Hello.
I would like to ask for help with implementing access control for
retraining aliases.
What I implemented:
- User found message in his mailbox (e.g. sa...@example.org) that he
considers spam,
then he forwards this letter to sales-s...@example.org to retrain filter
- User found message in his mailbox that accidently was marked as spam and
was stored
in Spam folder. So he forwards this letter to sales-nos...@example.org to
retraing filter
that this letter was false positive.
Here is what I've done:
- add two service entries to master.cf
# Train for spam
dspam-spam unix - n n - - pipe
flags=Rhq user=dspam argv=/usr/sbin/dspam --client --user ${user}@${nexthop}
--class=spam --source=error
# Train for ham
dspam-nospam unix - n n - - pipe
flags=Rhq user=dspam argv=/usr/sbin/dspam --client --user ${user}@${nexthop}
--class=innocent --source=error
Create transport map for addresses like user-s...@example.org and
user-nos...@example.org. I host
several domains so I went for regular expression:
# grep transport_maps /etc/postfix/main.cf
transport_maps = regexp:/etc/postfix/transport.dspam
# cat /etc/postfix/transport.dspam
/^.*-spam@(.*)$/i dspam-spam:{$2}
/^.*-nospam@(.*)$/i dspam-nospam:{$2}
I do not have local users, all my users are virtual and are stored in
LDAP. But I do not want to setup retrain aliases
for each LDAP stored user:
dn uid=sales,ou=users,dc=example.org,ou=mail,dc=example,dc=org
...
mail: sa...@example.org
mailAlternateAddress: sales-s...@example.org
mailAlternateAddress: sales-nos...@example.org
So I went for canonical maps:
# grep canonical_maps /etc/postfix/main.cf
canonical_maps = regexp:/etc/postfix/dspam-maps
# cat /etc/postfix/dspam-maps
/^(.*)-spam@(.*)$/i $1@$2
/^(.*)-nospam@(.*)$/i $1@$2
But how do I implement access control for these aliases. I mean that how
do I restrict a malicious user from feeding
sales-s...@example.org with legitimate messages and vice versa? Is it
possible some how to restrict access
to these aliases only to owner of mailbox? E.g. I do not want to allow
sa...@example.org feed marketing-s...@example.org
with legitimate mail.
If someone has similiar setup I also would like to know is it useful at
all, or most of them do not care about filter retraining.
