{"id":8506,"date":"2015-01-08T18:02:38","date_gmt":"2015-01-08T18:02:38","guid":{"rendered":"https:\/\/wp.okra.host\/article\/mail-filtering\/"},"modified":"2021-03-07T14:24:57","modified_gmt":"2021-03-07T13:24:57","slug":"mail-filtering","status":"publish","type":"ht_kb","link":"https:\/\/kb.okra.host\/de\/article\/mail-filtering\/","title":{"rendered":"Mail filtering"},"content":{"rendered":"

\u00dcbersicht<\/h2>\n

Message filtering is done prior to delivery via maildrop. Each message goes through two levels of filters: (1) global — processed first in \/etc\/maildroprc<\/code> followed by (2) local per-user filters in $HOME\/.mailfilter<\/code>. Basic filtering recipes are provided below. Syntax and usage may be found in mailfilter(7)<\/a>.<\/p>\n

Wichtig:<\/strong><\/span> on older platforms<\/a>, (less than\u00a0v6), remember to always run dos2unix<\/a> or EOL conversion “Windows -> Unix” (Dateien<\/strong> > File Manger<\/strong> > Eigenschaften<\/strong> action<\/em>)\u00a0on the filter after making changes. maildrop will not read filter files written on Windows or Mac correctly. Consequently, mail cannot be delivered to the account until corrected.<\/div>\n

SpamAssassin<\/a> is invoked from the global maildrop filter, \/etc\/maildroprc<\/code>. The following block of code passes the message off to SpamAssassin if it is smaller than 128 KB.<\/p>\n

