User Guide - DSPAM User Guide
- 31/12/1969 7:00 PM
1. General Overview
2. Installing DSPAM
3. Administrator Guidelines
4. User Guidelines
5. Training Recommendations
1. General Overview
Warning: DSPAM is a highly specialized Spam identification application that is generally not suitable for mainstream use. It generally appeals to smaller organizations that have users that are highly "computer literate."
In addition, please note that DSPAM is no longer supported by the eApps techinical support department. This document is here for your convenience, but because of the age and complexity of DSPAM, we recommend our user guide on spam prevention for more current information: http://support.eapps.com/hsp/spam
DSPAM is a highly effective server-side statistical anti-spam agent for Unix/Linux email servers. It operates as the email server's local delivery agent and effectively filters spam using a combination of de-obfuscation techniques, specialized algorithms, and statistical analysis. DSPAM has yielded real-world success rates beyond 99.9% accuracy with less than a 0.01% incidence of false positives. The primary benefits of DSPAM are:
- Low Processing Overhead - DSPAM is written in C and has an extremely low processing profile
- Ease of Administration - DSPAM requires very little administrative time and effort. Once installed and configured, a single click in the administrator interface activates the mail user's filter. Because of DSPAM's unique statistical approach, administrators do not have to deal with administration of anti-spam rule sets.
- Ease of Use - DSPAM is self learning, all mail users need to do is forward missed spam and false positives to the engine
- Optional Quarantine - DSPAM allows you to direct all tagged spam to a separate quarantine that can be accessed and managed via a web interface.
DSPAM is a registered trademark of Network Dweebs Corporation. For more information on DSPAM, or to make a donation to this open source project, please visit http://www.nuclearelephant.com/projects/dspam
2. Installing DSPAM
You may select DSPAM when you order the hosting service, or later via your Control Panel. To install from your Control Panel, select the System tab and then click on the Add Application menu choice or button in the section entitled Applications. You will be presented with a list of applications. Find and select the checkbox for DSPAM and then click on the Next bottom at the bottom of the page. Proceed to have the system install DSPAM.
UNINSTALL SPAM ASSASSIN - If you already have Spam Assassin installed, you should uninstall it once DSPAM has been successfully installed. It is not advisable to run both anti-spam filters as this will increase processing time for mail messages and unnecessarily consume some of your allocated server resources. To uninstall Spam Assassin, click on the All Applications button or menu choice in the Applications section of the System tab, then click on the link for Spam Assassin, then click on the Uninstall button.
To verify that DSPAM has been installed, go to the DSPAM web interface at http://[yourdomain]/dspamweb, where [yourdomain] is your fully qualified domain name. When challenged for a username and password, enter the username webadmin and the password you have set for webadmin. If you do not have a password set for webadmin, please do so using the Users function in the Control Panel. Once successfully logged in you will be able to access DSPAM's filtering functions for the webadmin user as well as the overall Administrative functions for DSPAM.
3. Administrator Guidelines
DSPAM has a web interface that you can use to set up default preferences for users, enable DSPAM for users, and view the results of the spam filter.
Web Interface - Login to the Administrative interface for DSPAM (http://[yourdomain]/dspamweb) as described previously. The interface is used to administer DSPAM for all mail users (across all of your domains) in your virtual private server. You will be presented with 5 tabs, which are described below:
1. System Status - this tab reports a summary of the filtering results for your virtual private server. Statistical results are presented in tabular and graphical format for the current day and previous 30 days.
2. User Statistics - this tab displays the statistics and preferences for individual users on your virtual private server. The explanation of the heading abbreviations are presented table below:
| Abbreviation | Explanation |
| IL | Total Spam |
| TS | Total Innocent |
| TI | Spam Misclassified (Spam Misses) |
| IM | Innocent Misclassified (False Positives) |
| SC | Spam Corpusfed (Known Spam) |
| IC | Innocent Corpusfed (Known Innocent) |
| Mode | Training mode (TEFT=Train on Everything,TUM=Train on new or mistakes,TOE=Train on Error) |
| On Spam | Spam identification method (i.e. tag in subject or adding spam result headers) |
| BNR | Bayersian Noise Reduction |
| Whitelist | Autowhitelist |
| Sed | Statistical Sedation |
| Sig Loc | Signature location (in headers or body) |
3. Administration - this tab allows an administrator to change the training and message handling preferences for all users globally or for a specific user. Review our Training Recommendations in a section below. For more detailed information, visit the DSPAM web site at http://www.nuclearelephant.com/projects/dspam.
If you would like to grant additional users administrator access you may do so by adding the user's username that they use to the check their mail into the /var/www/cgi-bin/dspam/admins file on a new line.
4. Aliases (****VERY IMPORTANT****)- this tab contains the Generate Aliases button, you should click this button any time you make updates to mail administration in the control panel (i.e. add or update mailbox, add or update forwards, add or update mailing lists).
