dovecot - Oct 2012 - Advanced dovecot tricks - spam review/release

Hi,

I'm looking for some advice to do a really advanced trick with Dovecot. 
I'm not sure if this can be done. I need to describe first.

I have a spam filtering company that does front end spam filtering. 
(Junk Email Filter) I want to add a system where I store a copy of spam 
on a server and make it available to the customer to review and maybe 
resent on false positives.

I know I could do something simple where I deliver all spam to a domain 
account and make it available to an administrator. Then if it's a false 
positive they would drag the message to a "resend" folder. I'll
have
something the checks the folder one a minute to pick up and resend.

However

What would be very cool is delivering the spam to individual accounts. 
So a user who logs in individually can see their own spam. But the admin 
for the domain would be able to see all users. Maybe the users would 
appear as folders?

Then a master account (me) would be able to log in and see all the 
domains as folders and the users as folders inside the domains?

One thing I can do is deliver the spam to 3 different places so it's 
visible on all levels.

I'm just wondering if anyone out there has any ideas about that. And 
I'll need an authentication system.

Hi Marc, i solved this using an automated report for users quarantine. In
front of dovecot i have 2 mailscanner boxes that stores spam emails in
quarantine and logs them to a database, periodically there is a script that
sends an html report to users that recieved spam in the last interval (1h,
4h, 24hs depending on the user preferences) showing a list of
time-from-subject of all new items in quarantine. There is also a link to
release the email from quarantine and the users recieves it on his inbox.
So our users can release emails without bothering anyone. (There is also an
admin view where the admin can see all the trafic for the domain).

my 2cents.

regards,

eduardo.

2012/10/3 Marc Perkel <marc at perkel.com>
> Hi,
>
> I'm looking for some advice to do a really advanced trick with Dovecot.
> I'm not sure if this can be done. I need to describe first.
>
> I have a spam filtering company that does front end spam filtering. (Junk
> Email Filter) I want to add a system where I store a copy of spam on a
> server and make it available to the customer to review and maybe resent on
> false positives.
>
> I know I could do something simple where I deliver all spam to a domain
> account and make it available to an administrator. Then if it's a false
> positive they would drag the message to a "resend" folder.
I'll have
> something the checks the folder one a minute to pick up and resend.
>
> However
>
> What would be very cool is delivering the spam to individual accounts. So
> a user who logs in individually can see their own spam. But the admin for
> the domain would be able to see all users. Maybe the users would appear as
> folders?
>
> Then a master account (me) would be able to log in and see all the domains
> as folders and the users as folders inside the domains?
>
> One thing I can do is deliver the spam to 3 different places so it's
> visible on all levels.
>
> I'm just wondering if anyone out there has any ideas about that. And
I'll
> need an authentication system.
>
>

If you ever figure out how to do this, I've got an excellent name for 
it: MailWatch

http://sourceforge.net/projects/mailwatch/

steve

On 10/3/2012 3:48 PM, Marc Perkel wrote:
> Hi,
>
> I'm looking for some advice to do a really advanced trick with 
> Dovecot. I'm not sure if this can be done. I need to describe first.
>
> I have a spam filtering company that does front end spam filtering. 
> (Junk Email Filter) I want to add a system where I store a copy of 
> spam on a server and make it available to the customer to review and 
> maybe resent on false positives.
>
> I know I could do something simple where I deliver all spam to a 
> domain account and make it available to an administrator. Then if it's 
> a false positive they would drag the message to a "resend"
folder.
> I'll have something the checks the folder one a minute to pick up and 
> resend.
>
> However
>
> What would be very cool is delivering the spam to individual accounts. 
> So a user who logs in individually can see their own spam. But the 
> admin for the domain would be able to see all users. Maybe the users 
> would appear as folders?
>
> Then a master account (me) would be able to log in and see all the 
> domains as folders and the users as folders inside the domains?
>
> One thing I can do is deliver the spam to 3 different places so it's 
> visible on all levels.
>
> I'm just wondering if anyone out there has any ideas about that. And 
> I'll need an authentication system.
>

Maildir, layout=fs
/var/vmail/domain/user/

Spams get delivered there. User has access there. Domain admin has
mail_location=/var/vmail/domain, you have mail_location=/var/vmail
-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

Marc Perkel <marc at perkel.com> wrote:

Hi,

I'm looking for some advice to do a really advanced trick with Dovecot. 
I'm not sure if this can be done. I need to describe first.

I have a spam filtering company that does front end spam filtering. 
(Junk Email Filter) I want to add a system where I store a copy of spam 
on a server and make it available to the customer to review and maybe 
resent on false positives.

I know I could do something simple where I deliver all spam to a domain 
account and make it available to an administrator. Then if it's a false 
positive they would drag the message to a "resend" folder. I'll
have
something the checks the folder one a minute to pick up and resend.

However

What would be very cool is delivering the spam to individual accounts. 
So a user who logs in individually can see their own spam. But the admin 
for the domain would be able to see all users. Maybe the users would 
appear as folders?

Then a master account (me) would be able to log in and see all the 
domains as folders and the users as folders inside the domains?

One thing I can do is deliver the spam to 3 different places so it's 
visible on all levels.

