[proxmox-spamassassin.git] / upstream / sql / README


Loading SpamAssassin User Preferences From An SQL Database
----------------------------------------------------------

SpamAssassin can now load users' score files from an SQL database.  The concept
here is to have a web application (PHP/perl/ASP/etc.) that will allow users to
be able to update their local preferences on how SpamAssassin will filter their
e-mail.  The most common use for a system like this would be for users to be
able to update the white list of addresses (whitelist_from) without the need
for them to update their $HOME/.spamassassin/user_prefs file.  It is also quite
common for users listed in /etc/passwd to not have a home directory, therefore,
the only way to have their own local settings would be through an RDBMS system.

Note that this will NOT look for test rules, only local scores,
whitelist_from(s), and required_score.

In addition, any config options marked as Admin Only will NOT be parsed from
SQL preferences.

SpamAssassin will check the global configuration file (ie. any file matching
/etc/mail/spamassassin/*.cf) for the following settings:

  user_scores_dsn		DBI:driver:connection
  user_scores_sql_username	dbusername
  user_scores_sql_password	dbpassword

The first option, user_scores_dsn, describes the data source name that will be
used to create the connection to your SQL server.  It MUST be in the format
as listed above.  <driver> should be the DBD driver that you have installed
to access your database. <connection> can differ depending on which
database you are using.

For MySQL, connection should take the format

  database:hostname[:port]

<database> must be the name of the database that you created to store the user
preference table. <hostname> is the name of the host that contains the SQL
database server. <port> is the optional port number where your database server
is listening.

  user_scores_dsn		DBI:mysql:spamassassin:localhost

Would tell SpamAssassin to connect to the database named spamassassin using
MySQL on the local server, and since <port> is omitted, the driver will use the
default port number.

For PostgreSQL, connection should take the following format:

  dbname=database;[host=hostname;[port=port;]
  
  user_scores_dsn               DBI:Pg:dbname=spamassassin;host=localhost

would do the same as the previous example.

For additional information, please refer to the DBD::* documentation
for your particular driver.

The spamd server will not pay attention to SQL preferences by default,
even with user_scores_dsn set in the config files.  You must startup
spamd with the proper options (ie -q or -Q, see perldoc spamd for more
information).  If the user_scores_dsn option does not exist,
SpamAssassin will not attempt to use SQL for retrieving users'
preferences.

While scanning a message if spamd is unable to connect to the server
specified in user_scores_dsn or an error occurs when querying the SQL
server then spam checking will not be performed on that message.

The user_scores_sql_username and user_scores_sql_password options are
required if your database server requires a username and password to
be sent on connect.

If you have a table layout that differs from the default, please
review the documentation for user_scores_sql_custom_query for
information on how deal with a custom layout.

Requirements
------------

In order for SpamAssassin to work with your SQL database, you must have
the perl DBI module installed, AS WELL AS the DBD driver/module for your
specific database.  For example, if using MySQL as your RDBMS, you must have
the Msql-Mysql module installed.  Check CPAN for the latest versions of DBI 
and your database driver/module. 

We are currently using:

  DBI-1.20
  Msql-Mysql-modules-1.2219
  perl v5.6.1

But older and newer versions should work fine as the SQL code in SpamAssassin
is as simple as could be.


Database Schema
---------------

The database must contain a table, default name "userpref", with at
least three fields:

  username varchar(100)	  # this is the username whose e-mail is being filtered
  preference varchar(50)  # the preference (whitelist_from, required_score, etc.)
  value varchar(100)	  # the value of the named preference

You can add as many other fields you wish as long as the above three fields are
contained in the table.

Note that you can either use just the mail recipient's username for the
"username" field, in which case a varchar(8) should suffice.  Alternatively,
you can use the entire recipient's email address, e.g. "user@example.com", and
use the full varchar(100).

Included is a default table that can be safely used in your own setup.  To use
the default table, you must first create a database, and a username/password
that can access that database.

