* Web-frontend instead of forward for training Dspam


Sebastien Wains
http://www.wains.be


Revision : $Id: dspam-webui-debian.txt 28 2007-10-22 13:48:08Z sw $


In my situation, I can't expect from my users to get involved in Dspam retraining.
Since I manage a small domain (50 boxes) I prefer keeping my hands on dspam training, than having a completely corrupted library.


I'll consider you have followed my howto about Postfix on Debian Etch.
That setup was considering a small domain where the admin would take care of retraining dspam correctly.
Dspam dictionary was shared among every users of the domain.

In this setup, users will have their own dictionary and train it themselves through a web interface.
It is definitely more convenient on large domains.


* Install Dspam-webfrontend

# apt-get install dspam-webfrontend


* Configure web frontend

/etc/dspam/webfrontend.conf

	#!/usr/bin/perl
	
	# Default DSPAM enviroment
	$CONFIG{'DSPAM_HOME'}   = "/var/spool/dspam";
	$CONFIG{'DSPAM_BIN'}    = "/usr/bin";
	$CONFIG{'DSPAM'}        = $CONFIG{'DSPAM_BIN'} . "/dspam";
	$CONFIG{'DSPAM_STATS'}  = $CONFIG{'DSPAM_BIN'} . "/dspam_stats";
	$CONFIG{'DSPAM_ARGS'}   = "--deliver=innocent --class=innocent " .
	                          "--source=error --user %CURRENT_USER% -d %u";
	$CONFIG{'TEMPLATES'}    = "/usr/share/dspam/upstream-templates/";       # Location of HTML templates
	$CONFIG{'ALL_PROCS'}    = "ps auxw";            # use ps -deaf for Solaris
	$CONFIG{'MAIL_QUEUE'}   = "mailq | grep '^[0-9,A-F]' | wc -l";
	
	$CONFIG{'WEB_ROOT'}     = "./"; # URL location of included htdocs/ files
	
	# Default DSPAM display
	$CONFIG{'DATE_FORMAT'}  = "%d.%m.%Y %H:%M"; # Date format in strftime style
	                                             # if undefined use default DSPAM display format
	$CONFIG{'HISTORY_SIZE'} = 799;          # Number of items in history
	$CONFIG{'HISTORY_PER_PAGE'} = 100;
	$CONFIG{'HISTORY_DUPLICATES'} = "yes";  # Wether to show duplicate entries in history "yes" or "no"
	$CONFIG{'MAX_COL_LEN'}  = 50;           # Max chars in list columns
	$CONFIG{'SORT_DEFAULT'} = "Rating";     # Show quarantine by "Date" or "Rating"
	$CONFIG{'3D_GRAPHS'}    = 1;
	$CONFIG{'OPTMODE'}      = "NONE";       # OUT=OptOut IN=OptIn NONE=not selectable
	
	$ENV{'PATH'} = "$ENV{'PATH'}:$CONFIG{'DSPAM_BIN'}";
	
	# LOCAL_DOMAIN is only relevant to display the spam address in the WebUI
	$CONFIG{'LOCAL_DOMAIN'} = "antispam.domain.be";
	$CONFIG{'AUTODETECT'} = 0;
	$CONFIG{'LARGE_SCALE'} = 0;
	$CONFIG{'DOMAIN_SCALE'} = 1;
	$CONFIG{'PREFERENCES_EXTENSION'} = 1;
	
	$CONFIG{'DSPAM_CGI'} = "dspam.cgi";
	
	# Configuration was successful
	1;


PREFERENCES_EXTENSION must be set to 1 to store user preferences in MySQL instead of under files on the filesystem.

large_scale / domain_scale ?
-large is like /dspam/data/domain.tld/user@domain.tld where-as -domain is /dspam/data/domain.tld/user
Debian package is built with domain_scale

Prefs files are stored under :
/var/spool/dspam/data/domain.be/user10/


We need to fix the WebUI a little, because we are not exactly following the Dspam guidelines about the spam email address.
By default it invites us to forward spammy messages to dspam-username@antispam.domain.be while we are only using a single spam address.

# cd /usr/share/dspam/upstream-templates/
# sed -re 's/spam-\$REMOTE_USER\$\@/spam\@/' nav_performance.html > nav_performance2.html
# mv nav_performance.html nav_performance.html.default
# mv nav_performance2.html nav_performance.html


My dspam.conf file :

	Home /var/spool/dspam
	StorageDriver /usr/lib/dspam/libmysql_drv.so
	DeliveryHost        127.0.0.1
	DeliveryPort        10026
	DeliveryIdent       "DSPAM-Daemon"
	DeliveryProto       SMTP
	OnFail error
	Trust root
	Trust dspam
	Trust www-data
	Trust mail
	TrainingMode teft
	TestConditionalTraining on
	Feature chained
	Feature whitelist
	Algorithm graham burton
	PValue graham
	SupressWebStats off
	
	Preference "spamAction=quarantine"
	Preference "signatureLocation=message"  # 'message' or 'headers'
	Preference "showFactors=off"
	Preference "spamSubject=[ SPAM ? ]"
	AllowOverride trainingMode
	AllowOverride spamAction spamSubject
	AllowOverride statisticalSedation
	AllowOverride enableBNR
	AllowOverride enableWhitelist
	AllowOverride showFactors
	AllowOverride optIn optOut
	AllowOverride whitelistThreshold

