filter
Server Side Spam Filter – Sendmail – Dovecot – Procmail
Dec 6th
I tried for a long time to get sieve to work with sendmail. I could not get it to work. I would try and create a custom .m4 mailer, as per the sieve pages on the dovecot website, but nothing would work. Ultimately I gave up and used client side mail filtering built into Thunderbird. But this has a big drawback. A desktop session has to be logged on to keep the graphical application running. Because of this large amounts of system resources are consumed and end up being swapped out. As I would sit down at night it would take a significant amount of time for the desktop session to become responsive as it is retreived from swap. I tried disabling swap, but this was a no no because of MythTV’s commercial flagging. It would cause problems and lead to random system instability. Even with 8 gigs of ram my virtual server would sometimes crash. I don’t want this. Now I keep swap enabled and figured out how to get procmail to do server side mail filtering.
It was easy. Simply go into your sendmail.mc file and change the mailer. The default mailers are likely:
MAILER(local)
or
MAILER(smtp)
Install procmail and change the mailer accordingly:
MAILER(procmail)
Now go into your users home directory and touch a new file:
touch .procmailrc
Open it:
nano .procmailrc
Add:
GNU nano 2.0.7 File: .procmailrc
:0:
* ^X-Spam-Flag: YES
$HOME/mail/Junk
With this particular rule all messages flagged as spam, as per spamassassin, will be deposited into the Junk folder in the mail directory. It works as expected. For more information about sendmail, and how to configure spamassassin and clamav, visit a previous post.
Dovecot – Sieve, I Can’t Get Filtering to Work
Dec 1st
Maybe someone will help me. A rare thing to ask, but I cannot get sieve to work on my server. The plugin page, on the dovecot website, appears rather simple.
http://wiki.dovecot.org/LDA/Sieve
Install dovecot, then activate the sieve plugin. Here is what happens. I setup sendmail to use dovecot’s deliver and mail is no longer being accecpted from external ip address. The instructions say to create a dovecot.m4 file as reference it as a mailer in sendmail.mc. The file contains:
######################*****##############
### DOVECOT Mailer specification ###
##################*****##################
Mdovecot, P=/usr/local/libexec/dovecot/deliver, F=DFMPhnu9,
S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP/HdrFromSMTP,
T=DNS/RFC822/X-Unix,
A=deliver -d $u
And the reference is indeed in sendmail.mc. While using smtp, and local as mailers email is received from external addresses. When using the dovecot mailer only local messages are processed. Also the local messages are not processed by sieve. I place .dovecot.sieve in my users home directory, but it does not work. I have read that it needs to be compiled into .dovecot.sievec, but I cannot find a sievec binary in my Debian OS. I’m thinking this has to do with permission issues. Maybe if I setup a new mail server, and have dovecot use mailboxes within the root partition, directly from /var/mail/%u then dovecot will have read/write permissions to the mail folders. Maybe this will allow sieve to compile the filters. Time permitting I will try this.
The setup instructions seem so simple:
protocol lda {
# Support for dynamically loadable plugins. mail_plugins is a space separated
# list of plugins to load.
mail_plugins = cmusieve # … other plugins like quota
}
Above simply shows how to load the cmusieve plugin in the lda protocol. This makes sense because the lda protocol will be used when the dovecot.m4 file is called by sendmail. But ultimately I have no server side mail filtering. Currently I use Thunderbird, client side, to filter my mail. Sometimes there is a delay and a message marked as spam, by the server side spamassassin, makes its way to my cell phone.
I really want server side mail filtering so I can logoff the desktop environment when I am not at home. But because Thunderbird must be running, to provide me functional filtering services, I cannot logoff. I really want to work this out. Any input from a reader will be appreciated.
Spam – Filters and Eventual Prosecution
Nov 24th
A spam kingpin was recently sentenced heavily for his actions. This is excellent. Everyone hates spam. Most people have some sort of spam filter to deal with it. I myself have dealt with is to the maximum, which I have discussed to a great extent in previous posts. Here is a good post about sendmail and how it integrates with spamassassin:
http://www.bgevolution.com/blog/ubuntu-debian-spamassassin-integrate-into-sendmail/
Ultimately you can practically eliminate spam but further introducing blackhole lists to sendmail:
http://www.bgevolution.com/blog/sendmail-blackhole-list-eliminate-most-spam/
http://www.bgevolution.com/blog/sendmail-more-domain-blacklisting-to-prevent-spam/
Some progress has been made on the other end of the spectrum.
