source: npl/mailserver/dspam/dspam-3.10.2/doc/relay.txt

Last change on this file was c5c522c, checked in by Edwin Eefting <edwin@datux.nl>, 8 years ago

initial commit, transferred from cleaned syn3 svn tree
  • Property mode set to 100644
File size: 6.7 KB
RevLine 
[c5c522c]1$Id: relay.txt,v 1.0 2009/11/15 20:39:01 sbajic Exp $
2
3Configuring DSPAM as a seamless front-end relay using Postfix
4
5This HOWTO explains how to set up DSPAM as a front-end relay.  Using this
6configuration, you can point your MX records to the DSPAM server and
7then have DSPAM pass along any valid email to your mail server. The example
8provided also provides personalized training for each user it is protecting,
9even if users have multiple email aliases. This allows you to create more than
10just a dumb gateway server, but something smart enough to learn each user's
11mail. You may either account for all addresses behind your mail server (to
12ward off dictionary attacks) or configure pass-thru for unprovisioned users
13on the system to lighten the work load by provisioning only users who want
14filtering.
15
16When configuring DSPAM as a relay, it's generally a good idea to set
17up DSPAM on its own server. Therefore, we will assume you've got a fresh server
18running *NIX with an existing MySQL 4.1+ installation (you'll want at least
194.1.12 to avoid some nasty bugs in MySQL which affect DSPAM).
20
21Step 1: Configure, compile and install Postfix with MySQL support
22
23To do this, you'll need to init a set of makefiles including the path to your
24MySQL includes and libraries...
25
26make -f Makefile.init makefiles \
27    'CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include' \
28    'AUXLIBS=-L/usr/local/mysql/lib -lmysqlclient -lz -lm'
29
30Then simply
31
32make && make install
33
34Step 2: Configure, compile and install DSPAM with daemon + MySQL support
35
36You'll need the following options:
37  MySQL
38  Virtual Users
39  Daemon mode
40
41It may also be a good idea to enable:
42  Preferences extension
43  Debug
44
45For example:
46
47./configure     --with-storage-driver=mysql_drv \
48                --with-mysql-libraries=/usr/local/mysql/lib \
49                --with-mysql-includes=/usr/local/mysql/include \
50                --enable-virtual-users \
51                --enable-preferences-extension \
52                --enable-daemon
53
54Step 3: Install DSPAM MySQL Objects (With a twist)
55
56Create the MySQL objects as outlined in the MySQL DSPAM doc, but use the
57virtual_user_aliases.sql script instead of virtual-users.sql script to create
58a table without a primary key. This will allow you to create multiple email
59addresses with the same uid, which is how DSPAM recognizes users.
60
61Step 4: Configure DSPAM to receive LMTP and delivery SMTP
62
63We're going to configure Postfix to connect to DSPAM via LMTP using a domain
64socket. The following configuration properties should be set in dspam.conf:
65
66ServerQueueSize         32
67ServerPID               /var/run/dspam.pid
68ServerMode              standard
69ServerParameters        "--deliver=innocent"
70ServerIdent             "localhost.localdomain"
71ServerDomainSocketPath  /tmp/dspam.sock
72
73You'll also want to use the following ParseToHeader parameters:
74
75ParseToHeaders on
76ChangeModeOnParse on
77ChangeUserOnParse off
78
79This prevents Postfix from needing to use any aliases for retraining. When
80users email spam-name@example.org, DSPAM will automatically realize that it
81needs to retrain the message. I'll explain how to set this up in a bit.
82
83Step 5: Configure Postfix to use DSPAM + virtual UIDs table
84
85The following is a sample configuration that will tell Postfix to use DSPAM
86as its virtual transport (passing all mail to DSPAM via LMTP) and to use the
87dspam_virtual_uids table as its source for mailbox aliases. You can build on
88this and add MySQL support for virtual_mailbox_domains, but you'll need to
89maintain your own database table for that.
90
91virtual_transport       = lmtp:unix:/tmp/dspam.sock
92virtual_mailbox_domains = example.org
93virtual_mailbox_maps    = mysql:/etc/postfix/vmailbox.cf
94
95vmailbox.cf should look something like:
96user            = [MySQL username]
97password        = [MySQL password]
98dbname          = [MySQL db]
99hosts           = [unix:/path/to/mysqld.sock] or [host:ip-address:port]
100
101# Postfix < 2.2
102table           = dspam_virtual_uids
103select_field    = username
104where_field     = username
105additiona_conditions =
106
107# Postfix >= 2.2
108query           = SELECT username FROM dspam_virtual_uids WHERE username='%s'
109
110Step 6: Add a localStore preference for each user
111
112The localStore preference defines the web directory name for each user (for
113the WebUI). Since users might have multiple email addresses, you want to avoid
114having a directory for each alias. You can do this by setting their web
115directory to match their uid.
116
117To do this, you'll first need to allow the localStore override in dspam.conf:
118
119AllowOverride   localStore
120
121Next, set the localStore preference for that user to their uid or some other
122unique identifier:
123
124dspam_admin change preference john.doe@example.org localStore 1
125
126Now, whenever any address pertaining to this user is emailed, information
127will be stored in DSPAM_HOME/data/1
128
129Step 7: Configure user aliases for dspam_virtual_uids
130
131Postfix is now set up to do a lookup in dspam_virtual_uids. It _must_ find a
132valid address in this table in order to accept the message. What you'll need
133to do now is to create email addresses (and spam addresses) in this table
134for each user behind your mail server. You will need to assign any aliases
135under the same UID, and you'll also need to create a spam alias in this
136table. For example:
137
138UID     Username
1391       john.doe@example.org
1401       spam-john.doe@example.org
1411       john@example.org                <- An alias
1421       jd@example.org                  <- Another alias
143
144When any of these destination addresses is specified, DSPAM will process
145mail under the same user so that only one database is used for all of these
146addresses. You can create as many aliases as you like, and in fact should
147probably write a script to pull this from your existing production system.
148
149Congratulations! You're now set up. You can start DSPAM using dspam --daemon.
150You might want to run with verbose debug to test and ensure everything is
151working properly.
152
153GLOBAL DATABASES
154
155If you're thinking about going with a global database, I strongly recommend
156using merged groups + TOE instead of a single global group. To do this, just
157follow the README directions for setting one up and leave everything the way
158it is. If, however, you insist on a single global group, you'll need to make
159one change to dspam.conf to accomodate this configuration. Add
160--user [globaluser] to your ServerParameters property. This will cause all
161mail to be processed using this user, but will still deliver using the
162recipient information.
163
164ALIASES
165
166If you have some aliases, you'll need to also set them up on your relay
167so that DSPAM can process the individual users. To do this, add the
168following lines to Postfix's main.cf:
169
170virtual_alias_domains   =
171virtual_alias_maps      = mysql:/etc/postfix/valiases.cf
172
173now create a valiases.cf similar to vmailbox.cf, only you'll want to create
174a new table just for aliases. the field pulled from should be a list of
175recipient addresses, for example:
176
177list@example.org        john@example.org,bob@example.org
178
179Postfix will now deliver to each of these mailboxes instead of an alias address.
Note: See TracBrowser for help on using the repository browser.