it's strongly discouraged to use those

# maintained by humans as they're often inaccurate and could hurt filter

# learning and accuracy.

#

#Lookup "sbl.yourdomain.com"

#

# RBLInoculate: If you want to inoculate the user from RBL'd messages it would

# have otherwise missed, set this to on.

#

#RBLInoculate off

#

# Notifications: Enable the sending of notification emails to users (first

# message, quarantine full, etc.)

#

Notifications   on

#

# Purge configuration: Set dspam_clean purge default options, if not otherwise

# specified on the commandline

#

#PurgeSignatures 14          # Stale signatures

#PurgeNeutral    90          # Tokens with neutralish probabilities

#PurgeUnused     90          # Unused tokens

#PurgeHapaxes    30          # Tokens with less than 5 hits (hapaxes)

#PurgeHits1S    15          # Tokens with only 1 spam hit

#PurgeHits1I    15          # Tokens with only 1 innocent hit

#

# Purge configuration for SQL-based installations using purge.sql

#

PurgeSignature  off # Specified in purge.sql

PurgeNeutral    90

PurgeUnused     off # Specified in purge.sql

PurgeHapaxes    off # Specified in purge.sql

PurgeHits1S     off # Specified in purge.sql

PurgeHits1I     off # Specified in purge.sql

#

# Local Mail Exchangers: Used for source address tracking, tells DSPAM which

# mail exchangers are local and therefore should be ignored in the Received:

# header when tracking the source of an email. Note: you should use the address

# of the host as appears between brackets [ ] in the Received header.

#

LocalMX 127.0.0.1

#

# Logging: Disabling logging for users will make usage graphs unavailable to

# them. Disabling system logging will make admin graphs unavailable.

#

SystemLog on

UserLog   on

#

# TrainPristine: for systems where the original message remains server side

# and can therefore be presented in pristine format for retraining. This option

# will cause DSPAM to cease all writing of signatures and DSPAM headers to the

# message, and deliver the message in as pristine format as possible. This mode

# REQUIRES that the original message in its pristine format (as of delivery)

# be presented for retraining, as in the case of webmail, imap, or other

# applications where the message is actually kept server-side during reading,

# and is preserved. DO NOT use this switch unless the original message can be

# presented for retraining with the ORIGINAL HEADERS and NO MODIFICATIONS.

#

#TrainPristine on

#

# Opt: in or out; determines DSPAM's default filtering behavior. If this value

# is set to in, users must opt-in to filtering by dropping a .dspam file in

# /var/dspam/opt-in/user.dspam (or if you have homedirs configured, a .dspam

# folder in their home directory).  The default is opt-out, which means all

# users will be filtered unless a .nodspam file is dropped in

# /var/dspam/opt-out/user.nodspam

#

Opt in

#

# TrackSources: specify which (if any) source addresses to track and report

# them to syslog (mail.info). This is useful if you're running a firewall or

# blacklist and would like to use this information. Spam reporting also drops

# RABL blacklist files (see http://www.nuclearelephant.com/projects/rabl/).

#

TrackSources spam nonspam

#

# ParseToHeaders: In lieu of setting up individual aliases for each user,

# DSPAM can be configured to automatically parse the To: address for spam and

# false positive forwards. From there, it can be configured to either set the

# DSPAM user based on the username specified in the header and/or change the

# training class and source accordingly. The options below can be used to

# customize most common types of header parsing behavior to avoid the need for

# multiple aliases, or if using LMTP, aliases entirely..

#

# ParseToHeader: Parse the To: headers of an incoming message. This must be

#                set to 'on' to use either of the following features.

#

# ChangeModeOnParse: Automatically change the class (to spam or innocent)

#   depending on whether spam- or notspam- was specified, and change the source

#   to 'error'. This is convenient if you're not using aliases at all, but

#   are delivering via LMTP.

#

# ChangeUserOnParse: Automatically change the username to match that specified

#   in the To: header. For example, spam-bob@domain.tld will set the username

#   to bob, ignoring any --user passed in. This may not always be desirable if

#   you are using virtual email addresses as usernames. Options:

#     on or user        take the portion before the @ sign only

#     full              take everything after the initial {spam,notspam}-.

#

ParseToHeaders on

