[Dspam-user] context errors and outgoing email scan

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Dspam-user] context errors and outgoing email scan

Greg
Hi all.  I'm rusty with dspam and need a little help.

Running postfix and dspam 3.10.1 on debian wheezy 64

Trying to figure out, why dspam is scanning outgoing mail, when I don't
want it do.

second, i keep getting "Unable to attach DSPAM context errors in
/var/log/mail.log and /var/log/apache2/error.log

master.cf

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
#
==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
#
==========================================================================
smtp       inet  n       -       -       -       -       smtpd
#  -o content_filter=lmtp:unix:/var/run/dspam/dspam.sock
#smtp      inet  n       -       -       -       1       postscreen
#smtpd     pass  -       -       -       -       -       smtpd
#dnsblog   unix  -       -       -       -       0       dnsblog
#tlsproxy  unix  -       -       -       -       0       tlsproxy
dspam      unix  -       n       n       -       10      pipe
   flags=Ru user=dspam argv=/usr/bin/dspam --deliver=innocent,spam --user
$recipient -i -f $sender -- $recipient

dovecot    unix  -       n       n       -       -       pipe
   flags=DRhu user=mail:mail argv=/usr/lib/dovecot/deliver -f ${sender}
-d ${recipient}

#localhost:10026 inet  n -       n       -       -        smtpd
#  -o content_filter=
#  -o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks
#  -o smtpd_helo_restrictions=
#  -o
smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
#  -o smtpd_sender_restrictions=
#  -o smtpd_recipient_restrictions=permit_mynetworks,reject
#  -o mynetworks=127.0.0.0/8
#  -o smtpd_authorized_xforward_hosts=127.0.0.0/8

submission inet n       -       -       -       -     smtpd
   -o syslog_name=postfix/submission
   -o smtpd_tls_security_level=encrypt
   -o smtpd_sasl_auth_enable=yes
   -o
smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
   -o milter_macro_daemon_name=ORIGINATING
   -o smtpd_sasl_type=dovecot
   -o smtpd_sasl_path=private/auth

#smtps     inet  n       -       -       -       -       smtpd
#  -o syslog_name=postfix/smtps
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING

#628       inet  n       -       -       -       -       qmqpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
   flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
#  mailbox_transport = lmtp:inet:localhost
#  virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus     unix  -       n       n       -       -       pipe
#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension}
${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix  -       n       n       -       -       pipe
#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
   flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
   flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
   flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender
$recipient
scalemail-backend unix - n n - 2 pipe
   flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
   flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
   ${nexthop} ${user}


dspam.conf:

## $Id: dspam.conf.in,v 1.100 2011/07/09 00:00:52 sbajic Exp $
## dspam.conf -- DSPAM configuration file
##

#
# DSPAM Home: Specifies the base directory to be used for DSPAM storage
#
Home /var/spool/dspam

#
# StorageDriver: Specifies the storage driver backend (library) to use.
# You'll only need to set this if you are using dynamic storage driver
plugins
# from a binary distribution. The default build statically links the
storage
# driver (when only one is specified at configure time), overriding this
# setting, which only comes into play if multiple storage drivers are
specified
# at configure time. When using dynamic linking, be sure to include the
path
# to the library if necessary, and some systems may use an extension
other
# than .so (e.g. OSX uses .dylib).
#
# Options include:
#
#   libmysql_drv.so     libpgsql_drv.so
#   libsqlite3_drv.so   libhash_drv.so
#
# IMPORTANT: Switching storage drivers requires more than merely
changing
# this option. If you do not wish to lose all of your data, you will
need to
# migrate it to the new backend before making this change.
#
StorageDriver /usr/lib/x86_64-linux-gnu/dspam/libhash_drv.so

#
# Trusted Delivery Agent: Specifies the local delivery agent DSPAM
should call
# when delivering mail as a trusted user. Use %u to specify the user
DSPAM is
# processing mail for. It is generally a good idea to allow the MTA to
specify
# the pass-through arguments at run-time, but they may also be specified
here.
#
# Most operating system defaults:
#TrustedDeliveryAgent "/usr/bin/procmail"       # Linux
#TrustedDeliveryAgent "/usr/bin/mail"           # Solaris
#TrustedDeliveryAgent "/usr/libexec/mail.local" # FreeBSD
#TrustedDeliveryAgent "/usr/bin/procmail"       # Cygwin
#
# Other popular configurations:
#TrustedDeliveryAgent "/usr/cyrus/bin/deliver" # Cyrus
#TrustedDeliveryAgent "/bin/maildrop" # Maildrop
#TrustedDeliveryAgent "/usr/local/sbin/exim -oMr spam-scanned -oi" #
Exim

