Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 9th August 2012, 17:43
cbj4074 cbj4074 is offline
Senior Member
 
Join Date: Nov 2010
Posts: 392
Thanks: 29
Thanked 58 Times in 50 Posts
Default Is it possible for root user to read Dovecot IMAP users' email messages?

I am wondering if it is possible for the root user to read individual Dovecot IMAP users' email messages, without knowing each user's password.

We have a need to follow-up on customer complaints related to SPAM. Basically, we need to see the SpamAssassin headers for the messages in question.

If there is a way to do this that does not require access to the user's IMAP account?

It seems like this information could be acquired from a log instead, but sifting through log entries (especially after log rotation has occurred) seems like a nightmare. Furthermore, I can't seem to find a SpamAssassin log anywhere. Is logging off by default? And if so, does spamd need to be enabled to use it?

Code:
# Change to one to enable spamd
ENABLED=0
How do other folks handle this situation?

Thanks for any insight!
Reply With Quote
Sponsored Links
  #2  
Old 9th August 2012, 19:05
pititis pititis is offline
Senior Member
 
Join Date: Dec 2010
Location: München
Posts: 364
Thanks: 39
Thanked 90 Times in 68 Posts
Default

Hello,

you can set quarantine for each spamfilter policy. When you add en email domain you set the default spamfilter policy.

First, set the spamfilter policy for the email domain. After that go to Email->Spamfilter->Policy and click on the policy name.

In quarantine tab you can set the email address where spam will be forwarded. i.e abuse@yourdomain.com

Next, set your tag level. What level? Well, it's your choice. I'm using tag2 4.5 and kill level 6. Also I set spam tag level to -999 to ensure that every email is analyzed.

You will get a full report for every spam/virus email that match with your tag level. Simple and powerful!

Cheers!
Reply With Quote
  #3  
Old 9th August 2012, 20:14
cbj4074 cbj4074 is offline
Senior Member
 
Join Date: Nov 2010
Posts: 392
Thanks: 29
Thanked 58 Times in 50 Posts
Default

Thank you for the reply, Pititis.

I am already doing exactly as you suggested; the problem is the messages that score below the "kill level" ($sa_kill_level_deflt), but are likely to be spam. These messages are not quarantined, so I do not have a chance to inspect them. (To be clear, messages are not quarantined until their scores are >= $sa_kill_level_deflt, if a quarantine is configured.)

Part of the challenge is that we have set the following directive in /etc/amavis/conf.d/50-user

Code:
$final_spam_destiny = D_DISCARD;
which means that messages scoring over the "kill level" (set at 13 within ISPConfig) are discarded entirely.

Your kill level (6) is quite low, but one has to assume that you are using

Code:
$final_spam_destiny = D_PASS;
so as not to discard legitimate email accidentally.

In other words, the strategy that you describe will work well, but only as long as the final destiny is D_PASS (and not D_DISCARD).

Upon double-checking my policy settings in ISPConfig, I did notice that the "SPAM quarantine cutoff level" is set to zero, however. Is this a problem?

I'm a little confused because the ISPConfig manual states:

Quote:
SPAM quarantine cutoff level: This is the spam score beyond which quarantine is off. Use a low score (e.g. 0) if you don't want quarantine.
Yet, a different resource ( http://www200.pair.com/mecham/spam/a...-settings.html ) states:

Quote:
If you quarantine spam, but you would like to delete high scoring spam (therefore reducing the number of items in the quarantine) this setting allows you to discard quarantined spam at this level and above.
So, what is the effect of setting this value to zero?

It doesn't seem to be that quarantine is disabled, because I still receive quarantined messages. Perhaps using zero means, "Send all qualifying emails to quarantine (don't discard them, no matter how high their scores)," in which case the ISPConfig manual should be corrected.

