Проблема:
Почта приходит на сервер где стоит Exim 4.69 и Dspam 3.4.8-как LDA и при оценки dspamom как SPAM не попадает в карантин зараза а кладется в папку юзеру (кстати для аудита с письмами исполюзуется Courier)
Сам думаю:
Ну судя по тому шо через exim и dspam письма как-никак проходят и более того фильтр обучается и заполняет Mysql токенами и виртуальными uid делаю вывод что косяк где-то в роутерах или транспортах. Толи последовательность не та шо надо, толи сами они (роутеры и транспорты) с какой-то ошибкой написаны. Голову ломаю нимогу понять все излазил вроде у людей кто собирал по http://www.samag.ru/cgi-bin/go.pl?q=art ... .2006;a=03 этой статье тоже траблы с карантином. Я конечно понимаю шо надо самому башкой варить и собственными силами все это делать но нахрена тогда писать статьи с нереальными опечатками и ошибками. Как тока разберуся с проблемой (надеюсь на помощь ) сразу тут забабахаю статью про то как ставить почтовый сервер. Чтоб народ ctrl+C и ctrl+V тока сделал и все настроил.
Да кстати вот еще что: Если поставить юзеру настройку Tag то при оценке письма как SPAM оно тегируется!!
Конфиги:
1.Exim
Код: Выделить всё
begin routers
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup mysql{SELECT recipients FROM aliases \
WHERE local_part='${local_part}' AND domain='${domain}'}}
dspam_addspam:
driver = accept
expn = false
domains = +local_domains
local_parts = spam
transport = addspam
headers_add = "X-DSPAM-REPORT: Missclassified"
dspam_falsepositive:
driver = accept
expn = false
domains = +local_domains
local_parts = ham:nospam
transport = falsepositive
headers_add = "X-DSPAM-REPORT: Falsepositive"
spamscan_router:
no_verify
headers_remove = X-FILTER-SPAM : X-Spam-Score : X-Spam-Score-Gate : X-Spam-Report : X-Spam-Gate-Subject : X-Spam-Flag : X-S
condition = "${if and {{!eq{$received_protocol}{spam-scanned}} {!def:h_X-FILTER-SPAM:}} {1}{0}}"
driver = accept
headers_add = X-FILTER-SPAM: ICF Team Spam Filter on $primary_hostname, $tod_full\n\
X-SENDER-INFO: ${if def:authenticated_id {ID - ${authenticated_id},}} \
${if def:authenticated_sender {authenticated_sender - ${authenticated_sender},}} \
${if def:sender_ident {rfc1413(ident) - ${sender_ident},}} \
${if def:originator_uid {UID - ${originator_uid},}} \
${if def:originator_gid {GID - ${originator_gid}}}
local_parts = !addham:!addspam:!ham:!spam:!sexy
transport = spamcheck_transport
require_files = /usr/local/dspam/var/spool:/usr/local/dspam/bin/dspam
spam_reject:
driver = redirect
check_local_user
user = exim
group = mail
headers_add = "X-DSPAM-Rreport: Rejected"
condition = ${if eq {$h_X-DSPAM-Result:}{Spam}{yes}{no}}
allow_fail = true
require_files = $local_part:/usr/local/vmail/${domain}/spam/$local_part
errors_to = ""
data = :blackhole:
more = false
userforward:
driver = redirect
allow_fail
allow_defer
data = ${lookup mysql{SELECT recipients FROM userforward \
WHERE local_part='${local_part}' AND domain='${domain}'}}
mysqluser:
driver = accept
condition = ${if eq{} {${lookup mysql{SELECT home FROM users \
WHERE id='${local_part}' AND mbox_host='${domain}' \
AND active='Y'}}}{no}{yes}}
transport = mysql_delivery
begin transports
spamcheck_transport:
driver = pipe
command = "/usr/sbin/exim -oi -oMr spam-scanned -bS"