#TrustedDeliveryAgent "/usr/bin/procmail"
TrustedDeliveryAgent "/usr/sbin/sendmail"

#
# Untrusted Delivery Agent: Specifies the local delivery agent and
arguments
# DSPAM should use when delivering mail and running in untrusted user
mode.
# Because DSPAM will not allow pass-through arguments to be specified to
# untrusted users, all arguments should be specified here. Use %u to
specify
# the user DSPAM is processing mail for. This configuration parameter is
only
# necessary if you plan on allowing untrusted processing.
#
#UntrustedDeliveryAgent "/usr/bin/procmail -d %u"
UntrustedDeliveryAgent "/usr/lib/dovecot/deliver -d %u"

#
# SMTP or LMTP Delivery: Alternatively, you may wish to use SMTP or LMTP
# delivery to deliver your message to the mail server instead of using a
# delivery agent. You will need to configure with --enable-daemon to use
host
# delivery, however you do not need to operate in daemon mode. Specify
an IP
# address or UNIX path to a domain socket below as a host.
#
# If you would like to set up DeliveryHost's on a per-domain basis, use
# the syntax: DeliveryHost.domain.com 1.2.3.4
#
#DeliveryHost 127.0.0.1
#DeliveryPort 2424
#DeliveryIdent localhost
#DeliveryProto LMTP

#
# FallbackDomains: If you want to specify certain domains as fallback
domains,
# enable this option. For example, you could create a user @domain.com,
and
# if [hidden email] does not resolve to a known user on the system, the
user
# could default to your @domain.com user. NOTE: This also requires
designating
# fallbackDomain for the domain name;
# e.g. dspam_admin ch pref domain.com fallbackDomain on
#
#FallbackDomains on

#
# Quarantine Agent: DSPAM's default behavior is to quarantine all mail
it
# thinks is spam. If you wish to override this behavior, you may specify
# a quarantine agent which will be called with all messages DSPAM thinks
is
# spam. Use %u to specify the user DSPAM is processing mail for.
#
#QuarantineAgent "/usr/bin/procmail -d spam"

#
# DSPAM can optionally process "plused users" (addresses in the
user+detail
# form) by truncating the username just before the "+", so all internal
# processing occurs for "user", but delivery will be performed for
# "user+detail". This is only useful if the LDA can handle "plused
users"
# (for example Cyrus IMAP) and when configured for LMTP delivery above
#
#EnablePlusedDetail on

#
# Character to use as seperator between user names and address
extensions.
# If you change this value then please adjust QuarantineMailbox to use
the
# new specified character. The default is '+'.
#
#PlusedCharacter +

#
# Turn this feature on if you want to force DSPAM to lowercase the
"plused
# users" username.
#
#PlusedUserLowercase on

#
# Quarantine Mailbox: DSPAM's LMTP code can send spam mail using LMTP to
a
# "plused" mailbox (such as user+quarantine) leaving quarantine
processing
# for retraining or deletion to be performed by the LDA and the mail
client.
# "plused" mailboxes are supported by Cyrus IMAP and possibly other
LDAs. If
# you don't set/change PlusedCharacter then the mailbox name must have
the +
# since the + is the default used character.
#
#QuarantineMailbox +quarantine

#
# OnFail: What to do if local delivery or quarantine should fail. If set
# to "unlearn", DSPAM will unlearn the message prior to exiting with an
# un successful return code. The default option, "error" will not
unlearn
# the message but return the appropriate error code. The unlearn option
# is use-ful on some systems where local delivery failures will cause
the
# message to be requeued for delivery, and could result in the message
# being processed multiple times. During a very large failure, however,
# this could cause a significant load increase.
#
OnFail error

