luyj 发表于 2014-12-23 08:13:55

Postfix邮箱(九):安装反垃圾邮件系统DSPAM

1、DSpam介绍

    DSPAM是一个专为企业设计的可扩展并且基于开放源码的垃圾邮件过滤器.在正确配置系统,过滤成功率达99.5 % - 99.95%。
    DSPAM是很流行的防垃圾工具之一,DSPAM能够学习每个用户的不同邮件的习性,根据这些习性告诉过滤器什么是垃圾邮件。
    DSPAM提供了一个能够学习每个用户的邮件习性的管理维护功能,这些习性可能会有些误判。

官方网站:
http://dspam.nuclearelephant.com/
官方下载:

http://ncu.dl.sourceforge.net/project/dspam/dspam/dspam-3.10.2/dspam-3.10.2.tar.gz
配置参考:

http://wiki.extmail.org/dspam_for_emos
http://www.extmail.org/forum/thread-10393-1-1.html
技术博客:

http://blog.dspam.org.cn/

说明:
    目前已更新至2012年的3.10.2版本,EMOS配置的是2009年的3.8版本,
为了不过于依赖extmail制做的rpm包以及mini-http,
本文档使用源码方式安装最新版本以及配置apache进行web访问。

2、安装DSpam

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
#cd /usr/local/src
#wget http://ncu.dl.sourceforge.net/project/dspam/dspam/dspam-3.10.2/dspam-3.10.2.tar.gz
#tar zxvf dspam-3.10.2.tar.gz
#cd dspam-3.10.2
# ./configure \
--enable-debug \
--enable-daemon \
--enable-clamav \
--enable-syslog \
--enable-large-scale \
--disable-domain-scale \
--enable-virtual-users \
--enable-long-usernames \
--enable-external-lookup \
--enable-preferences-extension \
--prefix=/usr/local/dspam \
--with-dspam-mode=2511 \
--with-dspam-home-mode=770 \
--with-logdir=/var/log \
--with-dspam-owner=vmail \
--with-dspam-group=vmail \
--with-dspam-home-owner=vmail \
--with-dspam-home-group=vmail \
--with-mysql-libraries=/usr/lib64/mysql \
--with-mysql-includes=/usr/include/mysql \
--with-storage-driver=mysql_drv,hash_drv