One of the most notorious U.S.-based spammers was sentenced to more than four years in jail on Monday for a scheme that used spam to manipulate stock prices in order to make a profit.[Source]
Ubuntu – Debian Spamassassin Integrate into Sendmail
Jul 24th
Ive had a mail server for a long time. Ive always used the built in Spamassasin that Thunderbird uses. I recently got a blackberry and was receiving the spam even though Thunderbird was successfully filtering the spam to the Junk folder. This is because the MTA, Dovecot in my instance, was transferring the mail to Thunderbird and the Blackberry at the same time leaving the mail unfiltered on the Blackberry. To resolve this I required server side spam labeling and filtering. First the mails needed to be labeled as spam. Spamassasin does this nicely. Install Spamassasin using:
sudo apt-get install spamassassin spamass-milter
Then in your sendmail.mc config file add:
# spamassassin settings INPUT_MAIL_FILTER(`spamassassin',`S=local:/var/run/spamass/spamass.sock, F=,T=S:4m;R:4m;E:10m')dnl
Now your going to configure Spamassassin to label spam mails as such. Open the config file with:
sudo nano /etc/mail/spamassassin/local.cf
Remove the pound # sign to uncomment:
rewrite_header Subject *****SPAM***** required_score 5.0 use_bayes 1 bayes_auto_learn 1
Make sure you build the sendmail.cf file. Restart sendmail. Now you have to train Spamassassin. In Thunderbird you have to sort all known spam to a particular folder. Place 200 or so spam messages in the Junk folder completely without any good emails. Then run:
sa-learn --showdots --mbox --spam mail/Junk
The above snipped is run from your users root directory. You can cd to the mail directory and run:
sa-learn --showdots --mbox --spam Junk
Then place known good emails in a particular directory and run:
sa-learn --showdots --mbox --ham mail/temp
Run this every once in a while to increase the accuracy of your spam filter. I have excellent spam detection after only a couple of days of training.
Thunderbird – Built in Spamassasin
Mar 10th
Using Thunderbird, in conjunction with your IMAP configured dovecot is by far the best method of synchronizing you mail folder with multiple devices. In Thunderbird you should instantly turn on your junk mail “adaptive filters”. You can also set custom filter rules to send messages with particular words in the header to the junk folder. Frankly I prefer using the graphical configuration of Thunderbird to the direct command line configuration of spamassasin. Thunderbird is powerful, and successfully filters out well over 95% of the spam I receive. I get closer and closer every day to completely avoiding all spam. Every day I set a new filter rule, and mark new messages as spam.
iPhone Email Spam – Dealing with it Using IMAP
Feb 19th
IMAP mail servers keep the files on the server, in addition to allowing external devices to access and download them. Basically IMAP allows you to synchronize your iPhone with your mail folder the same way you synchronize with your iTunes music. The beauty of this is that you can use a spam filtering program, such as Evolution or Mozilla Thunderbird to establish customized spam filtering rules. Overall, after about a days worth of tuning the spam filter rules, you can practically eliminate all mail spam that would typically go to your iPhone. If you use Gmail, Yahoo mail, or another other mail system, you will first have to forward the emails to a mail server that supports IMAP. I believe Gmail offers IMAP, therefore you can probably set your spam filter rules directly in Gmail, and then synchronize your Iphone with your account. Yahoo I know does not currently support IMAP, therefore you will have to forward your email to an IMAP server, or settle with the SPAM filtering provided by the Yahoo interface. I find the Yahoo interface relatively limited, specifically compared to the elaborate parameters that can be set in Mozilla Thunderbird. Frankly I highly recommend just forwarding all mail to a local IMAP server, and have Thunderbird continuously running to filter out the crapola. I am not going to get into setting up a mail server, as I have covered it extensively in the past. If your interested in setting up your own IMAP server feel welcome to search this blog in the upper right hand corner for more information. You do not need a domain name, as you can forward the email directly to your external IP address 
Basically this concept only works with IMAP because POP will download the messages from the mail server, then clean the spam, and the mail will only be on the local machine in the Thunderbird directories. IMAP keeps the mail on the server, and Thunderbird will successfully clean out the BS leaving the mail accessible to other devices such as your iPhone.
