How to Install and configure spam-filter DSpam (dspam, dspam-web, dovecot-antispam) in CentOS/RHEL 7
Содержание
Installing DSpam
First install the required packages:
$ yum -y install dspam dspam-mysql dspam-web
In CentOS 6 user dspam was created with UID that is less than 500 and there was a problem with the launch of the Web part, so Apache DSpam had to change UID. Now this part is not relevant:
$ usermod -u 597 dspam
$ find /usr -user 497 -exec chown dspam {} \;
$ find /var -user 497 -exec chown dspam {} \;
We will create for DSpam database and a special user in MySQL:
$ mysql -u root -p Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 2639 Server version: 5.5.40-MariaDB MariaDB Server Copyright (c) 2000, 2014, Oracle, Monty Program Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> CREATE DATABASE `%DSpamDB%` DEFAULT CHARACTER SET utf8; Query OK, 1 row affected (0.01 sec) MariaDB [(none)]> CREATE USER '%DSpamUser%'@'localhost' IDENTIFIED BY '%DSpamPassWord%'; Query OK, 0 rows affected (0.10 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON `%DSpamDB%`.* TO '%DSpamUser%'@'localhost'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> \q Bye
Now let’s create the MySQL database required for the tables:
$ cp /usr/share/dspam/sql-scripts/mysql/mysql_objects-4.1.sql /tmp $ sed -i 's/MyISAM/InnoDB/g' /tmp/mysql_objects-4.1.sql $ mysql -u %DSpamUser% -p --database='%DSpamDB%' </tmp/mysql_objects-4.1.sql $ rm -f /tmp/mysql_objects-4.1.sql $ cp /usr/share/dspam/sql-scripts/mysql/virtual_users.sql /tmp $ sed -i 's/MyISAM/InnoDB/g' /tmp/virtual_users.sql $ mysql -u %DSpamUser% -p --database='%DSpamDB%' </tmp/virtual_users.sql $ rm -f /tmp/virtual_users.sql
Let’s agree that here and below instead of %DSpamDB% and %DSpamUser% and %DSpamPassWord% to enter the database name, user name, and password. No percent signs!
Setting up DSpam
$ nano -w /etc/dspam.conf StorageDriver /usr/lib64/dspam/libmysql_drv.so #TrustedDeliveryAgent "/usr/bin/procmail" DeliveryHost 127.0.0.1 DeliveryPort 11025 DeliveryIdent localhost DeliveryProto SMTP Trust postfix Preference "spamAction=deliver" Preference "spamSubject=" Preference "signatureLocation=headers" MySQLServer /var/lib/mysql/mysql.sock #MySQLPort MySQLUser DSpamUser MySQLPass DSpamPassWord MySQLDb DSpamDB MySQLCompress false MySQLReconnect true #PurgeSignatures 14 #PurgeNeutral 90 #PurgeUnused 90 #PurgeHapaxes 30 #PurgeHits1S 15 #PurgeHits1I 15 PurgeSignature off PurgeNeutral 90 PurgeUnused off PurgeHapaxes off PurgeHits1S off PurgeHits1I off ServerPID /var/run/dspam/dspam.pid ServerMode auto ServerParameters "--user dspam --deliver=innocent,spam -d %u" ServerIdent "mail.example.com" ServerDomainSocketPath "/var/run/dspam/dspam.sock" $ chown dspam /etc/dspam.conf
You can now run the DSpam:
$ systemctl enable dspam.service
$ systemctl start dspam.service
$ systemctl status dspam.service
dspam.service - A highly accurate statistical spam filter that uses minimal resources
Loaded: loaded (/usr/lib/systemd/system/dspam.service; enabled)
Active: active (running) since Fri 2014-11-28 01:16:19 MSK; 11s ago
Process: 3517 ExecStart=/usr/bin/dspam --daemon 2>/dev/null (code=exited, status=0/SUCCESS)
Main PID: 3518 (dspam)
CGroup: /system.slice/dspam.service
└─3518 /usr/bin/dspam --daemon 2>/dev/null
Nov 28 01:16:19 example.com dspam[3518]: Daemon process starting
Nov 28 01:16:19 example.com systemd[1]: Started A highly accurate statistical spam filter that uses minimal resources.
