User Tools

Site Tools


howtos:mailsystem

How to setup a mail system like I use

This writeup is in progress and will be worked on and cleaned up as I have time.

Overview of Mail system

Components

  • Getmail
  • Gotmail
  • Fetchyahoo
  • Postfix
  • Dovecot
  • Apache
  • Mysql
  • Horde
  • Procmail
  • Clamav
  • Dspam
  • Spamassassin

Incoming Mail Delivery

Getmail, Gotmail, and Fetchyahoo retrieve mail from accounts and pass it to procmail for processing/filtering:

  1. Mail headers are dumped to a log.
  2. Mail is scanned by clamav and tagged if infected.
  3. Mail flagged as infected is sent to virus folder.
  4. Mail is run through whitelist for auto-sorting into appropriate folders.
  5. Mail is run through blacklist for auto-nuking stuff.
  6. Mail is run through dspam and flagged if it thinks it's spam.
  7. Mail tagged by dspam is sent to dspam folder.
  8. Mail is run through spamassassin and flagged if it thinks it's spam.
  9. Mail tagged by spamassassin is sent to spamassassin folder.
  10. Remaining mail goes to inbox.

Mail logs are processed every night to generate a report so I can see what filters triggered and how many mails got nuked

Outgoing Mail Delivery

Mail is delivered to Postfix, which delivers the mail to an upstream SMTP server for routing to the appropriate location.

Local Mail Delivery

Mail is delivered to Postfix, which delivers any mail for my domains directly to procmail where it is processed like any other incoming mail.

Webmail

I am using the Horde framework as my webmail system. I don't use a standard mail client now that I'm using Horde.

Local Mail Storage

Local mail is stored in maildirs, which are served by the Dovecot IMAP server.

Configuration Specifics

Getmail

Gotmail

Fetchyahoo

Postfix

Dovecot

Apache

Mysql

Horde

Procmail

/etc/procmailrc

#/etc/procmailrc
# Use maildir-style mailbox in user's home directory
#DEFAULT=$HOME/.maildir/

# Use maildir-style mailbox in user's home directory
MAILDIR=$HOME/.maildir
DEFAULT=$MAILDIR/
LOGFILE=$HOME/mail-logs/procmail.log
DROPPRIVS=yes
VERBOSE=on


#Dump all headers to a log
:0 hc:
$HOME/mail-logs/headers.log

#
# Scan for viruses with clamassassin
#

:0fw
| /usr/bin/clamassassin

#Needed for stats script
#===== Suspected_Spam: filters =====


:0:
* ^X-Virus-Status: Yes
.00-Auto-Filtered.Virus/


#
# Run user .procrc-good
#
INCLUDERC=$HOME/.procrc-good

#
# Run user .procrc-bad
INCLUDERC=$HOME/.procrc-bad

#
# Scan for Spam with DSPAM
:0fw
| dspam --user $USER --stdout --deliver=innocent,spam

:0:
* ^X-DSPAM-Result: spam
.00-Auto-Filtered.SPAM-DSPAM/


#
# Scan for Spam with SpamAssassin

:0fw: spamassassin.lock
* < 256000
| /usr/bin/spamc

:0:
* ^X-Spam-Status: Yes
.00-Auto-Filtered.SPAM-SA/

#Run this fix.  This should also be at the end of the user's .procmailrc in case it exists and runs after this file.
# Work around procmail bug: any output on stderr will cause the "F" in "From"
# to be dropped.  This will re-add it.
:0
* ^^rom[ ]
{
  LOG="Procmail: Dropped F off From_ header! Fixing up. "

    :0 fhw
      | sed -e '1s/^/F/'
}

~/.procrc-good

#~/.procrc-good
#Needed for stats
#===== Suspected_Spam: filters =====

:0H
* ^Subject.*(Some Subject)
.Some.Maildir/

:0H
* ^From.*(user\@domain\.com)
.Some.Other_Maildir/

~/.procrc-bad

#~/.procrc-bad
#Needed for stats
#===== Suspected_Spam: filters =====

:0H
* ^Subject.*(Some Subject)
/dev/null

:0H
* ^From.*(user\@domain\.com)
/dev/null

Clamav

Dspam

Spamassassin

/etc/spamassassin/init.pre

# This is the right place to customize your installation of SpamAssassin.
#
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
#
# This file contains plugin activation commands for plugins included
# in SpamAssassin 3.0.x releases.  It will not be installed if you
# already have a file in place called "init.pre".
#
###########################################################################

# RelayCountry - add metadata for Bayes learning, marking the countries
# a message was relayed through
#
# Note: This requires the IP::Country::Fast Perl module
#
loadplugin Mail::SpamAssassin::Plugin::RelayCountry

# URIDNSBL - look up URLs found in the message against several DNS
# blocklists.
#
loadplugin Mail::SpamAssassin::Plugin::URIDNSBL

# Hashcash - perform hashcash verification.
#
#loadplugin Mail::SpamAssassin::Plugin::Hashcash

# SPF - perform SPF verification.
#
#loadplugin Mail::SpamAssassin::Plugin::SPF

/etc/spamassassin/local.cf

# SpamAssassin config file for version 3.x
# NOTE: NOT COMPATIBLE WITH VERSIONS 2.5 or 2.6
# See http://www.yrex.com/spam/spamconfig25.php for earlier versions
# Generated by http://www.yrex.com/spam/spamconfig.php (version 1.50)

# How many hits before a message is considered spam.
required_score           5.0

# Change the subject of suspected spam
#rewrite_header subject         *****SPAM*****

# Encapsulate spam in an attachment (0=no, 1=yes, 2=safe)
report_safe             0

# Enable the Bayes system
use_bayes               1

# Enable Bayes auto-learning
bayes_auto_learn              1

# Enable or disable network checks
skip_rbl_checks         0
use_razor2              1
use_dcc                 1
use_pyzor               1

# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
# - english
ok_languages            en

# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales              en

add_header spam Flag _YESNOCAPS_
add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_
add_header all Level _STARS(*)_
add_header all Checker-Version SpamAssassin _VERSION_ (_SUBVERSION_) on _HOSTNAME_

/etc/spamassassin/v310.pre

# This is the right place to customize your installation of SpamAssassin.
#
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
#
# This file was installed during the installation of SpamAssassin 3.1.0,
# and contains plugin loading commands for the new plugins added in that
# release.  It will not be overwritten during future SpamAssassin installs,
# so you can modify it to enable some disabled-by-default plugins below,
# if you so wish.
#
###########################################################################

# DCC - perform DCC message checks.
#
# DCC is disabled here because it is not open source.  See the DCC
# license for more details.
#
loadplugin Mail::SpamAssassin::Plugin::DCC

# Pyzor - perform Pyzor message checks.
#
loadplugin Mail::SpamAssassin::Plugin::Pyzor

# Razor2 - perform Razor2 message checks.
#
loadplugin Mail::SpamAssassin::Plugin::Razor2

# SpamCop - perform SpamCop message reporting
#
loadplugin Mail::SpamAssassin::Plugin::SpamCop

# AntiVirus - some simple anti-virus checks, this is not a replacement
# for an anti-virus filter like Clam AntiVirus
#
#loadplugin Mail::SpamAssassin::Plugin::AntiVirus

# AWL - do auto-whitelist checks
#
loadplugin Mail::SpamAssassin::Plugin::AWL

# AutoLearnThreshold - threshold-based discriminator for Bayes auto-learning
#
loadplugin Mail::SpamAssassin::Plugin::AutoLearnThreshold

# TextCat - language guesser
#
loadplugin Mail::SpamAssassin::Plugin::TextCat

# AccessDB - lookup from-addresses in access database
#
#loadplugin Mail::SpamAssassin::Plugin::AccessDB

# WhitelistSubject - Whitelist/Blacklist certain subject regular expressions
#
loadplugin Mail::SpamAssassin::Plugin::WhiteListSubject

###########################################################################
# experimental plugins

# DomainKeys - perform DomainKeys verification
#
# External modules required for use, see INSTALL for more information.
# Note that this may be redundant if you also plan to use the DKIM plugin.
#
#loadplugin Mail::SpamAssassin::Plugin::DomainKeys

# MIMEHeader - apply regexp rules against MIME headers in the message
#
loadplugin Mail::SpamAssassin::Plugin::MIMEHeader

# ReplaceTags
#
loadplugin Mail::SpamAssassin::Plugin::ReplaceTags

/etc/spamassassin/v312.pre

# This is the right place to customize your installation of SpamAssassin.
#
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
#
# This file was installed during the installation of SpamAssassin 3.1.2,
# and contains plugin loading commands for the new plugins added in that
# release.  It will not be overwritten during future SpamAssassin installs,
# so you can modify it to enable some disabled-by-default plugins below,
# if you so wish.
#
###########################################################################

###########################################################################
# experimental plugins

# DKIM - perform DKIM verification
#
# Mail::DKIM module required for use, see INSTALL for more information.
#
# Note that if C<Mail::DKIM> version 0.20 or later is installed, this
# renders the DomainKeys plugin redundant.
#
#loadplugin Mail::SpamAssassin::Plugin::DKIM

/etc/spamassassin/v320.pre

 This is the right place to customize your installation of SpamAssassin.
#
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
#
# This file was installed during the installation of SpamAssassin 3.2.0,
# and contains plugin loading commands for the new plugins added in that
# release.  It will not be overwritten during future SpamAssassin installs,
# so you can modify it to enable some disabled-by-default plugins below,
# if you so wish.
#
###########################################################################

# Check - Provides main check functionality
#
loadplugin Mail::SpamAssassin::Plugin::Check

# HTTPSMismatch - find URI mismatches between href and anchor text
#
loadplugin Mail::SpamAssassin::Plugin::HTTPSMismatch

# URIDetail - test URIs using detailed URI information
#
loadplugin Mail::SpamAssassin::Plugin::URIDetail

# Shortcircuit - stop evaluation early if high-accuracy rules fire
#
# loadplugin Mail::SpamAssassin::Plugin::Shortcircuit

# Plugins which used to be EvalTests.pm
# broken out into separate plugins
loadplugin Mail::SpamAssassin::Plugin::Bayes
loadplugin Mail::SpamAssassin::Plugin::BodyEval
loadplugin Mail::SpamAssassin::Plugin::DNSEval
loadplugin Mail::SpamAssassin::Plugin::HTMLEval
loadplugin Mail::SpamAssassin::Plugin::HeaderEval
loadplugin Mail::SpamAssassin::Plugin::MIMEEval
loadplugin Mail::SpamAssassin::Plugin::RelayEval
loadplugin Mail::SpamAssassin::Plugin::URIEval
loadplugin Mail::SpamAssassin::Plugin::WLBLEval

# VBounce - anti-bounce-message rules, see rules/20_vbounce.cf
#
loadplugin Mail::SpamAssassin::Plugin::VBounce

# Rule2XSBody - speedup by compilation of ruleset to native code
#
# loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody

# ASN - Look up the Autonomous System Number of the connecting IP
# and create a header containing ASN data for bayes tokenization.
# See plugin's POD docs for usage info.
#
# loadplugin Mail::SpamAssassin::Plugin::ASN

# ImageInfo - rules to match metadata of image attachments
#
loadplugin Mail::SpamAssassin::Plugin::ImageInfo
howtos/mailsystem.txt · Last modified: 2017/07/02 10:11 (external edit)