#
# Trusted Users: Only the users specified below will be allowed to
perform
# administrative functions in DSPAM such as setting the active user and
# accessing tools. All other users attempting to run DSPAM will be
restricted;
# their uids will be forced to match the active username and they will
not be
# able to specify delivery agent privileges or use tools.
#
Trust root
Trust dspam
Trust www-data
Trust mail
Trust daemon
Trust amavis
Trust greg
#Trust nobody
#Trust majordomo

#
# Debugging: Enables debugging for some or all users. IMPORTANT: DSPAM
must
# be compiled with debug support in order to use this option. DSPAM
should
# never be running in production with debug active unless you are
# troubleshooting problems.
#
# DebugOpt: One or more of: process, classify, spam, fp, inoculation,
corpus
#   process     standard message processing
#   classify    message classification using --classify
#   spam        error correction of missed spam
#   fp          error correction of false positives
#   inoculation message inoculations (source=inoculation)
#   corpus      corpusfed messages (source=corpus)
#
#Debug *
#Debug bob bill
#
#DebugOpt process spam fp

#
# ClassAlias: Alias a particular class to spam/nonspam. This is useful
if
# classifying things other than spam.
#
#ClassAliasSpam badstuff
#ClassAliasNonspam goodstuff

#
# Training Mode: The default training mode to use for all operations,
when
# one has not been specified on the commandline or in the user's
preferences.
# Acceptable values are:
#     toe     Train on Error (Only)
#     teft    Train Everything (Trains on every message)
#     tum     Train Until Mature (Train only tokens without enough data)
#     notrain Do not train or store signatures (large ISP systems,
post-train)
#
TrainingMode teft

#
# TestConditionalTraining: By default, dspam will retrain certain errors
# until the condition is no longer met. This usually accelerates
learning.
# Some people argue that this can increase the risk of errors, however.
#
TestConditionalTraining on

#
# Features: Specify features to activate by default; can also be
specified
# on the commandline. See the documentation for a list of available
features.
# If _any_ features are specified on the commandline, these are ignored.
#
#Feature noise
Feature whitelist

# Training Buffer: The training buffer waters down statistics during
training.
# It is designed to prevent false positives, but can also dramatically
reduce
# dspam's catch rate during initial training. This can be a number from
0
# (no buffering) to 10 (maximum buffering). If you are paranoid about
false
# positives, you should probably enable this option.
#
#Feature tb=5

#
# Algorithms: Specify the statistical algorithms to use, overriding any
# defaults configured in the build. The options are:
#    naive       Naive-Bayesian (All Tokens)
#    graham      Graham-Bayesian ("A Plan for Spam")
#    burton      Burton-Bayesian (SpamProbe)
#    robinson    Robinson's Geometric Mean Test (Obsolete)
#    chi-square  Fisher-Robinson's Chi-Square Algorithm
#
# You may have multiple algorithms active simultaneously, but it is
strongly
# recommended that you group Bayesian algorithms with other Bayesian
# algorithms, and any use of Chi-Square remain exclusive.
#
# NOTE: For standard "CRM114" Markovian weighting, use 'naive', or
consider
#       using 'burton' for slightly better accuracy
#
# Don't mess with this unless you know what you're doing
#
#Algorithm chi-square
#Algorithm naive
Algorithm graham burton

#
# Tokenizer: Specify the tokenizer to use. The tokenizer is the piece
# responsible for parsing the message into individual tokens. Depending
on
# how many resources you are willing to trade off vs. accuracy, you may
# choose to use a less or more detailed tokenizer:
#   word    uniGram (single word) tokenizer
#           Tokenizes message into single individual words/tokens
#           example: "free" and "viagra"
#   chain   biGram (chained tokens) tokenizer (default)
#           Single words + chains adjacent tokens together
#           example: "free" and "viagra" and "free viagra"
#   sbph    Sparse Binary Polynomial Hashing tokenizer
#           Creates sparse token patterns across sliding window of
5-tokens
#           example: "the quick * fox jumped" and "the * * fox jumped"
#   osb     Orthogonal Sparse biGram tokenizer
#           Similar to SBPH, but only uses the biGrams
#           example: "the * * fox" and "the * * * jumped"
#
# In general the reccomendation is to use 'osb' for new installations.
# The default value of 'chain' remains here as not to surprise anyone
upgrading
# that has not changed from the default value.
#
#Tokenizer chain
Tokenizer osb

