1. What is covered here
This document only explain how things work when not working with Cyrus. I don't really know how Cyrus work myself, as this has been contributed only, but if Cristian or others want to write here, it would be great. Anyway, I believe (but I'm not 100% sure) that things also apply here if using Cyrus. Only the courier-maildrop will not match, as Cyrus is a delivery agent itself.
We are going to see here how the anti-spam works. It's important that you understand it, so you are not stuck in case there is some errors showing in your mail.log, so you can diagnose things. But this is quite important too, if you are a user, so you understand how you are protected and how to use your mail account.
Also, we will cover only Postfix setup with our normal daemons and apps: tumgreyspf, amavis, clamav and spamassassin. We wont cover setup with Qmail, but if you set it up to use amavis, it will be the same.
This document does NOT covers each technology, as it would be too hard to explain all. Instead, we give links, so you can read about it.
To be efficient, spam protection system can't use only one way of protecting. It has to use many. That's why many software are involved and combine together. Otherwise, your mail server would be quite overloaded with spamassassin, let's say, that would have to parse all the most obvious spams. With lighter checks, we can get rid of most problematic emails, and that's what DTC setups.
Here is an overview of the process:
Attach:dtc_emailflow.dia (dia format)
- A SMTP connection is made to Postfix
- Postfix first checks against some basic rules to make sure the sender and recipient are all right. For example, it checks the validity and existence of the sender's domain and recipient, to see if it's an invalid hostname.
- Postfix then checks against the configured RBL servers to see if the sender IP is not blacklisted as a spam origin. Currently, by default, it's sbl-xbl.spamhaus.org and list.dsbl.org, but this could change in the future.
- We have also implemented some less trivial rules that we use in postfix, to check against body checks (if it has v14gr4 words, etc.), bad headers (using X-Mailer: My-Super-Famous-Spam-Tool), mime checks (if there are attached files that are known virus like file.zip, your_details.zip and so on), but the most important one is our "relaying_stoplist" that does rDNS lookup to deny any person with a bad rDNS entry when it contains dsl, pool, dial, cable, ppp, dynamic, abo, dhcp and so on. This last one is VERY efficient.
- Then postfix calls tumgreyspf which, if a site is correctly configured with SPF, will let the email pass, and will greylist all other domains.
- Postfix then passes the email to dkimproxy that does dkim checkings (see dkim.org if you want to know about what is dkim checks).
- dkimproxy then sends the mail to Amavis. Amavis bind in fact on 127.0.0.1 on the port 10024 and works as a smtp server, just like dkimproxy.
- Amavis passes the mail to Clamav to check if it's a virus mail. If it is, the mail is simply discarded.
- Amavis passes the mail to Spamassassin. If it's a spam, the mail is only tagged: the subject is lead with the word SPAM so you identify it in your inbox, and the header of the mail is tagged too.
- Amavis sends the email back to Postfix
- Postfix then sends the mail to courier-maildrop for delivery
- courier-maildrop then checks against the spamassassin headers. If it's marked as being a spam, then courier-maildrop delivers the email to the SPAM imap folder (if you configured it this way in DTC). If it's not a spam, it delivers it normally.
As you see, this is a quite complex process. But this is as well very efficient. It goes from the most obvious and lightweight checks, so the biggest amount of spam can be quickly discarded, to the most heavy and complex full checks of the body of your messages (spamassassin and clamav).
3. Using the bayesian filter of Spamassassin
3.a How it works
When you receive a SPAM, don't simply discard it to your trash. Instead, forward it to firstname.lastname@example.org so it's sent to sa-learn so spamassassin knows it's a spam and wont deliver it again.
If you have a spamassassin false positive, send it as attachment to email@example.com.
Note that it is VERY important that you send the messages as attachment when sending them to sa-learn. It does need to read the message header. Also, note the mx.example.com is important too, as ham/spam are system users, not normal mailboxes. Adapt this to your SMTP's hostname.
3.a How to use
If you want, you can use the Habu thunderbird plugin that you can find here:
It will add an icon to your thunderbird, then when you click, this plugin will create a new message, and all mail flagged as spam in thunderbird will be attached to the message. When sending, all message flagged will then be sent to the trash. So this extension is really a time saver, I personally use it every day.
3. Reading the SPAM folder
For your spam folder, it's available using IMAP but NOT using POP. So you just need to use a good IMAP client and connect to it. If you are using Squirrelmail then you just need to go in the "folders" menu, then at the very end of the screen, there is a "Unsubscribe/Subscribe" thing. Just subscribe to the SPAM folder, and it will appear on the menu on the left.