Apr 04

Quote from http://blog.verwilst.be/2008/12/11/improving-spam-filtering-on-zimbra-5x-with-dspam/

By default, Zimbra isn’t very good in the spam-handling dept. You just keep on flagging messages as Junk, in the hopes that Zimbra is getting wiser on every occasion. Not really though..

Under the hood, Zimbra is relying on SpamAssassin to weed out the pharma mails. This heuristics-based method is pretty 90’s IMO, and while it still catches a lot of spam, rules have to be added/update on a regular basis in order to stay ahead of – or at least on par with – our good friends the spammers.

Enter DSpam. Dspam has a statistical approach to spam filtering. DSpam only knows that something is spam after you repeatedly show examples of it ( in Zimbra terms, mark it as junk ). After a while, dspam knows which words ( and combinations ) are mostly present in your spam and ham mails. Based on that knowledge, it will make educated guesses on what you consider spam and what you don’t. This means that dspam automatically keeps track of the latest trends in spam, as long as you follow up once in a while. Apart from that, dspam is written in C, and is insanely fast, especially in comparison with bloaty old Spamassassin.

One downside of Dspam however is that the project is pretty much euh.. dead or asleep, whatever you prefer. It sure has its share of quirks, especially on larger environments. But it does the job nicely for most people. Zimbra disabled dspam quite some time ago because of stability issues, so your mileage may vary.

Okay now i want to enable DSPAM on my zimbra5.0.18, you can checked your zimbra version by doing this as zimbra user

#su zimbra

$ zmcontrol -v

Release 5.0.18_GA_3011.UBUNTU8 UBUNTU8 FOSS edition

Now we need to go to amavisd.conf.in directory first

$ cd /opt/zimbra/conf/

You will see the dspam config by doing this

$ more amavisd.conf.in | grep dspam
%%uncomment LOCAL:amavis_dspam_enabled%%$dspam = ‘/opt/zimbra/dspam/bin/dspam’;

you can see the dspam was commented

$ more amavisd.conf | grep dspam
#$dspam = ‘/opt/zimbra/dspam/bin/dspam’;

Now you need to enable DSPAM using command zmlocalconfig -e amavis_dspam_enabled=TRUE

$ zmlocalconfig -e amavis_dspam_enabled=TRUE

then restart the amavid

$ zmamavisdctl restart
Stopping amavisd… done.
Starting amavisd…done.

checked the different on the amavisd.conf, you will see it was uncommented

$ more amavisd.conf.in | grep dspam
%%uncomment LOCAL:amavis_dspam_enabled%%$dspam = ‘/opt/zimbra/dspam/bin/dspam’;

$ more amavisd.conf | grep dspam
$dspam = ‘/opt/zimbra/dspam/bin/dspam’;

Now as root change the ownershipof the dspam directory on /opt/zimbra/dspam-3.8.0/

