We will create a new multimap to selectively block specific senders using the mail envelope. Our rule will filter based on the right hand side only – matching the domain part of the envelope email:domain. In addition we will use the prefilter attribute with action = “reject”; to avoid subsequent costly tests – reject will […]

We will set up OpenLDAP as backend for our mail services using a custom schema for our users. The schema uses a dedicated organization unit which acts as a container for our hosted domains and users. The virtual mail users will use their primary e-mail address to login to the server and each user can […]

We will allow users to categorize mail as Spam by placing them in user-specific Spam mailboxes. Contrary moving a message flagged as Spam to any other mailbox will relearn it as Ham. IMAPSieve configuration Dovecot supports this via its IMAPSieve plugin which we will configure in our custom configuration /etc/dovecot/local.conf to avoid touching release-specific files in […]

Rspamd is able to use combinations of words to qualify messages as Spam or Ham. We will configure it to learn these tokens per user and store them in redis with a TTL of 100 days as spammers may develop new methods over time. The key idea of OSB algorithm is to use not merely […]

Many mail systems add custom headers to outgoing mails to indicate scans, general processing or spam decisions. While this bloats up messages in general, it may also conflict with headers the local MTA wants to use. We will therefore clean up some usual suspects before our MTA will filter the incomming mails. External headers A […]

We will set up a restriction class which will limit our policy service to a subset of users. Not only will this avoid unnecessary queries on aliased mailboxes, it will also allow us to override the result using DUNNO in case the IMAP backend is unable to serve the query. # We will only query […]

Spam filtering Some mailing-lists tend to be more spammy than others. If we put a filter before they are handled by the rest of the script, we can fish for bad guys before they get filed. #selective spam filter if allof (envelope :matches :domain “From” [“*debian.org”,”*kernel.org”,”*icinga.org”,”*mutt.org”,”*nginx.org”], header :contains “X-My-Unique-Spam-Flag” “Yes”) { fileinto “Spam”; stop; } […]