Spamassassin & Email Aliases

[diradmin]

full code

It seems I found solution at last.
On our servers works fine.
Please, check it on your servers.... may be I something dismissed

# Spam Assassin
spamcheck_director:
  driver = accept
  condition = "${if and { \
                        {!def:h_X-Spam-Flag:} \
                        {!eq {$received_protocol}{spam-scanned}} \
                        {!eq {$received_protocol}{local}} \
                        {exists{/home/${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}/.spamassassin/user_prefs}} \
                        {exists{/etc/virtual/${domain}/passwd}} \
                        { \
                        or \
                            { \
                                {!eq {}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/passwd}}}} \
                                {eq {$local_part} {${lookup{$domain}lsearch{/etc/virtual/domainowners}}}}  \
                            } \
                        } \
                } {1}{0}}"
  retry_use_local_part
  transport = spamcheck
  no_verify

Its scann spam of main system account too.

 

[Dualdot]

Has anyone tested above code? Sorry for my late reply, but I never got email notifications after my previous post...

 

[harro]

Has this 'fix' been implemented in the current exim.conf? OR should we keep an eye out for phantom mailboxes and if they get out of hand add the modifications to the config file ourselves?

 

[diradmin]

It is not implemented in the current exim.conf, because it is not scan catch-all for default account:

username: username
here /etc/virtual/username/aliases

Suggest to user not use username: username
Say them to use something like
username: virtual_pop_account

and all be fine.

We tested it on our several servers, and no problem with it..

 

[nobaloney]

I'm not sure what you mean because a linux username is a real pop account.

Or do you mean the forward should be to a virtual email account?

Thanks.

Jeff

 

[DirectAdmin Support]

It's because it won't scan the catch-all address.

But.. if the catch-all is forwarding TO a real address, then the email probably would get scanned in the end, so there might not be any problems at all with the above code

Once we get a few "yes it works" results, then I'll be adding it to the exim.conf

John

 

[nobaloney]

Just tell me when, John, so I can add it to mine as well.

I've cancelled an out-of-town trip so I can finish some installs and then work on the next version of exim.conf (the one which will block viruses).



Jeff

 

[diradmin]

Or do you mean the forward should be to a virtual email account?

Jeff

Yes, as John explained

 

[different]

I had test the setting ...

the user_pref doesn't work on forwarding setting, if I want set the spam for forwarding mail, I had to set the local.cf, but that will effect all the incoming mail.

 

[Dualdot]

Well this seems to send spam for aliasses to the forwarded-to address, like I needed it to. User preferences are not a real big concern for me.

I did notice something else however, in combination with the latest spamblocker exim.conf: non-existent addresses (like [email protected]) still get checked by all dns-lists and so on (spamhaus, orbs, etc). Why isn't it rejected right away because these is no such address?

But that is not a real problem. The following however is: let's say I have the domain example1.com, and example2.com is a domain pointer for it. Spam sent to [email protected] now gets redirected to the [email protected] spam folder, like I wanted it to. So this works. However, when spam gets sent to [email protected] it ALSO gets delivered to the spam folder on [email protected]... why? It is a non-existent address and should be rejected by exim...

 

[DirectAdmin Support]

Hello,

I've just spent the day trying to come up with another solution. My reasoning was that everything should be able to be scanned.. but the problem is with the filter in that it doesn't know what type of emails it's dealing with, which is why it's blindly saving things.

The idea is simple: tell the filter what type of email it's dealing with, so it can more intelligently figure out where it's supposed to go. The only way I was able to manage this was by adding extra headers to the email before spamd time, so that the filters could see them (headers added at domain filter time are not seen by the filter).

This is just another possibility, and is likely still very rough, but provides another option for admin's should they need it.

