SpamAssassin Handling

Hey guys,
It’s been awhile, but I’m back with another SA question.

In my particular setup (details available on request), I’m dropping mail in-session for any host that’s blacklisted on spamcop (I’m pretty sure this is default behavior). I don’t mind the one or two that slip through (and neither do my users, who were getting 900+ spams per_day before they changed to my iworx host); but I’m a little frustrated by the ones that are recognized as spam by iworx, and sent anyway. They usually have the text “Spam detection software running on <HOST> has determined that the attached message is spam” etc. I can see a “attach original” “add X header” “attach plain text” option in the server-level SMTP scanner, but I don’t see the option to simply delete these messages. I understand that, because of a fear of false positives, most folks like to get this kind of message, but all of my users understand that email isn’t a guaranteed delivery method, and agree that if something’s incorrectly tagged as spam, they’d rather not see it, than the 20 or so correctly tagged, but sent anyway.

Any suggestions? Is there any way to silently delete these messages?

You could enable STMP level scanning and set a drop score, but then you will be scanning messages that aren’t dropped 2x, one at STMP and one at SiteWorx level.

One other option you have is to create/modify the InterWorx maildrop script to enable dropping of message at the SiteWorx level. I have already done all the research on this and have it working, if you are interested let me know and I can PM you a sample script on how to do it.

This might be a nice feature to have in InterWorx in the future to be able to give per domain access to a certain drop score, but until then you can do it manually (one of the best part about InterWorx).

An update:

Largly thanks to Justec pointing me towards the correct file, I noticed an interesting chunk of code in the spam assassin configuration file. In /home/interworx/lib/maildrop/spamfilter


      if (/^X-Spam-Flag: *YES/)
      {
         `test -d $IW_VHOME/Maildir/.$IW_JUNKFOLDER`
         if( $RETURNCODE == 1 )
         {
            IW_JUNKFOLDER=tolower( $IW_JUNKFOLDER );
            `test -d $IW_VHOME/Maildir/.$IW_JUNKFOLDER`
            if( $RETURNCODE == 1 )
            {
               IW_JUNKFOLDER=toupper( $IW_JUNKFOLDER );
               `test -d $IW_VHOME/Maildir/.$IW_JUNKFOLDER`
               if( $RETURNCODE == 1 )
               {
                  IW_JUNKFOLDER=""
               }
            }
         }

Wait, what’s that? It’s checking to see if the user has a junkfolder? Well, I decided to create one. But … what do I call it?


IW_JUNKFOLDER="Spam"

Oh, okay. So, using my mail client, I created an IMAP folder called “Spam” and waited a few days. Lo and behold, the messages which formerly were delivered to the user as “spam detection software determined this is spam” were instead dropped into the Spam folder. While I could very easily modify the spam-handling behavior as Justec instructed me, I decided I would instead drop the spams (there’s so few of them anyway) into spam folders. But it’s a bit much to ask every user to create a specially-named folder through their client, and many of my users aren’t using IMAP.

So of course, I figured out how to do it from the shell, and wrote a script that creates the folders for you. If there’s any interest, I’d be happy to paste the script here.

Special thanks to Justec for pointing me in the right direction. You rock.

Edit:
Is there a way to create (or bulk-create) IMAP folders from the iworx interface? I know it can be done via Webmail, but I’m curious if it can be done without impersonating the user.

Hi Chris,

“So of course, I figured out how to do it from the shell, and wrote a script that creates the folders for you. If there’s any interest, I’d be happy to paste the script here”

I sure would like to see the script. Been messing with this for way too long already!

