This was made from the top of my head, but i hope it can be of help to
someone.
I'll be correcting this doc in the next days.
Regards,
Hugo Monteiro.
--
ci.fct.unl.pt:~# cat .signature
Hugo Monteiro
Email : [EMAIL PROTECTED]
Telefone : +351 212948300 Ext.15307
Centro de Informática
Faculdade de Ciências e Tecnologia da
Universidade Nova de Lisboa
Quinta da Torre 2829-516 Caparica Portugal
Telefone: +351 212948596 Fax: +351 212948548
www.ci.fct.unl.pt [EMAIL PROTECTED]
ci.fct.unl.pt:~# _
The information in this document was written primarily for personal use, but is
made available under the terms of the GNU Free Documentation License in the
possibility that it may be considered usefull to others, without any warranty
whatsoever.
Basically, this has worked for me, it may work for you or not. I cannot be held
responsible for any data loss, system crash, or false hopes of any kind. YOU
HAVE BEEN WARNED!
This is a setup that has been working for some months now. I cannot say that it
worked just fine from day one, but the problems so far have been due to under
dimensioned hardware. I'll get to that during the text. The system is a bit
more complex than what's stated here, but the essential part can be described
as two frontend MX boxes and a backend server, where the users inboxes are
stored.
Software used was:
Qmail-LDAP stuff was
qmail-1.03 (stock qmail)
qmail-ldap-1.03-20060201 patch (LDAP support)
qmail-ldap-queue-custom-error (provided with simscan?)
qmail-ldap-1.03-20060201-greetdelay-0.3 (Greetdelay support)
qmail-ldap-1.03-20060201-envelope-scan-0.5 (Greylisting and/or basic
SMTPD ACL Policy support)
Simscan stuff was
simscan-1.3.1 (stock simscan from inter7)
simscan-dspam-quarantine-v0.3.patch (patch to make DSPAM internal
quarantine to work nice with simscan, plus some other things)
DSPAM stuff was
DSPAM-3.6.8 - Already have a test setup running 3.8.0, very similar
setup, small patch difference.
dspam-3.6.8-external_lookup-0.8.1 patch (To allow mail address/mail
alias matching, DSPAM profile creation enforcing and custom DSPAM username
definition)
This all was set up in a Debian Sarge system, and using Debians DSPAM source
package. Although i have not verified running a stock DSPAM with the patch
myself, i can although state that the patch applies cleanly and the software
compiles the same way as the package source. So if using stock DSPAM, with the
available documentation, it should work.
The install - short and ugly
daemontools:
$ sudo apt-get install daemontools-installer
$ sudo build-daemontools
(just answer the questions - you know the drill - and in the end, daemontools
should be running.)
ucspi-tcp, aka tcpserver:
$ apt-get install ucspi-tcp-src
(now you'll need two consoles, one to run the ucspi-tcp build and another to
apply the patch)
#1 $ ls
ucspi-tcp-ssl-20050405.patch.gz
#2 $ sudo build-ucspi-tcp
(it will ask you for a build temp dir and after it will ask you to press enter
to start the build. Don't press enter just now. Switch to console #1 to apply
the patch)
#1 $ cd /tmp/ucspi-tcp/ucspi-tcp-0.88
#1 $ zcat /path/to/ucspi-tcp-ssl-20050405.patch.gz | patch -p0
(nevermind the last reject, since debian package already has the errno.h patch)
#2 $ (hit enter and follow the instructions. You should end up with an
installed ucspi-tcp package)
Qmail:
$ ls
qmail-1.03.tar.gz
qmail-ldap-1.03-20060201.patch.gz
qmail-ldap-1.03-20060201-envelope-scan-0.5.patch
qmail-ldap-queue-custom-error.patch.bz2
qmail-ldap-1.03-20060201-greetdelay-0.3.patch
$ tar zxf qmail-1.03.tar.gz
$ zcat qmail-ldap-1.03-20060201.patch.gz | patch -p0
$ cd qmail-1.03
$ cat ../qmail-ldap-1.03-20060201-envelope-scan-0.5.patch | patch -p1
$ bzcat ../qmail-ldap-queue-custom-error.patch.bz2 | patch -p1
$ cat ../qmail-ldap-1.03-20060201-greetdelay-0.3.patch | patch -p1
(All the patches are fairly independant and there shouldn't be any problem
applying them in any different order, with exception for the qmail-ldap patch,
of course. That has to be the first one!)
Now, edit the Makefile, using the qmail-ldap docs available. The new stuff can
be looked up in two readme files, README.ENVELOPE_SCAN and README.GREETDELAY.