Configuring postfix
$ nano -w /etc/postfix/dspam_filter /./ FILTER dspam:unix:/var/run/dspam/dspam.sock $ chcon -u system_u /etc/postfix/dspam_filter $ nano -w /etc/postfix/main.cf smtpd_recipient_restrictions = ... check_recipient_access pcre:/etc/postfix/dspam_filter permit $ nano -w /etc/postfix/master.cf dspam unix - - n - 10 lmtp 127.0.0.1:11025 inet n - n - - smtpd -o smtpd_authorized_xforward_hosts=127.0.0.0/8 -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o receive_override_options=no_unknown_recipient_checks
Configure SELinux for DSpam and Postfix
$ semanage port -a -t smtp_port_t -p tcp 11025
$ nano -w dspam-postfix.te
module dspam-postfix 2.3;
require {
type dspam_var_run_t;
type smtp_port_t;
type postfix_smtp_t;
type dspam_t;
class sock_file write;
class unix_stream_socket connectto;
class dir search;
class tcp_socket name_connect;
}
#============= dspam_t ==============
allow dspam_t smtp_port_t:tcp_socket name_connect;
#============= postfix_smtp_t ==============
allow postfix_smtp_t dspam_t:unix_stream_socket connectto;
allow postfix_smtp_t dspam_var_run_t:dir search;
allow postfix_smtp_t dspam_var_run_t:sock_file write;
$ checkmodule -M -m dspam-postfix.te -o dspam-postfix.mod
checkmodule: loading policy configuration from dspam-postfix.te
checkmodule: policy configuration loaded
checkmodule: writing binary representation (version 17) to dspam-postfix.mod
$ semodule_package -m dspam-postfix.mod -o dspam-postfix.pp
$ semodule -i dspam-postfix.pp
$ rm -f dspam-postfix.{mod,pp}
When SELinux is appropriately configured to link postfix and DSpam – postfix can be restarted:
$ systemctl restart postfix
Configuration of fetchmail
Configure fetchmail in order to have it adopted by the post office has been using DSpam:
Variant 1 (easier)
$ nano -w /usr/lib/fetchmail/fetchmail.pl
# $cmd.=" mda ".$mda if ($mda);
$cmd.=" mda \"/usr/bin/dspam --user dspam --deliver=innocent --rcpt-to ${mailbox}\"";
# $cmd.=" is '${mailbox}' here";
Variant 2 (correct):
In the fetchmail configuration, in PostfixAdmin need to write the next mda:
"/usr/bin/dspam --user dspam --deliver=innocent --rcpt-to ${mailbox}"
just so, with the quotation marks. Keep in mind, should be corrected so PostfixAdmin as described in this article, otherwise it would be wrong to record values PostfixAdmin MDA in a MySQL database.
Configuring Apache and DSpam-web
$ nano -w /etc/httpd/conf.d/dspam-web.conf
Listen 8443 https
<VirtualHost *:8443>
ServerAdmin postmaster@example.com
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCertificateFile /etc/pki/tls/certs/mail.example.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/mail.example.com.key
SSLCertificateChainFile /etc/pki/tls/certs/sub.class1.server.ca.pem
...
