PDA

View Full Version : spamassassin and alias



qwerty
10-31-2003, 08:35 AM
spamassassin won't process e-mail for alias accounts. I know this.

However, has anyone done a workaround. Redirects? .forwards? etc. Anyideas?

FZ
10-31-2003, 10:37 AM
Ahhh, the wonders of Procmail. If you don't mind getting your hands dirty with some code, and losing GUI functionality/managability for the specific e-mail aliases you want SpamAssassin to work with, you could remove the aliases from the Site Manager, enable catch-all, and then use Procmail to manually forward mail sent to specific addresses (doing so only after the mail has passed through SpamAssassin).

jalal
10-31-2003, 11:41 AM
Is it true?

One of my aliases gets passed through SpamAssassin, I haven't really checked other cases, but now I will do.

qwerty
11-05-2003, 07:26 AM
FZ, thanks. I thought about the procmail idea too, but was hoping I didn't think of something simplier. I guess there isn't another way around. Procmail is a great tool, ain't it!

FZ
11-05-2003, 10:06 AM
Procmail rocks :D

qwerty
11-13-2003, 06:49 AM
FZ, I setup the procmail solution with a catchall, etc. etc, but that doesn't seem to work.

Anyone else get it to work. It seems that procmail is handling prior to spamassassin taking a look at the messages.

qwerty
11-13-2003, 07:37 AM
nevermind. I guess it does work. I had prodmail running Spamassassin last, which I am surprised I did not notice first time.

dansroka
11-23-2003, 02:33 PM
A couple newbie questions:

(1) Why doesn't spamassassin process mail sent to an alias? Since the email forwards to a valid email account, wouldn't it then be processed by procmail, just like an email send directly to that account?

I'd rather not have the catch-all enabled. I still have the possibly-naive hope that spam sent to invalid-email addresses will generate an invalid-email error, which will deter those spammers from trying those addresses again. Silly I know, but a guy can dream. :)

(2) If I enable the catch-all, can someone point to a template recipe that will forward my desired aliases, but discard all other aliases (to avoid spam sent to random email addresses).

Merci.
Dan

FZ
11-23-2003, 04:53 PM
1. As far as I know, if you are using mail forwarding added via the Site Manager, it is added at the "Sendmail level" (see the files in /etc/mail/), which means it is processed BEFORE Procmail recipes. The procmailrc file in /etc/ is where the pipe to SpamAssassin is specified, so naturally, mail never "reaches" this stage if being forwarded.

As for the invalid e-mail address thing, I question how effective this solution is. First of all, in my experience (3 years of 100 spam e-mails a day) spammers never send to random addresses - they always send to addresses that have been harvested from somewhere (most likely indexed, etc.) So, that's the first problem. Another problem is that spammers never use real e-mail addresses anyway - I mean think about it, the accounts they use (if real at all) would get shut down in a matter of hours/days anyway (for having spammed people). And it isn't as if they really check their e-mail to see if someone replied complimenting their marketing abilities! If bouncing is what you want to do, you can do it without sacrificing your catch-all (but you have to specify which To: addresses you want mail bounced for), have a look at this: http://forums.westhost.com/phpBB2/viewtopic.php?t=732

2. As for an example recipe, here goes (don't think I understand exactly what it is you want to do):


:0:
* ! ^TO_firstusername
* ! ^TO_secondusername
* ! ^TO_AndSoOn
/dev/null

That will delete all mail that is not addressed (To:, CC: or BCC:) to firstusername, secondusername and "AndSoOn". If you were literally talking about fowarding addresses, then read the above - Procmail will not "receive" that mail to process. However, you can always remove the forwarding from your Site Manager, and then use Procmail to manually forward this mail (that way you can run SpamAssassin on it, and do whatever filtering you need to) - the end result would be the same, except that it would pass through the "Sendmail level" and onto the "Procmail level" giving you more control.

dansroka
11-23-2003, 09:04 PM
As always, thank you for your help and explanations. Hmm, I think I am starting to understand this a little more! So let's see -- there are different ways of creating aliases. While they both have the same end-result, I assume that you chose between the methods based on your specific needs:

(1) Setting it up at the sendmail-level (like by Site Manager) is probably best for email that is being sent to completely different email addresses on another server (email not handled via your Westhost account). (E.g. I have email aliases for my family, so that their email gets immediately forwarded to their personal POP email accounts.) It gets rid of the email before your Westhost server has to do much work.

