Skip navigation

auto delete junk mail on os x server

2400 Views 15 Replies Latest reply: Nov 13, 2012 3:37 AM by redshift82r RSS
1 2 Previous Next
shcaerp Level 1 Level 1 (55 points)
Currently Being Moderated
Aug 15, 2012 11:41 AM

Lion Server was deleting mail marked as junk but since the upgrade to Mt Lion Server it stopped.  The junk mail now gets delivered.  Does anyone know where the setting is to delete mail marked as junk?

  • redshift82r Level 2 Level 2 (325 points)
    Currently Being Moderated
    Aug 15, 2012 10:16 PM (in response to shcaerp)

    Hi ,

     

    To answer your question, you can do this if you want, however I would caution against it on the grounds of losing mail incorrectly judged to be spam.

     

    Option 1.

     

    make a backup copy and then edit /Library/Server/Mail/Config/amavisd/amavisd.conf

     

    and look for this block:

     

    # OTHER MORE COMMON SETTINGS

     

     

    # $myhostname = 'host.mydomain.com';  # must be a fully-qualified domain name!

     

     

    $notify_method  = 'smtp:[127.0.0.1]:10025';

    $forward_method = 'smtp:[127.0.0.1]:10025';  # set to undef with milter!

     

     

    $final_virus_destiny      = D_DISCARD;

    $final_banned_destiny     = D_BOUNCE;

    $final_spam_destiny       = D_PASS;

    $final_bad_header_destiny = D_PASS;

    $bad_header_quarantine_method = undef;

     

    Change D_PASS to D_DISCARD

     

    Option 2.

     

    1. Leave that block as is.

    2. Set up a spam local user on the server called "spamcollector" or some such

    3. Look for the following 2 lines in amavisd.conf. and change to:

        

    $spam_admin               = 'spamcollector@yourdomain.com';

    $spam_quarantine_to       = 'spamcollector@yourdomain.com';

     

    That way, you can put all the spam in a mailbox in case its needed.

    Ad the spamcollector account to your own mail system but leave it offline so you dont see it all and empty it out occasionally.

     

    Up to you!

    iMac, Mac OS X (10.7.4)
  • redshift82r Level 2 Level 2 (325 points)
    Currently Being Moderated
    Aug 15, 2012 10:26 PM (in response to shcaerp)

    Or, easier than Option 1 and 2 above. - use serveradmin to make the changes instead.

     

     

    $ sudo serveradmin settings mail:postfix:spam_action = "delete"  # It prob says 'deliver' at moment.

     

    Other spam settings configureable in serveradmin include:

     

    mail:postfix:spam_quarantine =                                         # "i.e. spamcollector at your domain dot com"

    mail:postfix:spam_subject_tag = "***JUNK MAIL*** "

    mail:postfix:spam_ok_locales = "en"

    mail:postfix:spam_notify_admin_email =                          # "i.e. spamcollector at your domain dot com"

    mail:postfix:black_hole_domains:_array_index:0 = "zen.spamhaus.org"

    mail:postfix:spam_scan_enabled = yes

    mail:postfix:spam_rewrite_subject = yes

    mail:postfix:spam_notify_admin = no                              #yes

    mail:postfix:spam_ok_languages = "en fr de ja sw ta"

    mail:postfix:spam_action = "deliver"

    mail:postfix:spam_log_level = "info"  #warning/notice/critical/debug

     

     

    cheers

    Gerry

  • Jeff Hargrove Level 2 Level 2 (235 points)
    Currently Being Moderated
    Nov 5, 2012 12:13 AM (in response to redshift82r)

    I like the solution that Gerry has suggested, simple and easy, but I can't seem to get it to work. Spam is still delivered and there is nothing is the spamcollector mailbox that I set up. I do have the spam_action set to deliver, though. Should it be set to reject?

     

    Another question: what triggers spam to be quarantined? Is just setting up the quarantine email address enough to have spam delivered there instead of the intended user?

     

    Thanks for your help.

     

    Jeff

  • redshift82r Level 2 Level 2 (325 points)
    Currently Being Moderated
    Nov 6, 2012 3:12 PM (in response to Jeff Hargrove)

    Hi Jeff,

     

    Before any mail can be delivered to your spamcollector account, it has to be recognised as Junk Mail.