if ($SIZE < 131072)\r\n{\r\n        xfilter \"\/usr\/bin\/spamc -u $RECIPIENT\"\r\n}<\/pre>\n
Please note that these 4 lines are required for a message to be filtered through SpamAssassin. Removal of these lines from \/etc\/maildroprc<\/code> will cause mail to be delivered unfiltered. Further, the linebreaks are critical. Opening and closing braces must<\/b> be on their own lines. K&R\/KNF style braces<\/a> nicht<\/b> work. Likewise, ensure line endings are correct (previous warning).<\/div>\n
Default maildrop filter<\/span><\/h2>\n
\/etc\/maildroprc<\/span><\/div>\n
# Global maildrop rules go here\r\n# See http:\/\/www.courier-mta.org\/maildrop\/maildropfilter.html for syntax\r\nif ($SIZE < 131072)\r\n{\r\n        exception {\r\n                xfilter \"\/usr\/bin\/spamc -u $RECIPIENT\"\r\n        }\r\n}\r\n\u00a0\r\nDELETE_THRESHOLD=10.0\r\nif (\/^X-Spam-Flag: YES\/)\r\n{\r\n        \/X-Spam-Score: (d+)\/\r\n        if ($MATCH1 >= $DELETE_THRESHOLD)\r\n        {\r\n                to \/dev\/null\r\n        }\r\n        else\r\n        {\r\n                to Mail\/.Spam\/\r\n        }\r\n}<\/pre>\n
Explanation:<\/strong> if the message size is smaller than 128 KB, hand it off to SpamAssassin. DELETE_THRESHOLD<\/code> is the maximum score an e-mail may have if and only if<\/i> it is labeled as spam. If the score is greater or equal to DELETE_THRESHOLD<\/code>, then the message will be deleted by being sent to \/dev\/null<\/code> otherwise deliver to the Spam mailbox on the server. This mailbox<\/a> may be accessed through webmail<\/a> or IMAP.<\/p>\n
Globally disabling per-user filter files<\/span><\/h3>\n
Adding to $DEFAULT<\/code> at the end of the global filtering file will deliver the message to the default mailbox, $HOME\/Mail<\/code>, and cease further processing.<\/p>\n
Selectively disabling per-user filtering<\/span><\/h3>\n
LOGNAME<\/code> holds the current username on the server. A simple check can be used to prohibit user filtering for a specific user.<\/p>\n
\/etc\/maildroprc<\/span><\/div>\n
if ($SIZE < 131072)\r\n{\r\n        xfilter \"\/usr\/bin\/spamc -u $RECIPIENT\"\r\n}\r\n# User \"bill\" loves his spam\r\nif ($LOGNAME ne \"bill\" && \/^X-Spam-Flag: YES\/)\r\n{\r\n        to \/dev\/null\r\n}<\/pre>\n
Likewise to disable checking the filter file for a user, the above recipe can be further modified…<\/p>\n
if ($SIZE < 131072)\r\n{\r\n        xfilter \"\/usr\/bin\/spamc -u $RECIPIENT\"\r\n}\r\n# User \"bill\" loves his spam\r\nif ($LOGNAME ne \"bill\" && \/^X-Spam-Flag: YES\/)\r\n{\r\n        to \/dev\/null\r\n}\r\n# But he's prohibited from adding any filter rules\r\nif ($LOGNAME eq \"bill\")\r\n{\r\n        to $DEFAULT\r\n}<\/pre>\n
Note that eq, lt, le, gt, ge, ne are used for string comparisons, while ==, <, <=, >, >=, != are used for numeric comparisons.<\/div>\n
Deleting all messages marked spam<\/span><\/h3>\n
Before the recipe is given bear in mind this is strongly discouraged for two reasons, (1) young e-mail accounts may have a lot of variability in scoring and (2) no failure notice is generated. Consequently, neither the sender nor you will know if the message had been deleted, because no delivery failure status is generated. This is very similar to the default maildroprc<\/a>, except threshold scoring is removed and all spam is deleted.<\/p>\n
\u00a0\r\nif (\/^X-Spam-Flag: YES\/)\r\n{\r\nto \/dev\/null\r\n}\r\n<\/pre>\n
Filtering to an external program<\/span><\/h3>\n
maildrop’s xfilter<\/a> directive pipes the message to an external script for processing. A rudimentary example reverses the message text. Naturally, as this is a shell script it should be directly executable from the shell, so ensure the permissions are at least 700 (chmod 700 reverse.sh<\/code>).<\/p>\n
.mailfilter<\/span><\/code><\/div>\n
xfilter \"$HOME\/reverse.sh\"<\/pre>\n
reverse.sh<\/span><\/code><\/div>\n
#!\/bin\/sh\r\nexec 6<&0\r\nwhile read -u 6 line\u00a0;\r\ndo \r\n        echo $line | rev\r\ndone\r\nexec 6<&-\r\nexit 0<\/code><\/pre>\n
Creating a spam trap<\/span><\/h3>\n
Spam traps are useful addresses deliberately listed on Web pages hidden from public view. Spam bots harvest these addresses and deliver spam. You can use this knowledge to feed all e-mail destined to a particular address directly to SpamAssassin<\/a> with the an<\/code> directive. In addition to delivering to mailboxes, an<\/code> can forward outbound to another address (!) or to another program (|) with a simple prefix. The following assumes spam@mydomain.com<\/code> maps to a virtual mailbox on the server owned by the user myuser<\/code><\/p>\n\n\n\n\n\n
Mailbox Routes<\/b><\/caption>\n
Username<\/th>\nDomain<\/th>\nDestination<\/th>\nType<\/th>\n<\/tr>\n
spam<\/td>\nmydomain.com<\/td>\n\/home\/myuser\/Mail<\/td>\nV<\/td>\n<\/tr>\n
myuser<\/td>\nmydomain.com<\/td>\n\/home\/myuser\/Mail<\/td>\nV<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
And for the recipe<\/p>\n
if (hasaddr(\"spam@mydomain.com\")) \r\n{\r\nto \"|\/usr\/bin\/spamc --spam -u $RECIPIENT\"\r\n}<\/pre>\n
Using a single SpamAssassin instance<\/span><\/h3>\n
One user account may be delegated to handle all SpamAssassin filtering settings for all e-mail accounts. Replace the e-mail-specific variable, $RECIPIENT<\/code> with the full user’s login\/etc\/maildroprc<\/code>. For example, to let the user named example<\/var> on the domain Beispiel.com<\/var> handle spam filtering for all users on the domain Beispiel.com<\/var>:<\/p>\n
File:<\/span> \/etc\/maildroprc<\/span><\/code><\/div>\n
# Global maildrop rules go here\r\n# See http:\/\/www.courier-mta.org\/maildrop\/maildropfilter.html for syntax\r\nif ($SIZE < 131072)\r\n{\r\n        exception {\r\n                xfilter \"\/usr\/bin\/spamc -u example@example.com\"\r\n        }\r\n}\r\n# rest of the rules ...<\/pre>\n
\n
Pros<\/strong><\/dt>\n<\/dl>\n