</VirtualHost>
$ nano -w /var/www/dspam/configure.pl
$CONFIG{'LOCAL_DOMAIN'} = "example.com";
$ htpasswd -c /var/www/dspam-passwd dspam
$ chcon -u system_u /var/www/dspam-passwd
$ chown root:apache /var/www/dspam-passwd
$ chmod 0640 /var/www/dspam-passwd
$ firewall-cmd --permanent --zone=public --add-port=8443/tcp
$ firewall-cmd --reload
Configure SELinux for DSpam-web and Apache
$ nano -w dspam-httpd.te
module dspam-httpd 2.3;
require {
type httpd_dspam_script_t;
type passwd_file_t;
type dspam_var_lib_t;
class file { read getattr open append };
}
#============= httpd_dspam_script_t ==============
allow httpd_dspam_script_t dspam_var_lib_t:file append;
allow httpd_dspam_script_t passwd_file_t:file { read getattr open };
$ checkmodule -M -m dspam-httpd.te -o dspam-httpd.mod
checkmodule: loading policy configuration from dspam-httpd.te
checkmodule: policy configuration loaded
checkmodule: writing binary representation (version 17) to dspam-httpd.mod
$ semodule_package -m dspam-httpd.mod -o dspam-httpd.pp
$ semodule -i dspam-httpd.pp
$ rm -f dspam-httpd.{mod,pp}
Restart Apache:
$ systemctl reload httpd.service
You can now open the browser the link https://mail.example.com:8443/ to access the DSpam-web.
Configuring Dovecot
For Dovecot mail with spam in the Spam folder, put the need to do the following:
$ mkdir /var/spool/mail/example.com/username.sieve/
$ touch /var/spool/mail/example.com/username.sieve/roundcube.sive
$ ln -s roundcube.sieve /var/spool/mail/example.com/username.sieve/.dovecot.sieve
$ chown mail:mail /var/spool/mail/example.com/username.sieve/ -R
$ chcon -u system_u /var/spool/mail/example.com/username.sieve/ -R
$ chmod 0700 /var/spool/mail/example.com/username.sieve/
$ nano -w /var/spool/mail/example.com/username.sieve/roundcube.sive
## Generated by Roundcube Webmail SieveRules Plugin ##
require ["regex","body","imap4flags","fileinto","subaddress"];
# rule:[Удаляем безвозвратно...]
if anyof (address :is "From" "VIAGRA",
header :contains "Subject" "VIAGRA")
{
discard;
stop;
}
# rule:[.Spam]
elsif allof (header :contains "X-DSPAM-Result" "SPAM",
not header :contains "X-DSPAM-Reclassified" "Innocent")
{
setflag "\\Seen";
fileinto "Spam";
stop;
}
Thus all messages where the subject (or the author) is the word VIAGRA will be automatically deleted. And those letters DSpam has marked as Spam will be marked as read and go to the folder Spam. Keep in mind, Dovecot must be configured as described in this article.
But, as you know, in some cases, spam emails are not detected as Spam, and some letters, in contrast, are marked as spam by mistake. In such cases, it is necessary to say that there is DSpam letter, for example, don’t spam, and here it is, on the contrary the spam. Need it for self-study DSpam.
Mark erroneous emails as spam/non-spam in web-interface DSpam, but it is a complicated option, we will set up easier.
dovecot-antispam plugin installation
For Dovecot has a special plugin, which will monitor the movement of messages in the mailbox and if necessary pass them on training DSpam. For example, if you pull out from the Spam folder (except for the cases when these letters put in a basket), this letter is DSpam with words is not a spam. And if on the contrary, put in the Spam folder, the email is passed to the DSpam with words is spam!
Plugin that provides the desired functionality in CentOS repositories is absend, so gather it and install from source. To do this, do the following:
$ yum -y install gcc automake autoconf $ yum -y install openssl-devel $ yum -y install dovecot-devel $ cd /usr/local/src $ wget http://dl.atrpms.net/all/dovecot-devel-2.2.10-1_14.el7.x86_64.rpm $ rpm -ivh --nodeps dovecot-devel-2.2.10-1_14.el7.x86_64.rpm $ wget http://hg.dovecot.org/dovecot-antispam-plugin/archive/tip.tar.gz -O dovecot-antispam.tar.gz $ tar zxvf dovecot-antispam.tar.gz $ cd dovecot-antispam-plugin-*/ $ ./autogen.sh $ ./configure --prefix=/usr --with-dovecot=/usr/lib64/dovecot $ sed -i 's/copying_via_save/copying/g' src/mailbox.c $ make install $ cd ../ $ rm -rf dovecot-antispam-plugin-*/
In CentOS 6 package dovecot-devel is in EPEL repository, so there was no need for it to download from atrpms.net. In CentOS 7 at the time of this writing, this package in EPEL repository has not been, so if the command yum -y install dovecot-devel error – download the package and install manually. And if the package is installed from the repository – download and install it manually will not need to.