If you wish to use a table that differs from the included default you
should review the user_scores_sql_custom_query config option for
information on making it work correctly.

To create a database, if one does not already exist, see "Creating A Database"
below.

To install the table to a mysql database, use the following command:

mysql -h <hostname> -u <adminusername> -p <databasename> < userpref_mysql.sql
Enter password: <adminpassword>

This will create the following table:

CREATE TABLE userpref (
  username varchar(100) default NOT NULL,
  preference varchar(50) default NOT NULL,
  value varchar(100) default NOT NULL,
  prefid int(11) NOT NULL auto_increment,
  PRIMARY KEY (prefid),
  INDEX (username)
) TYPE=MyISAM;

For PostgreSQL, use the following command:

psql -U <username> -f userpref_pg.sql <databasename>

This will create a table similar to above.

Once you have created the database and added the table, just add the required
lines to your global configuration file (local.cf).  Note that you must be
running spamc/spamd in order for this to work, and the current username must
be passed to spamd.  This can be done from spamc using the following
.procmailrc recipe:

  :0fw
  | /usr/local/bin/spamc -f

(watch out; spamc could be installed as /usr/bin/spamc instead.)
If you are using this from /etc/procmailrc, you must include DROPPRIVS=yes 
before spamc.  An example /etc/procmailrc:

  DROPPRIVS=yes

  :0fw
  | /usr/local/bin/spamc -f

Also note that spamd may need the "-q" switch so it knows to look up users in
the SQL table instead of /etc/passwd.  See "man spamd".


Creating A Database 
-------------------

Here's the command to create a MySQL database, and user/password pair to access
it:

mysql -h <hostname> -u <adminusername> -p
Enter password: <adminpassword>
mysql> use mysql;
mysql> insert into user (Host, User, Password) values('localhost','<username>', password('<password>'));
mysql> insert into db (Host, Db, User, Select_priv) values('localhost','<databasename>','<username>','Y');
mysql> create database <databasename>;
mysql> quit

NOTE: If you intend to use this database for Bayes and/or AWL data you
may need to grant additional privs (ie Insert_priv, Update_priv and
Delete_priv).  Please refer to the MySQL documentation for the proper
method of adding these privs.

To create the database for PostgreSQL, with a username/password:

psql -U <adminuser> template1
template1=# CREATE USER <username> PASSWORD '<password>';
template1=# CREATE DATABASE <databasename> OWNER = <username>;


Testing SpamAssassin/SQL
------------------------

To test your SQL setup, and debug any possible problems, you should start
spamd with the -D option, which will keep spamd in the foreground, and will
output debug message to the terminal. You should then test spamd with a
message by calling spamc.  You can use the sample-spam.txt file with the
following command:

  cat sample-spam.txt | spamc

Watch the debug output from spamd and look for the following debug line:

  retrieving prefs for <username> from SQL server

If you do not see the above text, then the SQL query was not successful, and
you should see any error messages reported. <username> should be the user
that was passed to spamd and is usually the user executing spamc.

Note that under the default configuration any prefs stored under the
username '@GLOBAL' are used as defaults for all users.

This code has only been tested using MySQL as the RDMS, but it has been written
with the utmost simplicity using DBI, and any database driver that conforms to
the DBI interface should work without problems.

