Difference between revisions of "DSpam EXIM INTEGRATION"

Latest revision as of 19:23, 12 June 2009

CREATING A NEW DIRECTOR

To integrate DSPAM with exim 4, you'll need to create a new director in the exim configuration. First, add the following code to the directors:

spamscan:
  no_verify
  condition = "${if and {{!eq {$received_protocol}{spam-scanned}} {!eq {$received_protocol}{local}} } {1}{0}}"
  driver = accept
  transport = spamcheck
  require_files = /usr/local/var/dspam:\
    +/usr/local/bin

This code tells exim to run spamcheck unless the message was marked by the agent with the spam-scanned protocol, or if it is local mail (to prevent loops). If you're using an alternative prefix, adjust the pathnames to match.

Then add the following code to the transports section. This code defines how dspam is called by exim for scanning email:

spamcheck:
  driver = pipe
  command = /usr/local/bin/dspam --deliver=innocent --user $local_part -- %u
  user = mail
  group = mail
  return_path_add = false
  log_output = true
  return_fail_output = true

If you're using virtual users on the system, you may wish to include the domain as part of the username:

 command = /usr/local/bin/dspam --deliver=innocent --user "$local_part@$domain" -- %u

Finally, you will need to configure and compile DSPAM. DSPAM will most likely end up calling exim again for delivery, using the spam-scanned protocol to identify scanned messages. The most common example is:

./configure --with-delivery-agent="/usr/sbin/exim -oMr spam-scanned"

RUNNING WITHOUT PRIVILEGED EXIM USERS

The problem with setting the $received_protocol in the transport is that only privileged Exim users are allowed to do so. With the setup below, DSPAM can run as a nonprivileged user. The problem, however, is that this header could be easily spoofed:

condition = "${if and {\
                      {!def:h_X-DSPAM-Check:}\
              }{1}{0}}"
headers_add = "X-DSPAM-Check: by $primary_hostname on $tod_full"

DIRECTORY SETTINGS

When changing the user/group it is highly advisable to set "home_directory" and "current_directory" to match the DSPAM home:

home_directory = "/usr/local/var/dspam" # or /tmp
current_directory = "/usr/local/var/dspam" # or /tmp

Otherwise, the transport might try to run DSPAM in something like /home/bob under certain circumstances. This will most likely fail if DSPAM runs as "mail".

PASS-THROUGH

For a pass-through setup where DSPAM feeds all processed messages back to Exim it is also a good idea to set "prefix" and "suffix" to an empty string:

prefix = ""
suffix = ""

ALIASES

There is no need to create aliases for every user on the system in order to handle spam reports and false positives. They can be handled by directors and transports, using the following directors:

dspam_addspam:
  prefix = spam-
  driver = localuser
  transport = addspam

dspam_falsepositive:
  prefix = falsepos-
  driver = localuser
  transport = falsepositive

For every $user on the system, these directors will handle messages addressed to "spam-$user@localhost" and "falsepos-$user@localhost", strip the prefix from the address, and pass the message to the respective transport. This requires two additional transports:

addspam:
  driver = pipe
  command = "/path/to/dspam --user $local_part --class=spam --source=error"
  return_path_add = false
  return_fail_output = true
  log_output = true
  home_directory = "/path/to/dspam/dspam-home" # or "/tmp"
  current_directory = "/path/to/dspam/dspam-home" # or "/tmp"
  user = mail
  group = mail
  prefix = ""
  suffix = ""
falsepositive:
  driver = pipe
  command = "/path/to/dspam --user $local_part --class=innocent --source=error --deliver=innocent %u"
  return_path_add = false
  return_fail_output = true
  log_output = true
  home_directory = "/path/to/dspam-home" # or "/tmp"
  current_directory = "/path/to/dspam-home" # or "/tmp"
  user = mail
  group = mail
  prefix = ""
  suffix = ""

This way, all users are handled transparently. No fiddling with aliases is required as you add or remove users.