On 16.09.24 09:50, Sirius wrote:
On sön, 2024/09/15 at 14:30:19 +0200, Richard via dovecot wrote:
I've set up dovecot via global sieve scripts to send mails that a user
manually moved to their junk directory to rspamd to learn them as spam
(and learn messages as ham if they are moved out of it). I thought I had
it all properly set up, but I'm now again seeing log messages like this:
root@debian:~# dpkg -l | egrep '^ii.*(rspam|dovecot-core)'
ii dovecot-core 1:2.3.21.1+dfsg1-1~bpo12+1
amd64 secure POP3/IMAP server - core files
ii rspamd 3.4-1
amd64 Rapid spam filtering system
I do the same as you.
Not exactly. I'm on rspamd 3.9.1-1~82f43560f~bookworm. From rspamd's repo.
root@debian:~# ls -l /etc/dovecot/sieve
total 32
-rw-r----- 1 vmail dovecot 188 Sep 4 13:41 global-spam.sieve
-rw-r----- 1 vmail vmail 330 Sep 4 14:01 global-spam.svbin
-rwxr-x--- 2 vmail dovecot 2579 Sep 4 13:44 learn-ham.rspamd.script
-rw-r----- 1 vmail dovecot 256 Sep 4 13:42 learn-ham.sieve
-rw-r----- 1 vmail dovecot 442 Sep 5 03:55 learn-ham.svbin
-rwxr-x--- 2 vmail dovecot 2579 Sep 4 13:44 learn-spam.rspamd.script
-rw-r----- 1 vmail dovecot 151 Sep 4 13:43 learn-spam.sieve
-rw-r----- 1 vmail dovecot 341 Sep 5 03:56 learn-spam.svbin
The scripts need to be executable.
Yes, I forgot to mention that both shell scripts have 770 permissions.
I have this in the plugin {} section of dovecot.conf:
# This will automatically move spam into Junk/ and when you move a message
# into Junk, it will tell rspamd that it is spam for Bayes learning. Moving
# false positives out of Junk/ will teach rspamd that it is ham.
sieve_plugins = sieve_imapsieve sieve_extprograms
sieve_extensions = +editheader +imapflags +mboxmetadata +notify
+servermetadata +spamtest +spamtestplus +virustest
I only have sieve_global_extensions enabled. As user scripts aren't supposed to
be able to access external programs I don't see any benefit configuring that
setting
imapsieve_mailbox1_before =file:/etc/dovecot/sieve/learn-spam.sieve
imapsieve_mailbox1_causes = COPY APPEND FLAG
imapsieve_mailbox1_name = Junk
imapsieve_mailbox2_before =file:/etc/dovecot/sieve/learn-ham.sieve
imapsieve_mailbox2_causes = COPY APPEND FLAG
imapsieve_mailbox2_from = Junk
imapsieve_mailbox2_name = *
sieve_pipe_bin_dir = /etc/dovecot/sieve
sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
I only had +vnd.dovecot.pipe in here. Let's the if adding
+vnd.dovecot.environment changes anything.
sieve_spamtest_status_type = score
sieve_spamtest_status_header = X-Spam_score: (-?[[:digit:]]+\.[[:digit:]])
sieve_spamtest_max_value = 6
sieve_before = /etc/dovecot/sieve/global-spam.sieve
I never configured these. What are their use? I've just set up another sieve
script (which seems to be working just fine) to sort out all messages marked as
spam into the users junk directory. Is this just to do that?
The only other thing was to get the password out of
/etc/rspamd/worker-controller.inc and put it in
/etc/dovecot/rspamd-controller.password (or whatever file your
learn-{sp,h}am script points at to get the password). It needed to be
pointed at 127.0.0.1:11334 for the socket.
What is the password needed for? Because manually executing rspamc doesn't ask
for some password either. The worker-controller.inc does point at 127.0.0.1 and
::1, but no port seems to be configured.
root@debian:~# cat /etc/dovecot/rspamd-controller.conf.sh
# Path to file containing the controller password
# (Or, if it doesn't start with '/' or '.', the password itself.
# But it might leak the password through ps to other users)
RSPAMD_CONTROLLER_PASSWORD=/etc/dovecot/rspamd-controller.password
# passed to rspamc with the -h option (host and port)
RSPAMD_CONTROLLER_SOCKET=127.0.0.1:11334
# if set uses curl instead of rspamc; should start with http: or https:
RSPAMD_CONTROLLER_HOST=
# classifier to learn for (default by rspamc: bayes), e.g. `bayes_user`
RSPAMD_CLASSIFIER=bayes
From what I remember, it was somewhat fiddly to get this working as I was
not intimately familiar with rspamd, nor dovecot or sieve, but this works
and it works well. Relatively low incident rate of false positives after a
some weeks.
We used to have the same for quite a while now, without needing any of that. I
guess the last rspamd update was just borked that much that it won't work for
the time being. Some messages aren't even processed at all...
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
