Using header_checks to file mail into junk folder

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Using header_checks to file mail into junk folder

Chris Walker
Hi all,

I'm trying to use milter_header_checks to file messages into users
Junk folder but I'm having issues formatting the FILTER response in my
header check file.

I've added the following to my main.cf:
  10025     inet  n       -       n       -       -       smtpd
    -o smtpd_tls_security_level=may
    -o smtpd_relay_restrictions=permit_mynetworks,reject
    -o inet_interfaces=loopback-only
    -o receive_override_options=no_header_body_checks
    -o local_recipient_maps=hash:/etc/postfix/virtual,ldap:/etc/postfix/virtual_junk.cf
    -o virtual_alias_maps=hash:/etc/postfix/virtual,ldap:/etc/postfix/virtual_junk.cf
    -o inet_interfaces=loopback-only

My /etc/postfix/milter_header_checks file:
  /^X-Spam-Status:\s+Yes$/                FILTER  localhost:10025

I'm using EFA project as an external mail filter.  Whenever spam is
encountered EFA adds 'X-Spam-Status: Yes' to the message header before
forwarding the message to my mail server for delivery.  The idea was
to route messages with the 'X-Spam-Status: Yes' header to another
instance of Postfix listening on localhost:10025 which overrides the
local_recipient_maps and virtual_alias_maps with the users Junk
folder.

I've read the header_checks man page and I'm still a bit confused as
to what the FILTER response in my /etc/postfix/milter_header_checks
file is supposed to look like.  During testing my messages keep
getting stuck in the queue with a 'status=deferred (mail transport
unavailable)' error.

Thanks,
Chris
Reply | Threaded
Open this post in threaded view
|

Re: Using header_checks to file mail into junk folder

Wietse Venema
Christopher Walker:

> Hi all,
>
> I'm trying to use milter_header_checks to file messages into users
> Junk folder but I'm having issues formatting the FILTER response in my
> header check file.
>
> I've added the following to my main.cf:
>   10025     inet  n       -       n       -       -       smtpd
>     -o smtpd_tls_security_level=may
>     -o smtpd_relay_restrictions=permit_mynetworks,reject
>     -o inet_interfaces=loopback-only
>     -o receive_override_options=no_header_body_checks
>     -o local_recipient_maps=hash:/etc/postfix/virtual,ldap:/etc/postfix/virtual_junk.cf
>     -o virtual_alias_maps=hash:/etc/postfix/virtual,ldap:/etc/postfix/virtual_junk.cf
>     -o inet_interfaces=loopback-only
>
> My /etc/postfix/milter_header_checks file:
>   /^X-Spam-Status:\s+Yes$/                FILTER  localhost:10025

You mean: smtp:localhost:10025. You have to specify a delivery
service (name in master.cf) before the destination (localhost:10025).

> I'm using EFA project as an external mail filter.  Whenever spam is
> encountered EFA adds 'X-Spam-Status: Yes' to the message header before

Your configuration suggests something different:

- The Milter adds 'X-Spam-Status: Yes'

- The milter_header_checks sends mail with such a header over SMTP
to localhost:10025.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Using header_checks to file mail into junk folder

Chris Walker
> Christopher Walker:
> > Hi all,
> >
> > I'm trying to use milter_header_checks to file messages into users
> > Junk folder but I'm having issues formatting the FILTER response in my
> > header check file.
> >
> > I've added the following to my main.cf:
> >   10025     inet  n       -       n       -       -       smtpd
> >     -o smtpd_tls_security_level=may
> >     -o smtpd_relay_restrictions=permit_mynetworks,reject
> >     -o inet_interfaces=loopback-only
> >     -o receive_override_options=no_header_body_checks
> >     -o local_recipient_maps=hash:/etc/postfix/virtual,ldap:/etc/postfix/virtual_junk.cf
> >     -o virtual_alias_maps=hash:/etc/postfix/virtual,ldap:/etc/postfix/virtual_junk.cf
> >     -o inet_interfaces=loopback-only
> >
> > My /etc/postfix/milter_header_checks file:
> >   /^X-Spam-Status:\s+Yes$/                FILTER  localhost:10025
>
> You mean: smtp:localhost:10025. You have to specify a delivery
> service (name in master.cf) before the destination (localhost:10025).
>
> > I'm using EFA project as an external mail filter.  Whenever spam is
> > encountered EFA adds 'X-Spam-Status: Yes' to the message header before
>
> Your configuration suggests something different:
>
> - The Milter adds 'X-Spam-Status: Yes'
>
> - The milter_header_checks sends mail with such a header over SMTP
> to localhost:10025.
>
>         Wietse

Thank you very much, your suggestion worked and cleared my transport issue.