1) Make your spamcheck director look like this

# Spam Assassin
spamcheck_director:
  driver = accept
  condition = "${if and { \
                        {!def:h_X-Spam-Flag:} \
                        {!eq {$received_protocol}{spam-scanned}} \
                        {!eq {$received_protocol}{local}} \
                        {exists{/home/${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}/.spamassassin/user_prefs}} \
                } {1}{0}}"
  [b]headers_add = "${if !eq {} {${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}}} {X-is-alias: yes}{X-is-alias: no}}\n\
                ${if !eq {} {${lookup{$local_part}lsearch{/etc/virtual/${domain}/passwd}}} {X-is-pop: yes}{X-is-pop: no}}"[/b]
  retry_use_local_part
  transport = spamcheck
  no_verify

2)You'll have to have your user_prefs file add 2 extra lines. To make them globally added, add these lines to your /usr/local/directadmin/data/templates/user_prefs file:

report_safe_copy_headers X-is-pop
report_safe_copy_headers X-is-alias

or just to your own local /home/username/.spamassassin/user_prefs file for testing with 1 user.

3) Change your filter to use the new data. Your /usr/local/directadmin/data/templates/filter_userspamfolder will have to look like this

if
    $h_X-Spam-Status: contains "Yes,"
then
|*if DOVECOT="yes"|
     if "$h_X-is-pop:" is "yes"
     then
         save |HOME|/imap/$domain/$local_part/Maildir/.INBOX.spam/new/ 660
     elif $local_part is "|USERNAME|" or "$h_X-is-alias:" is "no"
     then
         save |HOME|/Maildir/.INBOX.spam/new/ 660
     endif
|*else|
     if "$h_X-is-pop:" is "yes"
     then
         save |HOME|/.spamassassin/user_spam/$local_part@$domain 660
     elif $local_part is "|USERNAME|" or "$h_X-is-alias:" is "no"
     then
         save |HOME|/.spamassassin/spam 660
     endif
|*endif|
    finish
endif

Of course, to make any template permanent, be sure to copy it to the custom folder first, and work with it from there.

This may not be the final answer to the problem, but will hopefully spur some new ways of trying to deal with it.

And to point out, the drawbacks with this method are that you'll have the 2 extra headers in all of your emails. If anyone knows of an easier way to get the info from the directors in the exim.conf over to the filter without having to use headers, please let me know

John

 

[xemaps]

Re: full code

Seems that it runs so on my server
it spam scan
- forwarded internal aliases & external domains
- local mailboxes
it DOESN'T forward outside spam-scanned POSITIVES mail for main user and for mailboxes => but just leave them in spambox - can be good for blackberry's ;-) . I don't use catchall

Could be an alternative

It seems I found solution at last.
On our servers works fine.
Please, check it on your servers.... may be I something dismissed

# Spam Assassin
spamcheck_director:
  driver = accept
  condition = "${if and { \
                        {!def:h_X-Spam-Flag:} \
                        {!eq {$received_protocol}{spam-scanned}} \
                        {!eq {$received_protocol}{local}} \
                        {exists{/home/${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}/.spamassassin/user_prefs}} \
                        {exists{/etc/virtual/${domain}/passwd}} \
                        { \
                        or \
                            { \
                                {!eq {}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/passwd}}}} \
                                {eq {$local_part} {${lookup{$domain}lsearch{/etc/virtual/domainowners}}}}  \
                            } \
                        } \
                } {1}{0}}"
  retry_use_local_part
  transport = spamcheck
  no_verify

Its scann spam of main system account too.

 

[nobaloney]

I did notice something else however, in combination with the latest spamblocker exim.conf: non-existent addresses (like [email protected]) still get checked by all dns-lists and so on (spamhaus, orbs, etc). Why isn't it rejected right away because these is no such address?

Exim accepts email in multiple steps:

1) mail from
2) receipt to
3) data

Blocklists are checked during mail from and recipients are checked for validity in receipt to.

Jeff

 

[stan]

I've just spent the day trying to come up with another solution. My reasoning was that everything should be able to be scanned.. but the problem is with the filter in that it doesn't know what type of emails it's dealing with, which is why it's blindly saving things...

this solution works great for pop-boxes, but not for aliasses. the filter doesn't specify what to do when X-is-alias = "yes".

what happens now is that spam for aliasses is delivered in the inbox of the corresponding pop-box, not in the spam folder (spamassassin is setup in DA to deliver to the spam folder).

