dovecot - Aug 2012 - Antispam only when LMTP delivers some specific messages

Hello,
we're setting up a weird platform where every incoming email is passed 
from the MTA directly to a tool that then uses dovecot LMTP to deliver 
the message into the user mailbox.

We are legally *not* allowed to run antispam on all the incoming 
messages, but only on some of them, as they are recognized by the 
aforementioned tool; but given that tool directly uses LMTP to delivers 
the mail we need to find a way to parse the messages passing thru LMTP 
and run spamassassin only on those matching some regex on subject and 
mail body.

Is is possible to do that with some dovecot LMTP feature?

i've read a lot of documentation about how to possibly implement it and 
it *seems* there would be a way using pigeonhole sieve and extprograms - 
what do you think?

The idea I have in mind is something like:

  1. identify the mails we want to scan with spamassassin (using regex 
or whatever else to precisely pin-point them)
  2. run SA on those
  3. in case it's spam, rewrite the subject (or similar)

Do you think it's something doable with dovecot?

Thanks in advance,
-- 
Sandro Tosi
Product Engineer
Shared Hosting Products
R&D | Dada.pro
eml sandro.tosi at register.it

Am 03.08.2012 14:03, schrieb Sandro Tosi:
> We are legally *not* allowed to run antispam on all the incoming messages
you ARE allowed if you are doing it right

right in this context means you have to run the filter
pre-queue and REJECT blocked messages, so the sending
server knows that you did NOT accept the message and
can send a bounce to his user

wrong in this context means you accept the message, filter
it after that and throw it away while the sender has a
confirmed delivery - this is a legal problem in the first
front and technically wrong because you risk to become
a backscatter by starting active bounes on your server
if you are not 100% sure how all the pieces work togehter
and how the whole system acts in each situation

bringing LMTP and Dovecot in the context of spam-filtering
is automatically doing it completly wrong

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20120803/34b6c264/attachment-0004.bin>

Hello,
thanks for you reply.

On 08/03/2012 02:09 PM, Reindl Harald wrote:
>
>
> Am 03.08.2012 14:03, schrieb Sandro Tosi:
>> We are legally *not* allowed to run antispam on all the incoming
messages
>
> you ARE allowed if you are doing it right
please.. don't consider everyone that writes a junior with no 
experience, I know what i'm doing :) In a classic mail setup, i'd have 
done as you described, but the introduction of my email makes it clear 
this is a particular situation.

as I said, we *cannot* do it the "standard way"! we are forced to
accept
messages if they come in a particular format (yes even spam ones), and 
we can only run SA on a subset if the incoming mails, as decided by the 
tool we're passing all the messages to.

Now, getting back on topic, is it possible to do what I have in mind? is 
there some other solutions to achieve my goal?

Regards,
-- 
Sandro Tosi
Product Engineer
Shared Hosting Products
R&D | Dada.pro
eml sandro.tosi at register.it

Am 03.08.2012 14:03, schrieb Sandro Tosi:
> Hello,
> we're setting up a weird platform where every incoming email is passed
> from the MTA directly to a tool that then uses dovecot LMTP to deliver
> the message into the user mailbox.
> 
> We are legally *not* allowed to run antispam on all the incoming
> messages, but only on some of them, as they are recognized by the
> aforementioned tool; but given that tool directly uses LMTP to delivers
> the mail we need to find a way to parse the messages passing thru LMTP
> and run spamassassin only on those matching some regex on subject and
> mail body.
> 
> Is is possible to do that with some dovecot LMTP feature?
> 
> i've read a lot of documentation about how to possibly implement it and
> it *seems* there would be a way using pigeonhole sieve and extprograms -
> what do you think?
> 
> The idea I have in mind is something like:
> 
>  1. identify the mails we want to scan with spamassassin (using regex or
> whatever else to precisely pin-point them)
>  2. run SA on those
>  3. in case it's spam, rewrite the subject (or similar)
> 
> Do you think it's something doable with dovecot?
> 
> Thanks in advance,
you may use global sieve rules
perhaps look here for ideas

http://wiki2.dovecot.org/Pigeonhole/Sieve/Examples#Spam.2BAC8-Virus_rules

-- 
Best Regards
MfG Robert Schetterer