Networking

Hardware

Software

Consultation

 

Dovecot-Antispam

 
 
This tutorial was completed on Ubuntu 10.04LTS, there is no guaranty it will function as expected on any other version or OS. There will be an updated version, for Ubuntu 12.04LTS, made available when time permits.

This tutorial will show how to get "dovecot-antispam" which watches a defined spam folder (defaults to "SPAM") working. It works together with a spam system that classifies each message as it is delivered. When the message is classified as spam, it shall be delivered to the spam folder, otherwise via the regular filtering file the user may have (maildrop, sieve, ...). Now the user has everything classified as spam in the special spam folder, everything else where it should be sorted to.

This is not enough because our spam scanner needs training. We’ll occasionally have false positives and false negatives. Now this is the point where the dovecot antispam plugin comes into play. Instead of moving mail into special folders or forwarding them to special mail addresses for retraining, the plugin offers two actions for the user:

1. moving mail out of the SPAM folder and

2. moving mail into the SPAM folder.

The dovecot plugin watches these actions (and additionally prohibits APPENDs to the SPAM folder, more for technical reasons than others) and tells the spam classifier that it made an error and needs to re-classify the message (as spam/not spam depending on which way it was moved.)

The advantage of this approach is that the mail ends up in the right target folder directly and needs not be touched twice. With DSPAM installed, make sure that the DSPAM signature is in the header on your email messages by confirming the following setting in dspam.conf:

Preference "signatureLocation=headers"  # 'message' or 'headers'

Install build essentials:

aptitude install build-essential

Install build dependencies:

aptitude install cvs debhelper dovecot-dev gettext html2text intltool-debian libcroco3 libmail-sendmail-perl libsys-hostname-long-perl po-debconf

Download the source:

cd /usr/src
wget http://us.archive.ubuntu.com/ubuntu/pool/universe/d/dovecot-antispam/dovecot-antispam_1.2+20090702.orig.tar.gz

Unpack the source, and remove the tar'ed package:

tar xzf *.tar.gz
rm *.tar.gz

move into the new directory:

cd dovecot-antispam-1.2+20090702.orig

create .config file, and edit it:

cp defconfig .config
vim .config

Choose the backend, by uncommenting exactly one:

change:

	# backend (select exactly one)
	#  dspam-exec	- direct dspam training by calling dspam executable
	#  signature-log	- signature logging using dovecot's dict API
	#  mailtrain		- send mail to special addresses for training
	#  crm114-exec	- direct crm114 training by calling mailreaver.crm
	#  spool2dir		- spool trained emails to a directory
	#BACKEND=dspam-exec
	#BACKEND=signature-log
	#BACKEND=mailtrain
	#BACKEND=crm114-exec
	#BACKEND=spool2dir

to:

	# backend (select exactly one)
	#  dspam-exec	- direct dspam training by calling dspam executable
	#  signature-log	- signature logging using dovecot's dict API
	#  mailtrain		- send mail to special addresses for training
	#  crm114-exec	- direct crm114 training by calling mailreaver.crm
	#  spool2dir		- spool trained emails to a directory
	BACKEND=dspam-exec
	#BACKEND=signature-log
	#BACKEND=mailtrain
	#BACKEND=crm114-exec
	#BACKEND=spool2dir

Enable debugging... or not, by uncommenting the debug lines.

Make the file:

make

Copy the .so file into the dovecot Plugin directory:

cp lib90_antispam_plugin.so /usr/lib/dovecot/modules/imap/

Add the following to your dovecot.conf file:

protocol imap {
        mail_plugins = antispam
}

You may already have a protocol imap section, if that is the case simply add 'mail_plugins = antispam' to it.
Then add the following, at/near the end:

plugin {
    ##################
    # GENERIC OPTIONS

    # mail signature (used with any backend requiring a signature)
    antispam_signature = X-DSPAM-Signature

    # action to take on mails without signature
    # (used with any backend requiring a signature)
    # (we recommend only setting this to 'move' after verifying that the
    # whole setup is working)
    # antispam_signature_missing = move # move silently without training
    antispam_signature_missing = error

    # The list of folders for trash, spam and unsure can be given
    # with three options, e.g. "trash" matches the given folders
    # exactly as written, "trash_pattern" accept the * wildcard at
    # the end of the foldername, "trash_pattern_ignorecase"
    # accepts the * wildcard at the end of the foldername _and_
    # matches the name case insensitivly.

    # the *-wildcard with the following meaning:
    #    * at the end: any folder that _start_ with the string
    # e.g.:
    #	antispam_trash_pattern = deleted *;Gel&APY-schte *
    # match any folders that start with "deleted " or "Gelöschte "
    # match is _case_senstive_!
    #
    #	antispam_trash_pattern_ignorecase = deleted *;Gel&APY-schte *
    # match any folders that start with "deleted " or "gelöschte "
    # match is _case_insenstive_, except the non-USASCII letters,
    # "ö" in this example.
    # To match the upper-case Ö, too, you need to add yet another
    # pattern "gel&ANY-schte *", note the different UTF7 encoding:
    # &ANY- instead of &APY-.


    # semicolon-separated list of Trash folders (default unset i.e. none)
    # antispam_trash =
    # antispam_trash = trash;Trash;Deleted Items; Deleted Messages
    # antispam_trash_pattern = trash;Trash;Deleted *
    antispam_trash_pattern_ignorecase = trash;Deleted *

    # semicolon-separated list of spam folders
    # antispam_spam = SPAM
    # antispam_spam_pattern = SPAM
    antispam_spam_pattern_ignorecase = SPAM

    # semicolon-separated list of unsure folders (default unset i.e. none)
    # antispam_unsure =
    # antispam_unsure_pattern =
    # antispam_unsure_pattern_ignorecase =

    # Whether to allow APPENDing to SPAM folders or not. Must be set to
    # "yes" (case insensitive) to be activated. Before activating, please
    # read the discussion below.
    # antispam_allow_append_to_spam = no

    ###########################
    # BACKEND SPECIFIC OPTIONS
    #

    #===================
    # dspam-exec plugin

    # dspam binary
    antispam_dspam_binary = /usr/bin/dspam

    # semicolon-separated list of extra arguments to dspam
    # (default unset i.e. none)
    # antispam_dspam_args =
    # antispam_dspam_args = --deliver=;--user %u  # % expansion done by dovecot
    # antispam_dspam_args = --mode=teft

    # The following will give you a single database under the user vmail.  If
    # this is not what you want use one of the args. above.
    antispam_dspam_args = --deliver=innocent,spam;--user vmail

    # Ignore mails where the DSPAM result header contains any of the
    # strings listed in the blacklist
    # (default unset i.e. none)
    # antispam_dspam_result_header = X-DSPAM-Result
    # semicolon-separated list of blacklisted results, case insensitive
    # antispam_dspam_result_blacklist = Virus

}

Restart Dovecot

/etc/init.d/dovecot restart

That should do it!! Start moving spam into the SPAM folder and before you know it, you'll be spam free...

If you would like to have Dovecot move the spam tagged emails simply place the following into '.dovecot.sieve', and place the file into the users root mail folder (the folder with 'Maildir' in it).

require ["fileinto","imapflags"];
if header :contains "subject" ["[SPAM]"] {
        setflag "\\seen";
        fileinto "SPAM";
        stop;
} else {
        # The rest goes into INBOX
        # default is "implicit keep", we do it explicitly here
        keep;
}