dave

To auto-create an (imap) Spam folder and place messages marked as spam.
This will only work if ALL your CP users want a “Spam” folder auto created.
Edit the maildrop spamassassin filter (/home/interworx/lib/maildrop/spamfilter):

       if (/^X-Spam-Flag: *YES/)
      {
         `test -d $IW_VHOME/Maildir/.$IW_JUNKFOLDER`
         if( $RETURNCODE == 1 )
         {
            `/usr/bin/maildirmake -f $IW_JUNKFOLDER $IW_VHOME/Maildir`;
         }
         to "$IW_VHOME/Maildir/.$IW_JUNKFOLDER/"
      }
      else
      {
         `test -r $IW_VHOME/.mailfilter`
         if( $RETURNCODE == 0 )
         {
            exception {
               include $IW_VHOME/.mailfilter
            }
         }

         to $IW_VPOP
      }

This checks if a Spam folder exists. If not it will create it and store the message. If it exists it will just store the message

THERE IS A DOWNSIDE:

This folder is not “Subscribed” to. A user may not know of the folders existance. It will accumulate messages and fill the mailbox quota.

I have a script that runs via cron - it will delete messages older than xx days in the spam box.

Hi Westlinks,

The script looks good, but I think that I am going to try for something that is user specific. The maildirmake command is just what I was looking for, though!

I have a script that runs via cron - it will delete messages older than xx days in the spam box.

How do you do that? I was going to trash the whole Spam directory and re-make it. This approach would be so much better!

dave

The “find” cmd along with “rm”. $min = # of mins since last time a msgs status changed before expiring. Checkout “man find” for more info.


find $spamfolder/new -name '*' -cmin +$min -exec rm \{} \;
find $spamfolder/cur -name '*' -cmin +$min -exec rm \{} \;
find $spamfolder/tmp -name '*' -cmin +$min -exec rm \{} \;

I expire messages every 6 - 12 hours. The default age is 7 days. Some accounts prefer several hours instead.

FYI: There are 2 maildirmake cmd files.
I use “/usr/bin/maildirmake” It support shareable folders and maildir quotas. It comes with courier Imap that interworx uses. For details see: http://www.courier-mta.org/?maildirmake.html

The other is: /var/qmail/bin/maildirmake This comes with qmail. I seem to remember is was lacking something. So just to be safe I use the courier version.

I’m currently rewriting the script for Interworx-CP as it currently runs on DirectAdmin. It is a php script. Even in PHP it runs fairly fast for 300+ accounts. It trims the trash folders & the spam folders. It looks up the users # of days (age of spam msg) preference from the spamassassin table (pref = “x-spam-days”) I’m going to expand to include a domain wide preference.

Thanks a ton for the info!

I’m pretty familiar with the find command. (Last week I trashed the server with a poorly constructed find piping to xarg rm. Thankfully recovered from backups after an absolute panic attack.)

I was afraid to trash specific messages in the Spam folder, though. I am relatively unschooled in qmail and was concerned that I was going to orphan entries in some index somewhere.

I think that your interface to the SA DB makes all of the sense in the world.

Once again thank you for the tips and the generosity you have shown with your time.

dave

So I am looking at adding the IW_JUNKFOLDER=“Spam” to my /home/interworx/lib/maildrop/spamfilter but since I’m a total newb I can’t think of how to IMAP my way to the collected spam to check for any false positives and/or to see if its working.

Hey if anyone can offer a way for me to check to see if this is working, I’d really appreciate it.

Have you already created a an IMAP folder called “Spam” ? Or is that the stage you’re at? Are you using webmail or another e-mail client?

Paul

I cannot say that I’ve created an IMAP folder called Spam. I’m not quite certain where I would put one if I knew how. Yeah, I’m that green.

I normally use Thunderbird but using webmail is certainly an option for me.

yebot,

Can you verify that you’re using IMAP instead of POP for your connection type first? Then we can take it from there.

Well, I use POP to get into various other mailboxes on the same server. When I look in the Interworx CP, I see that both IMAP and POP are running.

I just mean in your Thunderbird itself. When you setup the email account it asks if you want to use POP or IMAP. Are you using IMAP?

Pop .

Ok. In order to take advantage of the Bayes spam learning, you’ll need to switch your email program to IMAP. Here’s a knowledgebase entry on the nexcess.net site that explains the Bayes system:

http://www.nexcess.net/support/helpdesk/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=75&nav=0,3