Spam learning in ML server?

I have been using Spamassasin's learning feature via the terminal app. It does a really good job of filtering out SPAM. To do this, you have to know where your mail directory is, which is harder than it sounds. It will be one of the directories in /Library/Server/Mail/Data/mail/ directory. Once you find the directory, you can either change directory to that directory, or use the full path name with sa-learn. In my case it would be...

sa-learn --spam /Library/Server/Mail/Data/mail/E39E2D15-A43D-4987-BE35-02E4A56470F4/.Junk/

for learning spam.

For learning what is not spam, you can use the same command on your inbox. It will ignore previous messages that it has learned from.

sa-learn --ham /Library/Server/Mail/Data/mail/E39E2D15-A43D-4987-BE35-02E4A56470F4/Cur/

To find the right directory, you can make an odd email box name on the server and list the directories until you see the mailbox name you created.

I had no idea you could send emails to various accounts for learning. I have been using the above message since July and I typically have 2 or 3 messages get through to my email client each week. I use sieve filtering to do server-side filtering of the SPAM messages into the Junk mailbox automatically.

Hope this helps.

-Cameron

Also, this thread should address what you are talking about.

https://discussions.apple.com/thread/4481820

-Cameron

You have to use sudo to access the directories. 'sudo ls "directoryname"'.

There is no junkmail account unless you've created one. This instruction was if you were going to just use your own account for spam learning. The reason you can't access the directories is that they are owned by the mailserver processes, which is why you'd need to use sudo to access them.

You would first identify which directory is your personal email box. Then you would use the sa-learn program on the junk mailbox in that directory. Then you can delete the mail in that folder, since it has learned from it what it can.

You have to also use sudo for sa-learn, as well, since you don't own the directories.

Since you are not all that familiar with the unix internals of the OS, you might be better trying to follow the other link. My method does require some experience with the unix command line and understanding directory structures, etc.

-Cameron

Each of those directories is a different user's email account and it holds all of their IMAP mailboxes. Since I get the most spam on my system, I just use my own mail account to learn spam. I can get between 300 and 1000 spam messages a day, since I've used the same email address since 1994.

So, you have to find a way to identify who's email directory belongs to whom if you want to use a single account to learn from, or you can run it on all of the .Junk folders. The problem with just using all of them is that a good email can be identified as spam, and you've just taught spamassassin incorrectly. If you knew for sure that each user has checked their junk mailbox for mislabeled mail, then you could just learn from all of them. A shell script could go through each directory and learn from each account, but, like I said, you don't know how well they maintain their junk boxes. I think this is probably why Apple had removed this as an automatic feature, because a couple of good emails marked as spam and further piped into sa-learn might cause a snowball effect of marking emails incorrectly.

If your boss is getting that many spam messages a day, he would be perfect to use learning on. You just have to make sure that he is good about checking for false positives in his junk box. Then you have to figure out which of those directories belongs to him, and run sa-learn on his junk folder. You also should have him empty his junk mail folder after you use sa-learn on it, so the process doesn't take as long each time you run it.

If your users are using Mac Mail, they should have "Trust junk mail headers in messages" checked in the junk mail settings tab, so anything that the mailserver sees as junk is automatically placed in the junk box, whether it would be identified by Mail's own junk filters.

Another thing to consider is that if your users are using POP3 instead of IMAP, all of their junk messages are stored on their local machine instead of the server, so using sa-learn on their mailboxes would not work anyway.

If you can get users to forward spam to a junk account and falsely labeled good messages to a not-junk account, and use the information in this thread...

https://discussions.apple.com/thread/4481820

You'll probably be able to avoid the issues like the ones I mentioned. It just takes a bit of coaxing to get people to do something new.

You may be able to forward messages from the pop3 account to the junk email address. So if a user gets an email not already marked as junk, they forward to junkmail@yourdomain.com (the account has to be set up), and the same for messages that are incorrectly marked as junk to notjunkmail@yourdomain.com.

As far as these accounts are concerned, no one would access them with pop, so the email is still in their respective home directories, as the thread I pointed out says. I'm not sure if this method will work with forwarded messages or not, but it'd be worth researching if you really want to improve your spam filtering. I am amazed how well it works for me, but my setup is mostly IMAP. Most of my users are IMAP and webmail, which uses IMAP as well.

The main reasons I keep my email on the server and use IMAP is that my server has 2 TB storage and 2 TB backup, and I can also access via webmail or another computer. The disadvantage is if I don't have a network connection and need to access messages.

Correct. Neither is set up. That is why I pointed out the other thread, because it tells you how to set up that method.

You should have something in the logs if the junk processes are running. Either mail.log or system.log. If they are disappearing from the accounts, there is a good chance that they are running.

I think the quarantine and notify admin accounts are where push notifications of spam and viruses are sent. I have those turned off, because I was getting far too many notifications for spam and viruses.

To change the settings,

'serveradmin settings mail:postfix:spam_quarantine = "newaddress@yourdomain.com"

'serveradmin settings mail:postfix:virus_quarantine = "newaddress@yourdomain.com"

-Cameron