[Dovecot] Dovecot aspects of fighting spam

[William Blunn]

On 01/06/2010 20:56, Phil Howard wrote:
> Since sieve looks like it will be a problem right now, until I get a 
> solution to that, I'm seriously considering this solution. A shim 
> program I write in C will be run from Postfix master.cf just as 
> Dovecot deliver is now. I'd basically change the executable path to 
> the shim program. The shim program will read the message (I assume 
> from stdin) up to 1MB or the end of headers. If the body isn't reached 
> by 1MB it goes into the spam folder. If the X-Spam: header ispresent 
> with a sufficient probability of spam, it goes into the spam folder. 
> Else it goes into the INBOX. Set up a command argument list to run 
> deliver, and include -m with the folder name if this goes to the spam 
> folder. Set up pipes, fork, and child will exec deliver with that 
> argument list. Pipe the buffer that was read in to deliver until it is 
> empty, then pipe any remaining stdin to deliver all as one stream. 
> Wait for deliver to exit and capture its exit status, and exit with 
> the same status. Postfix should then know if delivery succeeded or failed.

Procmail will do all the things you say above with a few lines of simple 
configuration, but with the benefit of being already done, tried and tested.

Procmail is a little self-contained program which you can just plain 
run, have it do some matches on the message content, and then use that 
to invoke the LDA one way or another.

People may say that Procmail is a bit old, and it is. But it works.

I pass all of my incoming mail through Procmail.

You can make rules with conditions, such as matching header records with 
regular expressions.

If a condition matches (e.g. we found a spam header), then you can tell 
Procmail to pipe the message to a program (e.g. "deliver") with certain 
arguments.

:0
* ^X-Spam-Flag: yes
| deliver -m spam

If none of the rules match, we can get procmail to do something 
different, e.g. pipe the message to a different program, e.g. "deliver" 
but with different arguments.

:0
| deliver

By default, Procmail will try to deliver the message exactly once. If it 
fails, it returns an error code so that the MTA can know that delivery 
failed, and can take the appropriate action.

If you want, Procmail will even pipe your message through another 
program first, e.g. SpamAssassin, so that the other program can change 
the message as required (e.g. adding header records saying whether or 
not it thinks it is spam).

:0 fw
| spamassassin

If you want to pass data from the MTA to Procmail for use in rules, 
(e.g. the envelope recipient), Procmail provides a couple of ways to do 
this.

Documentation can be found in Procmail's four man pages:

Main procmail documentation - man procmail

Procmail configuration file - man procmailrc

Procmail configuration file examples - man procmailex

Procmail weighted scoring technique - man procmailsc

Bill