[Dovecot] Reviewing end-user ham/spam submissions before feeding them to sa-learn via Dovecot Antispam plug-in
Currently, I'm using the Dovecot Antispam plug-in with great success. Everything works as expected.
However, I would like to change the plug-in's behavior such that it simply sends a copy of a message that is moved from Inbox -> Junk (or Junk -> Inbox) to an administrator, instead of calling sa-learn (I'm using SpamAssassin) automatically.
Basically, I would like to be able to review messages that end-users submit for training before they are actually fed to sa-learn.
Has anyone had a similar need? If the Antispam plug-in already supports this, if the necessary commands can simply be added to the shell script that Antispam calls, or if there is a better method altogether, any help is greatly appreciated.
Thank you!
-Ben
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, 16 Jan 2013, Ben Johnson wrote:
Currently, I'm using the Dovecot Antispam plug-in with great success. Everything works as expected.
However, I would like to change the plug-in's behavior such that it simply sends a copy of a message that is moved from Inbox -> Junk (or Junk -> Inbox) to an administrator, instead of calling sa-learn (I'm using SpamAssassin) automatically.
Basically, I would like to be able to review messages that end-users submit for training before they are actually fed to sa-learn.
Hmm, if you use Maildir:
plugin { antispam_backend = spool2dir antispam_allow_append_to_spam = true [snip] antispam_spool2dir_spam = /path/to/admin/Maildir/.TrainingReview.spam/new/%%020lu-%%05lu antispam_spool2dir_notspam = /path/to/admin/Maildir/.TrainingReview.not_spam/new/%%020lu-%%05lu }
any of your mail users need write permission those directories, the admin needs read permissions for the spooled files, you need some method to pass the reviewed messages to sa-learn.
IMHO, for 3rd step: I would either flag messages to be learned or move them into another folder. And a cron job feeds them to sa-learn, so they do not get into the message queue again and are probably re-filterred or modified before sa-learn picks them up.
If you do not have Maildir to drop the files to or get problems, because the messages appear in "new" before they are spooled on disk and hence they may get indexed wrongly, because their content changes (which is forbidden in IMAP), you could spool them into
antispam_spool2dir_spam = /tmp/spamspool/spam/%%020lu-%%05lu-%u
antispam_spool2dir_notspam = /tmp/spamspool/ham/%%020lu-%%05lu-%u
-or-
antispam_spool2dir_spam = /tmp/spamspool/%%020lu-%%05lu-%u-S
antispam_spool2dir_notspam = /tmp/spamspool/%%020lu-%%05lu-%u-Hand have another cron job or inotify-wrapper move the messages to the reviewer's mailbox. In this case, you can make use of the "%u" component, which is expanded by the username, who spooled the message. So you could ignore messages of some users and/or ... .
Kind regards,
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBUPfFC13r2wJMiz2NAQLSCAf/VEKn0DN9ueXLB9EDE7DOhzfn3ccqO9p+ k4xhuNVA6GaNdcpGpe69EgRfPaRkwbQrskyPABgdgS3nnSQPXA7nlnQm9BIr4cti OPsse+scQBtmRlmiIgXBO4RsDdZGSKg6f3ob+BLUU579MrzBVCiR4fsVtKZBefJv qK1TFYxGLUtimUx8lznrs053vBO/Y1cCpGe5u55UY8OnA8qu0gu9b3l6LWNHkiAu 5aL3thDqlnirrzQVvsCfEgb0N11vy2eT+KYn+WsfG+d/JCt/tDVEoPAs19C5NPgR moMKqmU1EnUNxNuK8GHAEAgcAiixIhXbj95MkhTAYU9ephXMcGRodg== =ynjz -----END PGP SIGNATURE-----
On 1/17/2013 4:31 AM, Steffen Kaiser wrote:
On Wed, 16 Jan 2013, Ben Johnson wrote:
Currently, I'm using the Dovecot Antispam plug-in with great success. Everything works as expected.
However, I would like to change the plug-in's behavior such that it simply sends a copy of a message that is moved from Inbox -> Junk (or Junk -> Inbox) to an administrator, instead of calling sa-learn (I'm using SpamAssassin) automatically.
Basically, I would like to be able to review messages that end-users submit for training before they are actually fed to sa-learn.