We use EFA project (https://efa-project.org/) as an external mail
gateway for our site. As mail passes through the gateway EFA will add
the X-Spam-Status flag to every message. On the mail server, I'm
trying to run two instances of Postfix with different settings for
local_recipient_maps and virtual_alias_maps so I can (hopefully)
manipulate where the messages are placed in IMAP.

My /etc/postfix/virtual_junk.cf:
  server_host = ldap://10.3.24.162
  server_port = 389
  search_base = cn=Users,dc=ad,dc=domain,dc=com
  query_filter = (&(mail=%s)(objectClass=person))
  result_attribute = msSFU30Name
  bind = yes
  bind_dn = cn=ldap,cn=Users,dc=ad,dc=domain,dc=com
  bind_pw = strong_password
  version = 3
  start_tls = yes
  result_format = %[hidden email]

Unfortunately, I'm now having a problem where external addresses are
being mapped to IMAP accounts without the +Junk suffix. This results
in spam messages winding up in the user's inbox (basically how it was
working before). When does address mapping occur? I've changed the
milter_header_checks to header_checks hoping to reroute the message
before any address mapping occurs. I'm really hoping to get messages
into a user's Junk folder without using IMAP sieve.

Thanks,
Chris

--
PGP Fingerprint: 0x1A97C6259125882867EC8410FA1E7CD382BFC760
Reply | Threaded
Open this post in threaded view
|

Re: Using header_checks to file mail into junk folder

Kris Deugau
Christopher Walker wrote:

> I'm really hoping to get messages
> into a user's Junk folder without using IMAP sieve.

I'm curious why;  on-delivery message sorting like this is pretty much
what sieve is *for*...

-kgd
Reply | Threaded
Open this post in threaded view
|

Re: Using header_checks to file mail into junk folder

Matus UHLAR - fantomas
>Christopher Walker wrote:
>>I'm really hoping to get messages
>>into a user's Junk folder without using IMAP sieve.

procmail, maildrop...

On 31.12.20 13:52, Kris Deugau wrote:
>I'm curious why;  on-delivery message sorting like this is pretty much
>what sieve is *for*...

either is fine until incompetent users start creating rules they don't
understand and then complain...

I remember user who configured mail to be delivered to /dev/null and
complained about it being lost.

user whose "spam" solution was to create rule for any spam sender, with
thousands of records in filter file.

the solution can be restricting what user can do in their rules.

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Your mouse has moved. Windows NT will now restart for changes to take
to take effect. [OK]
Reply | Threaded
Open this post in threaded view
|

Re: Using header_checks to file mail into junk folder

@lbutlr

On 31 Dec 2020, at 12:36, Matus UHLAR - fantomas <[hidden email]> wrote:
> On 31.12.20 13:52, Kris Deugau wrote:
>> I'm curious why;  on-delivery message sorting like this is pretty much what sieve is *for*...
>
> either is fine until incompetent users start creating rules they don't
> understand and then complain...

Don't give users access to the top-level rules.

dovecot.conf:
sieve_before  = file:/usr/lib/dovecot/sieve/filespam.sieve

# cat /usr/lib/dovecot/sieve/filespam.sieve
require ["fileinto", "imap4flags"];

if header :contains "X-spam-flag" "YES" {
    fileinto :flags "\Seen" "Junk";
}

> I remember user who configured mail to be delivered to /dev/null and
> complained about it being lost.

You can't fix stupid and if you can't let your users use sieve, you can still use sieve.

--
I have seen the truth and it makes no sense.