5. Control Center - this tab allows an administrator to return to the DSPAM interface for their personal mailbox.
DSPAM Signature - DSPAM inserts a signature into each message it processes. This signature is used in the training process. Users can forward missed spam and false positives to the engine, which matches the signature to identify how the message was processed by the filter. This is the key facilitator of the training process.
Corpus Feeding - DSPAM can be pre-trained using a corpus of innocent and/or spam messages. Some users prefer to feed a corpus in order to acheive a higher accuracy rate right from the start of using DSPAM. We recommend that you do not use corpus feeding, and instead train DSPAM as described in the sections below. Training of DSPAM has proven to be more effective than using corpus feeding to shortcut the training process. For more information on corpus feeding visit the DSPAM web site at http://www.nuclearelephant.com/projects/dspam.
4. Email User Guidelines
How DSPAM Works - DSPAM does not delete any message. When it detects that a message is spam, it places a tag in the subject field of the message. By default, the tag is [SPAM]. The tag can be customized by editing the preference as described in a section below. In order to remove the messages tagged as spam from your Inbox, you must use the filtering features of your mail client. Most users will set their mail client to move tagged messages to their trash or junk folders to allow a chance to review the messages prior to deletion.
Setting User Preferences - Users may take advantage of the web interface for tweaking their preferences, as well as viewing the accuracy of the filter and their message history. Users login at http://[yourdomain]/dspamweb using the same username and password used to authenticate for accessing their regular mailbox.
The users web interface contains the following options:
1. Performance - this is a dashboard style view of your spam filtering accuracy and results metrics.
2. Preferences - this tab allows a user to update various options, including training mode, where the DSPAM signature is placed, and different filtering options.
3. Analysis - this tab presents two graphs representing their spam filtering statistics.
4. History - this tab contains a log of recent messages and how they were treated by the filter.
Training - The web interface allows users to set preferences and view the DSPAM filtering results. In order to effectively use DSPAM, it must be trained by forwarding email messages back to DSPAM. Depending on the preference settings, DSPAM learns from each message that it processes. Users play a significant role in optimizing the accuracy of DSPAM by training the filter. This is done by forwarding 1) missed SPAM messages and 2) messages falsely tagged as spam (false positives) to the DSPAM engine using the following mail addresses.
- Missed Spam - If a user receives an email they feel is spam, but has not been tagged as such by DSPAM, they simply forward the message to spam-[user@yourdomain] (where [user@yourdomain] is the user's full email address). For example, if your email address is betty.boop@toontown.com and you get a spam message to that address, send that message back to spam-betty.boop@toontown.com. Over time the filter will recognize the contents and characteristics of this message and similar ones as spam and DSPAM will tag them with [SPAM] in the subject of the message.
- False Positives - False positives occur when DSPAM tags a valid email message as spam. If a user receives an email that was improperly tagged as spam they should forward it to fp-[user@yourdomain] (where [user@yourdomain] is the user's full email address). The engine will recognize this as a mistake and lessen the value of the factors that caused the message to be tagged as well as recognize the sender of the message. Please note that you should set a filter rule up in your mail client to move tagged messages to a Trash or Junk folder to allow you the ability to visually scan messages in these folders to catch any false positives.
Proper training of DSPAM allows for very high accuracy as it allows the DSPAM engine to create a custom filtering profile for the user based on their actual email traffic. Diligent training is especially important when you first start using DSPAM. Users that actively train DSPAM typically see accuracy in the high 90% ranges after just one week.
Optional Quarantine - If you would like to keep SPAM messages entirely separate from your mail client, you can use the optional Quarantine feature of DSPAM. This will allow mail users to collect messages tagged as spam in a separate area that can be displayed from the DSPAM web interface. This interface allows you to easily see and analyze the messages, and also allows you to train DSPAM directly from the interface. Another nice capability of the quarantine is the ability to set up text strings so that messages containing these text strings will be highlighted in the display. This is helpful to help identify returned mail that ends up as a false positive. The quarantine can be turned on globally for all mail users, or for individual mail users, via the Administrator's web interface (see the section above on logging in as the DSPAM administrator). Individual users can also set the Quarantine up for their own mailbox by logging into their personal DSPAM web interface as described earlier in this section and selecting this feature.
5. Training Recommendations
DSPAM allows a user to choose one of three different training methods depending on which best suits the the user depending on the ratio of spam they now receive. The three methods of training are TOE (Train On Error), TUM (Train Unknowns and Mistakes), and TEFT (Train on Everything Filtered). By default all users use the TEFT method, however this method may not be the best. Below is a breakdown of which method should be used depending on the user's current spam ratio.
TOE: This method is designed for extremely high SPAM ratios. For users receiving 90% or more SPAM in their email, this would be the best option.
TUM: This method is designed for moderately high SPAM ratios. For users receiving 75% or more SPAM in their email, this would be the best option.
TEFT: This method is designed for lower spam ratios. If you don't receive much spam, this would be your best option.