Postfix, dovecot, spamassassin SPAM to a spam folder

breitscott · 02-12-2007, 11:42 AM

My mail gets a [SPAM] prefix, but I need it to automatically go to a SPAM folder on the servers. I am fedora core 6 with postfix, dovecot, spamassassin,

my master.cf file has

smtp inet n - n - - smtpd
-o content_filter=spamfilter:dummy
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#

spamfilter unix - n n - - pipe
flags=Rq user=spamfilter argv=/usr/local/bin/spamfilter -f ${sender} -- ${recipient}

in my /etc/mail/spamassassin dir I have
local.cf =
required_hits 5
rewrite_header Subject [SPAM]
report_safe 0

So what do I need to do to get spamassassin to move the messages with [SPAM] to the SPAM folder for each user? I need to do this on the server. I tried to use the sa-learn command but that did nothing as far as transferring future messages. Is my local.cf file correct to have spamassassin learn? Is there something I need in my postfix configuration?

Scott

smtp unix - - n - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - n - - smtp
-o fallback_relay=

billymayday · 02-12-2007, 01:55 PM

I use a address extension for spam, which integrates nicely if you use amavis-new between postfix and spamassissan, but not sure if you don't. The other alternaitive is to use a delivery agent like maildrop or procmail.

I also use maildrop, have a look at http://www.postfix.org/MAILDROP_README.html. Looks like you are most of the way there and will simply need a .mailfilter in the user's home directory to do the pattern matching

breitscott · 02-12-2007, 06:16 PM

[scott@streit ~]$ cd
You have mail in /var/spool/mail/scott
[scott@streit ~]$ more .mailfilter
if (/^Subject:.*[STATUS]/)
{
to Mail/SPAM
}

I tried mail/SPAM and SPAM in the file. Everything still goes to my inbox.

Here is my relevant mail log

Feb 12 18:12:06 streit spamd[11884]: spamd: setuid to spamfilter succeeded
Feb 12 18:12:06 streit spamd[11884]: spamd: processing message <DF5747A28060F0C.52B3280DA2@verizon.net> for spamfilter:601
Feb 12 18:12:06 streit postfix/smtpd[18921]: disconnect from pool-72-70-245-58.spfdma.east.verizon.net[72.70.245.58]
Feb 12 18:12:06 streit spamd[11884]: spamd: identified spam (35.5/5.0) for spamfilter:601 in 0.5 seconds, 1502 bytes.
Feb 12 18:12:06 streit spamd[11884]: spamd: result: Y 35 - DATE_IN_PAST_06_12,DIGEST_MULTIPLE,DNS_FROM_RFC_ABUSE,DNS_FROM_RFC_POST,FROM_LOCAL_NOVOWEL,HELO_DYNA MIC_IPADDR,HTML_FONT_BIG,HTML_MESSAGE,MIME_HTML_ONLY,PYZOR_CHECK,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RA NGE_E4_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_NJABL_DUL,RCVD_I N_SORBS_DUL,RCVD_IN_XBL,SPF_NEUTRAL,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_SC_SURBL scantime=0.5,size=1502,user=spamfilter,uid=601,required_score=5.0,rhost=localhost.localdomain,raddr= 127.0.0.1,rport=38545,mid=<DF5747A28060F0C.52B3280DA2@verizon.net>,autolearn=spam
Feb 12 18:12:06 streit spamd[11881]: prefork: child states: II
Feb 12 18:12:06 streit postfix/pipe[18926]: DC6E95A6B18: to=<mail@breitsolutions.com>, relay=spamfilter, delay=0.77, delays=0.18/0.01/0/0.58, dsn=2.0.0, status=sent (delivered via spamfilter service)

billymayday · 02-12-2007, 08:37 PM

Don't you mean /^Subject:.*[SPAM]/?

Do you use maildir or mbox?

breitscott · 02-13-2007, 06:16 AM

How can I tell whether it is mbox or maildir?

