Installing the iRedMail mail server on CentOS 7. Part 2. Fighting spam

Spam (English spam) – mass mailing of advertising correspondence to persons who did not express a desire to receive it. Spammers are called spammers.

A series of articles on installing and configuring the iRedMail mail server

  • Installing the iRedMail mail server on CentOS 7. Part 1. Basic installation
  • Installing the iRedMail mail server on CentOS 7. Part 2. Fighting spam
  • Installing the iRedMail mail server on CentOS 7. Part 3. Aliases, a web interface for working with aliases
  • Installing the iRedMail mail server on CentOS 7. Part 4. Configuring Postfix, authorization without entering a domain
  • Installing the iRedMail mail server on CentOS 7. Part 5. Storage structure of virtual mailboxes
  • Installing the iRedMail mail server on CentOS 7. Part 6. DKIM, SPF, DMARC
  • Installing the iRedMail mail server on CentOS 7. Part 7. Greylisting whitelist, WEB interface, Dovecot quota
  • Installation of the mail server iRedMail on CentOS 7. Part 8. White and black lists. Web interface

Configuring Dovecot

Connecting the imap_sieve plugin in Dovecot

[[email protected]]# nano /etc/dovecot/dovecot.conf
protocol imap {
    mail_plugins = $mail_plugins imap_quota imap_acl imap_sieve
    ...
}
plugin {
   ...
    # Antispam
    sieve_plugins = sieve_imapsieve sieve_extprograms

    # From elsewhere to Spam folder
    imapsieve_mailbox1_name = Junk
    imapsieve_mailbox1_causes = COPY
    imapsieve_mailbox1_before = file:/var/vmail/sieve/report-spam.sieve

    # From Spam folder to elsewhere
    imapsieve_mailbox2_name = *
    imapsieve_mailbox2_from = Junk
    imapsieve_mailbox2_causes = COPY
    imapsieve_mailbox2_before = file:/var/vmail/sieve/report-ham.sieve

    sieve_pipe_bin_dir = /var/vmail/sieve
    sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment +vnd.dovecot.debug
}

Create the report-spam.sieve script

[[email protected]]# nano /var/vmail/sieve/report-spam.sieve
require ["vnd.dovecot.debug", "vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables"];

debug_log "report_spam executed ${1}";

if environment :matches "imap.user" "*" {
  # to use a global user: 
  #set "username" “amavis”;
  set "username" "${1}";
}

pipe :copy "sa-learn-spam.sh" [ "${username}" ];

Create the report-ham.sieve script

[[email protected]]# nano /var/vmail/sieve/report-ham.sieve
require ["vnd.dovecot.debug", "vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables"];

debug_log "report_ham executed ${1}";

if environment :matches "imap.mailbox" "*" {
  set "mailbox" "${1}";
}

if string "${mailbox}" "Trash" {
  stop;
}

if environment :matches "imap.user" "*" {
  # to use a global user: 
  #set "username" “amavis”;
  set "username" "${1}";
}

pipe :copy "sa-learn-ham.sh" [ "${username}" ];

Create executable sa-learn files

[[email protected]]# nano /var/vmail/sieve/sa-learn-spam.sh 
exec /usr/bin/sa-learn -u ${1} --spam
[[email protected]]# nano /var/vmail/sieve/sa-learn-ham.sh
exec /usr/bin/sa-learn -u ${1} --ham

Change the owner of the files to vmail and make the executable files

[[email protected]]# chown vmail:vmail /var/vmail/sieve/report-*
[[email protected]]# chown vmail:vmail /var/vmail/sieve/sa-learn-*
[[email protected]]# chmod +x /var/vmail/sieve/report-*
[[email protected]]# chmod +x /var/vmail/sieve/sa-learn-*

Configuring SpamAssassin

Set up storage of the SpamAssasin database in MySQL, edit the local.cf file

[[email protected]]# nano /etc/mail/spamassassin/local.cf
use_bayes          1
bayes_auto_learn   1
bayes_auto_expire  1

# Store bayesian data in MySQL
bayes_store_module Mail::SpamAssassin::BayesStore::MySQL
bayes_sql_dsn      DBI:mysql:sa_bayes:127.0.0.1:3306

# Store bayesian data in MySQL
#bayes_store_module Mail::SpamAssassin::BayesStore::PgSQL
#bayes_sql_dsn      DBI:Pg:database:sql_server:sql_port
#
bayes_sql_username %user%
bayes_sql_password %password%

where:% user% is the name of the user who has access to the database sa_bayes% password% is the password This data we will get a little later