I'm just wondering if anyone out there has any ideas about that. And 
I'll need an authentication system.

On 03. okt. 2012 21:48, Marc Perkel wrote:
> Hi,
>
> I'm looking for some advice to do a really advanced trick with 
> Dovecot. I'm not sure if this can be done. I need to describe first.
>
> I have a spam filtering company that does front end spam filtering. 
> (Junk Email Filter) I want to add a system where I store a copy of 
> spam on a server and make it available to the customer to review and 
> maybe resent on false positives.
>
> I know I could do something simple where I deliver all spam to a 
> domain account and make it available to an administrator. Then if it's 
> a false positive they would drag the message to a "resend"
folder.
> I'll have something the checks the folder one a minute to pick up and 
> resend.
>
> However
>
> What would be very cool is delivering the spam to individual accounts. 
> So a user who logs in individually can see their own spam. But the 
> admin for the domain would be able to see all users. Maybe the users 
> would appear as folders?
>
> Then a master account (me) would be able to log in and see all the 
> domains as folders and the users as folders inside the domains?
>
> One thing I can do is deliver the spam to 3 different places so it's 
> visible on all levels.
>
> I'm just wondering if anyone out there has any ideas about that. And 
> I'll need an authentication system.
>
>
Check out the dovecot sieve plugin. I use the following default 
pre-filter for all users:
---
require ["regex", "fileinto", "imap4flags"];

# Catch mail tagged as Spam, except Spam retrained and delivered to the 
mailbox
if allof (header :regex "X-DSPAM-Result"
"^(Spam|Virus|Bl[ao]cklisted)$",
           not header :contains "X-DSPAM-Reclassified"
"Innocent",
       not header :contains "Received-SPF" "pass
.securityfocus.com") {

   # Mark as read
   #setflag "\\Seen";
   addflag "$junk";
   # Move into the Junk folder
   fileinto "INBOX.Junk";

   # Stop processing here
   stop;
}
-----
Together with the dovecot antispam plugin this makes the beginnings of a 
very intuitive
system. I just click to remove the junk flag on any false positive, and 
it gets re-delivered to
me.

The dovecot lda also supports a switch to deliver to a specific folder I 
believe. This would
be an alternative if you get the spam delivered through a separate 
channel anyway.
-------
The other part of your requirements could be met by using dovecot public 
folders, which
I have never used myself. Maybe set up so admins can subscribe to the 
junk-folder of
any user they want ? Refiling false positives might get messy for an 
admin though.

Regards, H?kon.

Am 03.10.2012 21:48, schrieb Marc Perkel:
> I'm looking for some advice to do a really advanced trick with Dovecot.
> I'm not sure if this can be done. I need to describe first.
> 
> I have a spam filtering company that does front end spam filtering.
> (Junk Email Filter) I want to add a system where I store a copy of spam
> on a server and make it available to the customer to review and maybe
> resent on false positives.
this is the job of your filter comapny first,
anyway , dont use them anymore and use i.e amavis with quarantaine
i dont think other cases make sense in real by getting very complicated
-- 
Best Regards
MfG Robert Schetterer

On 5.10.2012, at 10.45, Micha Krause wrote:
>> ./imap -O -o mail=maildir:/tmp/vmail/domain/user:LAYOUT=fs
> 
> Wow, thats a really cool way to debug/test mailboxes, is this documented
somewhere?
No. The -O, -o, -k and some other options should be put into some new global.inc
where it gets included to all doveadm/dovecot/doveconf man pages..
> What does -O do, any other interesting options?

All the global settings are:

-O ignores dovecot.conf and just uses the default settings.
-o <key>=<value> can be used multiple times to override any setting
-k preserves environment variables (which can also be used to override settings,
e.g. MAIL=foo)
-c <path> changes dovecot.conf path
-i <name> changes to dovecot.conf used by the given instance name
-L logs directly to destination specified by
log_path/info_log_path/debug_log_path, bypassing log process (allowing logging
to different location than normally, log process always logs only to one
location)

Timo Sirainen wrote:
> -i <name> changes to dovecot.conf used by the given instance name
This does not seem to work, at least not with version 2.1.10:

mail01:~# doveadm instance list
path                                                                            
name             last used           running
/var/run/dovecot                                                                
dovecot-mailbox  2012-10-05 19:19:33 yes
/var/run/dovecot-director                                                       
dovecot-director 2012-10-05 19:20:13 yes

mail01:~# doveadm -c /etc/dovecot-director/dovecot-director.conf director status
dparthey at example.org
Current: 10.129.3.192 (expires 2012-10-07 20:10:25)
Hashed: 10.129.3.192
Initial config: 10.129.3.192

mail01:~# doveadm -i dovecot-director director status dparthey at example.org
doveadm(root): Fatal: read(/var/run/dovecot/director-admin) failed: Connection
reset by peer

Regards
Daniel
-- 
https://plus.google.com/103021802792276734820

On 5.10.2012, at 22.48, Daniel Parthey wrote:
> Timo Sirainen wrote:
>> -i <name> changes to dovecot.conf used by the given instance name
> 
> This does not seem to work, at least not with version 2.1.10:
Fixed: http://hg.dovecot.org/dovecot-2.1/rev/0262ede193e5