LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 07-08-2008, 06:20 AM   #1
tpe
Member
 
Registered: Oct 2004
Location: Athens, Greece
Distribution: Suse Linux
Posts: 98

Rep: Reputation: 16
DSPAM and Postfix problem


Hi to all,
I have setup and actually running a Postfix SMTP with DSPAM as antispam method. I did not wanted to use other ports, so I decided to use postfix 's content filtering, aka content_filter in master.cf.

Unfortunately, my users are complaining about spam. Checking /var/log/maillog, I found that dspam permitted all incoming mail to be delivered to my users! I suppose that the configuration is wrong.

Please help me to find the problem.

main.cf:
Code:
smtpd_client_restrictions = 
       permit_mynetworks,
       check_client_access pcre:/etc/postfix/dspam_filter_access

dspam_destination_recipient_limit = 1
dspam_filter_access:
Code:
/./   FILTER dspam:dspam
master.cf:
Code:
smtp      inet  n       -       n       -       -       smtpd 
  -o content_filter=dspam:
dspam     unix  -       n       n       -       10      pipe
  flags=Rhqu user=dspam argv=/usr/local/bin/dspamit ${sender} ${recipient}

pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp

relay     unix  -       -       n       -       -       smtp

showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache	  unix	-	-	n	-	1	scache

maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}

old-cyrus unix  -       n       n       -       -       pipe
  flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}

cyrus     unix  -       n       n       -       -       pipe
  user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}

uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)

ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
and finally, /usr/local/etc/dspam.conf
Code:
Home /usr/local/var/dspam
StorageDriver /usr/local/lib/libhash_drv.so
TrustedDeliveryAgent "/usr/bin/procmail"
TrustedDeliveryAgent "/usr/bin/sendmail"
OnFail error
Trust root
Trust mail
Trust mailnull 
Trust smmsp
Trust daemon
Trust dspam
TrainingMode teft
TestConditionalTraining on
Feature whitelist
Feature tb=6
Algorithm graham burton
Tokenizer chain
PValue bcr
WebStats on
Preference "spamAction=quarantine"
Preference "signatureLocation=message"	# 'message' or 'headers'
Preference "showFactors=on"
AllowOverride trainingMode
AllowOverride spamAction spamSubject
AllowOverride statisticalSedation
AllowOverride enableBNR
AllowOverride enableWhitelist
AllowOverride signatureLocation
AllowOverride showFactors
AllowOverride optIn optOut
AllowOverride whitelistThreshold
HashRecMax		98317
HashAutoExtend		on  
HashMaxExtents		0
HashExtentSize		49157
HashPctIncrease 10
HashMaxSeek		10
HashConnectionCache	10
Notifications	off
PurgeSignatures 14          # Stale signatures
PurgeNeutral    90          # Tokens with neutralish probabilities
PurgeUnused     90          # Unused tokens
PurgeHapaxes    30          # Tokens with less than 5 hits (hapaxes)
PurgeHits1S	15          # Tokens with only 1 spam hit
PurgeHits1I	15          # Tokens with only 1 innocent hit
LocalMX 127.0.0.1
SystemLog on
UserLog   on
Opt out
ClamAVPort	3310
ClamAVHost	127.0.0.1
ClamAVResponse reject
ProcessorURLContext on
ProcessorBias on
 
Old 07-09-2008, 02:47 PM   #2
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 59
You may get a faster answer on the postfix list. Show what you have above, as well as output from postconf -n.
 
Old 07-10-2008, 10:26 AM   #3
tpe
Member
 
Registered: Oct 2004
Location: Athens, Greece
Distribution: Suse Linux
Posts: 98

Original Poster
Rep: Reputation: 16
Initial problem was solved. Somehow, postfix was not trusted from dspam, that way, dspam did not reinjected mail to postfix.
Now, I have another problem.
All mails of July 8,2008 are stored in file /var/spool/dspam (and we are talking about 1300 emails). I managed to extract messages from dspam to files, as I use maildir, using the mb2ml tool. Now, I want to manually insert those files in a postfix queue, in order to be delivered to my user's mailboxes. How can I do that?
I tried by copying files to various queues (incoming, hold, bounce, etc) but
mailq reports an empty queue. A real example of the extracted filename is:
1215675821.59608112197.server.domain.com

Please help.
Thank you
Peter
 
Old 07-10-2008, 12:55 PM   #4
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 59
No, you can't copy the files into postfix queues. Those are postfix private, and the contents is undocumented (because it is private).

You can reintroduce into the post content_filter smtpd port with something like mini_sendmail. If you don't care that the mail goes through the content filter again, you can reintroduce into the before content_filter smtpd process. For this you can use even sendmail (sendmail -i recipient < mail_file).
 
Old 07-10-2008, 03:40 PM   #5
tpe
Member
 
Registered: Oct 2004
Location: Athens, Greece
Distribution: Suse Linux
Posts: 98

Original Poster
Rep: Reputation: 16
The recipient is not known! Of course I can find it with a simple grep, but that will be very insecure...
Anyway, are you sure that I cannot simply copy them to a queue dir?
 
Old 07-10-2008, 03:44 PM   #6
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 59
You absolutely cannot copy them into any queue directory.

man mini_sendmail
...

Code:
-t     Read message for recipients.  To:, Cc:, and Bcc: lines  will  be
       scanned  for recipient addresses.  The Bcc: line will be deleted
       before transmission.
I reinject quarantined messages daily.
 
Old 07-10-2008, 03:47 PM   #7
tpe
Member
 
Registered: Oct 2004
Location: Athens, Greece
Distribution: Suse Linux
Posts: 98

Original Poster
Rep: Reputation: 16
OK, I got it. Download that mini_sendmail, copy all files in a tmp dir and use that mini to resubmit them. OK. I will try it tomorrow morning and will report the progress.
Thanks Mr. C
 
Old 07-10-2008, 08:38 PM   #8
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 59
Note:

From Noel Jones @ postfix list:
Quote:
Caution! Using the -t option for already-queued mail will misdirect and loose mail. This option is only appropriate for original mail submission where you control who is in the headers.

Hopefully the messages have a Delivered-To: header or other information that shows the actual recipient. OP will need a script to extract this information and inject the mail into sendmail or mini_sendmail.

The advice from all the others is correct... there is no way to directly move these files into a postfix queue. The only ways to get mail into postfix is via the sendmail(1) command, or via SMTP or QMQP
I've only used mini_sendmail in the case Noel suggests - you'll have to verify your recipients.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
dspam configuration dody1313 Solaris / OpenSolaris 4 07-23-2008 03:39 PM
LXer: Using DSPAM & ClamAV With Postfix (Virtual Users) On Debian Etch LXer Syndicated Linux News 0 08-16-2007 09:20 PM
Postfix send mail problem(In RH9, kernal 2.4.20, postfix 2.1.5) minor Linux - General 4 07-11-2005 09:12 PM
Dspam karunesh Linux - General 2 07-27-2004 10:44 AM
Dspam ekoome Red Hat 4 10-03-2003 10:19 AM


All times are GMT -5. The time now is 11:32 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration