Richard
To use DSPAM with our mailserver we will use it as a content filter in Postfix, therefore we need to change the configuration of Postfix to route incoming email to DSPAM.
We define an extra transport in the /etc/postfix/master.cf config file by adding the following lines after the line starting with ‘smtp’:
flags=Ru user=_dspam argv=/usr/local/bin/dspam --deliver=innocent --user ${recipient} -i – f $sender -- $recipient
Please make sure that the last line starting with ‘flags’ is all on one line in the config file.
To enable the re-insertion of the email into Postfix for delivery into a users mailbox we need to add the following to the master.cf file:
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
Filtering incoming mail only
To only filter incoming mail we need to do some smart thing with the smtpd_recipient_restrictions settings in the /etc/postfix/main.cf. The list is worked down from top to bottom and if one of the options is valid/checks then the restriction checking stops and the mail process continues with the appropriate steps.
To get this to work we need to setup a filter (using PCRE) which passes the incoming email to DSPAM. To enable this we need to create a file called dspam_filter_access in /etc/postfix/ with the following content:
Next we need to convert this into a postfix readable format using the following command:
If everything went correctly there should be a new file called dspam_filter_access.db in /etc/postfix/.
Next we need to edit the postfix configuration file /etc/postfix/main.cf to enable the filter and add some other DSPAM settings. First the smtpd_recipient_restrictions list:
Your original setting would look like:
reject_unauth_pipelining,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
warn_if_reject,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_invalid_hostname,
reject_rbl_client zen.spamhaus.org,
permit
Please change the last line so it would look like:
Please add the following entry at the bottom of the
reject_unauth_pipelining,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
warn_if_reject,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_invalid_hostname,
reject_rbl_client zen.spamhaus.org,
check_client_access pcre:/etc/postfix/dspam_filter_access
/etc/postfix/main.cf, to prevent multiple messages to be submitted at the same time:
dspam_destination_recipient_limit = 1
Comments
2:03 am
Richard, thank you very much for your detailed descriptions of setting up postfix+dovecot+mysql+postfixadmin. I have this setup with virtual users working with postgrey and want to add dspam. (BTW, your first master.cf change above has an extra space in the -f)
dspam almost works but mail doesn’t actually get delivered. Any ideas?
Here’s the postfix log:
Mar 4 16:06:49 mail postfix/smtpd[2172]: connect from billthecat.sdsc.edu[132.249.20.60]
Mar 4 16:06:49 mail postfix/smtpd[2172]: setting up TLS connection from billthecat.sdsc.edu[132.249.20.60]
Mar 4 16:06:50 mail postfix/smtpd[2172]: Anonymous TLS connection established from billthecat.sdsc.edu[132.249.20.60]: TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)
Mar 4 16:06:50 mail postgrey[51449]: action=pass, reason=triplet found, delay=363, client_name=billthecat.sdsc.edu, client_address=132.249.20.60, sender=xxx@sdsc.edu, recipient=xxx@xxx.com
Mar 4 16:06:50 mail postfix/smtpd[2172]: NOQUEUE: filter: RCPT from billthecat.sdsc.edu[132.249.20.60]: : Client host triggers FILTER dspam:dspam; from= to= proto=ESMTP helo=
Mar 4 16:06:50 mail postfix/smtpd[2172]: C6EE95C9029: client=billthecat.sdsc.edu[132.249.20.60]
Mar 4 16:06:50 mail postfix/cleanup[2177]: C6EE95C9029: message-id=
Mar 4 16:06:50 mail postfix/qmgr[2142]: C6EE95C9029: from=, size=1300, nrcpt=1 (queue active)
Mar 4 16:06:50 mail dspam[2179]: query error: VERBOSE DEBUG (INFO ONLY – NOT AN ERROR): see sql.errors for more details
Mar 4 16:06:50 mail postfix/pipe[2178]: C6EE95C9029: to=, relay=dspam, delay=0.61, delays=0.47/0.01/0/0.12, dsn=2.0.0, status=sent (delivered via dspam service)
Mar 4 16:06:50 mail postfix/qmgr[2142]: C6EE95C9029: removed
7:52 am
@Terry, it looks like something goes wrong on re-insertion. The extra space is required! Please check the master.cf file and dsam.conf for the right settings.
9:23 pm
Thank you Richard. Of course it was a silly typo. –deliver-innocent instead of the correct –deliver=innocent in master.cf.