#这里没有新建dspam的用户,直接使用vmail账号和组。
#make
#make install





3、配置 DSpam

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
# vi /usr/local/dspam/etc/dspam.conf
#后面带#号的表示要修改的参数
Home /usr/local/dspam/var/dspam
StorageDriver /usr/local/dspam/lib/dspam/libmysql_drv.so
TrustedDeliveryAgent "/usr/bin/procmail"
DeliveryHost 127.0.0.1#
DeliveryPort 10024      #
DeliveryIdent localhost #
DeliveryProto SMTP      #
OnFail error
Trust root
Trust vmail             #添加信任用户
Trust extmail         #
Trust amavis            #
TrainingMode teft
TestConditionalTraining on
Feature whitelist       #自动白名单,同一发件人10封正常邮件0封垃圾邮件时,该记录标为白名单
Algorithm graham burton
Tokenizer chain
PValue bcr
WebStats on
Preference "trainingMode=TEFT"
Preference "spamAction=deliver"       #
Preference "spamSubject="
Preference "statisticalSedation=5"
Preference "enableBNR=on"
Preference "enableWhitelist=on"
Preference "signatureLocation=headers"#只在信头显示!DSPAM:1,49179586289971925617086!标识
Preference "tagSpam=off"
Preference "tagNonspam=off"
Preference "showFactors=off"
Preference "optIn=off"
Preference "optOut=off"
Preference "whitelistThreshold=10"
Preference "makeCorpus=off"
Preference "storeFragments=off"
Preference "localStore="
Preference "processorBias=on"
Preference "fallbackDomain=off"
Preference "trainPristine=off"
Preference "optOutClamAV=off"
Preference "ignoreRBLLookups=off"
Preference "RBLInoculate=off"
Preference "notifications=off"
AllowOverride enableBNR
AllowOverride enableWhitelist
AllowOverride fallbackDomain
AllowOverride ignoreGroups
AllowOverride ignoreRBLLookups
AllowOverride localStore
AllowOverride makeCorpus
AllowOverride optIn
AllowOverride optOut
AllowOverride optOutClamAV
AllowOverride processorBias
AllowOverride RBLInoculate
AllowOverride showFactors
AllowOverride signatureLocation
AllowOverride spamAction
AllowOverride spamSubject
AllowOverride statisticalSedation
AllowOverride storeFragments
AllowOverride tagNonspam
AllowOverride tagSpam
AllowOverride trainPristine
AllowOverride trainingMode
AllowOverride whitelistThreshold
AllowOverride dailyQuarantineSummary
AllowOverride notifications
MySQLServer /var/lib/mysql/mysql.sock
MySQLUser dspam         #
MySQLPass dspam         #
MySQLDb dspam             #
MySQLCompress true      #
MySQLReconnect true       #
MySQLConnectionCache 10   #
MySQLUIDInSignature on    #
Notifications off
PurgeSignatures 14
PurgeNeutral 90
PurgeUnused 90
PurgeHapaxes 30
PurgeHits1S 15
PurgeHits1I 15
LocalMX 127.0.0.1
SystemLog on
UserLog on
Opt out
MaxMessageSize 1048576    #限制检查的邮件最大大小
ServerHost 127.0.0.1      #
ServerPort 10028          #
ServerQueueSize 32      #
ServerPID /var/run/dspam.pid #
ServerMode auto            #
ServerPass.Relay1 "secret"   #
ServerParameters "--user extmail --deliver=innocent,spam -d %u"#
ServerIdent "localhost.localdomain"   #
ClientHost 127.0.0.1         #
ClientPort 10028             #
ClientIdent "secret@Relay1"#
ProcessorURLContext on
ProcessorBias on
StripRcptDomain off






4、导入数据库
(1)创建

1
2
3
# cd src/tools.mysql_drv/
# mysql -uroot -p123456 -e "create database dspam"
# mysql -uroot -p123456 -e "grant all on dspam.* to dspam@localhost identified by 'dspam'"




(2)导入

1
2
# mysql -udspam -pdspam dspam < mysql_objects-4.1.sql
# mysql -udspam -pdspam dspam < virtual_users.sql





5、定时清理token数据库和特征库

1
2
3
4
5
6
7
# cp purge-4.1.sql /usr/local/dspam/share/
# crontab -e
#清理数据库无用的学习数据
0 0 * * * /usr/bin/mysql -u dspam -p'dspam' dspam < /usr/local/dspam/share/purge-4.1.sql
#清理过滤日志记录
0 0 * * * /usr/local/dspam/bin/dspam_logrotate -a 30 -d /usr/local/dspam/var/dspam/data
# service crond restart





6、启动

1
2
3
4
5
6
7
8
9
# /usr/local/dspam/bin/dspam --daemon &
52841
# ps aux|grep dspam
root   528420.00.2547682420 pts/3    S    16:29   0:00 /usr/local/dspam/bin/dspam --daemon
root   528540.00.0 103256   852 pts/3    S+   16:29   0:00 grep dspam
+Done                  /usr/local/dspam/bin/dspam --daemon
# netstat -lntp|grep 10028
tcp      0      0 127.0.0.1:10028             0.0.0.0:*                   LISTEN      52842/dspam
# cat"/usr/local/dspam/bin/dspam --daemon &" >> /etc/rc.local





7、配置Web界面
(1)安装绘图工具

1
# yum install perl-GD perl-GDTextUtil perl-GDGraph perl-GD-Graph3d




(2)配置Web目录

1
2
3
4
# cd /usr/local/src/dspam-3.10.2/webui/
# mkdir /var/www/extsuite/dspam
# cp -Rf cgi-bin/* htdocs/* /var/www/extsuite/dspam
# cp -Rfhtdocs/*   /var/www/extsuite/extmail/html