Check the SpamAssassin version and download the spamassassin database schema

[[email protected]]# spamassassin -V
SpamAssassin version 3.4.0
  running on Perl version 5.16.3
[[email protected]]# cd /home
[[email protected]]# wget http://svn.apache.org/repos/asf/spamassassin/tags/spamassassin_release_3_4_0/sql/bayes_mysql.sql

Let’s edit the file bayes_mysql.sql varchar (200) change to varchar (191), otherwise, when adding a schema to the database, it will not happen completely

Create the sa_bayes database, user and password

[[email protected]]# mysql -uroot -p
mysql> CREATE DATABASE sa_bayes;
mysql> USE sa_bayes;
mysql> SOURCE /home/bayes_mysql.sql;
mysql> GRANT SELECT, INSERT, UPDATE, DELETE ON sa_bayes.* TO %user%@localhost IDENTIFIED BY '%password%';
mysql> FLUSH PRIVILEGES;
mysql> EXIT;

Don’t forget to change% user% and% password% to your own values

Another Dovecot tweak

This setting is required so that emails marked as spam in Thunderbird are automatically added to the SpamAssassin database.

Editing the dovecot.sieve file

[[email protected]]# nano /var/vmail/sieve/dovecot.sieve
require ["fileinto", "vnd.dovecot.debug", "vnd.dovecot.pipe", "copy", "environment", "variables"];

# rule:[Move Spam to Junk Folder]
if header :is "X-Spam-Flag" "YES"
{
    fileinto "Junk";
    set "username" "amavis";
    pipe :copy "sa-learn-spam.sh" [ "${username}" ];
}

Our organization mainly uses pop3 protocol (in order not to clutter up the free space on the server), so I disabled the automatic movement of messages marked with SPAM to the Spam mailbox directory. pop3 does not know how to work with directories. To disable movement, you need to comment out the line:

#    fileinto "Junk";

Restarting Dovecot and Amavis

[[email protected]]# systemctl restart  dovecot
[[email protected]]# systemctl restart amavisd

Additional settings

Same. in order for pop3-users to participate in the learning process, 2 mailboxes were set up on spam / ham: [email protected] – a box for redirecting spam; [email protected] – a box for letters that were mistakenly marked as spam

Let’s add tasks for training spamassassin and cleaning the mailboxes mentioned above to crontab:

[[email protected]]# nano /var/spool/cron/root
# SpamAssassin learn spam at 00:05 from mailbox [email protected]
5   0   *   *   *   /usr/bin/sa-learn --spam /var/vmail/vmail1/itdraft.ru/s/p/a/spam-2019.02.01.13.15.26/Maildir/new/

# SpamAssassin learn ham at 00:06 from mailbox [email protected]
6   0   *   *   *   /usr/bin/sa-learn --ham /var/vmail/vmail1/itdraft.ru/h/a/m/ham-2019.02.01.13.16.51/Maildir/new/

# Deleete messages from [email protected] and [email protected]
15  0   *   *   *   /bin/rm -rf /var/vmail/vmail1/itdraft.ru/s/p/a/spam-2019.02.01.13.15.26/Maildir/new/*
17  0   *   *   *   /bin/rm -rf /var/vmail/vmail1/itdraft.ru/h/a/m/ham-2019.02.01.13.16.51/Maildir/new/*

At the moment, the learning mechanism by forwarding letters is no longer used, i.e. spamassasin is trained due to the fact that all mail from non-existent mailboxes and from the alias [email protected] is redirected to the mailbox [email protected], and this mailbox is connected to thunderbird using the imap protocol. Thunderbird automatically marks spam emails with the appropriate label, and thanks to this marking, spamassassin is trained

Amavis settings

To prevent Amavis from deleting messages marked as spam in the subject line, edit the amavisd.conf file

[[email protected]]# nano /etc/amavisd/amavisd.conf
# SPAM
$final_spam_destiny = D_BOUNCE

In order to activate SpamAssassin training in Amavis, edit the amavisd.conf file

[[email protected]]# nano /etc/amavisd/amavisd.conf
$sa_tag_level_deflt  = -999;
$sa_tag2_level_deflt = 5;
$sa_kill_level_deflt = 6.3;
$sa_dsn_cutoff_level = 10;

Restarting Amavis

[[email protected]]# systemctl restart amavisd
Sidebar