Dan Mensom skrev, on 29-04-2007 22:39:
Hi, I'm having some problems with retraining messages marked
incorrectly as spam or notspam with postfix. The issue seems to be
that the recipient of the mail is a postfix alias (or virtual map,
doesn't seem to matter) that is directed to a real user on the
system.
The problem arises in that if a user has multiple aliases, and spam
is arriving on one of them that they need to retrain, if they bounce
it to their "real username"-spam, dspam doesn't find the signature
and gives the "Unable to find a valid signature" error. If they
bounce it to the alias that the spam was sent to, all seems to work.
I direct mail through dspam using
http://dspamwiki.expass.de/Installation/Postfix/NealesSetup for the
most part (ie, direct mail to dspam via a pcre user access filter).
However, instead of using his perl script for retraining, I use a
couple of transport aliases:
/-spam\@(.*)$/ dspam-retrain:spam
/-notspam\@(.*)$/ dspam-retrain:innocent
and a master.cf rule:
dspam-retrain unix - n n - - pipe
flags=Rhq user=dspam argv=/usr/local/bin/dspam \
--user $user --class=$nexthop
--source=error
I've seen a couple of posts on the list about this, the most
promising one seemed to be to recompile with --enable-virtual-users.
However this does not seem to have fixed my problem.
The perl script mentioned by Neal probably would fix the problem if I
parsed for the original recipient, but then I have to augment my
selinux policy a lot or pretty much disable selinux to allow enough
functionality for postfix to execute this script.. I really would
like to avoid this. Is there any other option?
"Well", he proffered cautiously, "my sites don't have this problem and
they're using a shared group and retraining dspam as the owner of said
shared group, so no message is ever retrained as the original recipient
and dspam works flawlessly".
For the record, my dspam 3.8.0 (watch out, bits of this won't work for
3.6) configure on FC6 is:
configure \
--prefix=/ \
--sysconfdir=/etc \
--localstatedir=/var \
--enable-shared \
--with-storage-driver=mysql_drv,pgsql_drv,sqlite3_drv,hash_drv \
--with-mysql-includes=/usr/include/mysql \
--with-mysql-libraries=/usr/lib/mysql \
--with-pgsql-includes=/usr/include/pgsql \
--with-pgsql-libraries=/usr/lib \
--with-sqlite3-includes=/usr/include \
--with-sqlite3-libraries=/usr/lib \
--enable-virtual-users \
--enable-homedir \
--with-dspam-owner=nobody \
--with-dspam-group=mail \
--enable-debug \
--enable-daemon \
--enable-preferences-extension
OT interesting that you're one of the few implementing selinux, having
discovered Hitachi's seedit
(http://seedit.sourceforge.net/documentation.html) I'm making a renewed
effort at it, since it's very necessary for high security. How are you
making out?
--Tonni
--
Tony Earnshaw
Email: tonni at hetnet dot nl