If, at the time the command make install, we will see the following errors:
signature-log.c: In function ‘signature_log_transaction_begin’: signature-log.c:122: error: too many arguments to function ‘dict_init’ Failed to compile signature-log.c (plugin)! make[3]: *** [signature-log.plugin.o] Error 1 make[2]: *** [all] Error 2 make[1]: *** [src] Error 2 make: *** [all] Error 2
you will need to do the following:
$ nano -w src/signature-log.c
change strings:
if (dict_init(cfg->dict_uri, DICT_DATA_TYPE_STRING, cfg->dict_user,
cfg->base_dir, &sltc->dict, NULL))
to the strings:
sltc->dict =
dict_init(cfg->dict_uri, DICT_DATA_TYPE_STRING, cfg->dict_user,
cfg->base_dir);
if (sltc->dict == NULL)
$ make install
$ cd ../
$ rm -rf dovecot-antispam-plugin-*/
If there is no error messages – then everything is OK.
Now write the compiled and installed the plugin in settings of dovecot:
$ nano -w /etc/dovecot/conf.d/90-plugin.conf
plugin {
antispam_backend = dspam
antispam_spam = Spam
antispam_trash = Trash
antispam_unsure = Trash
antispam_dspam_binary = "/usr/bin/dspam"
antispam_dspam_args = "--user;dspam;--source=error;--signature=%%s;-d;%u"
antispam_signature = X-DSPAM-Signature
}
$ nano -w /etc/dovecot/conf.d/20-imap.conf
mail_plugins = $mail_plugins antispam
Configure SELinux for dovecot-antispam plugin
$ nano -w dspam-dovecot.te
module dspam-dovecot 2.20;
require {
type dovecot_t;
type dovecot_deliver_t;
type dspam_exec_t;
type dspam_var_lib_t;
type httpd_dspam_rw_content_t;
type mysqld_t;
type mysqld_db_t;
type mysqld_var_run_t;
type usr_t;
type var_t;
type var_lib_t;
type cron_var_lib_t;
class dir { search getattr };
class file { lock rename read create append write getattr link unlink open execute execute_no_trans };
class process signull;
class sock_file write;
class unix_stream_socket connectto;
}
allow dovecot_deliver_t var_t:file { rename read create write getattr link unlink open };
allow dovecot_deliver_t self:process signull;
allow dovecot_t dovecot_deliver_t:process signull;
allow dovecot_t dspam_exec_t:file { read open execute execute_no_trans };
allow dovecot_t dspam_var_lib_t:dir { search getattr };
allow dovecot_t dspam_var_lib_t:file { lock read getattr open append write };
allow dovecot_t httpd_dspam_rw_content_t:dir { search getattr };
allow dovecot_t httpd_dspam_rw_content_t:file { lock read getattr open append write };
allow dovecot_t mysqld_t:unix_stream_socket connectto;
allow dovecot_t mysqld_db_t:dir search;
allow dovecot_t mysqld_var_run_t:sock_file write;
allow dovecot_t usr_t:file { read getattr open };
allow dovecot_t var_lib_t:file { lock read getattr open append write };
allow dovecot_t cron_var_lib_t:file { lock getattr open append };
$ checkmodule -M -m dspam-dovecot.te -o dspam-dovecot.mod
checkmodule: loading policy configuration from dspam-dovecot.te
checkmodule: policy configuration loaded
checkmodule: writing binary representation (version 17) to dspam-dovecot.mod
$ semodule_package -m dspam-dovecot.mod -o dspam-dovecot.pp
$ semodule -i dspam-dovecot.pp
$ rm -f dspam-dovecot.{mod,pp}
After configuring the plugin, restart the dovecot:
$ systemctl restart dovecot
$ systemctl status dovecot
dovecot.service - Dovecot IMAP/POP3 email server
Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled)
Active: active (running) since Sat 2014-11-29 02:12:50 MSK; 4s ago
Process: 32357 ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/SUCCESS)
Main PID: 32361 (dovecot)
CGroup: /system.slice/dovecot.service
├─32361 /usr/sbin/dovecot -F
├─32364 dovecot/anvil
├─32365 dovecot/log
└─32367 dovecot/config
Nov 29 02:12:50 example.com systemd[1]: Started Dovecot IMAP/POP3 email server.