My home directory is

cd mail
[scott@streit mail]$ tree
.
|-- Drafts
|-- SPAM
|-- Sent
|-- Sent Items
`-- Trash

0 directories, 5 files
[scott@streit mail]$

[scott@streit mail]$ ls -al
total 80
drwx------ 3 scott scott 4096 Feb 10 18:56 .
drwx------ 47 scott scott 4096 Feb 12 20:26 ..
-rw------- 1 scott scott 0 Feb 10 14:56 Drafts
drwx------ 8 scott scott 4096 Feb 10 18:57 .imap
-rw------- 1 scott scott 0 Feb 10 14:56 Sent
-rw------- 1 scott scott 0 Feb 10 18:56 Sent Items
-rw------- 1 scott scott 31810 Feb 10 19:46 SPAM
-rw------- 1 scott scott 40 Feb 10 18:56 .subscriptions
-rw------- 1 scott scott 562 Feb 10 16:24 Trash
[scott@streit mail]$

I have tried many permutations in the .mailfilter file without a difference.

breitscott · 02-13-2007, 07:20 PM

I changed the .mailfilter to

if ( /^"Subject:.*[SPAM]/ )
to SPAM

Still it goes to the inbox. In squirelmail I created the SPAM folder, how is it referenced in .mailfilter. Is it SPAM mail/SPAM mail/SPAM??? How do I find this out? When I loaded dovecot, I ended up with a .imap folder, how do these play together? How can I tell if my .mailfilter is being called and what is mbox or maildir?

billymayday · 02-14-2007, 02:51 AM

I think mail/SPAM, and I'm guessing your are on mbox

breitscott · 02-14-2007, 11:12 AM

Bill,

I reconfigured postfix and dovecot to use Maildir. That is working. My mail filter is still not being called, or is incorrect. Here is my directory.

[scott@streit ~]$ ls -al Maildir/
total 76
drwxrwxr-x 9 scott scott 4096 Feb 14 12:08 .
drwx------ 47 scott scott 4096 Feb 14 12:08 ..
drwx------ 2 scott scott 4096 Feb 14 12:08 cur
-rw------- 1 scott scott 252 Feb 14 12:08 dovecot.index
-rw------- 1 scott scott 19456 Feb 14 12:08 dovecot.index.cache
-rw------- 1 scott scott 2088 Feb 14 12:08 dovecot.index.log
-rw------- 1 scott scott 519 Feb 14 12:08 dovecot-uidlist
drwx------ 5 scott scott 4096 Feb 14 11:47 .Drafts
drwx------ 2 scott scott 4096 Feb 14 12:08 new
drwx------ 5 scott scott 4096 Feb 14 11:47 .Sent
drwx------ 5 scott scott 4096 Feb 14 12:03 .Spam
-rw------- 1 scott scott 23 Feb 14 11:59 subscriptions
drwx------ 2 scott scott 4096 Feb 14 12:08 tmp
drwx------ 5 scott scott 4096 Feb 14 11:47 .Trash
[

My filter is
[scott@streit ~]$ more .mailfilter
if ( /^"Subject:.*[SPAM]/ )
to Maildir/.SPAM

Everything still goes to my INBOX. Any ideas?

Scott

billymayday · 02-14-2007, 02:44 PM

Nowhere near a linux box, so just some thoughts

1. Check the maillogs to ensure that maildrop is being called. i assume siomething shows up there
2. in case [ & ] are special characters or need escaping, try taking them out of the pattern
3. I think you need the full path for a maildir, so /home/user/Maildir/.SPAM

Will check my box in a day or so

breitscott · 02-14-2007, 05:21 PM

[scott@streit ~]$ more .mailfilter
if ( /^"Subject:.*[SPAM]/ )
to /home/scott/Maildir/.SPAM