Web Interfaces
--------------

Several web interfaces have been created for per user configurations.
You can find more information about these on the SpamAssassin wiki:
http://wiki.apache.org/spamassassin/WebUserInterfaces
Commit	Line	Data
37ef5775 SI	1
	2	Loading SpamAssassin User Preferences From An SQL Database
	3	----------------------------------------------------------
	4
	5	SpamAssassin can now load users' score files from an SQL database. The concept
	6	here is to have a web application (PHP/perl/ASP/etc.) that will allow users to
	7	be able to update their local preferences on how SpamAssassin will filter their
	8	e-mail. The most common use for a system like this would be for users to be
	9	able to update the white list of addresses (whitelist_from) without the need
	10	for them to update their $HOME/.spamassassin/user_prefs file. It is also quite
	11	common for users listed in /etc/passwd to not have a home directory, therefore,
	12	the only way to have their own local settings would be through an RDBMS system.
	13
	14	Note that this will NOT look for test rules, only local scores,
	15	whitelist_from(s), and required_score.
	16
	17	In addition, any config options marked as Admin Only will NOT be parsed from
	18	SQL preferences.
	19
	20	SpamAssassin will check the global configuration file (ie. any file matching
	21	/etc/mail/spamassassin/*.cf) for the following settings:
	22
	23	user_scores_dsn DBI:driver:connection
	24	user_scores_sql_username dbusername
	25	user_scores_sql_password dbpassword
	26
	27	The first option, user_scores_dsn, describes the data source name that will be
	28	used to create the connection to your SQL server. It MUST be in the format
	29	as listed above. <driver> should be the DBD driver that you have installed
	30	to access your database. <connection> can differ depending on which
	31	database you are using.
	32
	33	For MySQL, connection should take the format
	34
	35	database:hostname[:port]
	36
	37	<database> must be the name of the database that you created to store the user
	38	preference table. <hostname> is the name of the host that contains the SQL
	39	database server. <port> is the optional port number where your database server
	40	is listening.
	41
	42	user_scores_dsn DBI:mysql:spamassassin:localhost
	43
	44	Would tell SpamAssassin to connect to the database named spamassassin using
	45	MySQL on the local server, and since <port> is omitted, the driver will use the
	46	default port number.
	47
	48	For PostgreSQL, connection should take the following format:
	49
	50	dbname=database;[host=hostname;[port=port;]
	51
	52	user_scores_dsn DBI:Pg:dbname=spamassassin;host=localhost
	53
	54	would do the same as the previous example.
	55
	56	For additional information, please refer to the DBD::* documentation
	57	for your particular driver.
	58
	59	The spamd server will not pay attention to SQL preferences by default,
	60	even with user_scores_dsn set in the config files. You must startup
	61	spamd with the proper options (ie -q or -Q, see perldoc spamd for more
	62	information). If the user_scores_dsn option does not exist,
	63	SpamAssassin will not attempt to use SQL for retrieving users'
	64	preferences.
65
66	While scanning a message if spamd is unable to connect to the server
67	specified in user_scores_dsn or an error occurs when querying the SQL
68	server then spam checking will not be performed on that message.
69
70	The user_scores_sql_username and user_scores_sql_password options are
71	required if your database server requires a username and password to
72	be sent on connect.
73
74	If you have a table layout that differs from the default, please
75	review the documentation for user_scores_sql_custom_query for
76	information on how deal with a custom layout.
77
78	Requirements
79	------------
80
81	In order for SpamAssassin to work with your SQL database, you must have
82	the perl DBI module installed, AS WELL AS the DBD driver/module for your
83	specific database. For example, if using MySQL as your RDBMS, you must have
84	the Msql-Mysql module installed. Check CPAN for the latest versions of DBI
85	and your database driver/module.
86
87	We are currently using:
88
89	DBI-1.20
90	Msql-Mysql-modules-1.2219
91	perl v5.6.1
92
93	But older and newer versions should work fine as the SQL code in SpamAssassin
94	is as simple as could be.
95
96
97	Database Schema
98	---------------
99
100	The database must contain a table, default name "userpref", with at
101	least three fields:
102
103	username varchar(100) # this is the username whose e-mail is being filtered
104	preference varchar(50) # the preference (whitelist_from, required_score, etc.)
105	value varchar(100) # the value of the named preference
106