网页标签图标需要修改或删除,否则extmail和extman都会显示d图标:

1
# rm -f /var/www/extsuite/extmail/html/favicon.ico




设置属主及其他:

1
2
3
# chown -R vmail.vmail /var/www/extsuite/dspam
# cd /var/www/extsuite/dspam
# ln -s default.prefs /usr/local/dspam/var/dspam/default.prefs




(3)删除web目录下所有Makefile开头的文件

1
# find . -type f -name "Makefile*" -exec rm -rf {} \;




(4)给执行文件添加可执行权限

1
# chmod +x *.pl *.cgi




(5)在管理员组添加用户并设置该用户的密码,用于登陆WEB UI

1
2
# echo "extmail" > admins
# htpasswd -c .htpasswd extmail




(6)修改htdocs/目录下的文件路径为dspam根目录下

1
2
# vi configure.pl
$CONFIG{'WEB_ROOT'}   = ".";




(7)创建虚拟主机

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
# vi /etc/httpd/conf.d/dspam.conf
# VirtualHost for Dspam
Alias /dspam "/var/www/extsuite/dspam"
<Directory "/var/www/extsuite/dspam/">
Options ExecCGI
Options -Indexes
Addhandler cgi-script .cgi
DirectoryIndex dspam.cgi
AllowOverride AuthConfig
Order deny,allow
AuthType Basic
AuthName "DSPAM Control Center"
AuthUserFile /var/www/extsuite/dspam/.htpasswd
Require valid-user
SuexecUserGroup dspam dspam
</Directory>
ErrorLog /var/log/dspam_error.log
CustomLog /var/log/dspam_access.log common




(8)访问Web
http://mail.yourmail.com/dspam
账号就是htpasswd创建的extmail账号


8、配置postfix
流程:postfix通过lmtp将邮件发送给DSPAM扫描,完成后回注给postfix,再交付(Delivered)给用户。
(1)添加客户端访问限制
# vi /etc/postfix/main.cf

1
2
3
4
5
6
7
8
9
10
#取消amavisd调用的内容过滤器
#content_filter = smtp::10024
#receive_override_options = no_address_mappings
#添加客户端限制条件,允许sasl认证的、mynetworks范围的、客户端访问表的通过
smtpd_client_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
check_client_access pcre:/etc/postfix/dspam_filter_access
#添加检查邮件标题内容的过滤器
header_checks = regexp:/etc/postfix/header_checks




(2)创建dspam客户端访问表,过滤进来的邮件

1
2
# vi /etc/postfix/dspam_filter_access
/./ FILTER lmtp::10028




(3)创建标题内容过滤器

1
2
3
# vi /etc/postfix/header_checks
/^(X-DSPAM-.*)/ IGNORE
/^(X-Spam-.*)/ IGNORE




(4)重载配置

1
# service postfix reload





9、为SpamAssassin添加DSpam插件
说明:为SA增加DSpam插件,根据邮件头上dspam的分数结果增减不同的分数,注意不是以DSPAM的分数为准,因此你会看到信头中即有SA的分数又有DSAPM的分数。

官方地址:
http://eric.lubow.org/projects/dspam-spamassassin-plugin/
https://github.com/elubow/dspam-spamassassin
extmail地址:
http://www.extmail.org/download/misc/dspam/dspam.pm
http://www.extmail.org/download/misc/dspam/dspam.cf

先查找SA的插件目录:

1
# find / -name 'Plugin' -type d




进入目录后下载插件:

1
2
3
# cd /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin
# wget http://www.extmail.org/download/misc/dspam/dspam.pm
# cp dspam.pm /usr/local/share/perl5/Mail/SpamAssassin/Plugin




进入目录并下载配置文件:

1
2
# cd /etc/mail/spamassassin/
# wget http://www.extmail.org/download/misc/dspam/dspam.cf




配置SA启用插件:


1
2
3
4
# vi local.cf
include dspam.cf
# vi init.pre
loadplugin Mail::SpamAssassin::Plugin::dspam





