Reject Spam?

Discussion in 'HOWTO-Related Questions' started by herbie, Nov 8, 2006.

  1. herbie

    herbie New Member

    I'm running the Perfect Setup Postfix, Courier, etc Sarge verson. A bunch of users are snivelling that its just too hard to set their e-mail program to toss out messages marked ***SPAM*** and insisting I look into configuring the server to toss out messages marked as spam for them.
    Is there a way to do this, and can it be done without quarantining it so it eats up the server's hard drive over time? As the bulk of spams are from fake senders, bouncing it also seems like a waste.
     
  2. sjau

    sjau Local Meanie Moderator

    You could create a .procmailrc file for each user that wants all emails marked as spam to forward to /dev/null (deleting...)

    The content of the .procmailrc file should be like:

    Code:
    :0:
    * ^X-Spam-Flag: Yes
    /dev/null
    
    Put this into a .procmailrc file in the homedire of the user e.g. /home/Maildir/USER/.procmailrc
     
  3. herbie

    herbie New Member

    I'm using virtual domains so the structure is /home/vmail/domain/user and no Maildir, would a .procmailrc work?
    I was more interested in a server-wide setting that would just maybe send all spam-marked mail for all users away.
    EDIT: so I tried adding the .procmailrc file into the user directory, chown'd to vmail:vmail and it doesn't work. Shoot!
     
    Last edited: Nov 9, 2006
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    The perfect setups use system users and not virtual users, thats why sjau recommended a .procmailrc solution. I guess you used the virtual postfix setup howto? Then you may e.g. use the amavisd configuration file to forward the spam mails to /dev/null.
     
  5. herbie

    herbie New Member

    I think so. I'm trying to decode the amavis.conf to figure out how it works.
    I will try changing $final_spam_destiny = D_PASS; # (defaults to D_REJECT) to $final_spam_destiny = D_REJECT; # (defaults to D_REJECT) and see what happens.
    The per user solution or direction to a spam folder would have been a nice option.
     
  6. falko

    falko Super Moderator ISPConfig Developer

  7. herbie

    herbie New Member

    The test I did above was very effective on a server-wide basis, the two working e-mail I had on it normally get about 200 spams per day (domain and users in use over 10 years now). One had 4 spams, one had 3 overnight that made it past spamassassin.
    I'm going to try the tutorial over the weekend and I'm presuming that the user's filter is saved as [email protected] in /home/vmail/.mailfilter and that the
    to
    It will offer a user choice of a spam box to check or discarding it altogether, and if the mailfilter-log.txt is an empty file, the spam will simply be marked as spam and delivered with the rest?
     
    Last edited: Nov 11, 2006
  8. herbie

    herbie New Member

    in the process of undoing/redoing it killed the mailserver. Only thing I can find was a mail.err entry:
    Nov 10 12:10:54 picard postfix/master[4233]: fatal: /etc/postfix/master.cf: line 112: bad transport type: user=vmail

    I presumed as it is in /vmail I needed to chown vmail:vmail -R .maildir?
     
    Last edited: Nov 11, 2006
  9. falko

    falko Super Moderator ISPConfig Developer

    What's in /etc/postfix/master.cf?
     
  10. herbie

    herbie New Member

    relevant lines 110-143, 112 is #'d out at the moment
    I'm also curious as to this log entry. I set the maildrop up on a domain with a single user, then set a forwarding from an account that gets a lot of spam to it:
    Where does the forwarding feature call maildrop? The only maildrop related line in postfix/master.cf is #'d out.
     
    Last edited: Nov 11, 2006
  11. falko

    falko Super Moderator ISPConfig Developer

    Can you post that part again and put it between and mark it as CODE instead of QUOTE here? Because I need to see the whitespace in your configuration...
     
  12. herbie

    herbie New Member

    here you go:
    Code:
    maildrop  unix  -       n       n       -       -       pipe
      flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
    #  flags=DRhu user=vmail argv=/usr/local/maildrop/bin/maildrop -d ${user}@${nexthop} ${extension} ${recipient} ${user} ${nexthop} ${sender}
    uucp      unix  -       n       n       -       -       pipe
      flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
    ifmail    unix  -       n       n       -       -       pipe
      flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
    bsmtp     unix  -       n       n       -       -       pipe
      flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender $recipient
    scalemail-backend unix  -       n       n       -       2       pipe
      flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
    
    
     
  13. falko

    falko Super Moderator ISPConfig Developer

    What's the output of
    Code:
    grep vmail /etc/passwd
    ?
     