#
# PValue: Specify the technique used for calculating Probability Values,
# overriding any defaults configured in the build. These options are:
#    bcr         Bayesian Chain Rule (Graham's Technique - "A Plan for
Spam")
#    robinson    Robinson's Technique (used in Chi-Square)
#    markov      Markovian Weighted Technique (for Markovian
discrimination)
#
# Unlike the "Algorithms" property, you may only have one of these
defined.
# Use of the chi-square algorithm automatically changes this to
robinson.
#
# Don't mess with this unless you know what you're doing.
#
#PValue robinson
#PValue markov
PValue bcr

#
# WebStats: Enable this if you are using the CGI, which writes .stats
files
WebStats on

#
# ImprobabilityDrive: Calculate odds-ratios for ham/spam, and add to
# X-DSPAM-Improbability headers
#
#ImprobabilityDrive on

#
# Preferences: Specify any preferences to set by default, unless
otherwise
# overridden by the user (see next section) or a default.prefs file.
# If user or default.prefs are found, the user's preferences will
override any
# defaults.
#
Preference "trainingMode=TEFT" # { TOE | TUM | TEFT | NOTRAIN } ->
default:teft
Preference "spamAction=tag" # { quarantine | tag | deliver } ->
default:tag
Preference "spamSubject=[SPAM]" # { string } -> default:[SPAM]
Preference "statisticalSedation=5" # { 0 - 10 } -> default:0
Preference "enableBNR=on" # { on | off } -> default:off
Preference "enableWhitelist=on" # { on | off } -> default:on
Preference "signatureLocation=headers"  # { message | headers } ->
default:headers
Preference "tagSpam=off" # { on | off } -> default:on
Preference "tagNonspam=off" # { on | off }
Preference "showFactors=off" # { on | off } -> default:off
Preference "optIn=off" # { on | off }
Preference "optOut=off" # { on | off }
Preference "whitelistThreshold=10" # { Integer } -> default:10
Preference "makeCorpus=off" # { on | off } -> default:off
Preference "storeFragments=off" # { on | off } -> default:off
Preference "localStore=" # { on | off } -> default:username
Preference "processorBias=on" # { on | off } -> default:on
Preference "fallbackDomain=off" # { on | off } -> default:off
Preference "trainPristine=off" # { on | off } -> default:off
Preference "optOutClamAV=off" # { on | off } -> default:off
Preference "ignoreRBLLookups=off" # { on | off } -> default:off
Preference "RBLInoculate=off" # { on | off } -> default:off
Preference "notifications=off" # { on | off } -> default:off

#
# Overrides: Specifies the user preferences which may override
configuration
# and commandline defaults. Any other preferences supplied by an
untrusted user
# will be ignored.
#
AllowOverride enableBNR
AllowOverride enableWhitelist
AllowOverride fallbackDomain
AllowOverride ignoreGroups
AllowOverride ignoreRBLLookups
AllowOverride localStore
AllowOverride makeCorpus
AllowOverride optIn
AllowOverride optOut
AllowOverride optOutClamAV
AllowOverride processorBias
AllowOverride RBLInoculate
AllowOverride showFactors
AllowOverride signatureLocation
AllowOverride spamAction
AllowOverride spamSubject
AllowOverride statisticalSedation
AllowOverride storeFragments
AllowOverride tagNonspam
AllowOverride tagSpam
AllowOverride trainPristine
AllowOverride trainingMode
AllowOverride whitelistThreshold
AllowOverride dailyQuarantineSummary
AllowOverride notifications

# --- Profiles ---

#
# You can specify multiple storage profiles, and specify the server to
# use on the commandline with --profile. For example:
#
#Profile DECAlpha
#MySQLServer.DECAlpha 10.0.0.1
#MySQLPort.DECAlpha 3306
#MySQLUser.DECAlpha dspam
#MySQLPass.DECAlpha changeme
#MySQLDb.DECAlpha dspam
#MySQLCompress.DECAlpha true
#MySQLReconnect.DECAlpha true
#
#Profile Sun420R
#MySQLServer.Sun420R 10.0.0.2
#MySQLPort.Sun420R 3306
#MySQLUser.Sun420R dspam
#MySQLPass.Sun420R changeme
#MySQLDb.Sun420R dspam
#MySQLCompress.Sun420R false
#MySQLReconnect.Sun420R true
#
#DefaultProfile DECAlpha