[scott@streit ~]$

Now from my maillog

Feb 14 18:09:25 streit dovecot: imap-login: Login: user=<scott>, method=PLAIN, rip=::ffff:127.0.0.1, lip=::ffff:127.0.0.1, secured
Feb 14 18:09:25 streit dovecot: IMAP(scott): Disconnected: Logged out
Feb 14 18:09:57 streit postfix/smtpd[8015]: connect from web53607.mail.yahoo.com[206.190.37.40]
Feb 14 18:09:57 streit postfix/smtpd[8015]: BDE715A6BC5: client=web53607.mail.yahoo.com[206.190.37.40]
Feb 14 18:09:57 streit postfix/cleanup[8019]: BDE715A6BC5: message-id=<835622.6617.qm@web53607.mail.yahoo.com>
Feb 14 18:09:57 streit postfix/smtpd[8015]: disconnect from web53607.mail.yahoo.com[206.190.37.40]
Feb 14 18:09:57 streit postfix/qmgr[7087]: BDE715A6BC5: from=<breitscott@yahoo.com>, size=1648, nrcpt=1 (queue active)
Feb 14 18:09:57 streit spamd[4834]: spamd: connection from localhost.localdomain [127.0.0.1] at port 45989
Feb 14 18:09:57 streit spamd[4834]: spamd: setuid to spamfilter succeeded
Feb 14 18:09:57 streit spamd[4834]: spamd: processing message <835622.6617.qm@web53607.mail.yahoo.com> for spamfilter:601
Feb 14 18:10:00 streit dovecot: imap-login: Login: user=<scott>, method=PLAIN, rip=::ffff:127.0.0.1, lip=::ffff:127.0.0.1, secured
Feb 14 18:10:00 streit dovecot: IMAP(scott): Disconnected: Logged out
Feb 14 18:10:01 streit dovecot: imap-login: Login: user=<scott>, method=PLAIN, rip=::ffff:127.0.0.1, lip=::ffff:127.0.0.1, secured
Feb 14 18:10:01 streit dovecot: IMAP(scott): Disconnected: Logged out
Feb 14 18:10:03 streit spamd[4834]: spamd: identified spam (1004.0/5.0) for spamfilter:601 in 5.4 seconds, 1651 bytes.
Feb 14 18:10:03 streit spamd[4834]: spamd: result: Y 1003 - AWL,DNS_FROM_RFC_ABUSE,DNS_FROM_RFC_POST,DNS_FROM_RFC_WHOIS,GTUBE,HTML_00_10,HTML_MESSAGE,HTML_SHORT _LENGTH scantime=5.4,size=1651,user=spamfilter,uid=601,required_score=5.0,rhost=localhost.localdomain,raddr= 127.0.0.1,rport=45989,mid=<835622.6617.qm@web53607.mail.yahoo.com>,autolearn=no
Feb 14 18:10:03 streit spamd[4829]: prefork: child states: II
Feb 14 18:10:03 streit postfix/pickup[7516]: 600B75A6BF9: uid=601 from=<breitscott@yahoo.com>
Feb 14 18:10:03 streit postfix/cleanup[8019]: 600B75A6BF9: message-id=<835622.6617.qm@web53607.mail.yahoo.com>
Feb 14 18:10:03 streit postfix/pipe[8020]: BDE715A6BC5: to=<scott@thestreits.com>, relay=spamfilter, delay=5.7, delays=0.22/0/0/5.4, dsn=2.0.0, status=sent (delivered via spamfilter service)
Feb 14 18:10:03 streit postfix/qmgr[7087]: BDE715A6BC5: removed
Feb 14 18:10:03 streit postfix/qmgr[7087]: 600B75A6BF9: from=<breitscott@yahoo.com>, size=2703, nrcpt=1 (queue active)
Feb 14 18:10:03 streit postfix/local[8035]: 600B75A6BF9: to=<scott@streit.thestreits.com>, orig_to=<scott@thestreits.com>, relay=local, delay=5.4, delays=5.4/0.01/0/0, dsn=2.0.0, status=sent (delivered to maildir)
F

You can see my configuration at

http://problem.thestreits.com

I look to hear from you.

Thanks,

Scott

billymayday · 02-14-2007, 06:57 PM

I checked and both [ and ] are special characters in maildrop patters, so you either need to escape them or drop them (http://www.courier-mta.org/?maildropfilter.html). Since you are unlikely to have SPAM in a genuine subject line, I'd just drop them

ramram29 · 02-15-2007, 10:00 AM

breitscott, you may want to try procmail. I use Cyrus and sieveshell - it's the best but it's a b!@#$h to configure.

breitscott · 02-15-2007, 01:13 PM

I got an RPM of maildrop in.

