News:

The anti-spam plugins have stopped being effective. Registration is back to requiring approval. After registering, you must ALSO email me with your username, so that I can manually approve your account.

Main Menu

Spam filter trouble

Started by Bitstream, May 08, 2006, 03:05:37 PM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

Bitstream

I've been trying to get the spam filter stuff to work for me, but it doesn't seem to be doing a thing. I do check my mail relatively often via SMTP, but I haven't noticed anything about that preventing the spam filter from functioning. I believe I have it set up correctly.

It does say "WARNING! Tell the administrator to set the "SpamFilters_YourHop" variable." on the spam filter config page. I'm assuming that's the problem? If not, what do I need to do to make it work?

Xepher

Are you talking about the spam filters for your account, or the ones in squirrelmail? Because I have NO idea on the squirrelmail stuff. I didn't write it, and I haven't tested it. On the otherhand, I wrote the interface and config setup for the account-based filters. I also use those myself, and they do work. So we can get those figured out.

Bitstream

Well, I am accessing it via the webmail interface, so yeah, it may well be the ones in Squirrelmail. It's the only spam filter available to me that I'm aware of.

Xepher

Ah, phase 1 still. So yes, there's not an easy/graphical way to enable the system level spam filter for your account. I looked into setting that variable, so it shouldn't warn about that anymore. As to getting the filters to actually narrow down spam... See if they work now. If not, I don't know. I've never had good luck with squirrelmail's filtering. http://www.squirrelmail.org/wiki/SquirrelMail might have some better info.

If you want to use system level filters, create a file in your home directory called ".procmailrc" with this in it...
:0fw
| /usr/bin/spamc

:0:
* ^X-Spam-Flag: YES
/dev/null

:0:
Inbox
That will throw alway all detected spam. Change "/dev/null" to a mailbox name like "Junk" to have it be put in a folder with that name. Make sure you create the folder in squirrelmail (or an IMAP client) first, and that you get the name spelled exactly the same both places. I'd suggest simple, one word names.

And if you want to tune it later, (you have to get a few emails first) it should create a folder called .spamassassin (in your home directory, not in your email) and in there is a user_prefs file. Should be a "required_hits" line. Defaults to 5, set it lower to get more strict, or higher to let more through. I keep mine at 3.

Bitstream

Would that be "/mail/Junk", in this example? or just "Junk"?

I'm assuming "Code:" is not part of what I should put in the file.

Xepher

Just "Junk" and no, "code:" is not part of the file. This forum software actually adds that to code blocks. Annoying.

Bitstream

Will it cause a problem if I set it to, say, "/mail/SPAM"? Because just "SPAM" doesn't seem to show up on the folder list, though I can navigate to it by changing the URL manually, even though I created a SPAM folder, which seems to exist in /mail. That one DOES show up on the folder list, but is empty.

Bitstream

Ok... well, now I know that if I do that, my email program will just download everything out of the SPAM folder. So that's no good. I'm wary of simply dumping it all to /dev/null, though routing everything that goes to the wildcard (aside from the few email addresses I use)  to it would be great. That accounts for something like 95% of all my spam right there. Well, that's an unresearched estimate, but it's probably close enough.

Xepher

You're using an IMAP email client? You should easily be able to tell it not to download (or even check) the spam folder. Also, where are you getting the "/mail" part from? The mailserver here does NOT use mailfolders. All mail folders should exist as regular files (one per folder) in your home directory.

Bitstream

I'm using a POP client actually. It can do IMAP supposedly, but I had trouble with it, so I stuck with POP.

As for the mail stuff... that's what I'm seeing. I have a directory called mail, in which is several files containing messages (Drafts, Sent, SPAM, Trash). These seem to be related to the webmail in some way. I also have files named Drafts, Inbox, Sent, SPAM, and Trash in my root directory. The one in the /mail directory was, I believe, created by/with Squirrelmail. The one in the root was, I believe, created by the spam filter code. I'd have to delete them both and see what happens to be sure.

Clearly the webmail app, or my use of it anyway, is causing some of the confusion here.

Xepher

Ah... it is possible, new squirrelmail version could be making it's own folder for mail storage.... *looks* Yes, it is. Stupid new config. It's adding a "mail" in front of everything. You can give a path to the spam filter thing (procmailrc) "mail/SPAM" or whichever actual folder you want to use. Alternately, I think you can go to Folders in SquirrelMail, and "subscribe" to the correct folder.

As for your client, POP doesn't support folders, it just does a "gimme mail!" and downloads everything. Not really useful if you want to avoid that.

Bitstream

Hmm, I suppose I may have to try and get IMAP to work again.

Interestingly enough, it doesn't fetch stuff that's routed to a mail folder that's not under /mail, and it can still be accessed. You just have to put in the URL manually, is all. A kludge, but one I might use if that's what I need to do.

Is there any way to make it route incoming mail to /dev/null if it doesn't match specific addresses in the "to:" header?

Xepher

Yes, there is. Procmail can do just about anything in terms of PROCessing MAIL. :-) Look up procmail online for other examples of filtering, or if you're in shell... "man procmail"

Bitstream

Ok, this is what I've come up with.

:0fw
| /usr/bin/spamc

:0:
* ^TO_(address1@bitscape.net | address2@xepher.net | address3@bitscape.net)
Inbox

:0:
/dev/null
The first bit should send messages to SpamAssassin so it can get tagged. I've decided to keep using POP, so my local filters can catch it for me rather than sort it on the server.

The second bit should pass anything that matches those three addresses in to the Inbox. Addresses changed here on the off chance a spam-bot is watching. bitscape.net being my domain name here.

The last bit should toss whatever's left into /dev/null.

I'm not terribly confident I'm doing this right, so the advice of someone who knows what they're doing would be very much appreciated before I start risking my email.

Xepher

I think that's correct. I can't promise you on exact syntax, but basic principal is correct. I'd question only the _ (underscore) after TO... I don't know if that's correct or not. If that's what you looked up and saw, then you're probably right. But for my personal subject filters, I've got

* ^Subject:.*(subject1|subject2)

Is TO_ a keyword? Hmm... procmail's manpage says it is. So yes, that should do it. Only other thing to test is the spaces between the addresses and pipes |

Should it be address1@domain.com|address2... without spacing? I don't actually know, so test it yourself.