     

    So the first question is:  Is any mail being delivered that has a rewritten subject tag of "***Junk Mail ****"?

     

    Amavis is the program that controls spam assessment ( amavis AND spamassassin) and virus scanning (clamav).

     

    Check this setting in

     

    $ sudo serveradmin settings mail

     

     

    mail:postfix:required_hits =

     

    I have mine set to 5 -the lower the number , the more likely amavis is to mark as spam.

     

    Look in the server.app logs mail spam for what amavis is doing - you may need to set a higher log level -

     

    Sudo serveradmin settings mail:postfix:spam_log_level = "debug".   # original setting is "info"

     

    See how you go!

  • Jeff Hargrove Level 2 Level 2 (235 points)
    Currently Being Moderated
    Nov 7, 2012 4:37 AM (in response to redshift82r)

    Hi Gerry,

     

    Thanks for taking the time to help me out.

     

    Spam is being delivered with the header rewritten to "***Junk Mail***".

     

    I changed the log level to debug as you suggested, but I didn't notice any errors popping up. I'm not an expert at reading log files however! I did discover though that clamd "can't open file or directory". I guess the antivirus module is not loading. Would this have an effect on quarantining junk mail? I set mail:postfix:spam_quarantine to "spam at mydomaine.com" and created a local user with that name. Nothing has been put in there.

     

    So you have any other suggestions I could look into?

     

    Thanks

  • redshift82r Level 2 Level 2 (325 points)
    Currently Being Moderated
    Nov 7, 2012 3:32 PM (in response to Jeff Hargrove)

    Allers les Wallabies!

     

    Jeff , so the issue seems to be quarantine mech not set up properly or postfix not able to deliver to spam@yourdomain.com

     

    Also - it wouldn't hurt to rebuild permissions or look at in more detail why clam is giving you an error. 

     

     

    So set the Postfix log level to debug and have a look at the smtp logs in server.app

     

    $ sudo serveradmin settings mail:postfix:log_level = "debug"

     

    Stop / start mail services

     

    Then send a test message to spam@yourdomain.com and have a look at the smtp logs and observe behaviour.

     

    You can test amavisd spam by sending GTUBE ( google iit) via an external mail address to someone at your local domain -

     

    Then see what happens when some spam arrives.

     

    Cheers

  • redshift82r Level 2 Level 2 (325 points)
    Currently Being Moderated
    Nov 7, 2012 4:45 PM (in response to Jeff Hargrove)

    Jeff - just a follow up by way of explanation and to help raise your comfort levels!

     

    OS X and OS X Server are special "Apple-flavoured" implementations of Unix.

     

    To provide the "Server" functionality, Apple uses a number of open source software solutions.

    Note that this is a simplistic and non-exhaustive list

     

    For Web services - its Apache / PostgresSQL / PHP ( as opposed to Apache / MySQL / PHP )

    For Mail Services - its Dovecot / Postfix / Amavis / Spamassassin / ClamAv

     

    They have provided a "GUI" in the form of Server.app and a command line tool in the form of "serveradmin" to manage these services so that an average person can make changes to "some" things that will keep their "state" across OS system upgrades etc.  Server.app and Serveradmin wrap a conglomeration of Shell, Perl and Ruby and Python scripts around these services and most of the time ( certainly since 10.8) they work reasonably well.

     

    Apple maintains these "states" through .plist files and direct manipulation of the various config files.

    The rule i've found is - anything that has a setting in server.app and or serveradmin should be set via those mechanisms.

     

    Anything else is fair game!

     

    But at the heart of it all - services like Mail are just Apple-wrapped implementations of open source software.

     

    Why am I telling you this.  Because there is a wealth of information on the interweb regarding these chunks of software, their configuration and troubleshooting.  You just have to supply the "how does this fit in the OS X" context.

     

    The first thing to do in your quest for that context is to make sure the "locate" database is up to date -

     

    $ man locate                                      #( for info on the command)

    $ sudo /usr/libexec/locate.updatedb     #( to update the locate database - I think its part of the weekly maintenance script??)

    $ locate -i clam                                  # ( the -i to ignore case)

     

    might give you a list in part that looks like this ....