> I got an error in the maillog and no delivery. Here is the error:
>
>
> Feb 14 21:27:44 streit maildrop[11750]: Temporary authentication failure.
> Feb 14 21:27:44 streit postfix/local[11669]: 1959F5A6C10:
> to= , orig_to= ,
> relay=local, delay=5.4, delays=5.4/0/0/0.01, dsn=4.3.0, status=deferred
> (temporary failure. Command output: ERR: authdaemon: s_connect() failed:
> Permission denied /usr/bin/maildrop: Temporary authentication failure. )
> Feb 14 21:27:45 streit dovecot: imap-login: Login: user= ,
> method=PLAIN, rip=::ffff:127.0.0.1, lip=::ffff:127.0.0.1, secured
> Feb 14 21:27:45 streit dovecot: IMAP(scott): Disconnected: Logged out
>

I started with the following permissions on /var/spool/postfix
[root@streit postfix]# ls -al
total 128
drwxr-xr-x 16 root root 4096 Nov 3 08:20 .
drwxr-xr-x 14 root root 4096 Feb 14 21:23 ..
drwx------ 2 postfix root 4096 Feb 15 12:25 active
drwx------ 2 postfix root 4096 Feb 15 05:23 bounce
drwx------ 2 postfix root 4096 Sep 1 12:47 corrupt
drwx------ 18 postfix root 4096 Nov 8 17:42 defer
drwx------ 18 postfix root 4096 Nov 8 17:42 deferred
drwx------ 2 postfix root 4096 Feb 14 21:26 flush
drwx------ 2 postfix root 4096 Sep 1 12:47 hold
drwx------ 2 postfix root 4096 Feb 15 12:25 incoming
drwx-wx--- 2 postfix postdrop 4096 Feb 15 12:20 maildrop
drwxr-xr-x 2 root root 4096 Feb 14 21:26 pid
drwx------ 2 postfix root 4096 Feb 15 10:28 private
drwx--x--- 2 postfix postdrop 4096 Feb 15 10:28 public
drwx------ 2 postfix root 4096 Sep 1 12:47 saved
drwx------ 2 postfix root 4096 Sep 1 12:47 trace
[root@streit postfix]#

I changed it to
[root@streit postfix]# ls -al
total 128
drwxr-xr-x 16 root root 4096 Nov 3 08:20 .
drwxr-xr-x 14 root root 4096 Feb 14 21:23 ..
drwx------ 2 postfix root 4096 Feb 15 12:45 active
drwx------ 2 postfix root 4096 Feb 15 05:23 bounce
drwx------ 2 postfix root 4096 Sep 1 12:47 corrupt
drwx------ 18 postfix root 4096 Nov 8 17:42 defer
drwx------ 18 postfix root 4096 Nov 8 17:42 deferred
drwx------ 2 postfix root 4096 Feb 14 21:26 flush
drwx------ 2 postfix root 4096 Sep 1 12:47 hold
drwx------ 2 postfix root 4096 Feb 15 12:45 incoming
drwxrwsrwx 2 postfix postdrop 4096 Feb 15 12:45 maildrop
drwxr-xr-x 2 root root 4096 Feb 14 21:26 pid
drwx------ 2 postfix root 4096 Feb 15 12:44 private
drwxrwsrwx 2 postfix postdrop 4096 Feb 15 12:44 public
drwx------ 2 postfix root 4096 Sep 1 12:47 saved
drwx------ 2 postfix root 4096 Sep 1 12:47 trace

trying to take a broad approach, and still got the same error. What I did was consistent with the reference you gave me. Do you see any holes in what I did.

I also tried to change the permission to /usr/lib/maildrop to

[root@streit bin]# ls -al maildrop
-rwxr-xr-x 1 postfix mail 184600 Dec 30 20:16 maildrop
[root@streit bin]# chmod +S maildrop
chmod: invalid mode: `+S'
Try `chmod --help' for more information.
[root@streit bin]# chmod +s maildrop
[root@streit bin]# ls -al maildrop
-rwsr-sr-x 1 postfix mail 184600 Dec 30 20:16 maildrop
[root@streit bin]#

Still did not work.

billymayday · 02-15-2007, 02:42 PM

Interesting that the "to" field is blank.

Assuming it's looking for the correct user, are the permissions for .mailfilter consistent with the user (should be owner by the relevant user and I think wxr for that user

billymayday · 02-16-2007, 01:29 AM

I don't think it's .mailfilter permissions - I tried stuffing mine up and I get a different error

Here are my maildrop permissions

-rwxr-xr-x 1 root mail 824389 May 3 2006 /usr/local/bin/maildrop

If there's something weird going on with usernames getting dropped, try disabling maildrop for a moment and see if mail is getting delivered - at least you'll know for sure where the problem is. just comment out mailbox_command line in main.cf