transport_filter = /usr/local/dspam/bin/dspam --stdout --deliver=innocent,spam --user $local_part@$domain \
--mail-from "${lc:$sender_address}" --rcpt-to "${lc:$local_part}@${lc:$domain}"
user = exim
group = mail
use_bsmtp = true
home_directory = "/usr/local/dspam/var/spool"
current_directory = "/usr/local/dspam/var/spool"
delivery_date_add = true
return_path_add = true
envelope_to_add = true
log_fail_output = true
log_defer_output = true
return_fail_output = true
message_prefix = ""
message_suffix = ""
temp_errors = *
addspam:
driver = pipe
command = /usr/local/dspam/bin/dspam --user ${lc:$sender_address} --class=spam --source=error
return_path_add = false
return_fail_output = true
log_output = true
home_directory = "/usr/local/dspam/var/spool"
current_directory = "/usr/local/dspam/var/spool"
user = exim
group = mail
message_prefix = ""
message_suffix = ""
falsepositive:
driver = pipe
command = /usr/local/dspam/bin/dspam --user ${lc:$sender_address} --class=innocent --source=error
return_path_add = false
return_fail_output = true
log_output = true
home_directory = "/usr/local/dspam/var/spool"
current_directory = "/usr/local/dspam/var/spool"
user = exim
group = mail
message_prefix = ""
message_suffix = ""
remote_smtp:
driver = smtp
mysql_delivery:
driver = appendfile
check_string = ""
create_directory
delivery_date_add
directory = ${lookup mysql{SELECT CONCAT(home, "/Maildir") FROM users \
WHERE id='${local_part}' AND mbox_host='${domain}'}}
directory_mode = 770
envelope_to_add
group = mail
maildir_format
maildir_tag = ,S=$message_size
message_prefix = ""
message_suffix = ""
mode = 0600
quota = ${lookup mysql{SELECT quota FROM users \
WHERE id='${local_part}' AND mbox_host='${domain}'}{${value}M}}
quota_size_regex = S=(\d+)$
quota_warn_threshold = 95%
return_path_add
address_pipe:
driver = pipe
return_output
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
address_reply:
driver = autoreply
Код: Выделить всё
#Дровщпуу дкфемжрфку DSPM дну фвчржэ хефюкхв
Home /usr/local/dspam/var/spool
#Въепж дну рчфвчржмк тражрэ
TrustedDeliveryAgent "/usr/sbin/exim -oi -oMr spam-scanned"
OnFail error
#Трныярювженк х тфкюкнеъкуок мржрфэй оргеж фвчржвжы DSPAM
Trust exim
Trust root
Trust mail
Trust mailnull
Trust smmsp
Trust daemon
#Юмнбавео ржнвдми
Debug *
#Юмнбавео хворрчиаепке
TrainingMode teft
Feature chained
Feature tb=5
Feature whitelist
#Юмнбавео внърфкжоэ тфрюефмк ткхео
Algorithm graham burton
PValue graham
Preference "signatureLocation=message" # 'message' or 'headers'
Preference "showFactors=on"
Preference "spamAction=quarantine"
AllowOverride trainingMode
AllowOverride spamAction spamSubject
AllowOverride statisticalSedation
AllowOverride enableBNR
AllowOverride enableWhitelist
AllowOverride signatureLocation
AllowOverride showFactors
AllowOverride optIn optOut
AllowOverride whitelistThreshold
#Рткхэювео трдмнбаепке м чвяе двппэй
MySQLServer localhost
MySQLPort 3306
MySQLUser exim
MySQLPass XXXXXXXXXX
MySQLDb dspam
MySQLCompress true
Notifications on
PurgeSignatures 14
PurgeNeutral 90
PurgeUnused 90
PurgeHapaxes 30
PurgeHits1S 15
PurgeHits1I 15
LocalMX 127.0.0.1
SystemLog on
UserLog on
Opt out
Код: Выделить всё
trainingMode=TEFT
spamAction=quarantine
spamSubject=[SPAM]
statisticalSedation=5
enableBNR=on
enableWhitelist=on
signatureLocation=message