     

    /Applications/Server.app/Contents/ServerRoot/System/Library/ServerSetup/CommonEx tras/63-setup_clamav.sh

    /Applications/Server.app/Contents/ServerRoot/System/Library/ServerSetup/Promotio nExtras/63-setup_clamav.sh

    ...............................................

    ...............................................

    /Library/Logs/Mail/clamav.log

    /Library/Logs/Mail/clamav.log.0.bz2

    /Library/Logs/Mail/clamav.log.1

    /Library/Logs/Mail/clamav.log.2.bz2

    /Library/Logs/Mail/clamav.log.3

    /Library/Logs/Mail/clamav.log.4.bz2

    /Library/Logs/Mail/clamav.log.5

    /Library/Logs/Mail/clamav.log.6.bz2

    /Library/Logs/Mail/clamav.log.7

    /Library/Logs/Mail/freshclam.log

    /Library/Logs/Mail/freshclam.log.0.bz2

    /Library/Logs/Mail/freshclam.log.1

    /Library/Logs/Mail/freshclam.log.2.bz2

    /Library/Logs/Mail/freshclam.log.3

    /Library/Logs/Mail/freshclam.log.4.bz2

    /Library/Logs/Mail/freshclam.log.5

    /Library/Logs/Mail/freshclam.log.6.bz2

    /Library/Logs/Mail/freshclam.log.7

    /Library/Server/Mail/Config/clamav

    /Library/Server/Mail/Config/clamav/clamd.conf

    /Library/Server/Mail/Config/clamav/freshclam.conf

    /Library/Server/Mail/Data/scanner/clamav

    /Library/Server/Mail/Data/scanner/clamav/db

    /Library/Server/Migrated/private/etc/clamd.conf

    /Library/Server/Migrated/private/etc/freshclam.conf

    /Previous System/System/Library/LaunchDaemons/org.clamav.clamd.plist

    /Previous System/System/Library/LaunchDaemons/org.clamav.freshclam-init.plist

    /Previous System/System/Library/LaunchDaemons/org.clamav.freshclam.plist

     

    $ cat /Applications/Server.app/Contents/ServerRoot/System/Library/ServerSetup/CommonEx tras/63-setup_clamav.sh    ( print the file to terminal) use "less" instead of "cat" and you can go back and forth in the file with the B and F keys ( q to quit).



    This file is just a shell script that sets up the ClamAV on the system when Server.app is installed. It shows the permissions and owners that should be on various files. How do you increase the log level to debug for clam so you can see whats going on ?

     

    $ sudo serveradmin settings mail:postfix:virus_log_level = "debug"

     

    www.krypted.com provides a whole bunch of info on OS X Server setup, log levels etc. - Why not have a look?

    cheers

    Gerry 

  • Jeff Hargrove Level 2 Level 2 (235 points)
    Currently Being Moderated
    Nov 8, 2012 9:19 AM (in response to redshift82r)

    Hahaha. I see you are a Rugby fan! ALLEZ LES BLEUS! I hope you will still help me after that!!

     

    Since posting, I have reinstalled the server from scratch. But spam is still not ending up in spam@mydomaine.com. After using serveradmin to change spam admin and spam quarantine email addresses, I repaired permissions and restarted the server. Virus scanning is working properly. Everything seems to be working fine. Except for spam quarantine. I can receive email at spam@mydomaine.com

     

    As per your instructions, I checked smtp logs and spam logs. It seems that spam is correctly identified and passed on the recipient. There is no mention ever in any log of "spam@mydomaine.com". So I am assuming that the system doesn't even get that far. It identifies spam and sends it to the recipient without attempting quarantine. Here are two log entries that mention quarantine :

     

    Nov  8 13:00:24 server.jeffhargrove.com /Applications/Server.app/Contents/ServerRoot/usr/bin/amavisd[138]: SQL::Quarantine      NOT loaded

     

    Nov  8 14:14:06 server.jeffhargrove.com /Applications/Server.app/Contents/ServerRoot/usr/bin/amavisd[404]: (00404-01) do_notify_and_quarantine: not quarantining, q_method off

    Nov  8 14:14:06 server.jeffhargrove.com /Applications/Server.app/Contents/ServerRoot/usr/bin/amavisd[404]: (00404-01) skip admin notification, no administrators

    Nov  8 14:14:06 server.jeffhargrove.com /Applications/Server.app/Contents/ServerRoot/usr/bin/amavisd[404]: (00404-01) do_notify_and_quarantine - done

     

    I don't know what to make of them.

