sa-learn, dovecot virtual users and virtual user configs

Well, I wanted independent SpamAssassin Bayes databases per user (different users, different preferences). For that, RoundCube already set up the Junk folder. However, I wanted the ability (for myself, as well for my other users) to individually mark messages as either Spam or Ham.

RoundCube: Inbox view
RoundCube: Inbox view

 

 

Now, as I said before I wanted a trivial way to mark messages as Spam or Ham (without using the command line each time).

RoundCube: Adjusted Inbox View
RoundCube: Adjusted Inbox View

Now, that was the mailbox setup part. Now we do have to do some command line foo (yeah, it’s still necessary) to actually learn the mails as spam or ham. First we need a script, which scans the Maildir for each domain/user separately, and then creates the bayes database.

This script is based on work from nesono and workaround.org. Anyhow, the script will scan each user folder (you might need to adjust the MAIL_DIR and SPAMASS_DIR variable, depending on where your MAIL_DIR is located.

Next, we need to adjust the SPAMD options to use the virtual-config-dir (that’s the SPAMD name for this).

As you can see, I basically appended the following to the OPTIONS variable: –virtual-config-dir=/var/lib/spamassassin/%d/%l -x -u mail

Now, here’s a couple of pointers:

–virtual-config-dir=pattern
This option specifies where per-user preferences can be found for virtual users, for the -x switch. The pattern is used as a base pattern for the directory name. Any of the
following escapes can be used:

%u — replaced with the full name of the current user, as sent by spamc.
%l — replaced with the ‘local part’ of the current username. In other words, if the username is an email address, this is the part before the “@” sign.
%d — replaced with the ‘domain’ of the current username. In other words, if the username is an email address, this is the part after the “@” sign.
%% — replaced with a single percent sign (%).

-u username, –username=username
Run as the named user. If this option is not set, the default behaviour is to setuid() to the user running “spamc”, if “spamd” is running as root.

Note: “–username=root” is not a valid option. If specified, “spamd” will exit with a fatal error on startup.

Now, only a small adjustment is still needed. In order for the inbound mails to be scanned with the per-user db’s, you need to adjust postfix’s master.cf file, to run spamc with the per-user db.

After that’s done (and a restart of postfix, spamassassin and dovecot) you should be the proud owner of a per-user dovecot/postfix/spamassassin implementation.

2 thoughts to “sa-learn, dovecot virtual users and virtual user configs”

  1. I wanted to provide some additional information on how to set this up to work with Debian and the spamass-milter (for posterity!)

    First I decided to have Junk be for Junk and Archive for Archive. If I am archiving something, I must value it (HAM).

    So I followed this guide to create the .Archive folder automatically when a user logs in for the first time:
    http://www.productionmonkeys.net/guides/qmail-server/imap-and-pop3/dovecot/autocreate-folders

    I then followed the above guide, but since I do not use amavis but milters to run antivirus, opendkim, and spam assassin. I had to change things a bit.

    for my /etc/default/spamass-milter:

    # This option below (-e) will pass the recipient email – useful for spamassassin per-user rules
    OPTIONS=” -u spamass-milter -e -i 127.0.0.1 -m -r -1 -I”

    for my /etc/default/spamassassin:

    OPTIONS=”–create-prefs –max-children 5 –helper-home-dir=/var/lib/spamassassin –virtual-config-dir=/var/lib/spamassassin/%d/%l -x -u debian-spamd -g debian-spamd”

    Note I used https://workaround.org/ispmail/wheezy as my starting point for getting email installed on Debian.

    Also, copy/paste of your cron job messed me up until I realized the –no-sync belonged on the same line above.

    Thanks for the great help on per user directories!

  2. Oh, and the dashes on the options for spamassassin are double dashes (i.e. –create. The reply mechanism here deletes the second dash.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.