exim maillog:
Код: Выделить всё
Mar 17 12:52:18 svr-mail exim: 2008-03-17 12:52:18 1JbC0v-0000PM-SA => admin <admin@my_domain.com> R=mysqluser T=mysql_delivery
Mar 17 12:52:18 svr-mail exim: 2008-03-17 12:52:18 1JbC0v-0000PM-SA Completed
Mar 17 12:52:18 svr-mail exim: 2008-03-17 12:52:18 1JbC0v-0000PJ-Qp => admin <admin@my_domain.com> R=spamscan_router T=spamcheck_transport
Mar 17 12:52:18 svr-mail exim: 2008-03-17 12:52:18 1JbC0v-0000PJ-Qp Completed
Mar 17 12:59:14 svr-mail exim: 2008-03-17 12:59:14 1JbC7e-0000Pz-E1 <= dot7@rcn.net H=isa.wg.local (mail2.my_domain.com) [192.168.0.220] P=esmtp S=3263 id=000901c88815$05526667$ca5d67bc@nwlfga from <dot7@rcn.net> for admin@my_domain.com
Mar 17 12:59:14 svr-mail exim: 2008-03-17 12:59:14 1JbC7e-0000Q2-HM <= dot7@rcn.net U=exim P=spam-scanned S=3575 id=000901c88815$05526667$ca5d67bc@nwlfga from <dot7@rcn.net> for admin@my_domain.com
Mar 17 12:59:14 svr-mail exim: 2008-03-17 12:59:14 1JbC7e-0000Q2-HM => admin <admin@my_domain.com> R=mysqluser T=mysql_delivery
Mar 17 12:59:14 svr-mail exim: 2008-03-17 12:59:14 1JbC7e-0000Q2-HM Completed
Mar 17 12:59:14 svr-mail exim: 2008-03-17 12:59:14 1JbC7e-0000Pz-E1 => admin <admin@my_domain.com> R=spamscan_router T=spamcheck_transport
Mar 17 12:59:14 svr-mail exim: 2008-03-17 12:59:14 1JbC7e-0000Pz-E1 Completed
Mar 17 13:07:31 svr-mail authdaemond: modules="authmysql", daemons=5
Mar 17 13:07:31 svr-mail authdaemond: Installing libauthmysql
Mar 17 13:07:31 svr-mail authdaemond: Installation complete: authmysql
Mar 17 13:07:32 svr-mail exim: 2008-03-17 13:07:32 exim 4.69 daemon started: pid=804, -q15m, listening for SMTP on port 25 (IPv4) and for SMTPS on port 465 (IPv4)
Mar 17 13:09:09 svr-mail imapd: LOGIN, user=alekseeves@my_domain.com, ip=[192.168.0.40], port=[4515], protocol=IMAP
Mar 17 13:09:11 svr-mail imapd: LOGIN, user=alekseeves@my_domain.com, ip=[192.168.0.40], port=[4519], protocol=IMAP
Mar 17 13:09:15 svr-mail imapd: LOGIN, user=admin@my_domain.com, ip=[192.168.0.40], port=[4520], protocol=IMAP
Mar 17 13:16:22 svr-mail exim: 2008-03-17 13:16:22 1JbCOE-0000FW-0a <= dotyk@qwest.com H=isa.wg.local (mail2.my_domain.com) [192.168.0.220] P=esmtp S=3173 id=000901c88817$03845f82$42ec90a1@dpaiailx from <dotyk@qwest.com> for admin@my_domain.com
Mar 17 13:16:23 svr-mail exim: 2008-03-17 13:16:23 1JbCOF-0000FZ-GF <= dotyk@qwest.com U=exim P=spam-scanned S=3548 id=000901c88817$03845f82$42ec90a1@dpaiailx from <dotyk@qwest.com> for admin@my_domain.com
Mar 17 13:16:23 svr-mail exim: 2008-03-17 13:16:23 1JbCOF-0000FZ-GF => admin <admin@my_domain.com> R=mysqluser T=mysql_delivery
Mar 17 13:16:23 svr-mail exim: 2008-03-17 13:16:23 1JbCOF-0000FZ-GF Completed
Mar 17 13:16:23 svr-mail exim: 2008-03-17 13:16:23 1JbCOE-0000FW-0a => admin <admin@my_domain.com> R=spamscan_router T=spamcheck_transport
Mar 17 13:16:23 svr-mail exim: 2008-03-17 13:16:23 1JbCOE-0000FW-0a Completed
Mar 17 13:38:27 svr-mail authdaemond: modules="authmysql", daemons=5
Mar 17 13:38:27 svr-mail authdaemond: Installing libauthmysql
Mar 17 13:38:28 svr-mail authdaemond: Installation complete: authmysql
Mar 17 13:38:29 svr-mail exim: 2008-03-17 13:38:29 exim 4.69 daemon started: pid=804, -q15m, listening for SMTP on port 25 (IPv4) and for SMTPS on port 465 (IPv4)