  14. herbie

    herbie New Member

    vmail:x:5000:5000::/home/vmail:

    also:
    all references in maildroprcare to /u0/vmail/.mailfilters/$LOGNAME

    but [email protected] (without the 's') is listed as location of mailfilter. mv'd .mailfilter to .mailfilters, chmod -R 700 and trying again
     
    Last edited: Nov 13, 2006
  15. herbie

    herbie New Member

    Has anyone got this setup working? All my logs say maildrop is working (once I entered the /home/vmail/domain/user into the SQL field, but the two accounts with a script in the /home/vmail/.mailfilters are sending the spam to an account that one of them forwarded to even after the forward was removed.
    Server's been rebooted, so all services restarted.
    Code:
    Nov 15 18:29:28 picard amavis[7492]: (07492-04) Passed, <[email protected]> -> <[email protected]>, quarantine spam-448e8179675dcb32e821feb323937496-20061115-182928-07492-04, Message-ID: <[email protected]>, Hits: 9.646
    Nov 15 18:29:28 picard postfix/smtp[8104]: 7E4E2BF4009: to=<[email protected]>, relay=127.0.0.1[127.0.0.1], delay=1, status=sent (250 2.6.0 Ok, id=07492-04, from MTA: 250 Ok: queued as 56150BF400A)
    Nov 15 18:29:28 picard postfix/pipe[8110]: 56150BF400A: to=<[email protected]>, relay=maildrop, delay=0, status=sent (xxxxx.com)
    
    this is one mail relayed to a user a day after I removed the forward
     
  16. herbie

    herbie New Member

    Without being facetious, I'd like to state the lack of responses to my post has been a big help. I mean I actually was forced to doublecheck my work and learn how this thing works.
    It seems problems were my own (doh!!!) and the relay problem was due to my own inattention to detail.
    a) the [email protected] mailfilter was cp of the original, therefore maildrop was correctly sending all mail to the original [email protected] My doh!
    b) it appears that (as I discovered in a post I can't relocate) /home/vmail/user/domain must be entered in the maildir field of your SQL user table. I'm not sure, but everything started to work once I did this, so I won't remove it and try again at the moment.
    c) one minor detail is in the example mailfilter:
    Code:
    if ( /^Subject: SPAM/)
    
    should read
    Code:
    if ( /^Subject: ***SPAM/)
    
    to comply with the default ***SPAM*** subject marking from the amavisd setup.
    Here's the mailfilter log example of the successful setup
    The logfile was what clued me into the original problem, it told me the user_mailfilter was being used by the maildrop relay.
    So I can now test if I can redirect spam to /dev/null by altering the user_mailfilter's redirect. It should work.
    A future project may be to see if you can pass variables to the user_mailfilter (ie: /home/vmail/$DOMAIN/$USER/.spam) so lazy bastards like me can write a dummyfile and just "cp save_spam [email protected]" AFTER they get it working instead of BEFORE like I did.
    Thank you, I actually I learned something. Pointing out 'look here' rather than 'here's the fix' made me. Once I am satisfied everything is copasetic, I will # out the write to athe logfile.
     
  17. falko

    falko Super Moderator ISPConfig Developer

    That's good, because I had no idea what could be wrong (so I read your posts, but didn't know what to answer...).
     
  18. herbie

    herbie New Member

    Haha! But thank you for a great series of tutorials. BTW the sending spam to /dev/null works well, and the user_mailfilter can relay to another account on the server. So if someone pisses you off you could direct all the spam from all of the users on all of the domains to his account....buah hah hah....

    Here's one you may be able to figure out:
    I have another postfix-courier-amavis-sarge server running in the rack. You can send from the new server's maildrop-enabled accounts to accounts on it with Squirrelmail. SquirrelMail sent from it to maildrop-enabled accounts simply disappears. Goes to domains without the maildrop transport, but not with.
    I can see the messages go out on the one server, but they don't even show up in the logs of the new server if they're addressed to a maildrop-enabled domain.
    ????
     
  19. falko

    falko Super Moderator ISPConfig Developer

    Are the MX records of the domains pointing to your server?
     
  20. herbie

    herbie New Member

    The MX records are correct. Mail from outside is unaffected. All our servers use the same DNS server.
    Mail to a domain without maildrop in the transport table is delivered successfully.
    ALSO: the maildrop enabled domain is sending Quota notices.
     

Share This Page