Friday, August 4, 2017

ubuntu - Dovecot Forward Spam



I was wondering if anyone had any knowledge on how this idea can be done. It's not a requirement but more of an idea I came up with that I don't know how to word my google searches to find out if it's been done.




Basically the idea is this. I have an Ubuntu Postfix/Dovecot mail server with Amavis, Postgrey, and Spamassassin. Now I've heard of using Sieve for dovecots spam folders and such. But I'm wondering if there's a way to enable users to forward an email to a spam address, such as spam@example.com, that will basically act as a robot user and file the email away in a kind of universal junk folder and automatically add that address to spamassassin or postgrey. Eventually I would like to have it also clean out the folder ever X amount of days (probably with cron).



So the work flow I'm hoping would go as such:




  • USER@EXAMPLE.COM receives email from JUNK@SPAM.COM

  • USER@EXAMPLE.COM forwards it to SPAM@EXAMPLE.COM

  • SPAM@EXAMPLE.COM moves it to junk folder.

  • SPAM@EXAMPLE.COM adds it to spamassasin/postgrey for blocking.


  • CRON deletes messages that are 7 days old from junk folder.



Ideas? If I can get this working I might write up a tutorial on it for others if one doesn't allready exist.


Answer



Forwarding spam often isn't really that helpful, users usually do "inline forwards" instead of redirects / forward as attachment. it's almost impossible to get any usable information out of inline forwards (no headers, which means no envelope sender etc).
Fortunately, dovecot has a much cooler feature: you can search through a folder in all user accounts at once, so instead of forwarding they can simply move the false negative to their own Spamreport folder.



You can then do funny things with doveadm, for example:




doveadm search -A mailbox Spamreport 2>/dev/null | while read user guid uid; do  doveadm fetch -u $user text mailbox-guid $guid uid $uid | your_blacklist_script_here.sh ; doveadm expunge -u $user mailbox-guid $guid uid $uid ; done


this would get all messages that are in a folder called Spamreport in any user account, pass them to your_blacklist_script_here.sh and expunge them afterwards.



Note, your idea of blacklisting sender adresses might work in some cases, but usually they change very fast, so it probably wont be very effective.
Consider training the spamassassin bayes database instead. Assuming you have bayes set up, simply replace your_blacklist_script_here.sh with sa-learn --spam


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...