Spam to user's Junk folder

By my understanding this can only be done manually, as you are doing it. You could always create a shell script which did it all in one go.

However, I'm slightly confused by your description... "redirect SPAM messages to the user's Junk folder instead of a central Junk folder." (my bold). If you are referring to the mail which scores above the KILL level being redirected to a quarantine folder then this KILL level should be set at a high enough score so as to refelct practical certainty that this really is spam. The TAG level should be set lower and this suspected spam delivered to the recipients inbox. Or is it the TAG level mail that you want to redirect to recipients junkmail folder?

-david

Plus addressing to deliver suspect spam works very well..

My typical install has 3 action levels based on score:

Low (usually I set this level as less than somewhere between 3 and 4)
Delivered to user's inbox normally (with amavis headers)

Medium (usually I set this level to less than 6 or 7)
Delivered to user's imap quarantine folder using recipient delimiter.
Just as you described, you have to setup an imap folder and set the ACL for this folder to 'anyone p'

High (this is the kill2 level)
I have mail which scores this high quarantined to a system-wide imap folder which only the admin can access. It's never delivered to the user's mailbox. False positives are very rare, but should someone ever ask about missing mail, it's nice for the admin to have easy imap access.

I also believe in a self maintaining system... so I run a script using ipurge to delete the contents of the user quarantine (medium score) and the system-wide qurantine (high/kill2 level) older than x days (I usually set this to 7). With automatic purging, I don't care if the user's ever clean-out their quarantine folders, and I have a 7 day window to retrieve a false positive. FYI- I've never had to retreive a false positive which hit the kill2 level.

If you want to automate the process of creating the user's Quarantine/Junk folder and setting of it's ACL, you'll need to script a solution using cyradm. You could scan top level mailboxes with this tool and add the Quarantine folder as necessary.... For me though, I just add the folder and set the ACL with SirAdmin as part of the account creation process.

You mentioned you might want to block mail directed to a users Quarantine/Junk folder.... Honestly, I don't think that's much of a concern. Data in these folders does not affect/train the system... but you could do this with postfix access controls.
I would be more concerned with someone seeding your junkmail and notjunkmail folders which sa_learn defaults to for training. I prefer to use a Shared_Folder for the training accounts, a shared folders shows up in the user's 'Shared_Folders' in IMAP vs 'Other Users'. Shared Folders are accessible by imap users only and they are not top level accounts (which receive mail). The term Shared Folders seems to make more sense to users... vs Other Users (but that's just my experience).


Jeff

Jeff,

What you are describing sounds really cool - can you please reference some materials describing exactly how I could set my spamassassin/amavisd setup to perform in a similar manner?

Thanks - Rohin

You won't find an all-in-one guide for this....
I could list the basic steps... but just don't have time to do it now. You'll have to piece it together (as everyone does) from various posts here...

Jeff

The kill2 level is not available in os x server's Amavisd - you would need to manually update it for this. However, you can set the tag & kill level in the stock installation by editing the /etc/amavisd.conf file.

Specifically... in Server Admin first, set spam mail to be 'delivered' (if not already set to this). Quit Server Admin and edit the amavisd.conf file...

Change these lines...

$sa tag2_leveldeflt = 3.0;
#$sa kill_leveldeflt = 5.0;
$sa kill_leveldeflt = $sa tag2_leveldeflt;

To...

$sa tag2_leveldeflt = 3.0;
$sa kill_leveldeflt = 5.0;
#$sa kill_leveldeflt = $sa tag2_leveldeflt;

and change "final spamdestiny" to:
$final spamdestiny = D_DISCARD;

Change my "3.0" to the score at which you want suspect spam to be 'tagged' and delivered.
Change my "5.0" to the score at which suspect spam is discarded.

-david

[EDIT] - sorry, that was my stock reply to trigger the kill level discard. This is not what you are after - I'll post another reply.

Message was edited by: David_x

My previous post just showed how to enable the two different scoring actions - delivery and discarding. It is actually doubtful if the 2 levels are useful to your wishes but instead of just discarding the high scoring spam you could also send this to a system-wide quarantine mail box, or if the proper syntax is available, to the individual users junk mail box.

The variable to set for final destiny of killed spam mail is...

$spam quarantineto =

Off-hand, I don't know how you would set the tagged mail to go to individual junk mail folders and separately discard or send kill_level mail to a system wide quarantine box. There is only the one spam quarantineto option and this gets triggered at the kill_level.

To get the 3 levels you would need to upgrade amavisd - see pdf download at http://osx.topicdesk.com for instructions.

-david

The current amavisd (ie: install the latest, vs. what comes with OS X Server) provides the following additional settings, which may be useful for what's being asked for:

$sa dsn_cutofflevel = 10; # spam level beyond which a DSN is not sent
# $sa quarantine_cutofflevel = 25; # spam level beyond which quarantine is off

There are 3 thresholds with the default OS X Server installation of amavis... all 3 perform an action.
You could even say there are 4 levels, if tag was a higher number you would have < tag as it's own level... but it's not setup that way in practice.

1: tag (defaults to -999, so everything is tagged)
2: tag2
3: kill

If you configure tag2 to use recipient delimiters, mail can be directed into a user quarantine/junk folder. Kill level can be sent to a system-wide quarantine.
Some example code:

$recipient_delimiter = '+'; enable recipient delimiter feature
$addr extensionspam = 'Quarantine'; #directs tag2 to user quarantine folder

$sa tag_leveldeflt = -999; #adds amavis headers to all incoming mail
$sa tag2_leveldeflt = 3.0; #deliver to user's imap Quarantine folder
$sa kill_leveldeflt = 6.0; #deliver to system-wide Quarantine folder

$final virusdestiny = D_DISCARD; #Don't deliver or bounce. Quarantine will catch
$final spamdestiny = D_DISCARD; #Don't deliver or bounce. Quarantine will catch

$virus quarantineto = 'jeff+VirusQuarantine@mac007.com'; #Viruses quarantined here
$spam quarantineto = 'jeff+SpamQuarantine@mac007.com'; #Kill level spam quarantined here

#This should be commented, or you'll fill this directory
#$QUARANTINEDIR = '/var/virusmails';
# Good idea to check the contents and delete after commenting.

In addition to the amavisd.conf config above, you need to enable recipient delimiters in main.cf with:
recipient_delimiter = +

ACLs need to be set to 'anyone p' for the user and system-wide quarantines.

Other handy imap tricks:
- Use a Shared Folder for SpamAssassin Training. Set ACLs to anyone LIP to make them drop-boxes.
- Give yourself all access to user Quarantine mailboxes. This allows you to monitor the tag2 catch.
- Give yourself all access to the training folders


This is not a comprehensive guide... I'm probably missing a detail or two.. but should be enough info to get moving and post questions from there.

Jeff