Mar 17 13:39:09 svr-mail imapd: LOGIN, user=alekseeves@my_domain.com, ip=[192.168.0.40], port=[4750], protocol=IMAP
Mar 17 13:39:09 svr-mail imapd: LOGIN, user=admin@my_domain.com, ip=[192.168.0.40], port=[4751], protocol=IMAP
Код: Выделить всё
1251: [3/17/2008 12:45:27] DSPAM Instance Startup
1251: [3/17/2008 12:45:27] input args: /usr/local/dspam/bin/dspam --stdout --deliver=innocent,spam --user admin@my_domain.com --mail-from cbuhrman54@charter.net --rcpt-to admin@my_domain.com
1251: [3/17/2008 12:45:27] pass-thru args: --mail-from cbuhrman54@charter.net admin@my_domain.com
1251: [3/17/2008 12:45:27] processing user admin@my_domain.com
1251: [3/17/2008 12:45:27] uid = 1001, euid = 0, gid = 6, egid = 6
1251: [3/17/2008 12:45:27] Loading preferences for user admin@my_domain.com
1251: [3/17/2008 12:45:27] Loading preferences for uid 2
1251: [3/17/2008 12:45:27] Loading preferences from dspam.conf
1251: [3/17/2008 12:45:27] using /usr/local/dspam/var/spool/opt-in/my_domain.com/admin.dspam as path
1251: [3/17/2008 12:45:27] using /usr/local/dspam/var/spool/opt-out/my_domain.com/admin.nodspam as path
1251: [3/17/2008 12:45:27] sedation level set to: 5
1251: [3/17/2008 12:45:27] Loading 65 BNR patterns
1251: [3/17/2008 12:45:27] Whitelist threshold: 10
1251: [3/17/2008 12:45:27] [graham] [0.999900] META+content (1frq, 21s, 0i)
1251: [3/17/2008 12:45:27] [burton] [0.999900] META+content (1frq, 21s, 0i)
1251: [3/17/2008 12:45:27] [graham] [0.999900] name (1frq, 21s, 0i)
1251: [3/17/2008 12:45:27] [burton] [0.999900] name (1frq, 21s, 0i)
1251: [3/17/2008 12:45:27] [graham] [0.999900] name+GENERATOR (1frq, 21s, 0i)
1251: [3/17/2008 12:45:27] [burton] [0.999900] name+GENERATOR (1frq, 21s, 0i)
1251: [3/17/2008 12:45:27] [graham] [0.999900] MSHTML (1frq, 21s, 0i)
1251: [3/17/2008 12:45:27] [burton] [0.999900] MSHTML (1frq, 21s, 0i)
1251: [3/17/2008 12:45:27] [graham] [0.999900] Content-Type*boundary+NextPart (1frq, 21s, 0i)
1251: [3/17/2008 12:45:27] [burton] [0.999900] Content-Type*boundary+NextPart (1frq, 21s, 0i)
1251: [3/17/2008 12:45:27] [graham] [0.999900] MSHTML+name (1frq, 21s, 0i)
1251: [3/17/2008 12:45:27] [burton] [0.999900] MSHTML+name (1frq, 21s, 0i)
1251: [3/17/2008 12:45:27] [graham] [0.999900] Content-Type*NextPart (1frq, 21s, 0i)
1251: [3/17/2008 12:45:27] [burton] [0.999900] Content-Type*NextPart (1frq, 21s, 0i)
1251: [3/17/2008 12:45:27] [graham] [0.999900] content+MSHTML (1frq, 21s, 0i)
1251: [3/17/2008 12:45:27] [burton] [0.999900] content+MSHTML (1frq, 21s, 0i)
1251: [3/17/2008 12:45:27] [graham] [0.999900] koi8+META (1frq, 12s, 0i)
1251: [3/17/2008 12:45:27] [burton] [0.999900] koi8+META (1frq, 12s, 0i)
1251: [3/17/2008 12:45:27] [graham] [0.999900] GENERATOR (1frq, 21s, 0i)
1251: [3/17/2008 12:45:27] [burton] [0.999900] GENERATOR (1frq, 21s, 0i)
1251: [3/17/2008 12:45:27] [graham] [0.999800] X-Spam-Status*HTML+HTML (1frq, 8s, 0i)
1251: [3/17/2008 12:45:27] [burton] [0.999800] X-Spam-Status*HTML+HTML (1frq, 8s, 0i)
1251: [3/17/2008 12:45:27] [graham] [0.999800] X-Spam-Status*FROM (1frq, 8s, 0i)
1251: [3/17/2008 12:45:27] [burton] [0.999800] X-Spam-Status*FROM (1frq, 8s, 0i)
1251: [3/17/2008 12:45:27] [graham] [0.088608] дмс (2frq, 3s, 3i)
1251: [3/17/2008 12:45:27] [burton] [0.088608] дмс (2frq, 3s, 3i)
