stories of spam part 1
Introduction
This article will explain how to create a shared, central area for users to contribute spam that they've received in their email. From this central area, ad admin can run sa-learn -- a tool that teaches Spamassassin about new spam -- on a periodic basis.
Tools
I'll be using Dovecot for the IMAP server. POP3 won't work for this project since it doesn't support server-side folders. However, if you're still strictly using POP3 on your server, I'd advise looking at a calendar. I'll also be using Maildir to store the mail. Again, if you're using mbox, please upgrade.
The Shared Folder
Unfortunately, Dovecot doesn't have official support for shared folders yet. However, I created my own method about two years ago and it's never failed me.
Instead of manually creating or using the makemaildir utility to create a user's Maildir, I have a Maildir template. The contents of the template look like this:
# ls -la /var/spool/vmail/skel/
total 24
drwxr-xr-x 5 vmail dovecot 4096 May 17 2004 .
drwxr-xr-x 16 vmail dovecot 4096 Sep 16 22:45 ..
lrwxrwxrwx 1 vmail dovecot 33 Jan 21 02:35 .INBOX.spam
-> /var/spool/vmail/spam/.INBOX.spam
-rw------- 1 vmail dovecot 11 May 17 2004 .subscriptions
drwx--x--- 2 vmail dovecot 4096 May 17 2004 cur
drwx--x--- 2 vmail dovecot 4096 May 17 2004 new
drwx--x--- 2 vmail dovecot 4096 May 17 2004 tmp
Besides the three normal Maildir directories (cur, new, and tmp), there are two extra files. One is a symbolic link to a shared Maildir directory. I've called it INBOX.spam on both the left and right side of the link. The left side should always being with INBOX so it becomes a subdirectory of the user's Inbox. The right side of the link can be named anything as long as it's a directory, in Maildir format, and is writable by the user (or users) controlling your mail server.
The second file is a .subscriptions file. There's only one line inside this file:
INBOX.spam
This tells the IMAP server to subscribe the user to the INBOX.spam folder. Since the .subscriptions file is part of my template, any new user will automatically be subscribed to this folder.
Using the Shared Folder
Once the folder is created, users will now see it in their list of folders:
Instead of deleting a Spam message, they can move it to the shared folder instead:
Sweeping the Shared Folder
With the shared folder collecting spam from users, sa-learn can sweep that directory help Spamassassin learn about new types of spam. I have a simple shell script in /etc/cron.daily that does this for me:
#!/bin/bash
sa-learn --spam /var/spool/vmail/spam/.INBOX.spam/cur/
rm /var/spool/vmail/spam/.INBOX.spam/cur/*</p>
The output of sa-learn is the number of message learned for that sweep. cron emails the output to me so every morning I have a report on how many new spam messages were learned.
Issues
The only issue with this system is supporting mailboxes that already exist. While it's simple to provide a shared folder to new users with the template, you'll have to manually (or script) the folder subscription to the already existing email boxes.
Conclusion
The complexity of your existing mail server will determine how easy this system will be to implement. If you're starting a new server from scratch, this project will be easy to follow. On the other hand, if you already have several hundred accounts created, you probably have a lot of work ahead of you. However, once this type of system is put into place, you'll have a centrally managed way to deal with user-contributed spam.
Tags: dovecot, email, howto, scripting, spam, spamassassin