Someone using/testing DSPAM (http://www.nuclearelephant.com/projects/dspam/) with 'DA' ?

The site say: 'Peak Accuracy: 99.991%. Whitelists: 0.'

Feedback welcome,
TIA
redesb

I have been working on configuring and implementing it with the DA exim.conf
and I have it mostly working. I have been really busy with my real job ( the
one that pays :) ) and two other side projects, that I haven't had too much time
to really test all the options yet.

Their site says 99.991% but the best I have been able to achieve has been
98.7%. That is with a 70% ratio of spam to ham, and a volume of 120
emails a day to my home account.

I still get a few spams that make it through, and a few false postives, but
still better than when I was using SpamAssassin, plus Dspam is very fast.
On a Sun Ultra 10 333 Mhz running Solaris 9, it was taking anywhere from
10-30 seconds per email with SpamAssassin and Dspam takes less
than a second to process a spam.


For those that want to start trying it, this is what I have so far:

Dspam config line:


./configure --prefix=/opt/dspam \
--with-storage-driver=mysql_drv \
--with-dspam-home=/opt/dspam/user \
--with-dspam-home-owner=mail \
--with-home-home-group=mail \
--with-dspam-mode=none \
--with-dspam-owner=mail \
--with-dspam-group=mail \
--enable-signature-headers \
--enable-domain-scale \
--enable-virtual-users \
--with-mysql-includes=/usr/include/mysql \
--with-mysql-libraries=/usr/lib/mysql


/etc/exim.conf changes:


router entry
dspam_router:
no_verify
condition = "${if and { {!def:h_X-FILTER-DSPAM:} {!eq {$received_protocol}{spam-scanned}} } {1}{0}}"
headers_add = "X-FILTER-DSPAM: by $primary_hostname on $tod_full"
retry_use_local_part
driver = accept
transport = dspam_spamcheck

# spam-username
dspam_addspam_router:
driver = accept
local_part_prefix = spam-
transport = dspam_addspam


# nospam-username
dspam_falsepositive_router:
driver = accept
local_part_prefix = nospam-
transport = dspam_falsepositive

transport entry
dspam_spamcheck:
driver = pipe
command = /usr/sbin/exim -oMr spam-scanned -bS
transport_filter = "/opt/dspam/bin/dspam --stdout --deliver=innocent,spam --feature=chained,noise,whitelist --mode=teft --user $local_part@${domain}"
use_bsmtp
home_directory = "/tmp"
current_directory = "/tmp"
user = mail
group = mail
log_output = true
return_fail_output = true
return_path_add = false
message_prefix =
message_suffix =

dspam_addspam:
driver = pipe
command = "/opt/dspam/bin/dspam --user $local_part@${domain} --source=error --mode=teft --class=spam"
home_directory = "/tmp"
current_directory = "/tmp"
user = mail
group = mail
log_output = true
return_fail_output = true
return_path_add = false
message_prefix =
message_suffix =

dspam_falsepositive:
driver = pipe
command = "/opt/dspam/bin/dspam --user $local_part@${domain} --class=innocent --mode=teft --source=error"
home_directory = "/tmp"
current_directory = "/tmp"
user = mail
group = mail
log_output = true
return_fail_output = true
return_path_add = false
message_prefix =
message_suffix =

You can use different modes that I have above, the default is teft (train on
everything), but you can use toe (train on error). The best is to read the docs and decide which is right for you.

/opt/dspam/user/mysql.data:


/tmp/mysql.sock

USERNAME
PASSWORD
DATABASE


/opt/dspam/user/group:


groupname:classification:*globaluser


/opt/dspam/user/trusted.users:


root
mail
apache


Also you need to execute:


touch /opt/dspam/user/untrusted.mailer_args

or put some exim arguments you do not wish dspam to ever execute.

It may not start classifying until it reaches a certain number of spam/ham.
This will depend on the mode used. You can feed it a corpus to seed the
database, but you want to be sure to feed it a lot of both spam and ham.

That is what I have so far, so if someone with a little more time on their
hands wants to play and add/update to this, feel free. I do not have this in
production, so I can't say everything works.

any updates toml?

So far I have been running this way and it appears to be working. No problems so far. I still have not tested the forwarding to the spam-$username or nospam-$username, but I believe that should work. Luckily I was able to use the corpus I have for my home account, and I am using that as a shared account, so everyone will at least start with a reasonable amount of spam filtering.

I know this is an old thread, but is there any HOWTO for dspam with DA? I cannot get the webinterface to work and most of the howto's on the net are too much focussed on other configurations.

Thanks in advance.

The config info here is a little out of date. The latest version of DSPAM needs slightly different parameters, since a lot of these are configured in the config file instead of compile time.

As far as getting the web interface to work, what problems are you having? It is a cgi script, so it needs to be put somewhere that has cgi enabled. Also it expects to be authenticated via http, have a look at here (http://www.javascriptkit.com/howto/htaccess3.shtml) for how to set it up.

What problems are you having?

I'd recommend using http://ben.brillat.net/projects/mod_auth_imap/
It works well and is more secure than exposing /etc/passwd

I do not see the link between dspam and mod_auth_imap. Isn't that something completely different?

--

I'm still looking into setting up dspam. I had a 'small' delay, but if I run into problems, I'll post them here.

You use mod_auth_imap to give access to the webui to your users.
The one thing I hate about this whole setup is suexec. You need to setup a virtualhost just for this and I just want to use a folder...

http auth does not expose /etc/passwd at all. You use standard .htaccess and create your own user/password combination to do the authorization. See here (http://www.javascriptkit.com/howto/htaccess3.shtml) for how to do it.

Yep, but you have to manually add every user to that file.

Yes, but as you say it is safer to not give access to /etc/passwd.

That's why you use auth_imap. It connects to Dovecot to authenticate the user. Since every email user should be able to manage its spams, this is the easiest way I found.