Summarized:
- spam to: [email protected] = delivered to spam folder

forwarder: alias@ => pop@
- spam to alias@ is delivered to the inbox of pop@


How can this be solved?

 

[xemaps]

this is solved as forwarded spam => delivered to aliased spam box (not to inbox which would stupid)

need change exim code as shown in this topic.

 

[stan]

this is solved as forwarded spam => delivered to aliased spam box (not to inbox which would stupid)

need change exim code as shown in this topic.

yes we changed the exim code as suggested by directadmin support above, but alias-spam is still delivered in the inbox of the corresponding pop-box, and not in the spam folder, which is rather strange.

hopefully DA-support could help with this one?

 

[xemaps]

be sure to delete box and follow new exim sa code
i hope you redirected spam to user folder spam box.

Even don't use catchall spambox /or account.

 

[stan]

be sure to delete box

what do you mean with 'delete box'?

follow new exim sa code

could you post the exact code which is working for you? there are several solutions in this thread, we have tried the latest solution in this thread from directadmin support.

Even don't use catchall spambox /or account.

we need catchall to be enabled, but it's no problem if the catchall-spam doesn't get forwarded properly

i hope you redirected spam to user folder spam box.

yes of course (set in DA cpanel)

 

[xemaps]

Code that work on my DA/FC3/Exim 4.63/SA 3.1.4 server
replace in exim.conf the spamcheck director :

#sa2 replace spamcheck_director
# Spam Assassin modified for alias spam
spamcheck_director:
driver = accept
condition = "${if and { \
{!def:h_X-Spam-Flag:} \
{!eq {$received_protocol}{spam-scanned}} \
{!eq {$received_protocol}{local}} \
{exists{/home/${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}/.spamassassin/user_prefs}} \
{exists{/etc/virtual/${domain}/passwd}} \
{ \
or \
{ \
{!eq{}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/passwd}}}} \
{eq {$local_part}{${lookup{$domain}lsearch{/etc/virtual/domainowners}}}} \
} \
} \
} {1}{0}}"
retry_use_local_part
transport = spamcheck
no_verify
#sa2

Delete any redirected mail box from alias if exist in /var/spool/virtual/domain.tld/
=> you must have ONLY existing true mailbox (no alias) in that folder

and ... restart exim

One good thing is that if you forward mail, only spamless will go through ;-) spam stay in original box.
It is not perfect for all situation but for me it's very good.

 

[OliverScott]

Code that work on my DA/FC3/Exim 4.63/SA 3.1.4 server
replace in exim.conf the spamcheck director :

#sa2 replace spamcheck_director
# Spam Assassin modified for alias spam
spamcheck_director:
driver = accept
condition = "${if and { \
{!def:h_X-Spam-Flag:} \
{!eq {$received_protocol}{spam-scanned}} \
{!eq {$received_protocol}{local}} \
{exists{/home/${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}/.spamassassin/user_prefs}} \
{exists{/etc/virtual/${domain}/passwd}} \
{ \
or \
{ \
{!eq{}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/passwd}}}} \
{eq {$local_part}{${lookup{$domain}lsearch{/etc/virtual/domainowners}}}} \
} \
} \
} {1}{0}}"
retry_use_local_part
transport = spamcheck
no_verify
#sa2

Delete any redirected mail box from alias if exist in /var/spool/virtual/domain.tld/
=> you must have ONLY existing true mailbox (no alias) in that folder

and ... restart exim

One good thing is that if you forward mail, only spamless will go through ;-) spam stay in original box.
It is not perfect for all situation but for me it's very good.

I have set this up and it seems to be working well!

I take it that the only known limitation is that a catchall account when set to the main domain account won't get scanned? And that this can be fixed by having catchall emails delivered to a regular user pop mail box?