Nov 29 02:12:51 example.com dovecot[32361]: master: Dovecot v2.2.10 starting up for imap, sieve (core dumps disabled)
We can try to put the letter in the Spam folder and view in the Web interface if the status has changed, the DSpam this letter in the “history” tab.
You can also view errors in SELinux:
$ cat /var/log/audit/audit.log | grep -e "dspam|dovecot" | grep AVC | ausearch -i
If there are no errors, and the status message in the Web interface changes is DSpam we have configured everything correctly.
Update from 2016-01-18
During the next update CentOS, refused to update dovecot packages:
mail:~# yum -y update
Loaded plugins: changelog, fastestmirror
Loading mirror speeds from cached hostfile
* base: centos.schlundtech.de
* epel: fedora.uib.no
* extras: ftp-stud.fht-esslingen.de
* updates: mirror.ratiokontakt.de
Resolving Dependencies
--> Running transaction check
---> Package dovecot.x86_64 1:2.2.10-4.el7_0.1 will be updated
---> Package dovecot.x86_64 1:2.2.10-5.el7 will be an update
---> Package dovecot-mysql.x86_64 1:2.2.10-4.el7_0.1 will be updated
---> Package dovecot-mysql.x86_64 1:2.2.10-5.el7 will be an update
---> Package dovecot-pigeonhole.x86_64 1:2.2.10-4.el7_0.1 will be updated
---> Package dovecot-pigeonhole.x86_64 1:2.2.10-5.el7 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
=============================================================================
Package Arch Version Repository Size
=============================================================================
Updating:
dovecot x86_64 1:2.2.10-5.el7 base 3.2 M
dovecot-mysql x86_64 1:2.2.10-5.el7 base 65 k
dovecot-pigeonhole x86_64 1:2.2.10-5.el7 base 303 k
Transaction Summary
=============================================================================
Upgrade 3 Packages
Total size: 3.5 M
Downloading packages:
Running transaction check
ERROR with transaction check vs depsolve:
dovecot = 1:2.2.10-1_14.el7 is needed by (installed) dovecot-devel-1:2.2.10-1_14.el7.x86_64
** Found 1 pre-existing rpmdb problem(s), 'yum check' output follows:
1:dovecot-devel-2.2.10-1_14.el7.x86_64 has missing requires of dovecot = ('1', '2.2.10', '1_14.el7')
Your transaction was saved, rerun it with:
yum load-transaction /tmp/yum_save_tx.2016-01-18.09-35.YDfLDF.yumtx
yum we offer run yum check, Ok, let’s try it:
mail:~# yum check
Loaded plugins: changelog, fastestmirror
1:dovecot-devel-2.2.10-1_14.el7.x86_64 has missing requires of dovecot = ('1', '2.2.10', '1_14.el7')
Error: check all
Expected did not help. Okay, remove the package that prevents us from original, upgrade packages, and then again install dovecot-devel.