Two other points of note:

1.) Quarantined messages have the following in the basic header information:

Code:
Subject: Many languages can be learned very quickly
Not quarantined.
Why does the quarantined message say "Not quarantined"? This makes no sense; the message is obviously quarantined, as it is coming to the mailbox specified for quarantined messages.

2.) Quarantined messages also contain the following:

Code:
Content analysis details:   (16.8 points, 5.0 required)
From where is the "5.0 required" coming? I am not using the score 5.0 anywhere. I realize that this is Spam Assassin's default delineation point for "ham" vs. "spam", so it must be defined somewhere (even if as the default), but my question is, "Why is this value not being overridden somewhere [e.g., from within ISPConfig]?"

Thanks again.
Attached Images
 
Reply With Quote
  #4  
Old 9th August 2012, 22:35
pititis pititis is offline
Senior Member
 
Join Date: Dec 2010
Location: München
Posts: 364
Thanks: 39
Thanked 90 Times in 68 Posts
Default

ok, check your spamfilter users list. ( spamfilter->user/domain) and be sure that the mailboxes/domains are using the policy you want.

Yes, with the quarantine cutoff you can set at what level the email is forwarded to the quarantine admin. 0 = Notification off

The score 5.0? Sure, it must be a score of one policy. Default's scores are in the database and in the 50-user file (but this file is patched for ispconfig's install/update, and scores are pretty high)

Cheers!
Reply With Quote
  #5  
Old 10th August 2012, 17:16
cbj4074 cbj4074 is offline
Senior Member
 
Join Date: Nov 2010
Posts: 392
Thanks: 29
Thanked 58 Times in 50 Posts
Default

I double-checked the Spamfilter -> User / Domain list and everything looks correct there. I am assigning my custom "default policy" to each domain, at the domain level only.

Hmm, that explanation of the quarantine cut-off value doesn't seem consistent with the observed behavior. As can be seen in the screenshot attached to my previous post, this value has been set at zero, yet I do receive quarantine emails for messages with scores >= "SPAM kill level".

I have tried hunting-down the 5.0 score, and it's not in 50-user. I see the defined defaults there, however:

Code:
# Default settings, we st this very high to not filter aut emails accidently
$sa_spam_subject_tag = '***SPAM*** ';
$sa_tag_level_deflt  = 20.0;  # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 60.0; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 60.0; # triggers spam evasive actions
$sa_dsn_cutoff_level = 100;   # spam level beyond which a DSN is not sent
I have double-checked all policies in ISPConfig and none of them use the score 5.0. So, where's it coming from, I wonder?

All of this said, I still don't have a viable strategy for reviewing messages with scores that straddle the ham/spam line.

Is there any means by which to receive a "digest" of the day's spam activity and scores?

I've seen a Perl script ( http://comments.gmane.org/gmane.mail...vis.user/14590 ), but it's pretty old.

I'm willing to write a script to parse the log, but that's another issue entirely. I don't see detailed SpamAssassin information in /var/log/syslog (on Debian). I asked this question in my initial post: does one have to use Spam Assassin in daemon mode to enable detailed logging?
Reply With Quote
  #6  
Old 10th August 2012, 17:25
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,777
Thanks: 821
Thanked 5,332 Times in 4,184 Posts
Default

If you set the amavis logging in 50-user to be more verbose, then you should get detailedlog entrys about all actions and scrores in the sylog or mail.log.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
cbj4074 (10th August 2012)
Reply

Bookmarks

Tags
debian, dovecot, spamassassin, spamd

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Some problems and questions Typhon Installation/Configuration 22 15th January 2012 14:12
ISP CONFIG 3 + Devocot 2.x - cant send mail ondrusina Installation/Configuration 2 24th June 2011 16:09
Statistic not working mzo Installation/Configuration 49 20th April 2011 12:19
MySQL Error Nolan Installation/Configuration 12 16th February 2011 02:15
Simple Postfix server for QA testing jmarcus Server Operation 0 24th September 2009 19:52


All times are GMT +2. The time now is 00:17.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.