Hmm, if you use Maildir:
plugin { antispam_backend = spool2dir antispam_allow_append_to_spam = true [snip] antispam_spool2dir_spam = /path/to/admin/Maildir/.TrainingReview.spam/new/%%020lu-%%05lu antispam_spool2dir_notspam = /path/to/admin/Maildir/.TrainingReview.not_spam/new/%%020lu-%%05lu }
any of your mail users need write permission those directories, the admin needs read permissions for the spooled files, you need some method to pass the reviewed messages to sa-learn.
IMHO, for 3rd step: I would either flag messages to be learned or move them into another folder. And a cron job feeds them to sa-learn, so they do not get into the message queue again and are probably re-filterred or modified before sa-learn picks them up.
If you do not have Maildir to drop the files to or get problems, because the messages appear in "new" before they are spooled on disk and hence they may get indexed wrongly, because their content changes (which is forbidden in IMAP), you could spool them into
antispam_spool2dir_spam = /tmp/spamspool/spam/%%020lu-%%05lu-%u antispam_spool2dir_notspam = /tmp/spamspool/ham/%%020lu-%%05lu-%u -or- antispam_spool2dir_spam = /tmp/spamspool/%%020lu-%%05lu-%u-S antispam_spool2dir_notspam = /tmp/spamspool/%%020lu-%%05lu-%u-H
and have another cron job or inotify-wrapper move the messages to the reviewer's mailbox. In this case, you can make use of the "%u" component, which is expanded by the username, who spooled the message. So you could ignore messages of some users and/or ... .
Kind regards,
-- Steffen Kaiser
Steffen, thank you very much for the thorough reply. I apologize for taking so long to digest it and respond.
I am using the Maildir format indeed.
any of your mail users need write permission those directories, the admin needs read permissions for the spooled files,
By "mail users", do you mean, e.g., the "vmail" user account (I'm on Debian/Ubuntu)? My understanding is that the "vmail" user account handles all IMAP transactions; if this is true, then are you saying that the only requisite to your suggestions is that the "vmail" user has read/write access to the following two directories?
/path/to/admin/Maildir/.TrainingReview.spam/new/
and
/path/to/admin/Maildir/.TrainingReview.not_spam/new/
you need some method to pass the reviewed messages to sa-learn.
In the past, I have simply sorted the messages into "Ham" and "Spam" sub-folders of the admin's training Inbox, and called sa-learn, with the appropriate --ham/--spam switch on each, using a cron job. It sounds as though this is what you are suggesting, and I can continue with this approach.
I went ahead and tried to reconfigure Dovecot's Antispam plug-in to use the spool2dir backend, but I'm receiving a less-than-helpful message from the plug-in when I try to move a message from Inbox to Junk or vice versa: "CANNOT: antispam plugin not configured".
Initially, I was using paths to the admin's mailbox, as demonstrated in your initial response, but I simplified the spool location in order to eliminate permission problems.
Please note that I am using Dovecot 1.2.9 in Ubuntu 10.04 LTS. By extension, I am using the Antispam plug-in for Dovecot 1 (not 2), the manpage for which is at http://manpages.ubuntu.com/manpages/lucid/man7/dovecot-antispam.7.html . So, the configuration option names and expected values differ slightly from those in your example.
These are the only configuration directives that I am using:
plugin { # Unrelated plugin options here [...]
antispam_spam_pattern_ignorecase = SPAM;JUNK # Is this next directive actually required for this approach? antispam_allow_append_to_spam = yes antispam_spool2dir_spam = /tmp/spamspool/%%020lu-%u-%%05lus antispam_spool2dir_notspam = /tmp/spamspool/%%020lu-%u-%%05luh }
The spool directory that is specified exists and, for testing purposes, has 0777 permissions:
# ls -lah /tmp | grep "spamspool" drwxrwxrwx 2 root root 4.0K Jan 31 14:22 spamspool
Based on the above-cited manpage, these are be the only options that are required (perhaps with the exception of antispam_allow_append_to_spam).
What have I overlooked here?
Thanks again for all your help!
-Ben
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, 31 Jan 2013, Ben Johnson wrote:
On 1/17/2013 4:31 AM, Steffen Kaiser wrote:
On Wed, 16 Jan 2013, Ben Johnson wrote:
I am using the Maildir format indeed.
any of your mail users need write permission those directories, the admin needs read permissions for the spooled files,
By "mail users", do you mean, e.g., the "vmail" user account (I'm on Debian/Ubuntu)? My understanding is that the "vmail" user account
Yes, I mean that Unix account, Dovecot accesses the fils with. In a setup with virtual users "vmail" makes sense.
handles all IMAP transactions; if this is true, then are you saying that the only requisite to your suggestions is that the "vmail" user has read/write access to the following two directories?
