Home > Server Software > Postfix + DSpam

Postfix + DSpam

January 24th, 2009

My objective was to configure postfix to filter ONLY incoming email by DSpam while also allowing specific email addresses to be used as honeypot (inoculation) input to dspam. This does not include general DSpam setup such as mysql settings. This focuses on how I’ve configured DSpam to interface with postfix. I’ve also not outlined the configuration in postfixes master.cf on the port/code that clients would connect and authenticate on. This would not include the -o content_filter=dspam:dspam filter option.

  1. Compile DSpam with daemon option and other flags which fit your environment. This allows us to pipe email back to postfix using smtp.
  2. Setup the postfix master.cf configuration file to include dspam standard filter, a honeypot, spam and ham dspam entries as well enabling users to forward missed spam back to the system. While were at it we will also include a instance of postfix which will receive the filtered email back from the DSpam agent.

Postfix: master.cf

0.0.0.0:25 inet n - n - - smtpd
-o content_filter=dspam:dspam

<sending client port> inet n - n - - smtpd
-o smtpd_use_tls=yes -o smtpd_sasl_auth_enable=yes

127.0.0.1:<incoming port from dspam> inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks

dspam unix - n n - 10 pipe
flags=Ru user=dspam argv=/usr/bin/dspam --deliver=innocent --user $recipient -i -f $sender -- $recipient

hspam unix - n n - 10 pipe
flags=Ru user=dspam argv=/usr/bin/dspam --class=spam --source=inoculation --user honeypot --deliver=innocent

spam unix - n n - 10 pipe
flags=Ru user=dspam argv=/usr/bin/dspam --class=spam --source=error --user dspam

notspam unix - n n - 10 pipe
flags=Ru user=dspam argv=/usr/bin/dspam --class=innocent --source=error --user dspam

  1. Now we need to setup postfix to route specific addresses to the spam/notspam and hspam (inoculation) interfaces.

In postfix main.cf

hash:/etc/postfix/transport_maps_spams

In transport_maps_spams

<missed spam addr>@ktechs.net spam:nothing
<missed ham addr>@ktechs.net notspam:nothing
<a honeypot candidates addr>@ktechs.net hspam:nothing

  1. We issue a postmap /etc/postfix/transport_maps_spams to create our postfix hash db file.
  2. Add a setting for the honeypot email address in DSpam (likely by MySQL settings table for DSpam) to optout this user. We do this because the email when we first receive it will be filtered though DSpam then looked up in this transport map which will invoke the hspam hop.
  3. Now we tell DSpam how to deliver back to postfix.

delivery portion of dspam.conf

DeliveryHost 127.0.0.1
DeliveryPort <Your delivery port in master.cf>
DeliveryIdent localhost
DeliveryProto SMTP

Categories: Server Software Tags: , ,
Comments are closed.