Postfix + DSpam
My objective was to configure postfix to filter ONLY incoming email by DSpam while also allowing specific email addresses to be used as honeypot (inoculation) input to dspam. This does not include general DSpam setup such as mysql settings. This focuses on how I’ve configured DSpam to interface with postfix. I’ve also not outlined the configuration in postfixes
master.cf on the port/code that clients would connect and authenticate on. This would not include the
-o content_filter=dspam:dspam filter option.
- Compile DSpam with daemon option and other flags which fit your environment. This allows us to pipe email back to postfix using smtp.
- Setup the postfix master.cf configuration file to include dspam standard filter, a honeypot, spam and ham dspam entries as well enabling users to forward missed spam back to the system. While were at it we will also include a instance of postfix which will receive the filtered email back from the DSpam agent.
0.0.0.0:25 inet n - n - - smtpd
<sending client port> inet n - n - - smtpd
-o smtpd_use_tls=yes -o smtpd_sasl_auth_enable=yes
127.0.0.1:<incoming port from dspam> inet n - n - - smtpd
dspam unix - n n - 10 pipe
flags=Ru user=dspam argv=/usr/bin/dspam --deliver=innocent --user $recipient -i -f $sender -- $recipient
hspam unix - n n - 10 pipe
flags=Ru user=dspam argv=/usr/bin/dspam --class=spam --source=inoculation --user honeypot --deliver=innocent
spam unix - n n - 10 pipe
flags=Ru user=dspam argv=/usr/bin/dspam --class=spam --source=error --user dspam
notspam unix - n n - 10 pipe
flags=Ru user=dspam argv=/usr/bin/dspam --class=innocent --source=error --user dspam
- Now we need to setup postfix to route specific addresses to the spam/notspam and hspam (inoculation) interfaces.
In postfix main.cf
<missed spam addr>@ktechs.net spam:nothing
<missed ham addr>@ktechs.net notspam:nothing
<a honeypot candidates addr>@ktechs.net hspam:nothing
- We issue a
postmap /etc/postfix/transport_maps_spamsto create our postfix hash db file.
- Add a setting for the honeypot email address in DSpam (likely by MySQL settings table for DSpam) to optout this user. We do this because the email when we first receive it will be filtered though DSpam then looked up in this transport map which will invoke the hspam hop.
- Now we tell DSpam how to deliver back to postfix.
delivery portion of dspam.conf
DeliveryPort <Your delivery port in master.cf>