/path/to/admin/Maildir/.TrainingReview.spam/new/
and
/path/to/admin/Maildir/.TrainingReview.not_spam/new/
Yes.
you need some method to pass the reviewed messages to sa-learn.
In the past, I have simply sorted the messages into "Ham" and "Spam" sub-folders of the admin's training Inbox, and called sa-learn, with the appropriate --ham/--spam switch on each, using a cron job. It sounds as though this is what you are suggesting, and I can continue
That's what I mean.
with this approach.
I went ahead and tried to reconfigure Dovecot's Antispam plug-in to use the spool2dir backend, but I'm receiving a less-than-helpful message from the plug-in when I try to move a message from Inbox to Junk or vice versa: "CANNOT: antispam plugin not configured".
Please note that I am using Dovecot 1.2.9 in Ubuntu 10.04 LTS. By
Oh, I have no experience with Dovecot v1.2; in v1.0 you have to compile one particular backend into antispam-plugin. Maybe, distributors have another, non-Dovecot way to select between the backends.
extension, I am using the Antispam plug-in for Dovecot 1 (not 2), the manpage for which is at http://manpages.ubuntu.com/manpages/lucid/man7/dovecot-antispam.7.html . So, the configuration option names and expected values differ slightly from those in your example.
The man-page contains:
"INSTALLATION
First copy the ‘defconfig’ file to ‘.config’ and edit it as necessary. You need to have the dovecot headers installed and possibly other things depending on the backend you choose. Then, assuming you have configured the INSTALLDIR correctly, simply run ‘make install’. "
- -and-
"BACKENDS
The plugin supports multiple backends, there are currently two working backends included in the distribution: "
This suggests that my guess is true - although I don't understand the "there are currently two backends included" part.
======
So you could re-compile another antispam-plugin with spool2dir backend, or
- you are using these settings, right?
#===================== # mail sending plugin # # Because of the way this plugin works, you can also use it # to train via an arbitrary program that receives the message # on standard input, in that case you can use the config # options antispam_mail_spam and antispam_mail_notspam for # the argument that distinguishes between ham and spam. # For example: # antispam_mail_sendmail = /path/to/mailtrain # antispam_mail_sendmail_args = --for;%u # antispam_mail_spam = --spam # antispam_mail_notspam = --ham
change antispam_mail_sendmail into a script, that drops the message into the correct mail folder, e.g.:
#!/bin/bash
mode= for opt; do if test "x$opt" == x--ham; then mode=HAM break elif test "x$opt" == x--ham; then mode=SPAM break fi done
if test -n "$mode"; then # options from http://wiki1.dovecot.org/LDA /path/to/dovecot-deliver -d spamadmin -m Training.$mode fi
This sends the message bypassing a MTA to the spamadmin user.
Kind regards,
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBUQvHDl3r2wJMiz2NAQJEeAf/XmxSzh+cPqviAax/ucThVaYfygrARz6G qXRLbea/8fnhlRfO2seL75tElDmRsirVXGPu5awpf0WUEzFD96HWrmcrKMMRPfyE uFylqzVB2dnmc+KOLolGb08hKRooMOaTPQt1Y9eVDGAplQM8PoNu+K3QE+rqkCbf OJiL2pxJrEbiTOxzVhFSgUY/VdJVYLUBY4BpC5iZp7nNvXvub4scNlcd7OX0T1Kj nlPnjpw2eNWX+UBCmjbfuVQKVFLBIFQFL9gnxZMphCMzjjYYgPaGHpSBlO00C+aM ddiR46SrcjJIP4pXZsJyf5xw5aOCIUk2PXGr4aQFj409rcVJaK3CsQ== =NgZB -----END PGP SIGNATURE-----
On 2/1/2013 8:45 AM, Steffen Kaiser wrote:
On Thu, 31 Jan 2013, Ben Johnson wrote:
On 1/17/2013 4:31 AM, Steffen Kaiser wrote:
On Wed, 16 Jan 2013, Ben Johnson wrote:
I am using the Maildir format indeed.
any of your mail users need write permission those directories, the admin needs read permissions for the spooled files,
By "mail users", do you mean, e.g., the "vmail" user account (I'm on Debian/Ubuntu)? My understanding is that the "vmail" user account
Yes, I mean that Unix account, Dovecot accesses the fils with. In a setup with virtual users "vmail" makes sense.
handles all IMAP transactions; if this is true, then are you saying that the only requisite to your suggestions is that the "vmail" user has read/write access to the following two directories?