mail:~# yum -y remove dovecot-devel.x86_64 Loaded plugins: changelog, fastestmirror Resolving Dependencies --> Running transaction check ---> Package dovecot-devel.x86_64 1:2.2.10-1_14.el7 will be erased --> Finished Dependency Resolution Dependencies Resolved ============================================================================= Package Arch Version Repository Size ============================================================================= Removing: dovecot-devel x86_64 1:2.2.10-1_14.el7 installed 906 k Transaction Summary ============================================================================= Remove 1 Package Installed size: 906 k Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Erasing : 1:dovecot-devel-2.2.10-1_14.el7.x86_64 1/1 Verifying : 1:dovecot-devel-2.2.10-1_14.el7.x86_64 1/1 Removed: dovecot-devel.x86_64 1:2.2.10-1_14.el7 Complete! mail:~# yum -y update Loaded plugins: changelog, fastestmirror Loading mirror speeds from cached hostfile * base: centos.schlundtech.de * epel: fedora.uib.no * extras: ftp-stud.fht-esslingen.de * updates: centos.copahost.com Resolving Dependencies --> Running transaction check ---> Package dovecot.x86_64 1:2.2.10-4.el7_0.1 will be updated ---> Package dovecot.x86_64 1:2.2.10-5.el7 will be an update ---> Package dovecot-mysql.x86_64 1:2.2.10-4.el7_0.1 will be updated ---> Package dovecot-mysql.x86_64 1:2.2.10-5.el7 will be an update ---> Package dovecot-pigeonhole.x86_64 1:2.2.10-4.el7_0.1 will be updated ---> Package dovecot-pigeonhole.x86_64 1:2.2.10-5.el7 will be an update --> Finished Dependency Resolution Dependencies Resolved ============================================================================= Package Arch Version Repository Size ============================================================================= Updating: dovecot x86_64 1:2.2.10-5.el7 base 3.2 M dovecot-mysql x86_64 1:2.2.10-5.el7 base 65 k dovecot-pigeonhole x86_64 1:2.2.10-5.el7 base 303 k Transaction Summary ============================================================================= Upgrade 3 Packages Total size: 3.5 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Updating : 1:dovecot-2.2.10-5.el7.x86_64 1/6 Updating : 1:dovecot-pigeonhole-2.2.10-5.el7.x86_64 2/6 Updating : 1:dovecot-mysql-2.2.10-5.el7.x86_64 3/6 Cleanup : 1:dovecot-mysql-2.2.10-4.el7_0.1.x86_64 4/6 Cleanup : 1:dovecot-pigeonhole-2.2.10-4.el7_0.1.x86_64 5/6 Cleanup : 1:dovecot-2.2.10-4.el7_0.1.x86_64 6/6 Verifying : 1:dovecot-pigeonhole-2.2.10-5.el7.x86_64 1/6 Verifying : 1:dovecot-2.2.10-5.el7.x86_64 2/6 Verifying : 1:dovecot-mysql-2.2.10-5.el7.x86_64 3/6 Verifying : 1:dovecot-mysql-2.2.10-4.el7_0.1.x86_64 4/6 Verifying : 1:dovecot-2.2.10-4.el7_0.1.x86_64 5/6 Verifying : 1:dovecot-pigeonhole-2.2.10-4.el7_0.1.x86_64 6/6 Updated: dovecot.x86_64 1:2.2.10-5.el7 dovecot-mysql.x86_64 1:2.2.10-5.el7 dovecot-pigeonhole.x86_64 1:2.2.10-5.el7 Complete! mail:~# cd /usr/local/src mail:/usr/local/src# wget http://dl.atrpms.net/all/dovecot-devel-2.2.10-1_14.el7.x86_64.rpm mail:/usr/local/src# rpm -ivh --nodeps dovecot-devel-2.2.10-1_14.el7.x86_64.rpm warning: dovecot-devel-2.2.10-1_14.el7.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 66534c2b: NOKEY Preparing... ################################# [100%] Updating / installing... 1:dovecot-devel-1:2.2.10-1_14.el7 ################################# [100%]
Upgraded. 🙂
Bezaleel Ramos
26.09.2015 - 23:13
Hello,
Nice tutorial.
I’m with problem in start dspam:
Sep 27 01:38:20 dspam01 dspam: /usr/bin/dspam: symbol lookup error: /usr/bin/dspam: undefined symbol: external_lookup
Sep 27 01:38:20 dspam01 systemd: dspam.service: control process exited, code=exited status=127
Sep 27 01:38:20 dspam01 systemd: Failed to start A highly accurate statistical spam filter that uses minimal resources.
Sep 27 01:38:20 dspam01 systemd: Unit dspam.service entered failed state.
Sep 27 01:38:37 dspam01 auditd[579]: Audit daemon rotating log files