Re: [dspam-users] Virtual user problems with retraining on Postfix

Mon, 30 Apr 2007 23:13:03 -0700 

Dan Mensom skrev, on 01-05-2007 04:15:
"Well", he proffered cautiously, "my sites don't have this problem and they're using a shared group and retraining dspam as the owner of said shared group, so no message is ever retrained as the original recipient and dspam works flawlessly". 

Hrmm, so I'm confused, you mean all your users share the same training
data?


Yes.


How do you deliver to dspam in this case? --user nobody?



My sites (home/test and a high school in Amsterdam with around 350 
active mail users out of 1150+ people) use a shared group. This is from 
my home machine (the domain is leerlingen, the machine's name is tru).


leerlingen:shared:[EMAIL PROTECTED]

School's (the domain is barlaeus.nl, users are [EMAIL PROTECTED]).

barlaeus:shared:*barlaeus.nl

Both work fine.


My users don't use the GUI, maildrop filters mail to their IMAP INBOX, 
dspam-adjudged spam to their IMAP quarantine folder. They move 
wrongly-adjudged messages (both spam and innocent - i.e. false 
positives) to a rejudge folder and a cron script gives it to dspam for 
retraining every hour. The retrain-user is the group user, barlaeus.



Although the DB only has a single user, there's enough data in each 
message to make sure that every individual user is judged separately; it 
works very well, there are very few false positives and the results are 
very satisfactory:


1029 [root:mercurius.intern] /etc/cron.hourly # dspam_stats -H barlaeus
barlaeus:
                TP True Positives:          17246
                TN True Negatives:          97652
                FP False Positives:           434
                FN False Negatives:           386
                SC Spam Corpusfed:           3415
                NC Nonspam Corpusfed:        3002
                TL Training Left:               0
                SHR Spam Hit Rate          97.81%
                HSR Ham Strike Rate:        0.44%
                OCA Overall Accuracy:      99.29%


Using a shared group cuts down the DB size, the InnoBASE data file is 
around 1.6 GB.



Do you use
postfix, btw?


Both sites are using Postfix 2.4.


Mind pasting your relevant MTA config lines?



Postfix doesn't have much to do with dspam; dspam runs as a daemon, an 
smtpd listener passes to dspam as part of a pre-queue content filter via 
lmtp, dspam (3.8/MySQL) processes and passes back to the last listener 
and Postfix sends to Courier maildrop via a pipe:



1st smtpd listener -> amavisd-new/ClamAV/Sophos/BitDefender -> second 
smtpd listener, 2nd listener (sorry for line wrapping):


:10025    inet            n       -       n       -       100     smtpd
        -o content_filter=lmtp:[127.0.0.1]:24
        -o lmtp_send_xforward_command=yes
        -o lmtp_destination_concurrency_limit=5
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_error_sleep_time=0
        -o smtpd_recipient_restrictions=permit_mynetworks,reject

        -o 
receive_override_options=no_unknown_recipient_checks,no_header_body_checks

        -o disable_mime_output_conversion=yes

:10026     inet            n       -       n       -       100     smtpd
        -o content_filter=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_error_sleep_time=0
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o receive_override_options=no_unknown_recipient_checks
        -o smtpd_milters=inet:localhost:10004
        -o milter_default_action=tempfail
        -o disable_mime_output_conversion=yes

maildrop   unix            -       n       n       -       -       pipe
        flags=DRhu user=vmail
${recipient} ${extension} ${user} ${nexthop}

        argv=/usr/bin/maildrop -w 80 -d ${user} ${sender} ${recipient} 
${extension} ${user}


[...]


How is DSPAM 3.8.0? Any major issues? I was a bit leary trying a .0
release.



In fact, 3.8 should have been 3.6.9 with bugfixes to 3.6.8, but Jonz 
decided on a new version. It's very good and makes my FC6 rpm spec much 
easier to write for use by all and sundry :)



OT interesting that you're one of the few implementing selinux, having 
discovered Hitachi's seedit 
(http://seedit.sourceforge.net/documentation.html) I'm making a renewed 
effort at it, since it's very necessary for high security. How are you 
making out?


I use CentOS5's semanage, audit2allow -M and module based policies (see
the RHEL5 manuals for more info). It's not too bad to tune stuff to work,
especially if you tune with setenforce 0. I keep all my daemon's policy
tweaks in separate directories and add to them as needed. However, it does
limit you from doing stuff like executing shell scripts and such from
programs (I have a similar problem with dovecot and script execution).
Obviously allowing shell execution out of the question since shell
spawning is typically the first thing an exploit will do...


Thanks, interesting.

Best,

--Tonni

--
Tony Earnshaw
Email: tonni at hetnet dot nl






















					Reply via email to