[Dovecot] Trying to get DSpam+Dovecot working with Postfix and local/virtual domains
Jeremy Doran
frysco at icloud.com
Mon Apr 21 16:52:13 UTC 2014
Hi,
I'm hoping that someone might be able to help, as I've been going in
circles with trying to get the right configuration done here. I'm also
not sure whether this is more of a Dovecot or DSpam question, so I'm
posting the same to both mailing lists.
My goal is to have a mail setup that is as follows:
[Incoming email] --> [Postfix] --> [Amavis] --> [DSpam] --> [Dovecot
LDA] -+---(local domain)---> /var/mail/${user}
|
+---(virtual)---> /home/vmail/${domain}/${user}@{domain}
As of right now, I have Postfix successfully feeding into Amavis,
re-injecting into Postfix with a final delivery for the local domain via
procmail, and final delivery for virtual domains via the virtual
transport into maildir (but /home/vmail/${user}@${domain})
Virtual domains are being managed by PostfixAdmin. Dovecot is running as
the IMAP server. Everything (Postfix, PostfixAdmin, Dovecot) is using a
Postgres database as backend for the dynamic maps/authentication.
The problem I've been stumbling over is trying to get DSpam to work
nicely with both a local domain and virtual domains/mailboxes, and the
same for Dovecot, as I would rather like to make use of the Sieve
functionality going forward instead of Procmail. I did have DSpam
working, but was unable to get the Dovecot antispam plugin working to
re-train based on moving mails into/out of a defined 'SPAM' folder, due
to permissions relating to how the antispam plugin was calling DSpam.
I'm really not wanting to make the local domain into a virtual mailbox
domain, because there are users on the system (for that local domain)
that already use the password in /etc/passwd for accessing the server
for other uses. While there are also people who do that who have virtual
mailbox domains, it's a far lower number.
Here's what I have so far.
Postfix 2.11.0
main.cf (via 'postconf -nf'):
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases, hash:/usr/local/mailman/data/aliases
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
content_filter = amavisfeed:[127.0.0.1]:10024
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5
html_directory = /usr/local/share/doc/postfix
inet_interfaces = all
inet_protocols = ipv4 ipv6
local_recipient_maps = $transport_maps unix:passwd.byname $alias_maps
mail_owner = postfix
mailbox_command = /usr/local/bin/procmail -a "$EXTENSION"
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
mydestination = $myhostname, localhost.$mydomain, $mydomain
mydomain = critter.net
myhostname = cornix.critter.net
mynetworks = 127.0.0.0/8, 46.4.24.15/32, [::1]/128,
[2a01:4f8:131:4263::]/64,
184.73.168.110/32, [2001:470:7:12ba::]/64
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
receive_override_options = no_address_mappings
recipient_delimiter = -
relay_domains = pgsql:$config_directory/Maps/pgsql_relay_domains_maps.cf
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtp_tls_CAfile = /etc/ssl/certs/Critter.Net_Certificate_Authority.pem
smtp_tls_cert_file = /etc/ssl/certs/smtp.critter.net.pem
smtp_tls_key_file = /etc/ssl/private/smtp.critter.net.pem
smtp_tls_session_cache_database = /var/db/postfix/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_non_fqdn_hostname, reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unauth_destination, reject_unauth_pipelining,
reject_invalid_hostname, reject_rbl_client zen.spamhaus.org,
check_policy_service inet:127.0.0.1:10023
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/ssl/certs/Critter.Net_Certificate_Authority.pem
smtpd_tls_ask_ccert = yes
smtpd_tls_cert_file = /etc/ssl/certs/smtp.critter.net.pem
smtpd_tls_key_file = /etc/ssl/private/smtp.critter.net.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:/var/db/postfix/smtpd_scache
smtpd_use_tls = yes
soft_bounce = yes
tls_random_source = dev:/dev/urandom
transport_maps = pgsql:$config_directory/Maps/pgsql_transport_maps.cf
unknown_local_recipient_reject_code = 450
virtual_alias_maps =
pgsql:$config_directory/Maps/pgsql_virtual_alias_maps.cf
virtual_gid_maps = static:400
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains =
pgsql:$config_directory/Maps/pgsql_virtual_domain_maps.cf
virtual_mailbox_limit = 51200000
virtual_mailbox_maps =
pgsql:$config_directory/Maps/pgsql_virtual_mailbox_maps.cf
virtual_minimum_uid = 400
virtual_transport = virtual
virtual_uid_maps = static:400
master.cf (via 'postconf -Mf'):
smtp inet n - n - - smtpd
24 inet n - n - - smtpd
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_sasl_auth_enable=yes
-o
smtpd_client_restrictions=permit_sasl_authenticated,permit_mynetworks,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_sasl_auth_enable=yes
-o