ChangeModeOnParse on

ChangeUserOnParse off

#

# Broken MTA Options: Some MTAs don't support the proper functionality

# necessary. In these cases you can activate certain features in DSPAM to

# compensate. 'returnCodes' causes DSPAM to return an exit code of 99 if

# the message is spam, 0 if not, or a negative code if an error has occured.

# Specifying 'case' causes DSPAM to force the input usernames to lowercase.

# Spceifying 'lineStripping' causes DSPAM to strip ^M's from messages passed

# in.

#

#Broken returnCodes

Broken case

#Broken lineStripping

#

# MaxMessageSize: You may specify a maximum message size for DSPAM to process.

# If the message is larger than the maximum size, it will be delivered

# without processing. Value is in bytes.

#

MaxMessageSize 20971520

#

# Virus Checking: If you are running clamd, DSPAM can perform stream-based

# virus checking using TCP. Uncomment the values below to enable virus

# checking.

#

# ClamAVResponse: reject (reject or drop the message with a permanent failure)

#                 accept (accept the message and quietly drop the message)

#                 spam   (treat as spam and quarantine/tag/whatever)

#

#ClamAVPort     3310

#ClamAVHost     127.0.0.1

#ClamAVResponse accept

#

# Daemonized Server: If you are running DSPAM as a daemonized server using

# --daemon, the following parameters will override the default. Use the

# ServerPass option to set up accounts for each client machine. The DSPAM

# server will process and deliver the message based on the parameters

# specified. If you want the client machine to perform delivery, use

# the --stdout option in conjunction with a local setup.

#

#ServerPort             24

ServerQueueSize         32

ServerPID               /var/run/dspam/dspam.pid

#

# ServerMode specifies the type of LMTP server to start. This can be one of:

#     dspam: DSPAM-proprietary DLMTP server, for communicating with dspamc

#  standard: Standard LMTP server, for communicating with Postfix or other MTA

#      auto: Speak both DLMTP and LMTP; auto-detect by ServerPass.IDENT

#

ServerMode auto

# If supporting DLMTP (dspam) mode, dspam clients will require authentication

# as they will be passing in parameters. The idents below will be used to

# determine which clients will be speaking DLMTP, so if you will be using

# both LMTP and DLMTP from the same host, be sure to use something other

# than the server's hostname below (which will be sent by the MTA during a

# standard LMTP LHLO).

#

#ServerPass.Relay1      "secret"

#ServerPass.Relay2      "password"

#

ServerPass.Spok         "<password>"

# If supporting standard LMTP mode, server parameters will need to be specified

# here, as they will not be passed in by the mail server. The ServerIdent

# specifies the 250 response code ident sent back to connecting clients and

# should be set to the hostname of your server, or an alias.

#

# NOTE: If you specify --user in ServerParameters, the RCPT TO will be

#       used only for delivery, and not set as the active user for processing.

#

ServerParameters        "--deliver=innocent,spam -d %u"

ServerIdent             "mail.domain.tld"

# If you wish to use a local domain socket instead of a TCP socket, uncomment

# the following. It is strongly recommended you use local domain sockets if

# you are running the client and server on the same machine, as it eliminates

# much of the bandwidth overhead.

#

ServerDomainSocketPath  "/var/run/dspam/dspam.sock"

#

# Client Mode: If you are running DSPAM in client/server mode, uncomment and

# set these variables. A ClientHost beginning with a / will be treated as

# a domain socket.

#

#ClientHost     /tmp/dspam.sock

#ClientIdent    "secret@Relay1"

#

#ClientHost     127.0.0.1

#ClientPort     24

#ClientIdent    "secret@Relay1"

# RABLQueue: Touch files in the RABL queue

# If you are a reporting streamlined blackhole list participant, you can

# touch ip addresses within the directory the rabl_client process is watching.

#

#RABLQueue      /var/spool/rabl

ClientHost      /var/run/dspam/dspam.sock

ClientIdent     "<password>@Spok"

