[Dovecot] Advanced dovecot tricks - spam review/release

Wed Oct 3 23:14:37 EEST 2012

On 03. okt. 2012 21:48, Marc Perkel wrote:
> Hi,
>
> I'm looking for some advice to do a really advanced trick with 
> Dovecot. I'm not sure if this can be done. I need to describe first.
>
> I have a spam filtering company that does front end spam filtering. 
> (Junk Email Filter) I want to add a system where I store a copy of 
> spam on a server and make it available to the customer to review and 
> maybe resent on false positives.
>
> I know I could do something simple where I deliver all spam to a 
> domain account and make it available to an administrator. Then if it's 
> a false positive they would drag the message to a "resend" folder. 
> I'll have something the checks the folder one a minute to pick up and 
> resend.
>
> However
>
> What would be very cool is delivering the spam to individual accounts. 
> So a user who logs in individually can see their own spam. But the 
> admin for the domain would be able to see all users. Maybe the users 
> would appear as folders?
>
> Then a master account (me) would be able to log in and see all the 
> domains as folders and the users as folders inside the domains?
>
> One thing I can do is deliver the spam to 3 different places so it's 
> visible on all levels.
>
> I'm just wondering if anyone out there has any ideas about that. And 
> I'll need an authentication system.
>
>

Check out the dovecot sieve plugin. I use the following default 
pre-filter for all users:
---
require ["regex", "fileinto", "imap4flags"];

# Catch mail tagged as Spam, except Spam retrained and delivered to the 
mailbox
if allof (header :regex "X-DSPAM-Result" "^(Spam|Virus|Bl[ao]cklisted)$",
           not header :contains "X-DSPAM-Reclassified" "Innocent",
       not header :contains "Received-SPF" "pass .securityfocus.com") {

   # Mark as read
   #setflag "\\Seen";
   addflag "$junk";
   # Move into the Junk folder
   fileinto "INBOX.Junk";

   # Stop processing here
   stop;
}
-----
Together with the dovecot antispam plugin this makes the beginnings of a 
very intuitive
system. I just click to remove the junk flag on any false positive, and 
it gets re-delivered to
me.

The dovecot lda also supports a switch to deliver to a specific folder I 
believe. This would
be an alternative if you get the spam delivered through a separate 
channel anyway.
-------
The other part of your requirements could be met by using dovecot public 
folders, which
I have never used myself. Maybe set up so admins can subscribe to the 
junk-folder of
any user they want ? Refiling false positives might get messy for an 
admin though.

Regards, Håkon.