#
# If you're using storage profiles, you can set failovers for each
profile.
# Of course, if you'll be failing over to another database, that
database
# must have the same information as the first. If you're using a global
# database with no training, this should be relatively simple. If you're
# configuring per-user data, however, you'll need to set up some type of
# replication between databases.
#
#Failover.DECAlpha SUN420R
#Failover.Sun420R DECAlpha

# If the storage fails, the agent will follow each profile's failover up
to
# a maximum number of failover attempts. This should be set to a maximum
of
# the number of profiles you have, otherwise the agent could loop and
try
# the same profile multiple times (unless this is your desired
behavior).
#
#FailoverAttempts 1

#
# Ignored headers: If DSPAM is behind other tools which may add a header
to
# incoming emails, it may be beneficial to ignore these headers -
especially
# if they are coming from another spam filter. If you are _not_ using
one of
# these tools, however, leaving the appropriate headers commented out
will
# allow DSPAM to use them as telltale signs of forged email.
#
#IgnoreHeader X-Spam-Status
#IgnoreHeader X-Spam-Scanned
#IgnoreHeader X-Virus-Scanner-Result

IgnoreHeader X-Spam-Status
IgnoreHeader X-Spam-Scanned
IgnoreHeader X-Virus-Scanner-Result
IgnoreHeader X-Virus-Scanned
IgnoreHeader X-DKIM
IgnoreHeader DKIM-Signature
IgnoreHeader DomainKey-Signature
IgnoreHeader X-Google-Dkim-Signature

#
# Lookup: Perform lookups on streamlined blackhole list servers (see
# http://www.nuclearelephant.com/projects/sbl/). The streamlined
blacklist
# server is machine-automated, unsupervised blacklisting system designed
to
# provide real-time and highly accurate blacklisting based on network
spread.
# When performing a lookup, DSPAM will automatically learn the inbound
message
# as spam if the source IP is listed. Until an official public RABL
server is
# available, this feature is only useful if you are running your own
# streamlined blackhole list server for internal reporting among
multiple mail
# servers. Provide the name of the lookup zone below to use.
#
# This function performs standard reverse-octet.domain lookups, and
while it
# will function with many RBLs, it's strongly discouraged to use those
# maintained by humans as they're often inaccurate and could hurt filter
# learning and accuracy.
#
#Lookup "sbl.yourdomain.com"

#
# RBLInoculate: If you want to inoculate the user from RBL'd messages it
would
# have otherwise missed, set this to on.
#
#RBLInoculate off

#
# Notifications: Enable the sending of notification emails to users
(first
# message, quarantine full, etc.)
#
Notifications off

#
# QuarantineWarnSize: You may specify a size when DSPAM should send a
"Quarantine
# Full" message to each user. This is only working if you enable
notifications
# (see above). Value is in bytes. Default is 2097152 -> 2MB.
#
#QuarantineWarnSize 2097152

#
# Purge configuration: Set dspam_clean purge default options, if not
otherwise
# specified on the commandline
#
PurgeSignatures 14 # Stale signatures
PurgeNeutral 90 # Tokens with neutralish probabilities
PurgeUnused 90 # Unused tokens
PurgeHapaxes 30 # Tokens with less than 5 hits (hapaxes)
PurgeHits1S 15 # Tokens with only 1 spam hit
PurgeHits1I 15 # Tokens with only 1 innocent hit

#
# Purge configuration for SQL-based installations using purge.sql
#
#PurgeSignature off # Specified in purge.sql
#PurgeNeutral 90
#PurgeUnused off # Specified in purge.sql
#PurgeHapaxes off # Specified in purge.sql
#PurgeHits1S off # Specified in purge.sql
#PurgeHits1I off # Specified in purge.sql

#
# Local Mail Exchangers: Used for source address tracking, tells DSPAM
which
# mail exchangers are local and therefore should be ignored in the
Received:
# header when tracking the source of an email. Note: you should use the
address
# of the host as appears between brackets [ ] in the Received header.
# By default DSPAM is considering the following IPs always as LocalMX:
# 10.0.0.0/8 - Private IP addresses (RFC 1918)
# 127.0.0.0/8 - Localhost Loopback Address (RFC 1700)
# 169.254.0.0/16 - Zeroconf / APIPA (RFC 3330)
# 172.16.0.0/12 - Private IP addresses (RFC 1918)
# 192.168.0.0/16 - Private IP addresses (RFC 1918)
#
LocalMX 127.0.0.1