smtpd_client_restrictions=permit_sasl_authenticated,permit_mynetworks,reject
-o milter_macro_daemon_name=ORIGINATING
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
amavisfeed unix - - - - 2 smtp
-o syslog_name=postfix/amavisfeed
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
127.0.0.1:10025 inet n - n - - smtpd
-o syslog_name=postfix/amavis-reinject
-o content_filter=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o smtpd_restriction_classes=
-o mynetworks=127.0.0.0/8,[::1]/128
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o
receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
-o local_header_rewrite_clients=
-o smtpd_milters=
-o local_recipient_maps=
-o relay_recipient_maps=
dovecot unix - n n - - pipe flags=DRhu
user=vmail:vmail argv=/usr/local/libexec/dovecot/deliver -f
${sender} -d
${user}@${nexthop}
Dovecot 2.2.10
config (via 'dovecot -n'):
# 2.2.10: /usr/local/etc/dovecot/dovecot.conf
# OS: FreeBSD 10.0-RELEASE-p1 amd64
auth_debug = yes
auth_verbose = yes
debug_log_path = /var/log/dovecot-debug.log
first_valid_uid = 400
mail_location = mbox:~/Mail:INBOX=/var/mail/%u
mail_privileged_group = mail
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
passdb {
driver = pam
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
}
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
userdb {
args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
userdb {
driver = passwd
}
DSpam 3.9.0
dspam.conf:
Home /var/db/dspam
StorageDriver /usr/local/lib/dspam/libpgsql_drv.so
TrustedDeliveryAgent "/usr/local/bin/procmail"
UntrustedDeliveryAgent "/usr/bin/procmail -d %u"
OnFail error
Trust root
Trust dspam
Trust apache
Trust mail
Trust mailnull
Trust smmsp
Trust daemon
TrainingMode teft
TestConditionalTraining on
Feature whitelist
Algorithm graham burton
Tokenizer chain
PValue bcr
WebStats on
Preference "trainingMode=TEFT" # { TOE | TUM | TEFT | NOTRAIN }
-> default:teft
Preference "spamAction=quarantine" # { quarantine | tag | deliver }
-> default:quarantine
Preference "spamSubject=[SPAM]" # { string } -> default:[SPAM]
Preference "statisticalSedation=5" # { 0 - 10 } -> default:0
Preference "enableBNR=on" # { on | off } -> default:off
Preference "enableWhitelist=on" # { on | off } -> default:on
Preference "signatureLocation=message" # { message | headers } ->
default:message
Preference "tagSpam=off" # { on | off }
Preference "tagNonspam=off" # { on | off }
Preference "showFactors=off" # { on | off } -> default:off
Preference "optIn=off" # { on | off }
Preference "optOut=off" # { on | off }
Preference "whitelistThreshold=10" # { Integer } -> default:10
Preference "makeCorpus=off" # { on | off } -> default:off
Preference "storeFragments=off" # { on | off } -> default:off
Preference "localStore=" # { on | off } -> default:username
Preference "processorBias=on" # { on | off } -> default:on
Preference "fallbackDomain=off" # { on | off } -> default:off
Preference "trainPristine=off" # { on | off } -> default:off
Preference "optOutClamAV=off" # { on | off } -> default:off
Preference "ignoreRBLLookups=off" # { on | off } -> default:off
Preference "RBLInoculate=off" # { on | off } -> default:off
AllowOverride enableBNR
AllowOverride enableWhitelist
AllowOverride fallbackDomain
AllowOverride ignoreGroups
AllowOverride ignoreRBLLookups
AllowOverride localStore
AllowOverride makeCorpus
AllowOverride optIn
AllowOverride optOut
AllowOverride optOutClamAV
AllowOverride processorBias
AllowOverride RBLInoculate
AllowOverride showFactors
AllowOverride signatureLocation
AllowOverride spamAction
AllowOverride spamSubject
AllowOverride statisticalSedation
AllowOverride storeFragments
AllowOverride tagNonspam
AllowOverride tagSpam
AllowOverride trainPristine
AllowOverride trainingMode
AllowOverride whitelistThreshold
AllowOverride dailyQuarantineSummary
MySQLUIDInSignature on
PgSQLServer /tmp/
PgSQLUser dspam
PgSQLPass xxxxxx
PgSQLDb dspam
HashRecMax 98317
HashAutoExtend on
HashMaxExtents 0
HashExtentSize 49157
HashPctIncrease 10
HashMaxSeek 10
HashConnectionCache 10
Notifications off
PurgeSignatures 14 # Stale signatures
PurgeNeutral 90 # Tokens with neutralish probabilities
PurgeUnused 90 # Unused tokens
PurgeHapaxes 30 # Tokens with less than 5 hits (hapaxes)
PurgeHits1S 15 # Tokens with only 1 spam hit
PurgeHits1I 15 # Tokens with only 1 innocent hit
LocalMX 127.0.0.1
SystemLog on
UserLog on
Opt out
ParseToHeaders on
ServerPID /var/run/dspam.pid
ServerDomainSocketPath "/var/run/dspam.sock"
ClientHost /var/run/dspam.sock
ProcessorURLContext on
ProcessorBias on
StripRcptDomain off
All of this is running on a FreeBSD 10-p1 server.
I hope that someone has successfully implemented a similar setup to what
I'm aiming for, and might be able to help.
Thanks.
More information about the dovecot
mailing list