$ sudo make setup check
(you should have qmail installed in /var/qmail right now)
Simscan:
$ ls
simscan-1.3.1.tar.gz simscan-dspam-quarantine-v0.3.patch
$ tar zxf simscan-1.3.1.tar.gz
$ cd simscan-1.3.1
$ cat ../simscan-dspam-quarantine-v0.3.patch | patch -p1
(now build, check simscan options and documentation, these were my choices)
$ ./configure --enable-regex=y --enable-spam-passthru=y --enable-user=clamav
--enable-custom-smtp-reject=y --enable-received=y
--enable-ripmime=/usr/bin/ripmime --enable-dspam=y --enable-per-domain=y
--enable-dspam-path=/usr/bin/dspam --enable-attach=y --enable-clamav=y
--enable-clamdscan=/usr/bin/clamdscan --enable-clamavdb-path=/var/lib/clamav
--enable-dspam-user=y --enable-dspam-args="--client --deliver=innocent"
$ make
$ sudo make install
(you should have simscan installed in /var/qmail right now)
DSPAM:
(I used etch sources list)
$ apt-get source dspam
$ ls
dspam-3.6.8 dspam_3.6.8-5.diff.gz dspam_3.6.8-5.dsc
dspam-3.6.8-external_lookup-0.8.1.patch dspam_3.6.8.orig.tar.gz
$ cat dspam-3.6.8-external_lookup-0.8.1.patch | patch -p0
$ cd dspam-3.6.8
$ ls
dspam-3.6.8 dspam_3.6.8-5.diff.gz dspam_3.6.8-5.dsc
dspam-3.6.8-external_lookup-0.8.1.patch dspam_3.6.8.orig.tar.gz
$ fakeroot dpkg-buildpackage
$ sudo dpkg -i ../dspam_3.6.8-5_i386.deb ../libdspam7_3.6.8-5_i386.deb
../libdspam7-drv-mysql_3.6.8-5_i386.deb ../dspam-webfrontend_3.6.8-5_all.deb
(i chose to use the MySQL backend driver)
Configuration:
(Here i focus only on the qmail-ldap specific stuff, and the aspects regarding
my own patches, where relevant.)
Qmail-ldap:
$ cd /var/qmail/control
... and do all your "qmail-ldap thing" configuration
edit /var/qmail/control/qmail-smtpd.rules and set something like
:allow,NOPBS="",RCPTCHECK="",QMAILQUEUE="/var/qmail/bin/simscan",NOP0FCHECK="1",SIMSCAN_DEBUG="3",ENVELOPE_SCANNER="/var/qmail/bin/qmail-smtpdpol",POLICYD_SERVER="localhost",POLICYD_PORT="10031",DEBUG="",GRTDELAY="10",DROP_PRE_GREET="1"
That line also has greetdelay and smtp acl policy stuff. The DSPAM relevant
variable is only QMAILQUEUE="/var/qmail/bin/simscan". NOP0FCHECK="1" is to
disable p0f checking in simscan, and SIMSCAN_DEBUG="3" is for debugging
purposes.
Simscan:
create your /var/qmail/control/simcontrol file with the following content
:spam=yes,clam=yes,spam_passthru=yes
This will enable DSPAM classification, for all domains, allowing SPAM delivery.
If you wish to use quarantine, you can set up global/user preferences in DSPAM
itself. ClamAV will also be used to scan for viroses.
run simcontrolmk
$ /var/qmail/bin/simcontrolmk
$ /var/qmail/bin/simcontrolmk -g
DSPAM:
The relevant part, which is not covered by default docs is the External Lookup
stuff and qmail-ldap integration itself. Those are:
ExtLookup on
ExtLookupMode map
ExtLookupDriver ldap
ExtLookupServer localhost # Can either be a database
hostname or the full path to the executable
# and its arguments like
# ExtLookupServer "/usr/local/bin/ldap-lookup.sh %u"
ExtLookupPort 389 # Desired port when using any
direct database backend. ExtLookupDriver
# set to 'program' will disregard this setting.
ExtLookupDB "dc=domain,dc=com" # Can either be an LDAP search base or
a database name (MySQL, etc) - Only LDAP
# is currently available.
ExtLookupQuery
"(&(objectClass=qmailUser)(|(mail=%u)(mailAlternateAddress=%u)(uid=%u)))
# Can either be an LDAP search filter or an SQL query (SQL in the future
perhaps)
ExtLookupLDAPAttribute "uid" # Attribute to be used when
ExtLookupDriver is 'ldap' and ExtLookupMode
# 'map' or 'strict'
ExtLookupLDAPScope sub # Can be set to 'sub'
or 'one'. Only used when ExtLookupDriver is 'ldap'.
#ExtLookupLogin "cn=ldapop,dc=domain,dc=com" # Login to be used when
connecting to any direct database backend.
# ExtLookupDriver set to 'program' will disregard this
setting.
#ExtLookupPassword verysecretword # Password to use with
ExtLookupLogin.
#ExtLookupLDAPVersion 2 # LDAP protocol to use.
Defaults to 3.
#ExtLookupCrypto tls # Set the use
of SSL when using any direct database backend.
# Accepted values are 'on', 'off' or 'tls'.
The above settings are for the External Lookup part.
For qmail integration, all that's missing is to allow qmaild to call DSPAM. Do
that with
Trust qmaild
Fire up everything, and you should now have a qmail-ldap install with DSPAM
integration.
VERY IMPORTANT: The above info does not replace in any way each component own
documentation, so i STRONGLY recommend that you read the docs provided with
each piece of the used software. Also, this doc was made in "off line" mode,
i.e., i did not preform an install, and the information although minimaly
checked, is based on what still lived in my head. I wouldn't be surprised if i
forgot something, so feel free to correct me if i neglected anything.
Any sugestions or thoughts, post to [EMAIL PROTECTED] please.
Regards,
Hugo.
