Timothy Murphy schrieb am 18.06.2014 14:59:
I'm running Postfix with dovecot, spamass-milter and SpamAssassin
on a CentOS-6.5 server.
At the moment I am sending spam to my spam folder ~/Maildir/.Spam/
with procmail, by appending
mailbox_command = /usr/bin/procmail -f- -a "$USER"
to /etc/postfix/main.cf .
This seems a little convoluted to me;
I'd prefer to send spam straight to the Spam folder
as soon as it is detected by SA.
Is this possible?
That's not convoluted, it is the usual way for mails to filter. Procmail
is fine. This is a valid job for the delivery agent for server-based
filtering. One may argue that procmail is not the most suited delivery
agent for the postfix+dovecot combination. You can use the built-in
delivery agent of dovecot instead of procmail and the sieve filter of
dovecot (called "pigeonhole") to achieve a more modern filtering system.
Sieve also enables your users to maintain server-based filters for
themselves, since there are web interfaces and mail client plugins for
sieve.
I am running the same Linux distribution and set of mail processing
software, and I am using the delivery agent of dovecot for local
delivery and the dovecot sieve filter to move marked spam into a spam
folder. I'm running this on a tiny mail server for a few persons on my
domain.
There are probably several howto's I consulted to make this setup - a
bunch of small but important configuration changes is required for this.
I'm sorry that I cannot remember what howto's I used. It's probably in
the dovecot wiki and the postfix documentation.
Going through my configuration files, I find this:
- use lmtp for communication with the dovecot delivery agent:
main.cf:
mailbox_transport = lmtp:unix:private/dovecot-lmtp
virtual_transport = lmtp:unix:private/dovecot-lmtp
- dovecot configuration:
10-master.conf:
service lmtp {
client_limit = 1
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0660
user = postfix
}
}
20-lmtp.conf:
protocol lmtp {
# Space separated list of plugins to load (default is global
mail_plugins).
mail_plugins = $mail_plugins sieve
}
Additionally, I install a default sieve filter for every user:
require ["fileinto","subaddress"];
# rule:[spam - should learn]
if allof (header :is "X-Spam-Flag" "YES", not header :contains
"X-Spam-Status" "BAYES_99", header :contains "X-Spam-Status" "autolearn=no")
{
fileinto "Junk/learn";
stop;
}
# rule:[spam - sure]
if allof (header :contains "X-Spam-Level" "**********")
{
fileinto "Junk/sure";
stop;
}
# rule:[spam - probable]
if allof (header :is "X-Spam-Flag" "YES")
{
fileinto "Junk/probable";
stop;
}
This will move spam that was not autolearned and not BAYES_99 to a
folder called Junk/learn. Remaining spam that scored at least 10 is
moved to a folder called Junk/sure, and the remaining spam from that is
moved to a folder called Junk/probable.
From my experience, spam in the Junk/sure folder can be deleted right
away, the other folders should be reviewed from time to time.
If you want to use such a fine grained junk folder setup, depends on
your users and if you want to set up a manual bayes learning procedure
via imap folders. In most cases, automatic learning is sufficient and
the only rule you need is the "spam - probable" rule.
As an example, this is a log of a spam mail going through this system
and ending up in the Junk/learn folder:
Jun 16 08:28:21 mail postfix/smtpd[26523]: connect from
sa1.bezeqint.net[192.115.104.31]
Jun 16 08:28:22 mail postfix/smtpd[26523]: 35435C1133:
client=sa1.bezeqint.net[192.115.104.31]
Jun 16 08:28:22 mail postfix/cleanup[26526]: 35435C1133:
message-id=<20140616062822.35435c1...@mail.wombaz.de>
Jun 16 08:28:22 mail postfix/qmgr[16093]: 35435C1133:
from=<fourrhe...@embarqmail.com>, size=2244, nrcpt=1 (queue active)
Jun 16 08:28:22 mail postfix/smtpd[26523]: disconnect from
sa1.bezeqint.net[192.115.104.31]
Jun 16 08:28:22 mail spamd[26377]: spamd: connection from ::1
[::1]:42086 to port 783, fd 6
Jun 16 08:28:22 mail spamd[26377]: spamd: setuid to spamd succeeded
Jun 16 08:28:22 mail spamd[26377]: spamd: processing message
<20140616062822.35435c1...@mail.wombaz.de> for spamd:495
Jun 16 08:28:28 mail spamd[26377]: spamd: identified spam (38.4/5.0) for
spamd:495 in 6.3 seconds, 2249 bytes.
Jun 16 08:28:28 mail spamd[26377]: spamd: result: Y 38 -
AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_99,FORGED_MUA_OUTLOOK,FROM_MISSPACED,FRO
M_MISSP_MSFT,FROM_MISSP_REPLYTO,FROM_MISSP_TO_UNDISC,FROM_MISSP_USER,FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,GENERIC_IXHASH,JM_SOUGHT_FR
AUD_3,MSOE_MID_WRONG_CASE,NIXSPAM_IXHASH,NSL_RCVD_FROM_USER,RCVD_IN_BRBL_LASTEXT,RCVD_IN_PSBL,SUBJ_ALL_CAPS,T_FROM_MISSP_DKIM,ZMIde_
OutlookExpress
scantime=6.3,size=2249,user=spamd,uid=495,required_score=5.0,rhost=::1,raddr=::1,rport=42086,mid=<20140616062822.3543
5c1...@mail.wombaz.de>,bayes=0.998382,autolearn=no autolearn_force=no
Jun 16 08:28:28 mail postfix/pipe[26528]: 35435C1133:
to=<a...@wombaz.de>, relay=spamd, delay=6.6, delays=0.35/0.01/0/6.3,
dsn=2.0.0
, status=sent (delivered via spamd service)
Jun 16 08:28:28 mail postfix/qmgr[16093]: 35435C1133: removed
Jun 16 08:28:28 mail postfix/pickup[26498]: 893BBC1E36: uid=495
from=<fourrhe...@embarqmail.com>
Jun 16 08:28:28 mail postfix/cleanup[26526]: 893BBC1E36:
message-id=<20140616062822.35435c1...@mail.wombaz.de>
Jun 16 08:28:28 mail postfix/qmgr[16093]: 893BBC1E36:
from=<fourrhe...@embarqmail.com>, size=4316, nrcpt=1 (queue active)
Jun 16 08:28:28 mail dovecot: lmtp(26538): Connect from local
Jun 16 08:28:28 mail dovecot: lmtp(26538, a...@wombaz.de):
5apNJoyOnlOqZwAAjzVGGw: sieve:
msgid=<20140616062822.35435c1...@mail.wombaz.de>: stored mail into
mailbox 'Junk/learn'
Jun 16 08:28:28 mail dovecot: lmtp(26538): Disconnect from local: Client
quit
Jun 16 08:28:28 mail postfix/lmtp[26537]: 893BBC1E36:
to=<a...@wombaz.de>, relay=mail.wombaz.de[private/dovecot-lmtp],
delay=6.4, delays=6.3/0.02/0.01/0.08, dsn=2.0.0, status=sent (250 2.0.0
<a...@wombaz.de> 5apNJoyOnlOqZwAAjzVGGw Saved)
Jun 16 08:28:28 mail postfix/qmgr[16093]: 893BBC1E36: removed
