[Dovecot] Struggling with antispam

Alan Chandler alan at chandlerfamily.org.uk
Thu Mar 6 07:48:15 UTC 2014 

I have a dovecot installation I am building on a raspberry pi for a mail 
server for the home.

I am almost there, everything bar one thing is working.

In simple terms dovecot is the authentication agent and the lda (using 
lmtp) for postfix.  My maildir mailboxed at at /var/mail - location and 
accounts controlled by a small sqlite database.
the uid for these mailboxes are 10001 and up and are not mapped to any 
account on the system.  The sieve plugin is working and I have a default 
script which works to archive outgoing mail, returned via postfix 
sender_bcc_maps to user+saveout into a Sent subfolder organised by date.

postfix also uses milters, to do spf, and dkim checking - and most 
importantly from this posts perspective passes all mail through dspam, 
adding an X-DSPAM-Signature header as it passes through. I plan to use 
another default sieve script to move mail based on the X-DPAM-Result 
header to move messages to the users Junk folder (when I can get 
antispam working).

I want to use the antispam plugin to pick up users moving mail in and 
out of their Junk folder to train dspam.

I initially tried using antispam's dspam backend.  However I could not 
get it to work.  I "think" the issue is that antispam is running with 
uid 10001 when it does this, and dspam will not process the message 
because it can't find this uid as a system user.  But I am not sure.

The approach I am trying now, is use the pipe backend to send mail to 
spam at chandlerfamily.org.uk or ham at chandlerfamily.org.uk - and via 
postfix manipulations get that to call dspam as user dspam.  If I run as 
root and use sendmail -bv to check that it works I get a delivery report 
that shows that it would indeed arrive at dspam

I have a file in /var/spool/dspam called group which has

dpsam:shared:*

In it so that all users share the same dictionary.

However, when I try to make this work with anitspam, I keep getting 
failure, and I can't work out what is causing it.  Maybe its again 
because I am running with uid 10001 when calling sendmail but I don't know.

antispam config is

plugin {
     antispam_debug_target = syslog
     antispam_verbose_debug = 1
     antispam_backend = pipe
     antispam_signature = X-DSPAM-Signature
     antispam_signature_missing = error
     antispam_trash = Trash
     antispam_spam = Junk
     antispam_pipe_program=/usr/bin/sendmail
     antispam_pipe_program_args=-f;dspam at chandlerfamily.org.uk
     antispam_pipe_program_spam_args=spam at chandlerfamily.org.uk
     antispam_pipe_program_notspam_args=ham at chandlerfamily.org.uk
}

And what appears in syslog as a result of moving a mail from my INBOX to 
the Junk folder in thunderbird is ...

Mar  6 06:52:38 piserver imap: antispam: plugin initialising (2.0-notgit)
Mar  6 06:52:38 piserver imap: antispam: verbose debug enabled
Mar  6 06:52:38 piserver imap: antispam: "Junk" is exact match spam folder
Mar  6 06:52:38 piserver imap: antispam: no unsure folders
Mar  6 06:52:38 piserver imap: antispam: "Trash" is exact match trash folder
Mar  6 06:52:38 piserver imap: antispam: pipe backend spam arg[0] = 
spam at chandlerfamily.org.uk
Mar  6 06:52:38 piserver imap: antispam: pipe backend ham arg[0] = 
ham at chandlerfamily.org.uk
Mar  6 06:52:38 piserver imap: antispam: pipe backend program = 
/usr/bin/sendmail
Mar  6 06:52:38 piserver imap: antispam: pipe backend program arg[0] = -f
Mar  6 06:52:38 piserver imap: antispam: pipe backend program arg[1] = 
dspam at chandlerfamily.org.uk
Mar  6 06:52:38 piserver imap: antispam: pipe backend tmpdir /tmp
Mar  6 06:54:11 piserver imap: antispam: mailbox_is_unsure(Junk): 0
Mar  6 06:54:11 piserver imap: antispam: mailbox_is_trash(INBOX): 0
Mar  6 06:54:11 piserver imap: antispam: mailbox_is_trash(Junk): 0
Mar  6 06:54:11 piserver imap: antispam: mail copy: from trash: 0, to 
trash: 0
Mar  6 06:54:11 piserver imap: antispam: mailbox_is_spam(INBOX): 0
Mar  6 06:54:11 piserver imap: antispam: mailbox_is_spam(Junk): 1
Mar  6 06:54:11 piserver imap: antispam: mailbox_is_unsure(INBOX): 0
Mar  6 06:54:11 piserver imap: antispam: mail copy: src spam: 0, dst 
spam: 1, src unsure: 0
Mar  6 06:54:11 piserver imap: antispam: running mailtrain backend 
program /usr/bin/sendmail
Mar  6 06:54:11 piserver imap: antispam: running mailtrain backend 
program /usr/bin/sendmail
Mar  6 06:54:11 piserver imap: antispam: running mailtrain backend 
program parameter 1 -f
Mar  6 06:54:11 piserver imap: antispam: running mailtrain backend 
program parameter 2 dspam at chandlerfamily.org.uk
Mar  6 06:54:11 piserver imap: antispam: running mailtrain backend 
program parameter 3 spam at chandlerfamily.org.uk
Mar  6 06:54:11 piserver imap: antispam: run program failed with exit code 1

At the same time there is nothing is /var/log/mail.log indicating 
postfix has ever received any sendmail request.

I would prefer to use dpsam backend directly if someone can tell me how 
to overcome the dspam rejection issues, but this alternative would also 
work (if a bit more convoluted to get mail to the correct place) if I 
could get antispam to call sendmail correctly.

More information about the dovecot mailing list