10、配置amavisd调用dspam
注意:可以先跳过这一步,完成下一节的测试一后再配置。

在配置文件中的@av_scanners前添加以下内容:


1
2
3
4
5
6
7
8
# vi /etc/amavisd.conf
$dspam = '/usr/local/dspam/bin/dspam';
@spam_scanners = (
['SpamAssassin', 'Amavis::SpamControl::SpamAssassin'],
['DSPAM','Amavis::SpamControl::ExtProg', $dspam,
    [ qw(--client --stdout --deliver=spam,innocent --mode=teft --user extmail)],
],
);




重新加载:

1
# service amavisd reload




查看日志:

1
2
# tailf /var/log/maillog
Dec9 16:30:54 mail amavis: Found spam scanner DSPAM       at /usr/local/dspam/bin/dspam




说明:出现这个表示发现DSPAM扫描器了

11、开启extmail页面上的垃圾邮件举报开关

1
2
3
4
5
6
# /var/www/extsuite/extmail/webmail.cf
SYS_SPAM_REPORT_ON = 1
SYS_SPAM_REPORT_TYPE = dspam
# vi /usr/local/dspam/etc/dspam.conf
#默认学习5次才会自动转到垃圾邮件箱,改为2次
Feature tb=2




会在WEB页面上每封邮件顶部显示“这是垃圾邮件”的按钮,
点击后移动到“垃圾邮件”目录,也可以移回来。


12、设置maidrop全局过滤
说明:以下的maildroprc 文件同时支持调用ExtMail多语言过滤器解码器,
如果用户已建立自定义过滤规则,则此条全局规则无效(以用户为准)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
# vi /etc/maildroprc
# Decoder for high quality key word filtering
logfile "/var/log/maildrop.log"
DECODER="/var/www/extsuite/extmail/tools/decode -v"
if ((/^(From|Sender|Return-Path):.*MAILER\-DAEMON/))
{
BADSENDER=1
}
# Auto deliver to Junk mailbox support if there is no custom
# mailfilter, need test command and correct PATH env
`test -f $HOME/.mailfilter && exit 1 || exit 0`
# No customize filtering rules
if ( $RETURNCODE == 0 )
{   
if (/^X-Spam-Flag:.*YES/ || /^X-DSPAM-Result:.*Spam/)
{   
    exception {
      to "$HOME/Maildir/.Junk/."   
    }
}
}
# touch /var/log/maildrop.log
# chown vmail.vmail /var/log/maildrop.log




说明:Junk表示垃圾邮件箱,由于正常邮件容易被误判,使用POP3客户端的用户无法同步到垃圾邮件箱的邮件,导致误以为没有收到;一般建议改为"$HOME/Maildir/."即收件箱中。


13、训练DSPAM
Extmail提供了一个已经预先训练好的dspam数据库文件(31.6M),
该库是由3000封ham+3000封spam训练而成,用户只要在新的dspam系统里导入该数据库,
原理上就可免除初期搜集最新spam及最新ham并进行训练的痛苦。
导入后会生成特征库,但不会生成历史记录,因此在history中是没记录的。

1
2
3
4
5
6
7
# cd /usr/local/src
# wget http://mirror.extmail.org/yum/misc/dspam/dspam-trained-data.sql.gz
gzip -d dspam-trained-data.sql.gz
# rm -rf /var/lib/mysql/dspam/
# mysql -u root -p123456 -e "create database dspam"
# mysql -u root -p123456 -e "grant all on dspam.* to dspam@localhost identified by 'dspam'"
# mysql -u dspam -pdspam dspam < dspam-trained-data.sql




结论:安装部署完毕,下一节进行测试。
百度云附件:dspam-3.10.2.tar.gz+dspam.pm+dspam.cf.zip   


avtest123 发表于 2016-1-18 12:38:43

你好
http://mail.yourmail.com/dspam
输入密码后就不显示网页了。能提供下帮助吗?
谢谢。
页: [1]
查看完整版本: Postfix邮箱(九):安装反垃圾邮件系统DSPAM