[Dovecot] Dovecot aspects of fighting spam
William Blunn
bill+dovecot at blunn.org
Wed Jun 2 00:09:57 EEST 2010
On 01/06/2010 20:56, Phil Howard wrote:
> Since sieve looks like it will be a problem right now, until I get a
> solution to that, I'm seriously considering this solution. A shim
> program I write in C will be run from Postfix master.cf just as
> Dovecot deliver is now. I'd basically change the executable path to
> the shim program. The shim program will read the message (I assume
> from stdin) up to 1MB or the end of headers. If the body isn't reached
> by 1MB it goes into the spam folder. If the X-Spam: header ispresent
> with a sufficient probability of spam, it goes into the spam folder.
> Else it goes into the INBOX. Set up a command argument list to run
> deliver, and include -m with the folder name if this goes to the spam
> folder. Set up pipes, fork, and child will exec deliver with that
> argument list. Pipe the buffer that was read in to deliver until it is
> empty, then pipe any remaining stdin to deliver all as one stream.
> Wait for deliver to exit and capture its exit status, and exit with
> the same status. Postfix should then know if delivery succeeded or failed.
Procmail will do all the things you say above with a few lines of simple
configuration, but with the benefit of being already done, tried and tested.
Procmail is a little self-contained program which you can just plain
run, have it do some matches on the message content, and then use that
to invoke the LDA one way or another.
People may say that Procmail is a bit old, and it is. But it works.
I pass all of my incoming mail through Procmail.
You can make rules with conditions, such as matching header records with
regular expressions.
If a condition matches (e.g. we found a spam header), then you can tell
Procmail to pipe the message to a program (e.g. "deliver") with certain
arguments.
:0
* ^X-Spam-Flag: yes
| deliver -m spam
If none of the rules match, we can get procmail to do something
different, e.g. pipe the message to a different program, e.g. "deliver"
but with different arguments.
:0
| deliver
By default, Procmail will try to deliver the message exactly once. If it
fails, it returns an error code so that the MTA can know that delivery
failed, and can take the appropriate action.
If you want, Procmail will even pipe your message through another
program first, e.g. SpamAssassin, so that the other program can change
the message as required (e.g. adding header records saying whether or
not it thinks it is spam).
:0 fw
| spamassassin
If you want to pass data from the MTA to Procmail for use in rules,
(e.g. the envelope recipient), Procmail provides a couple of ways to do
this.
Documentation can be found in Procmail's four man pages:
Main procmail documentation - man procmail
Procmail configuration file - man procmailrc
Procmail configuration file examples - man procmailex
Procmail weighted scoring technique - man procmailsc
Bill
More information about the dovecot
mailing list