Mail

Rspamd block unwanted senders

We will create a new multimap to selectively block specific senders using the mail envelope. Our rule will filter based on the right hand side only – matching the domain part of the envelope email:domain. In addition we will use the prefilter attribute with action = “reject”; to avoid subsequent costly tests – reject will […]

Mail Server using LDAP backend w/ Postfix and Dovecot

We will set up Postfix and Dovecot using an OpenLDAP backend with a custom LDAP schema. Our schema uses a dedicated organization unit called mail which acts as a container for all of our hosted domains and users. The virtual mail users will use their primary e-mail address to login to the server and each […]

Allow users to categorize spam using IMAP

We will allow users to categorize mail as Spam by placing them in user-specific Spam mailboxes. Contrary moving a message flagged as Spam to any other mailbox will relearn it as Ham. IMAPSieve configuration Dovecot supports this via its IMAPSieve plugin which we will configure in our custom configuration /etc/dovecot/local.conf┬áto avoid touching release-specific files in […]

Rspamd statistics configuration with Redis

Rspamd is able to use combinations of words to qualify messages as Spam or Ham. We will configure it to learn these tokens per user and store them in redis with a TTL of 100 days as spammers may develop new methods over time. The key idea of OSB algorithm is to use not merely […]

Cleanup mail headers using Postfix

Many mail systems add custom headers to outgoing mails to indicate scans, general processing or spam decisions. While this bloats up messages in general, it may also conflict with headers the local MTA wants to use. We will therefore clean up some usual suspects before our MTA will filter the incomming mails. External headers A […]

Postfix restriction classes

We will set up a restriction class which will limit our policy service to a subset of users. Not only will this avoid unnecessary queries on aliased mailboxes, it will also allow us to override the result using DUNNO in case the IMAP backend is unable to serve the query. # We will only query […]

Sieve filter recipes

Spam filtering Some mailing-lists tend to be more spammy than others. If we put a filter before they are handled by the rest of the script, we can fish for bad guys before they get filed. #selective spam filter if allof (envelope :matches :domain “From” [“*debian.org”,”*kernel.org”,”*icinga.org”,”*mutt.org”,”*nginx.org”], header :contains “X-My-Unique-Spam-Flag” “Yes”) { fileinto “Spam”; stop; } […]