sa-learn with remote Dovecot folders
Hi all!
The set-up I have is a classic one:
- one or more Dovecot relay/directors Postfix SMTP servers in DMZ
- one or more backend IMAP/SMTP servers on the inside network
- There may or may not be separate incoming or outgoing designated SMTP servers. Now the desired functionality is (of course):
- relay machines receive messages from outside AND inside
- relays check for all the bad things (spam, viruses etc).
- for incoming messages relays check for valid local users and reject messages for invalid users
- after all checks are done incoming messages are transferred to the backend systems where they are accessed via the Dovecot directors
While all the above works nicely, the problem I have is how to train my spamassassin (used by amavisd) on the front ends when all messages are on the back ends. Of course transferring the spam detection procedures internally is not such a great option.Am I missing something? I tried googling for info but nothing substantial turned up.
Thanks.
-- Andreas Kasenides Senior IT Officer Dept. of Computer Science, University of Cyprus Tel: 22892714, Fax: 22892701 (5B4ANK)
On 04/03/2015 06:13 AM, Andreas Kasenides wrote:
Hi all!
The set-up I have is a classic one:
- one or more Dovecot relay/directors Postfix SMTP servers in DMZ
- one or more backend IMAP/SMTP servers on the inside network
- There may or may not be separate incoming or outgoing designated SMTP servers. Now the desired functionality is (of course):
- relay machines receive messages from outside AND inside
- relays check for all the bad things (spam, viruses etc).
- for incoming messages relays check for valid local users and reject messages for invalid users
- after all checks are done incoming messages are transferred to the backend systems where they are accessed via the Dovecot directors
While all the above works nicely, the problem I have is how to train my spamassassin (used by amavisd) on the front ends when all messages are on the back ends. Of course transferring the spam detection procedures internally is not such a great option.Am I missing something? I tried googling for info but nothing substantial turned up.
Thanks.
I use ssh. The exact details depend on your setup, of course. Do you use system users of virtual users? What triggers the training? Is it the antispam plugin?
Thanks for your reply. You got me thinking towards the antispam plugin which I have nto used before, but can you elaborate if my users are system users and the training is done only via a cron entry?
Andreas
On 03/04/15 16:27, Gedalya wrote:
On 04/03/2015 06:13 AM, Andreas Kasenides wrote:
Hi all!
The set-up I have is a classic one:
- one or more Dovecot relay/directors Postfix SMTP servers in DMZ
- one or more backend IMAP/SMTP servers on the inside network
- There may or may not be separate incoming or outgoing designated SMTP servers. Now the desired functionality is (of course):
- relay machines receive messages from outside AND inside
- relays check for all the bad things (spam, viruses etc).
- for incoming messages relays check for valid local users and reject messages for invalid users
- after all checks are done incoming messages are transferred to the backend systems where they are accessed via the Dovecot directors
While all the above works nicely, the problem I have is how to train my spamassassin (used by amavisd) on the front ends when all messages are on the back ends. Of course transferring the spam detection procedures internally is not such a great option.Am I missing something? I tried googling for info but nothing substantial turned up.
Thanks.
I use ssh. The exact details depend on your setup, of course. Do you use system users of virtual users? What triggers the training? Is it the antispam plugin?
On 04/09/2015 11:37 AM, Andreas Kasenides wrote:
You got me thinking towards the antispam plugin which I have nto used before, but can you elaborate if my users are system users and the training is done only via a cron entry?
I always used the antispam plugin, as a way to initiate training via IMAP. Is your bayes database central (system-wide) or per user? Is it SQL or separate db files owned per user?
Without antispam plugin, your cron command can be perhaps something like this (as root)
doveadm user '*' | while read user; do doveadm search -u $user mailbox Junk all | while read guid uid; do doveadm -f flow fetch -u $user text mailbox-guid $guid uid $uid | sed s/^text=// | ssh -i /path/to/ssh-key root@$spamassassin-box "su -l -c 'spamassassin --report' $user" # expunge, so we don't repeat it if no other reason doveadm expunge -u $user mailbox-guid $guid uid $uid done done
remember to do this before: ssh-keyscan $spamassassin-box >> /etc/ssh/ssh_known_hosts to allow non-interactive ssh connections.
You can improve security by setting up a special user instead of root, allowing it to become other users with no password using sudo with only the needed command(s) allowed, and use a: command="/usr/local/bin/training-wrapper" prefixed to the ssh public key in the authorized_keys file.
/usr/local/bin/training-wrapper:
#!/bin/sh case "$SSH_ORIGINAL_COMMAND" in report) sa-learn --spam ;; revoke) sa-learn --ham ;; *) echo "Wwwwhat?" ;; esac
and invoke this as ssh $user@$sa-box report or: ssh $user@$sa-box revoke
It is very important to allow for ham training, not only spam training. The antispam plugin allows for that.
If your bayes database is SQL, you can use sa-learn -u $user --ham / sa-learn -u $user --spam, instead of su / sudo. I however like spamassassin --report for reporting to dcc / razor / pyzor (--revoke exists but doesn't really do anything beyond bayes ;-)). This command doesn't have a -u flag so I guess su / sudo is necessary.
If you configure the antispam plugin to ssh into another box and run a learning process, the IMAP command won't complete until the ssh command returns. I personally like to drop off the email messages to be picked up asynchronously by another process, for better IMAP responsiveness. Fill out the few missing details about your spamassassin / bayes setup and I can gladly give you more specific details on how to set this up.
On 04/09/2015 08:41 PM, Gedalya wrote:
doveadm user '*' | while read user; do doveadm search -u $user mailbox Junk all | while read guid uid; do doveadm -f flow fetch -u $user text mailbox-guid $guid uid $uid | sed s/^text=// | ssh -i /path/to/ssh-key root@$spamassassin-box "su -l -c 'spamassassin --report' $user" # expunge, so we don't repeat it if no other reason doveadm expunge -u $user mailbox-guid $guid uid $uid done done
Oh, actually doveadm search -A mailbox Junk all
returns 3 columns -
username, mailbox-guid, uid, so you don't need a separate command in the
outer loop iterating over usernames :P ..
participants (2)
-
Andreas Kasenides
-
Gedalya