Anti spam plugin

When hosting e-mail, you'll have to deal with spam unfortunately. We use Amavis with spamassassin and ClamAV antivirus. This setup works great fo 95% of the time but there are always some spam messages that pass the spamfilter. For this you can train spamassassin to recognize the spam better.
I came across a nice dovecot plugin that is very simple to implement. Users can classify messages as spam simply by moving the messages into the spam folder. Taking messages out of the spam folder tells spamassassin that this message was in fact not spam.

Here's a short how to on the installation. I assume you have dovecot+spamasssin running already:

$ apt-get install dovecot-antispam

Add the "antispam" plugin to /etc/dovecot/conf.d/20-imap.conf (your plugins list may be different):

mail_plugins = $mail_plugins quota imap_quota antispam

Add the following to /etc/dovecot/conf.d/90-plugin.conf:

plugin {
  antispam_backend = pipe
  antispam_debug_target = syslog
  antispam_verbose_debug = 1
  antispam_signature= X-Spam-Status
  antispam_signature_missing= move
  antispam_mail_sendmail_args= --username=%u
  antispam_mail_spam  = --spam
  antispam_mail_notspam  = --ham
  antispam_mail_sendmail = /usr/bin/sa-learn-pipe.sh
  antispam_spam = SPAM;Spam
  antispam_unsure = Virus
  antispam_trash = Trash;trash
}

Create /usr/bin/sa-learn-pipe.sh:

#!/bin/bash
echo /usr/bin/sa-learn $* /tmp/sendmail-msg-$$.txt
echo "$$-start ($*)" >> /tmp/sa-learn-pipe.log

#echo $* > /tmp/sendmail-parms.txt
cat<&0 >> /tmp/sendmail-msg-$$.txt

/usr/bin/sa-learn $* /tmp/sendmail-msg-$$.txt

rm -f /tmp/sendmail-msg-$$.txt

#echo "$$-end" >> /tmp/sa-learn-pipe.log

exit 0

Make this script executable
$ chmod +x /usr/bin/sa-learn-pipe.sh

Restart dovecot
$ service dovecot restart

Now move a message into the spam folder and watch /var/log/syslog. It should have something like this:
Oct 21 15:16:25 debian imap: antispam: mail copy: src spam: 0, dst spam: 1, src unsure: 0
Oct 21 15:16:25 debian imap: antispam: running mailtrain backend program /usr/bin/sa-learn-pipe.sh
Oct 21 15:16:25 debian imap: antispam: running mailtrain backend program /usr/bin/sa-learn-pipe.sh
Oct 21 15:16:25 debian imap: antispam: running mailtrain backend program parameter 1 --username=admin@intermesh.dev
Oct 21 15:16:25 debian imap: antispam: running mailtrain backend program parameter 2 --spam


After this test you should disable debugging in /etc/dovecot/conf.d/90-plugin.conf

Comments


  • Anonymous
    October 23, 2014 at 17:11

    spamassassin does not learn and slows down whole imap.


  • Merijn Schering
    October 24, 2014 at 08:44

    Do you get any errors in the log?
    The only slowdown I notice is when you move mail into the spam or out of it. But that's obvious because it has to copy the mail to a tmp file and feed it to sa-learn.


  • Anonymous
    October 25, 2014 at 13:27

    When I empty a folder it lasts between 10 seconds (less then 10 mails) and about 1 minute (more then 50 mails) before I can access the system again. It depends on how many mails are in the folder.
    And it doesn't learn.

    tail -f /tmp/sa-learn-pipe.log:

    9858-start (--username=xxxxx --spam)
    10002-start (--username=xxxxx --spam)
    10237-start (--username=xxxxx --spam)


    sa-learn -u xxxxx -D --backup:

    Oct 23 11:18:21.308 [9935] dbg: bayes: found bayes db version 3
    v 3 db_version # this must be the first line!!!
    v 0 num_spam
    v 0 num_nonspam


  • Anonymous
    October 25, 2014 at 13:35

    Sorry, my last comment was not specific at all: I meant, when emptying a spam folder it lasts so long and sometimes I have to restart apache because GO hangs and won't come back.


  • Merijn Schering
    October 27, 2014 at 08:54

    The antispam plugin should not activate when emptying trash or spam. Make sure your trash folder is listed in: antispam_trash = Trash;trash.

Back to Top
SourceForge.net Logo