	# Necessary if we want a single spam alias	
	MySQLUIDInSignature on
	
	Notifications   off
	LocalMX 127.0.0.1
	SystemLog on
	UserLog   on
	Opt out
	TrackSources spam nonspam
	ParseToHeaders off
	ChangeModeOnParse on
	ChangeUserOnParse off
	#ClamAVPort      3310
	#ClamAVHost      127.0.0.1
	#ClamAVResponse  reject
	ServerPID              /var/spool/postfix/var/run/dspam/dspam.pid
	ServerMode auto
	ServerPass.Relay1       "secret"
	ServerParameters        "--deliver=innocent"
	ServerIdent             "localhost.localdomain"
	ServerDomainSocketPath  "/var/spool/postfix/var/run/dspam/dspam.sock"
	ClientHost      /var/spool/postfix/var/run/dspam/dspam.sock
	ClientIdent     "secret@Relay1"
	ProcessorBias on
	Include /etc/dspam/dspam.d/


We are using quarantine as spam action here.
Users will need to log into the WebUI to find valid messages and eventually release them.
Users can switch to the tag method. They will receive spam messages tagged on their mailbox and they will need to send
ham messages to notspam@antispam.domain.be to train DSPAM.


UserLog is required to get graphs in the web UI.
SupressWebStats needs to be set to off if you want to use the webUI, otherwise .stats files will be deleted. 


* Compile mod_auth_mysql for Apache 2

Source (thanks guys !) : http://dev.e-taxonomy.eu/trac/wiki/ApacheMySQLAuthentication

Ideally compile on a separate box :

# apt-get install apache2-prefork-dev libmysqlclient15-dev gcc patch

Create the following directory :

# mkdir /usr/src/auth_mysql
# cd /usr/src/auth_mysql

Download the module's source files and the relating patch for Apache 2.2

# wget http://download.nuxwin.com/apache2.2-modules/auth_mysql/mod_auth_mysql-3.0.0.tar.gz
# wget http://download.nuxwin.com/apache2.2-modules/auth_mysql/patch/apache2.2.diff

Unpack the sources and apply the patch file to the sources:

tar xzf mod_auth_mysql-3.0.0.tar.gz
# cp apache2.2.diff mod_auth_mysql-3.0.0/
# cd mod_auth_mysql-3.0.0
# patch -p0 < apache2.2.diff mod_auth_mysql.c

Compiling the module and check the output produced:

# apxs2 -c -L/usr/lib/mysql -I/usr/include/mysql -lmysqlclient -lm -lz mod_auth_mysql.c

Install the module and check the output produced:

# apxs2 -i mod_auth_mysql.la

Create the module's load configuration file:

# echo "LoadModule mysql_auth_module /usr/lib/apache2/modules/mod_auth_mysql.so" > /etc/apache2/mods-available/auth_mysql.load

Enable the module and restart apache2:

# a2enmod auth_mysql
# /etc/init.d/apache2 force-reload





* Tweak PostfixAdmin to support MD5 passwords 

By default, Postfix Admin supports only cleartext passwords, or md5-crypt, which is apparently no longer supported in MySQL. (or it is, but mod_auth_mysql does not support it)
An easy fix is to add MD5 support to Postfix Admin :

Add the md5 method to functions.inc.php :

function pacrypt ($pw, $pw_db="")
{
   global $CONF;
   $password = "";
   $salt = "";

   if ($CONF['encrypt'] == 'md5')
   {
      $password = md5($pw);
   }

Under config.inc.php change the method used :

$CONF['encrypt'] = 'md5';


Keep in mind md5 is not salted. If you want tighter security, choose something else or salt it.



* Configure Apache

We are setting up the webUI to the address dspam.local.domain.be.
That address must exist in your DNS server.

/etc/apache2/sites-available/default :

<VirtualHost *>
        DocumentRoot "/var/www/dspam"
        ServerName dspam.local.domain.be
        SuexecUserGroup dspam dspam

	<Directory /var/www/dspam>
		Options ExecCGI
		Options -Indexes
		Addhandler cgi-script .cgi
		DirectoryIndex dspam.cgi

		AllowOverride None

		AuthName "DSPAM"
		AuthType Basic
		Require valid-user
		AuthUserFile /dev/null

		AuthBasicAuthoritative Off
		AuthMySQLAuthoritative on
		AuthMySQLHost 127.0.0.1
		AuthMySQLUser root
		AuthMySQLPassword pass
		AuthMySQLDB postfix
		AuthMySQLUserTable mailbox
		AuthMySQLNameField username
		AuthMySQLPasswordField password
		AuthMySQLPwEncryption md5
	</Directory>

</VirtualHost>


If you are not sure which encryption method has been used :
SELECT ENCRYPT('pass'), PASSWORD('pass'), MD5('pass');

Different encryption methods are available under mod_auth_mysql :
AuthMySQLPwEncryption none | crypt | scrambled | md5 | aes | sha1



* admin.cgi

edit /etc/dspam/admins

Add user1@domain.be to allow that user to manage the domain.

Users prefs are stored under : /var/spool/dspam/data/domain.be/user1.prefs



* Try it

Restart dspam one last time and try it out.
Users can reach the WebUI at http://dspam.local.domain.be