#
# Logging: Disabling logging for users will make usage graphs
unavailable to
# them. Disabling system logging will make admin graphs unavailable.
#
SystemLog on
UserLog on

#
# TrainPristine: for systems where the original message remains server
side
# and can therefore be presented in pristine format for retraining. This
option
# will cause DSPAM to cease all writing of signatures and DSPAM headers
to the
# message, and deliver the message in as pristine format as possible.
This mode
# REQUIRES that the original message in its pristine format (as of
delivery)
# be presented for retraining, as in the case of webmail, imap, or other
# applications where the message is actually kept server-side during
reading,
# and is preserved. DO NOT use this switch unless the original message
can be
# presented for retraining with the ORIGINAL HEADERS and NO
MODIFICATIONS.
#
# NOTE: You can't use this setting with dspam_trian; if you're going to
use it,
#       wait until after you train any corpora.
#
#TrainPristine on

#
# Opt: in or out; determines DSPAM's default filtering behavior. If this
value
# is set to in, users must opt-in to filtering by dropping a .dspam file
in
# /var/dspam/opt-in/user.dspam (or if you have homedirs configured, a
.dspam
# folder in their home directory).  The default is opt-out, which means
all
# users will be filtered unless a .nodspam file is dropped in
# /var/dspam/opt-out/user.nodspam
#
Opt out

#
# TrackSources: specify which (if any) source addresses to track and
report
# them to syslog (mail.info). This is useful if you're running a
firewall or
# blacklist and would like to use this information. Spam reporting also
drops
# RABL blacklist files (see
http://www.nuclearelephant.com/projects/rabl/).
#
#TrackSources spam nonspam virus

#
# ParseToHeaders: In lieu of setting up individual aliases for each
user,
# DSPAM can be configured to automatically parse the To: address for
spam and
# false positive forwards. From there, it can be configured to either
set the
# DSPAM user based on the username specified in the header and/or change
the
# training class and source accordingly. The options below can be used
to
# customize most common types of header parsing behavior to avoid the
need for
# multiple aliases, or if using LMTP, aliases entirely..
#
# ParseToHeader: Parse the To: headers of an incoming message. This must
be
#                set to 'on' to use either of the following features.
#
# ChangeModeOnParse: Automatically change the class (to spam or
innocent)
#   depending on whether spam- or notspam- was specified, and change the
source
#   to 'error'. This is convenient if you're not using aliases at all,
but
#   are delivering via LMTP.
#
# ChangeUserOnParse: Automatically change the username to match that
specified
#   in the To: header. For example, [hidden email] will set the
username
#   to bob, ignoring any --user passed in. This may not always be
desirable if
#   you are using virtual email addresses as usernames. Options:
#     on or user take the portion before the @ sign only
#     full take everything after the initial {spam,notspam}-.
#
ParseToHeaders on
ChangeModeOnParse on
ChangeUserOnParse full

#
# Broken MTA Options: Some MTAs don't support the proper functionality
# necessary. In these cases you can activate certain features in DSPAM
to
# compensate. 'returnCodes' causes DSPAM to return an exit code of 99 if
# the message is spam, 0 if not, or a negative code if an error has
occured.
# Specifying 'case' causes DSPAM to force the input usernames to
lowercase.
# Specifying 'lineStripping' causes DSPAM to strip ^M's from messages
passed
# in.
#
#Broken returnCodes
#Broken case
#Broken lineStripping

#
# MaxMessageSize: You may specify a maximum message size for DSPAM to
process.
# If the message is larger than the maximum size, it will be delivered
# without processing. Value is in bytes.
#
#MaxMessageSize 4194304

# --- ClamAV ---

#
# Virus Checking: If you are running clamd, DSPAM can perform
stream-based
# virus checking using TCP. Uncomment the values below to enable virus
# checking.
#
# ClamAVResponse: reject (reject or drop the message with a permanent
failure)
#                 accept (accept the message and quietly drop the
message)
#                 spam   (treat as spam and quarantine/tag/whatever)
#
#ClamAVPort 3310
#ClamAVHost 127.0.0.1
#ClamAVResponse accept

