aboutsummaryrefslogtreecommitdiffstats
path: root/antispam.7
blob: d07c1d09b3c2e52125aadcfe9b2557178e043600 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
.TH ANTISPAM 7 "15 October 2007" "" ""
.SH NAME
antispam \- The dovecot antispam plugin.

.SH DESCRIPTION
The dovecot antispam plugin watches a defined spam folder (defaults to
"SPAM"). It works together with a spam system that classifies each
message as it is delivered. When the message is classified as spam, it
shall be delivered to the spam folder, otherwise via the regular
filtering file the user may have (maildrop, sieve, ...). Now the user
has everything classified as spam in the special spam folder, everything
else where it should be sorted to.

This is not enough because our spam scanner needs training. We'll
occasionally have false positives and false negatives. Now this is the
point where the dovecot antispam plugin comes into play. Instead of
moving mail into special folders or forwarding them to special mail
addresses for retraining, the plugin offers two actions for the user:
.IP " 1." 4
moving mail out of the SPAM folder and
.IP " 2." 4
moving mail into the SPAM folder.

.PP
The dovecot plugin watches these actions (and additionally prohibits
APPENDs to the SPAM folder, more for technical reasons than others) and
tells the spam classifier that it made an error and needs to re-classify
the message (as spam/not spam depending on which way it was moved.)

The advantage of this approach is that the mail ends up in the right
target folder directly and needs not be touched twice.

When other classifiers like crm114 that have an `unsure' state are used,
the plugin can also help, it supports an `unsure' folder feature. The
unsure folder cannot be written to, but moving out from there into a
folder that is considered a spam folder will learn as spam, any other
folder (except trashes) will cause learning as not-spam.

.SH INSTALLATION

First copy the `defconfig' file to `.config' and edit it as necessary.
You need to have the dovecot headers installed and possibly other things
depending on the backend you choose. Then, assuming you have configured
the INSTALLDIR correctly, simply run `make install'.

If you do not wish to use the install target, simply copy the plugin
(that is, the file lib90_antispam_plugin.so) to your dovecot imap plugin
directory; by default this is /usr/lib/dovecot/modules/imap/ or any dir
you have configured (look for the mail_plugin_dir configuration
directive.)

Open your dovecot configuration file (usually /etc/dovecot/dovecot.conf)
and add the antispam plugin to the imap protocol section:

.nf
protocol imap {
    mail_plugins = antispam
    # mail_plugin_dir = /usr/lib/dovecot/modules/imap
}
.fi

.SH BACKENDS

The plugin supports multiple backends, there are currently two working
backends included in the distribution:

.SS dspam executable backend (dspam specific)

This backend instantly retrains by calling dspam. There are some
problems with this approach including
(1) it can take a long time during which the IMAP session is blocked
(2) when many users retrain many messages at once server load may spike

.SS email sender backend (spam filter agnostic)

This backend sends mail to ham@example.com or spam@example.com
(actual addresses are configurable) for retraining. This backend can
be very fast to set up if you already have a working setup that uses
training addresses as recommended by many spam filter setups.

Since this backend simply pipes the message to a program (by default
sendmail) it can also be used for all kinds of other spam filters,
for example spamassassin (by calling sa-learn instead of sendmail.)

.SS crm114 executable backend (crm114 specific)

This backend instantly retrains by calling mailreaver.crm which
needs to be configured (defaulting to /bin/false!); the argument
--good or --spam is given depending on how mail is moved.

You need to use the unsure folder option (see below) together with
this plugin and deliver unsure mail into an unsure folder, spam mail
into a spam folder and other mail regularly.

Has the same drawbacks as the dspam-exec approach.


.SH CONFIGURATION

Aside from the build-configuration done in the `.config' file, you have
the following run-time options (shown along with the default):

.nf
plugin {
    ##################
    # GENERIC OPTIONS

    # mail signature (used with any backend requiring a signature)
    antispam_signature = X-DSPAM-Signature

    # semicolon-separated list of Trash folders (default unset i.e. none)
    # antispam_trash =
    # antispam_trash = trash;Trash;Deleted Items

    # semicolon-separated list of spam folders
    antispam_spam = SPAM

    # semicolon-separated list of unsure folders (default unset i.e. none)
    # antispam_unsure =

    # Whether to allow APPENDing to SPAM folders or not. Must be set to
    # "yes" (case insensitive) to be activated. Before activating, please
    # read the discussion below.
    # antispam_allow_append_to_spam = no

    ###########################
    # BACKEND SPECIFIC OPTIONS
    #

    #===================
    # dspam-exec plugin

    # dspam binary
    antispam_dspam_binary = /usr/bin/dspam

    # semicolon-separated list of extra arguments to dspam
    # (default unset i.e. none)
    # antispam_dspam_args =
    # antispam_dspam_args = --deliver=;--user;%u  # % expansion done by dovecot
    # antispam_dspam_args = --mode=teft

    #=====================
    # mail sending plugin
    #
    # Because of the way this plugin works, you can also use it
    # to train via an arbitrary program that receives the message
    # on standard input, in that case you can use the config
    # options antispam_mail_spam and antispam_mail_notspam for
    # the argument that distinguishes between ham and spam.
    # For example:
    #   antispam_mail_sendmail = /path/to/mailtrain
    #   antispam_mail_sendmail_args = --for;%u
    #   antispam_mail_spam = --spam
    #   antispam_mail_notspam = --ham
    # will call it, for example, like this:
    #   /path/to/mailtrain --for jberg --spam

    # temporary directory
    antispam_mail_tmpdir = /tmp

    # spam/not-spam addresses (default unset which will give errors)
    # antispam_mail_spam =
    # antispam_mail_notspam =

    # sendmail binary
    antispam_mail_sendmail = /usr/sbin/sendmail
    #antispam_mail_sendmail_args = -f;%u@example.com # % expansion done by dovecot

    #===================
    # crm114-exec plugin

    # mailreaver binary
    antispam_crm_binary = /bin/false
    # antispam_crm_binary = /usr/share/crm114/mailreaver.crm

    # semicolon-separated list of extra arguments to dspam
    # (default unset i.e. none)
    # antispam_crm_args =
    # antispam_crm_args = --config=/path/to/config

    # NOTE: you need to set the signature for this backend
    antispam_signature = X-CRM114-CacheID
}
.fi

.SH ALLOWING APPENDS?

You should be careful with allowing APPENDs to SPAM folders. The reason
for possibly allowing it is to allow not-SPAM --> SPAM transitions to work
with offlineimap. However, because with APPEND the plugin cannot know the
source of the message, multiple bad scenarios can happen:

.IP " 1." 4
SPAM --> SPAM transitions cannot be recognised and are trained

.IP " 2." 4
the same holds for Trash --> SPAM transitions

.PP
Additionally, because we cannot recognise SPAM --> not-SPAM transitions,
training good messages will never work with APPEND.

.SH AUTHORS

Johannes Berg, Frank Cusack, Benedikt Boehm, Andreas Schneider