# chown -R zimbra.zimbra /opt/zimbra/dspam-3.8.0/

Then as zimbra use zmtrainsa to train your dspam, here is the example

# su zimbra
$ zmtrainsa
20100404222633 Starting spam/ham extraction from system accounts.
[] INFO: Total messages processed: 25
[] INFO: Total messages processed: 1
20100404222639 Finished extracting spam/ham from system accounts.
20100404222639 Starting spamassassin training.
netset: cannot include 127.0.0.0/8 as it has already been included
Learned tokens from 0 message(s) (25 message(s) examined)
netset: cannot include 127.0.0.0/8 as it has already been included
Learned tokens from 0 message(s) (1 message(s) examined)
netset: cannot include 127.0.0.0/8 as it has already been included
20100404222645 Finished spamassassin training.
20100404222645 Starting dspam training
Taking Snapshot…
zimbra            TP:     0 TN:     0 FP:     0 FN:     0 SC:     0 NC:     0
Training /tmp/ham.fc15146 / /tmp/spam.cR15145 corpora…
[test: nonspam] 127c96e3c4b-0                    result: PASS
[test: spam   ] 127c96e303c-4                    result: FAIL (Innocent)
[fn] Subject: Friendster Reminder – dEAthstrike’s Birthday is Today – Ma                                                                                                  rch 26
[test: spam   ] 127c96e303c-10                   result: FAIL (Innocent)
[fn] Subject: Thedy, Charlena3783 is waiting for you!
[test: spam   ] 127c96e303c-3                    result: FAIL (Innocent)
[fn] Subject: iPad testers wanted!
[test: spam   ] 127c96e303c-18                   result: FAIL (Innocent)
[fn] Subject: Friendster Reminder – livhiea’s Birthday is Today – March                                                                                                   27
[test: spam   ] 127c96e303c-0                    result: FAIL (Innocent)
[fn] Subject: JobsDB Job Alert – 3 new job(s) of “Job Alert”
[test: spam   ] 127c96e303c-21                   result: FAIL (Innocent)
[fn] Subject: Internal Audit Staff – Job Alert from JobStreet.com
[test: spam   ] 127c96e303c-1                    result: FAIL (Innocent)
[fn] Subject: Beautiful_Maggie is checking you out!
[test: spam   ] 127c96e303c-23                   result: PASS
[test: spam   ] 127c96e303c-7                    result: PASS
[test: spam   ] 127c96e303c-17                   result: PASS
[test: spam   ] 127c96e303c-14                   result: PASS
[test: spam   ] 127c96e303c-20                   result: PASS
[test: spam   ] 127c96e303c-9                    result: PASS
[test: spam   ] 127c96e303c-11                   result: PASS
[test: spam   ] 127c96e303c-12                   result: PASS
[test: spam   ] 127c96e303c-19                   result: PASS
[test: spam   ] 127c96e303c-24                   result: PASS
[test: spam   ] 127c96e303c-22                   result: PASS
[test: spam   ] 127c96e303c-2                    result: PASS
[test: spam   ] 127c96e303c-13                   result: PASS
[test: spam   ] 127c96e303c-6                    result: PASS
[test: spam   ] 127c96e303c-15                   result: PASS
[test: spam   ] 127c96e303c-5                    result: PASS
[test: spam   ] 127c96e303c-8                    result: PASS
[test: spam   ] 127c96e303c-16                   result: PASS
TRAINING COMPLETE

Training Snapshot:
zimbra            TP:    18 TN:     1 FP:     0 FN:     7 SC:     0 NC:     0
SHR:   72.00%       HSR:    0.00%       OCA:   73.08%

Overall Statistics:
zimbra            TP:    18 TN:     1 FP:     0 FN:     7 SC:     0 NC:     0
SHR:   72.00%       HSR:    0.00%       OCA:   73.08%
dspam_clean starting
PROCESSING USER: zimbra
Processing sigs; age: 14
Processing probabilities; age: 0
Processing unused; any: 90 quota: 30 nospam: 15 onehit: 15
20100404222646 Finished dspam training

And last thing Dspam will show on your mail header such as this

Return-Path: test@gmail.com
Received: from mail.zimbra.org.zimbra.org (LHLO mail.zimbra.org)
(202.58.181.138) by mail.zimbra.org with LMTP; Sun, 4 Apr 2010 22:39:09
+0700 (WIT)
Received: from localhost (localhost [127.0.0.1])
by mail.zimbra.org (Postfix) with ESMTP id 91D8AD5057B
for <testing@zimbra.org>; Sun,  4 Apr 2010 22:39:09 +0700 (WIT)
X-DSPAM-Result: Innocent
X-DSPAM-Confidence: 0.7654
X-DSPAM-Probability: 0.0000
X-DSPAM-Signature: 4bb8b297249781969636528
X-DSPAM-Factors: 27,

X-Virus-Scanned: amavisd-new at zimbra.org
X-Spam-Flag: NO
X-Spam-Score: 1.14
X-Spam-Level: *
X-Spam-Status: No, score=1.14 tagged_above=-10 required=6.6 tests=[AWL=0.420,
BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, DSPAM_HAM=-1,

Leave a Reply