# --- CLIENT / SERVER ---

#
# Daemonized Server: If you are running DSPAM as a daemonized server
using
# --daemon, the following parameters will override the default. Use the
# ServerPass option to set up accounts for each client machine. The
DSPAM
# server will process and deliver the message based on the parameters
# specified. If you want the client machine to perform delivery, use
# the --stdout option in conjunction with a local setup.
#
# ServerHost: Not enabling ServerHost will bind DSPAM server to all
available
# interfaces.
#
# ServerPort: Default upstream configuration is to run dspam daemon on
port
# 24. On Debian, dspam being run as a unprivileged user, default port is
# set to 2424.
#
#ServerHost 127.0.0.1
#ServerPort 2424
#ServerQueueSize 32
ServerPID /var/run/dspam/dspam.pid

#
# ServerMode specifies the type of LMTP server to start. This can be one
of:
#     dspam: DSPAM-proprietary DLMTP server, for communicating with
dspamc
#  standard: Standard LMTP server, for communicating with Postfix or
other MTA
#      auto: Speak both DLMTP and LMTP; auto-detect by ServerPass.IDENT
#
#ServerMode dspam

# If supporting DLMTP (dspam) mode, dspam clients will require
authentication
# as they will be passing in parameters. The idents below will be used
to
# determine which clients will be speaking DLMTP, so if you will be
using
# both LMTP and DLMTP from the same host, be sure to use something other
# than the server's hostname below (which will be sent by the MTA during
a
# standard LMTP LHLO).
#
#ServerPass.Relay1 "secret"
#ServerPass.Relay2 "password"

# If supporting standard LMTP mode, server parameters will need to be
specified
# here, as they will not be passed in by the mail server. The
ServerIdent
# specifies the 250 response code ident sent back to connecting clients
and
# should be set to the hostname of your server, or an alias.
#
# NOTE: If you specify --user in ServerParameters, the RCPT TO will be
#       used only for delivery, and not set as the active user for
processing.
#
#ServerParameters "--deliver=innocent -d %u"
#ServerIdent "localhost.localdomain"

# If you wish to use a local domain socket instead of a TCP socket,
uncomment
# the following. It is strongly recommended you use local domain sockets
if
# you are running the client and server on the same machine, as it
eliminates
# much of the bandwidth overhead.
#
ServerDomainSocketPath "/var/run/dspam/dspam.sock"

#
# Client Mode: If you are running DSPAM in client/server mode, uncomment
and
# set these variables. A ClientHost beginning with a / will be treated
as
# a domain socket.
#
ClientHost /var/run/dspam/dspam.sock
#ClientIdent "secret@Relay1"
#
#ClientHost 127.0.0.1
#ClientPort 2424
#ClientIdent "secret@Relay1"

# --- RABL ---

# RABLQueue: Touch files in the RABL queue
# If you are a reporting streamlined blackhole list participant, you can
# touch ip addresses within the directory the rabl_client process is
watching.
#
#RABLQueue /var/spool/rabl

# ---  ---

# DataSource: If you are using any type of data source that does not
include
# email-like headers (such as documents), uncomment the line below. This
# will cause the entire input to be treated like a message "body"
#
#DataSource document

# ProcessorWordFrequency: By default, words are only counted once per
message.
# If you are classifying large documents, however, you may wish to count
once
# per occurrence instead.
#
#ProcessorWordFrequency occurrence

# ProcessorURLContext: By default, a URL context is generated for URLs,
which
# records their tokens as separate from words found in documents. To use
# URL tokens in the same context as words, turn this feature off.
#
ProcessorURLContext on

# ProcessorBias: Bias causes the filter to lean more toward 'innocent',
and
# usually greatly reduces false positives. It is the default behavior of
# most Bayesian filters (including dspam).
#
# NOTE: You probably DONT want this if you're using Markovian Weighting,
unless
# you are paranoid about false positives.
#
ProcessorBias on

# StripRcptDomain: Cut the domain (including the at sign) from
recipients.
# This is particularly useful if the recipient name is equal to real
user
# accounts as recipients with domains tend to cause permission issues
with
# dspam-web.
#
StripRcptDomain off

# --- Split Configuration File Support ---

# Include a directory with configuration items.
Include /etc/dspam/dspam.d/

# ---  ---

## EOF




!DSPAM:5424e07672301646321193!


------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Dspam-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/dspam-user
Loading...