1251: [3/17/2008 12:45:27] [burton] [0.088608] дмс (2frq, 3s, 3i)
1251: [3/17/2008 12:45:27] [graham] [0.127273] НЕЦДХ (2frq, 3s, 2i)
1251: [3/17/2008 12:45:27] [burton] [0.127273] НЕЦДХ (2frq, 3s, 2i)
1251: [3/17/2008 12:45:27] [burton] [0.127273] НЕЦДХ (2frq, 3s, 2i)
1251: [3/17/2008 12:45:27] [graham] [0.134615] ДП (2frq, 8s, 5i)
1251: [3/17/2008 12:45:27] [burton] [0.134615] ДП (2frq, 8s, 5i)
1251: [3/17/2008 12:45:27] [burton] [0.134615] ДП (2frq, 8s, 5i)
1251: [3/17/2008 12:45:27] [burton] [0.162791] ЕЗП (2frq, 4s, 2i)
1251: [3/17/2008 12:45:27] [burton] [0.162791] ЕЗП (2frq, 4s, 2i)
1251: [3/17/2008 12:45:27] [burton] [0.225806] ПФ (2frq, 15s, 5i)
1251: [3/17/2008 12:45:27] [burton] [0.225806] ПФ (2frq, 15s, 5i)
1251: [3/17/2008 12:45:27] [burton] [0.244755] Date*Mon (1frq, 20s, 6i)
1251: [3/17/2008 12:45:27] [burton] [0.244755] X-Spam-Status*No (1frq, 20s, 6i)
1251: [3/17/2008 12:45:27] [burton] [0.244755] X-Spam-Status*No+score (1frq, 20s, 6i)
1251: [3/17/2008 12:45:27] [burton] [0.244755] Date*Mon+Mar (1frq, 20s, 6i)
1251: [3/17/2008 12:45:27] [burton] [0.253886] Content-Type*koi8 (2frq, 21s, 6i)
1251: [3/17/2008 12:45:27] Graham-Bayesian Probability: 1.000000 Samples: 15
1251: [3/17/2008 12:45:27] Burton-Bayesian Probability: 1.000000 Samples: 27
1251: [3/17/2008 12:45:27] using Graham factors
1251: [3/17/2008 12:45:27] Result Confidence: 0.61
1251: [3/17/2008 12:45:27] Control: [22 1] [23 1]
1251: [3/17/2008 12:45:27] saving signature as 47de3db712512102511892
1251: [3/17/2008 12:45:27] libdspam returned probability of 1.000000
1251: [3/17/2008 12:45:27] message result: SPAM
1251: [3/17/2008 12:45:27] DSPAM Instance Shutdown. Exit Code: 0
Код: Выделить всё
1205744880 I пМЕУС <info@cazabon.co.uk> 47de34f09871658817776 йДЕБМШОЩК РЕТЕЗПЧПТЭЙЛ 0.124783
1205745109 I чЙЛФПТЙС <info@bemidji.net> 47de35d510121700824962 уЙУФЕНБ БДЕЛЧБФОПК НПФЙЧБГЙЙ РЕТУПОБМБ 0.190110
1205745554 I "eamon iabg" <-russvr@adexs.com> 47de379210251722717743 дпзпчптоще пфопыеойс ч ьмелфтпьоетзефйле 0.492349
1205746594 I "тБДЦБВ тБДПОЕЦУЛЙК" <corrige@leehansen.com> 47de3ba212212052113048 чойнбойе! PEKмбнб 0.040602
1205747127 S "alfie therese" <cbuhrman54@charter.net> 47de3db712512102511892 бЖЙЫБ-мХЮЫЕЕ: рТЕНШЕТЩ, уРЕЛФБЛМЙ, лПОГЕТФЩ 0.263990
1205747227 M <None Specified> 47de3ba212212052113048 <None Specified> 0.071405
1205747228 M <None Specified> 47de379210251722717743 <None Specified> 0.189144
1205747228 M <None Specified> 47de35d510121700824962 <None Specified> 0.240497
1205747229 M <None Specified> 47de34f09871658817776 <None Specified> 0.165386
1205747230 M <None Specified> 47de34009751638653546 <None Specified> 0.131853
1205747230 M <None Specified> 47de333e9661623514066 <None Specified> 0.162836
1205747537 I зБМЙОБ <info@bcohen.net> 47de3f5115742645486926 [***SPAM*** Score/Req: 03.1/3.0] бХДЙФ ЛБДТПЧПК ДПЛХНЕОФБГЙЙ УЧПЙНЙ УЙМБНЙ 0.113575
1205747954 I "Anna andy" <dot7@rcn.net> 47de40f216162716012134 вЙМЕФЩ ОБ ъЕНЖЙТХ, ыБОУПО ЗПДБ,PussyCat Dolls 0.074999
1205748076 M <None Specified> 47de3f5115742645486926 <None Specified> 0.167649
1205748077 M <None Specified> 47de40f216162716012134 <None Specified> 0.106126
1205748982 I чЙЛФПТЙС ray <dotyk@qwest.com> 47de44f69671625242314 вЙМЕФЩ ОБ ъЕНЖЙТХ, ыБОУПО ЗПДБ,PussyCat Dolls 0.380295