/path/to/admin/Maildir/.TrainingReview.spam/new/
and
/path/to/admin/Maildir/.TrainingReview.not_spam/new/
Yes.
you need some method to pass the reviewed messages to sa-learn.
In the past, I have simply sorted the messages into "Ham" and "Spam" sub-folders of the admin's training Inbox, and called sa-learn, with the appropriate --ham/--spam switch on each, using a cron job. It sounds as though this is what you are suggesting, and I can continue
That's what I mean.
with this approach.
I went ahead and tried to reconfigure Dovecot's Antispam plug-in to use the spool2dir backend, but I'm receiving a less-than-helpful message from the plug-in when I try to move a message from Inbox to Junk or vice versa: "CANNOT: antispam plugin not configured".
Please note that I am using Dovecot 1.2.9 in Ubuntu 10.04 LTS. By
Oh, I have no experience with Dovecot v1.2; in v1.0 you have to compile one particular backend into antispam-plugin. Maybe, distributors have another, non-Dovecot way to select between the backends.
extension, I am using the Antispam plug-in for Dovecot 1 (not 2), the manpage for which is at http://manpages.ubuntu.com/manpages/lucid/man7/dovecot-antispam.7.html
. So, the configuration option names and expected values differ
slightly from those in your example.
The man-page contains:
"INSTALLATION
First copy the ‘defconfig’ file to ‘.config’ and edit it as necessary. You need to have the dovecot headers installed and possibly other things depending on the backend you choose. Then, assuming you have configured the INSTALLDIR correctly, simply run ‘make install’. "
-and-
"BACKENDS
The plugin supports multiple backends, there are currently two working backends included in the distribution: "
This suggests that my guess is true - although I don't understand the "there are currently two backends included" part.
======
So you could re-compile another antispam-plugin with spool2dir backend, or - - you are using these settings, right?
#===================== # mail sending plugin # # Because of the way this plugin works, you can also use it # to train via an arbitrary program that receives the message # on standard input, in that case you can use the config # options antispam_mail_spam and antispam_mail_notspam for # the argument that distinguishes between ham and spam. # For example: # antispam_mail_sendmail = /path/to/mailtrain # antispam_mail_sendmail_args = --for;%u # antispam_mail_spam = --spam # antispam_mail_notspam = --ham
change antispam_mail_sendmail into a script, that drops the message into the correct mail folder, e.g.:
#!/bin/bash
mode= for opt; do if test "x$opt" == x--ham; then mode=HAM break elif test "x$opt" == x--ham; then mode=SPAM break fi done
if test -n "$mode"; then # options from http://wiki1.dovecot.org/LDA /path/to/dovecot-deliver -d spamadmin -m Training.$mode fi
This sends the message bypassing a MTA to the spamadmin user.
Kind regards,
-- Steffen Kaiser
Steffen,
It seems you're correct in that the spool2dir back-end isn't included with version 1 of the plug-in. I like the idea of using a pipe script better than changing the back-end.
Thank you for providing a solid example; it works beautifully with a couple of small changes. Here's the final script:
#!/bin/bash
mode= for opt; do if test "x$*" == "x--ham"; then mode=HAM break elif test "x$*" == "x--spam"; then mode=SPAM break fi done
if test -n "$mode"; then # options from http://wiki1.dovecot.org/LDA /usr/lib/dovecot/deliver -d user@example.com -m Training.$mode fi
exit 0
For anyone who is curious, here are the Antispam plug-in options:
# For Dovecot < 2.0. antispam_spam_pattern_ignorecase = SPAM;JUNK antispam_mail_tmpdir = /tmp antispam_mail_sendmail = /usr/bin/sa-learn-pipe.sh antispam_mail_spam = --spam antispam_mail_notspam = --ham
Looks like we're in business!
Thanks again for sharing your valuable insights; your help is greatly appreciated.
-Ben
participants (2)
-
Ben Johnson
-
Steffen Kaiser