107	You can add as many other fields you wish as long as the above three fields are
108	contained in the table.
109
110	Note that you can either use just the mail recipient's username for the
111	"username" field, in which case a varchar(8) should suffice. Alternatively,
112	you can use the entire recipient's email address, e.g. "user@example.com", and
113	use the full varchar(100).
114
115	Included is a default table that can be safely used in your own setup. To use
116	the default table, you must first create a database, and a username/password
117	that can access that database.
118
119	If you wish to use a table that differs from the included default you
120	should review the user_scores_sql_custom_query config option for
121	information on making it work correctly.
122
123	To create a database, if one does not already exist, see "Creating A Database"
124	below.
125
126	To install the table to a mysql database, use the following command:
127
128	mysql -h <hostname> -u <adminusername> -p <databasename> < userpref_mysql.sql
129	Enter password: <adminpassword>
130
131	This will create the following table:
132
133	CREATE TABLE userpref (
134	username varchar(100) default NOT NULL,
135	preference varchar(50) default NOT NULL,
136	value varchar(100) default NOT NULL,
137	prefid int(11) NOT NULL auto_increment,
138	PRIMARY KEY (prefid),
139	INDEX (username)
140	) TYPE=MyISAM;
141
142	For PostgreSQL, use the following command:
143
144	psql -U <username> -f userpref_pg.sql <databasename>
145
146	This will create a table similar to above.
147
148	Once you have created the database and added the table, just add the required
149	lines to your global configuration file (local.cf). Note that you must be
150	running spamc/spamd in order for this to work, and the current username must
151	be passed to spamd. This can be done from spamc using the following
152	.procmailrc recipe:
153
154	:0fw
155	\| /usr/local/bin/spamc -f
156
157	(watch out; spamc could be installed as /usr/bin/spamc instead.)
158	If you are using this from /etc/procmailrc, you must include DROPPRIVS=yes
159	before spamc. An example /etc/procmailrc:
160
161	DROPPRIVS=yes
162
163	:0fw
164	\| /usr/local/bin/spamc -f
165
166	Also note that spamd may need the "-q" switch so it knows to look up users in
167	the SQL table instead of /etc/passwd. See "man spamd".
168
169
170	Creating A Database
171	-------------------
172
173	Here's the command to create a MySQL database, and user/password pair to access
174	it:
175
176	mysql -h <hostname> -u <adminusername> -p
177	Enter password: <adminpassword>
178	mysql> use mysql;
179	mysql> insert into user (Host, User, Password) values('localhost','<username>', password('<password>'));
180	mysql> insert into db (Host, Db, User, Select_priv) values('localhost','<databasename>','<username>','Y');
181	mysql> create database <databasename>;
182	mysql> quit
183
184	NOTE: If you intend to use this database for Bayes and/or AWL data you
185	may need to grant additional privs (ie Insert_priv, Update_priv and
186	Delete_priv). Please refer to the MySQL documentation for the proper
187	method of adding these privs.
188
189	To create the database for PostgreSQL, with a username/password:
190
191	psql -U <adminuser> template1
192	template1=# CREATE USER <username> PASSWORD '<password>';
193	template1=# CREATE DATABASE <databasename> OWNER = <username>;
194
195
196	Testing SpamAssassin/SQL
197	------------------------
198
199	To test your SQL setup, and debug any possible problems, you should start
200	spamd with the -D option, which will keep spamd in the foreground, and will
201	output debug message to the terminal. You should then test spamd with a
202	message by calling spamc. You can use the sample-spam.txt file with the
203	following command:
204
205	cat sample-spam.txt \| spamc
206
207	Watch the debug output from spamd and look for the following debug line:
208
209	retrieving prefs for <username> from SQL server
210
211	If you do not see the above text, then the SQL query was not successful, and
212	you should see any error messages reported. <username> should be the user
213	that was passed to spamd and is usually the user executing spamc.
214
215	Note that under the default configuration any prefs stored under the
216	username '@GLOBAL' are used as defaults for all users.
217
218	This code has only been tested using MySQL as the RDMS, but it has been written
219	with the utmost simplicity using DBI, and any database driver that conforms to
220	the DBI interface should work without problems.
221
222	Web Interfaces
223	--------------
224
225	Several web interfaces have been created for per user configurations.
226	You can find more information about these on the SpamAssassin wiki:
227	http://wiki.apache.org/spamassassin/WebUserInterfaces