Skip to main content

Ralsina.Me — Roberto Alsina's website

Fighting Spam with Qmail (part I)

Introduction

Spam is one of the an­noy­ing facts of In­ter­net life in the 21st cen­tu­ry. So, de­creas­ing the amount of an­noy­ing spam one gets is a wor­thy goal, if one can do it with­out too much ef­fort.

In this ar­ti­cle, I will ex­plain how you can fight spam by mak­ing your qmail serv­er fil­ter your mes­sages through spa­mas­sas­sin.

In a com­ing ar­ti­cle, I will ex­plain how to patch your qmail serv­er to make spam­mer's life some­what hard­er and at the same time de­crease the amount of time the serv­er spends re­ject­ing fil­ter­ing and dis­card­ing spam.

Implementation

The best tool I know to de­tect if a giv­en piece of mail is spam is spa­mas­sas­sin. It's not too hard to in­stal­l, and you can even get RPMs of it for the pop­u­lar Red Hat dis­tri­bu­tion.

Once spa­mas­sas­sin is in­stalled, you need to make it work. Since some users may pre­fer to keep their mail un­fil­tered, I will ex­plain how to set it up as a per-us­er so­lu­tion.

If you just want to en­able it for ev­ery­one, qmail-scanner has support for it.
  1. In­stall spa­mas­sas­sin, and make sure you have spamd run­ning
  2. Get James Grin­ter's if­s­pamh. It's a Ko­rn shell scrip­t, so just get it and copy it to some sane place, like /us­r/bin, and make sure the first line points to where your ksh is in­stalled. If your sys­tem has no ksh, try in­stalling a pack­age called pd­ksh, or ed­it if­s­pamh to make it use bash or /bin/sh (read the com­ments for the au­thor's ex­pla­na­tion).
  3. Make your mail pass through if­s­pamh, and if it's spam, store it some­where else than the de­fault.

Step 3 is the on­ly tricky one. If you ac­cess your mail through IMAP, you want to fil­ter the spam in­to a sep­a­rate IMAP fold­er. For ex­am­ple, when us­ing couri­er-imap, that fold­er may be some­thing like ~/­Maildir/.s­pam which you can cre­ate with the com­mand maildirmake ~/­Maildir/.s­pam (or sim­ply us­ing your IMAP clien­t).

If­s­pamh works by us­ing your ~/.q­mail file to fil­ter the mes­sages.

Sample ~/.qmail
|ifspamh ralsina-spam
./Maildir/

What the above ex­am­ple does is re­di­rect all spam to the ralsi­na-s­pam ad­dress, and de­liv­er the rest to ./­Maildir/

Since ralsi­na-s­pam is sim­ply a sub­-ad­dress of ralsi­na (my ac­coun­t), I can choose where that goes by cre­at­ing a ~/.q­mail-s­pam file, which de­liv­ers all of ralsi­na-s­pam's mes­sages in­to ~/­Maildir/.s­pam/:

Sample ~/.qmail-spam for IMAP users
./Maildir/.spam/

If you use POP3 in­stead, you won't be able to ac­cess such fold­er­s, so your best bet is to mark the spam with some­thing in the sub­ject and then use clien­t-­side fil­ter­ing to move it in­to a fold­er in your client box.

Keep ~/.q­mail as above, but use this as ~/.q­mail-s­pam:

Sample ~/.qmail-spam for POP3 users
./Maildir/

That way, the tagged spam will still be in your In­box. Make sure your spa­mas­sas­sin tags spam by us­ing rewrite_­sub­ject 1 in your pref­er­ences file. It is usu­al­ly a bad idea to just re­move spam, since you can al­ways mis­clas­si­fy some­thing, but you could do it by just putting a com­ment in the ~/.q­mail-s­pam file.

The on­ly bad side of this is that spam us­es two lo­cal de­liv­er­ies in­stead of one ris­ing the re­source us­age some­what, but it should be neg­li­gi­ble.

Spa­mas­sas­sin has sup­port for a Bayesian fil­ter that learns what is spam and what is­n't. If you want to teach it, this is the sim­plest way:

  1. Cre­ate a spam@y­our­do­main.­com ad­dress
  2. Cre­ate a notspam@y­our­do­main.­com ad­dress
  3. Start redi­rect­ing any mis­clas­si­fied mail to the ob­vi­ous ad­dress. Make sure you re­di­rect it un­changed! usu­al­ly, the "for­ward" fea­ture of your mail­er won't be good enough, since it will ap­pear that the spam comes from you, and you don't want your own mail to be clas­si­fied as spam, right? ;-)
  4. Cre­ate cron jobs that learn from those fold­er­s, then re­move the mes­sages.

Again, that last step may be the tricky one: your cron task could look like this:

Sample crontab for spamassassin bayesian filter
0 0 * * * sa-learn --spam --dir /home/spam/Maildir/new >/dev/null 2>&1\
          && rm /home/spam/Maildir/new/*
0 0 * * * sa-learn --ham --dir /home/nospam/Maildir/new >/dev/null 2>&1\
          && rm /home/nospam/Maildir/new/*
Of course you should, before implementing all this for real, learn how to configure spamassassin properly.

Important Links

Roberto Alsina / 2006-04-04 16:22:

Comments for this story are here:

http://www.haloscan.com/com...

employment background check / 2011-12-27 23:22:


Hi very nice article


Contents © 2000-2020 Roberto Alsina