     

    Is there a "switch" that turns spam quarantine on or off?

     

    Jeff

  • Jeff Hargrove Level 2 Level 2 (235 points)
    Currently Being Moderated
    Nov 8, 2012 9:24 AM (in response to redshift82r)

    Thanks for all the explanations. I have already started to dive into it.

     

    Apple has made server accessible to novices and it is certainly a bane for my business, but running it and tweeking it is not for novices like me! I've learned a lot, but not nearly enough to troubleshoot any major problem.

     

    Apple will not support any errors resulting from terminal commands. I think they need to make a more detailed doc of the serveradmin commands like the one I found for Server 10.3!

     

    Thanks again for your invaluable advice and help!

     

    Cheers

     

    Jeff

  • redshift82r Level 2 Level 2 (325 points)
    Currently Being Moderated
    Nov 8, 2012 10:40 PM (in response to Jeff Hargrove)

    Jeff, just post a suitably cleaned results of

     

    $ sudo serveradmin settings mail | grep spam

     

    I'm going to assume that spam@your domain.com is accepting email from jeff@your domain.com?

     

    Cheers Gerry

  • Jeff Hargrove Level 2 Level 2 (235 points)
    Currently Being Moderated
    Nov 9, 2012 3:59 AM (in response to redshift82r)

    Hi Gerry,

     

    Yes, spam@mydomain.com is accepting email from jeff@mydomain.com.

     

    Here is the output from your command:

     

    mail:postfix:spam_quarantine = "spam@mydomain.com"

    mail:postfix:spam_subject_tag = "***JUNK MAIL*** "

    mail:postfix:spam_ok_locales = "en"

    mail:postfix:spam_notify_admin_email = "spam@mydomain.com"

    mail:postfix:black_hole_domains:_array_index:0 = "zen.spamhaus.org"

    mail:postfix:spam_scan_enabled = yes

    mail:postfix:virus_quarantine = "spam@mydomain.com"

    mail:postfix:spam_rewrite_subject = yes

    mail:postfix:spam_notify_admin = no

    mail:postfix:spam_ok_languages = "en fr de ja sw ta"

    mail:postfix:spam_action = "deliver"

    mail:postfix:spam_log_level = "debug"

     

    Cheers

     

    Jeff

  • redshift82r Level 2 Level 2 (325 points)
    Currently Being Moderated
    Nov 13, 2012 2:26 AM (in response to Jeff Hargrove)

    Hi Jeff , still smarting from Les Wallabies Clueless!!  France was really good, so I don't mind losing!!!

     

    So, just to clarify -

     

    1. Junk mail is being delivered with re-written header - **** Junk Mail ****

    2. Normal mail is delivered to "spam@my domain . com "

     

    Ok - this is going to be a big post - so maybe save the output to a textfile and post a shareable public link from Dropbox.

     

    $ postconf

    Copy and past output to a textfile or

     

    $ postconf > ~/Dropbox/postconf.txt

     

    ( assuming you have Dropbox set up ! )

     

    And let's have a look at that!

    Cheers

    Gerry

  • redshift82r Level 2 Level 2 (325 points)
    Currently Being Moderated
    Nov 13, 2012 2:27 AM (in response to redshift82r)

    Make sure you run through that file and replace your domain with "my domain.com". !

  • Jeff Hargrove Level 2 Level 2 (235 points)
    Currently Being Moderated
    Nov 13, 2012 2:51 AM (in response to redshift82r)

    Hi Gerry,

     

    You do admit defeat gracefully !

     

    Yes, junk mail is arriving with the re-written header and I can send emial to spam@mydomain.com. I have no presence of spam@mydomain.com in log files except when I sent a test email to it.

     

    Here is the link to the postconf output :

     

    https://dl.dropbox.com/u/7256390/postconf.txt

     

    Again many thanks for your help!

     

    Cheers

     

    Jeff

1 2 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (4)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.