# DataSource: If you are using any type of data source that does not include

# email-like headers (such as documents), uncomment the line below. This

# will cause the entire input to be treated like a message "body"

#

#DataSource      document

# ProcessorWordFrequency: By default, words are only counted once per message.

# If you are classifying large documents, however, you may wish to count once

# per occurrence instead.

#

#ProcessorWordFrequency  occurrence

# ProcessorBias: Bias causes the filter to lean more toward 'innocent', and

# usually greatly reduces false positives. It is the default behavior of

# most Bayesian filters (including dspam).

#

# NOTE: You probably DONT want this if you're using Markovian Weighting, unless

# you are paranoid about false positives.

#

ProcessorBias on

## EOF
```

To get best results in DSPAM i have set up a user called globaluser and trained that user with alot of data. You can read in the DSPAM documentation how to set up a user with trained data to act as:shared gropsmerged groupsclassification groupsglobal groupsinoculation groups/networks

When a new version of DSPAM comes out, then I restart training with a specific set of corpus ham and spam data and training data. I always do the training on a test system and then I transfer/replace the training data from this test system to the productive system. At the beginning of 3.6.3 I had this statistical data for the global user:

```
                TS True Positives:          78620

                TI True Negatives:          77765

                IM False Positives:           439

                SM False Negatives:            17

                SC Spam Corpusfed:          43344

                IC Innocent Corpusfed:      41322

                TL Training Left:               0

                SR Spam Catch Rate:        99.98%

                IR Innocent Catch Rate:    99.44%

                OR Overall Rate/Accuracy:  99.71%
```

As you can see, I trained this user with about 40k mail messages in spam and ham. The training data (TI and TS) are fresh data and not included in the SC and IC data. The above infos are when I trained the global user with DSPAM 3.6.3. I had as well some mail from cyrillic and asian langauge. After I trained DSPAM with them, my OR, IR and SR count went down:

```
                TP True Positives:         135267

                TN True Negatives:         136203

                FP False Positives:           489

                FN False Negatives:           784

                SC Spam Corpusfed:          43936

                NC Nonspam Corpusfed:       43580

                TL Training Left:               0

                SHR Spam Hit Rate          99.42%

                HSR Ham Strike Rate:        0.36%

                OCA Overall Accuracy:      99.53%
```

DSPAM 3.6.4 has now much better handling of that kind of languages and I am currently training a fresh DSPAM 3.6.4 installation with some other algorithm then I have right now. Currently I am still feeding the corpus with data.

I have around 500'000 ham messages to play with. I don't have that much spam mails collected by my self. But if you need spam messages, then go to www.spamarchive.org and download there as much you want. You only need to unpack the xxx.r2.gz and then use dspam_corpus to feed DSPAM with the spam/ham messages. If you need other ressources for spam, then read my response from the DSPAM mailing list to get more links to spam corpus.

I think that is now enought info. Do you need more info from me?

cheers

SteveB

----------

## steveb

Well... I flushed my old data and restarted a fresh training with DSPAM, but this time without corpus feeding and with naive features turned on. My current DSPAM 3.6.4 stats (I am still training):

```
                TP True Positives:         123148

                TN True Negatives:         123677

                FP False Positives:           245

                FN False Negatives:           336

                SC Spam Corpusfed:            245

                NC Nonspam Corpusfed:         137

                TL Training Left:               0

                SHR Spam Hit Rate          99.73%

                HSR Ham Strike Rate:        0.20%

                OCA Overall Accuracy:      99.77%
```

This is so far my most accurate installation of DSPAM I ever had with my training set. I have only trained about 45% of my first training set. When I am finished, then I will dump the data and restart again from fresh, but this time with the Markovian Discrimination algorithm. I want to know, wich of the available algorithms brings the best result against my training set. The 99.77% overall accurancy is not that bad. I know, that you can get up to 99.9% with DSPAM. But I am using training data and this is completly differend then using a taining set.

cheers

SteveB

----------

