Full Mail Server Solution w/ Virtual Domains & Users (Debian Etch, Postfix, Mysql, Dovecot, DSpam, ClamAV, Postgrey, RBL) - Page 6
V. Mail Delivery Server
The mail delivery server is the server that checks for SPAM using a bayesian algorithm via a service known as DSPAM. DSPAM is incredibly capable, and comes with a good deal of documentation regarding its various setups. Our particular setup is rather simple. MX-1 & MX-2 deliver mail to postman.internal.example.com via LMTP. LMTP is the Local Mail Transfer Protocol, you can find some basic information here. DSPAM receives the mail, checks against its own algorithms, and passes the mail over to ClamAV for virus detection. Assuming all is well, the mail is then given to Dovecot for final delivery.
We'll go over the sections one at a time. So, let's get things humming on postman.internal.example.com.
A. NFS Settings
Since Dovecot will be delivering our mail for us, we're going to want to get the vmail directory mapped onto the mail delivery server.
Go ahead and create the vmail user and directory like this:
# useradd -r -u 150 -g mail -d
/var/vmail -s /sbin/nologin -c "Virtual Mailbox" vmail
# mkdir /var/vmail
# chmod 770 /var/vmail/
# chown vmail:mail /var/vmail/
Now we need to install the NFS client tools:
# apt-get install nfs-common portmap
The directory then needs to be mounted to the NFS share. To do a simple test, run the following:
# mount files-1.internal.example.com:/vmail /vmail
You should now have access to the /vmail share from files-1. Try writing a file:
# cd /vmail
# touch tmp
It should work fine this time (postman has read-write access to the NFS mount... the MX servers just had read access).
Assuming everything is working, go ahead and unmount the NFS:
# cd /
And then make the mount permanent by putting the following into your /etc/fstab:
files-1.internal.example.com:/vmail /vmail nfs rw,rsize=4096,wsize=4096,hard,intr,tcp,noatime,nodev,async 0 0
Go ahead and mount the file system one last time:
# mount /vmail
... and you're good to go!
B. Install DSPAM
Once again, debian makes this rediculously simple:
# apt-get install dspam dspam-doc libdspam7-drv-mysql
You will be asked if you want to configure the database for libdspam7-drv-mysql with dbconfig-common, choose 'No'. Honestly, if you wanted to use dbconfig, there's nothing stopping you, but for the sake of documentation, I'm going to spell out the settings
C. Setup the MySQL Database
You're going to need to set up some tables in the MySQL database, so log in to sql-1.internal.example.com, and fire up the mysql client as root:
# mysql -u root -p
Then go ahead and create the new DSPAM database and user:
MYSQL> CREATE DATABASE dspam_db;
MYSQL> GRANT ALL PRIVILEGES ON dspam_db.* TO 'dspam_user'@'postman.internal.example.com' IDENTIFIED BY 'dspam_user_password';
NOTE: Change the dspam_user_password to a secure password!
D. Setup DSPAM for MySQL
Now that MySQL has a DSPAM database and User Account, we can go ahead and import the tables from the DSPAM MySQL driver. These are stored in /usr/share/doc/libdspam7-drv-mysql on the mail delivery server (postman.internal.example.com). There are two different versions of the schemas, one built for speed, the other to save hard disk space. We'll be using the one for speed, but you can choose whichever you want. Remember, read the documentation, that's why it's there!
Install the main schema:
# mysql -u dspam_user -h sql-1.internal.example.com -p dspam_db < /usr/share/doc/libdspam7-drv-mysql/mysql_objects-speed.sql
If you get permission errors, then go back to the mysql server and check to make sure you made the user correctly.
Assuming all went well, we're also going to want to feed in the tables for virtual users:
# mysql -u dspam_user -h sql-1.internal.example.com -p dspam_db < /usr/share/doc/libdspam7-drv-mysql/virtual_users.sql
Now, we just need to tell DSPAM how to talk to our MySQL DB. This is done via the /etc/dspam/dspam.d/mysql.conf file. Edit it accordingly:
Now DSPAM will store all of its information inside of the MySQL DB.
NOTE: This is a temporary setup, just because we hadn't finished the DSPAM virtual user install prior to writing this guide. Ideally, you'd want DSPAM looking at the same virtual user table as Postfix in order to get all the token information stored correctly. I'll update the guide as soon as we've completed that change-over.