(2) Whereas having an alias set up at the procmail level gives you certain advantages (better fine-tuned filtering, spamassassin, etc.), although it means your server has to process more data. This is probably best for "synonym" email addresses -- variations on spelling, etc all going to the same person (e.g. dan@, daniel@, president@, webmaster@).

Thanks for the recipe. I found some online resources, so I'll need to do a little studying to get the grammar down and fine-tune it for my needs.

Regarding the spam, I do get some spam to general email addresses, like "info@", that spammers assume may be valid. But you are right, it probably isn't as great as I assume. And I doubt that spammers spend any resources clearing out invalid email addresses from their lists -- it just isn't cost-effective for them to do it.

Thanks.

FZ
11-24-2003, 10:53 AM
Personally I don't think you should worry about the extra "processing power" that will be needed. It is all for the purposes of e-mail which is obviously a necessary part of your account. You are paying WestHost for server resources, so if you use them to filter spam I do not see how that would be unfair usage or against terms/policies at WestHost. I use my WestHost account to filter mail (SpamAssassin and Procmail) for an external POP3 (ISP) account and then forward the mail back to that account (with extra measures to ensure that an endless loop does not occur), and I have not had any complaints from WestHost. Besides, the servers are powerful enough to handle a few extra e-mails a day. I think you should not worry about the second option being only for internal accounts (or variations, as you put it).

web1x
12-02-2003, 02:21 PM
Interesting reading! So you can use Site Manager aliases, or procmail, but not both. What about multiple e-mail accounts on the same domain? Will procmail work for all those accounts? Can you specify different rules for each account?

I'm thinking that I'm not seeing the big picture on how this e-mail thing works. Does mail go to procmail first, then the account it was addressed to? Or does it go to the address first, and then procmail processes it. Any good "for dummies" reading on how procmail works and how e-mail works in general?

BTW, I have received spam from randomly generated addresses on two different accounts. Made the mistake of opening at least one to each address, and now I get spammed relentlessly on these addresses.


And I doubt that spammers spend any resources clearing out invalid email addresses from their lists -- it just isn't cost-effective for them to do it.

I gotta think that spammers must have a means to purge invalid addresses. If not, after a while their list would consist mostly of invalid addresses. Even spammers don't want to be wasting most of their bandwidth. Definately more cost effective to send e-mail to 1 million valid addresses than 100 million invalid ones.

Thanks!
Robert

FZ
12-02-2003, 03:23 PM
Interesting reading! So you can use Site Manager aliases, or procmail, but not both.

Yup... As explained above, they operate at "different levels". Sendmail is the main "mail handling program", it does the actual sending and receiving. Therefore, the Site Manager's aliases that operate at this level do so before Procmail is invoked.


What about multiple e-mail accounts on the same domain? Will procmail work for all those accounts? Can you specify different rules for each account?

If you give each mail account its own home directory, then yes, each mail account can have its own (independant) Procmail rules. The master Procmail file is, however, invoked before the individual ones (master: /etc/procmailrc)


I'm thinking that I'm not seeing the big picture on how this e-mail thing works. Does mail go to procmail first, then the account it was addressed to? Or does it go to the address first, and then procmail processes it. Any good "for dummies" reading on how procmail works and how e-mail works in general?

As explained above, Sendmail gets mail first. It then works out which account the mail has to go to. When it does that, it then checks to see if any Procmail rules are associated with that account and then passes the mail onto Procmail (or at least that is how I think it works) which then executes the conditions specified in the file. Those conditions can then do any processing on the mail in question, including editing it, forwarding it, deleting it, etc. and, unless otherwise specified, the mail is then "saved" in /var/spool/mail/accountname (where accountname is the name of the e-mail account), ready for you to download it via POP3 or view it using Neomail (or IMP). I'm not aware of any books - haven't really looked - as I feel that the free info on the net is enough for me. A book would go into such depth on things I would never use that it would be useless to me. Everything I know about this stuff I learned from (free) sites on the net and lots of experimentation ;)

qwerty
12-04-2003, 08:09 AM
Here's another wrinkle for some to consider.

I have been using the catchall with Procmail solution for a while instead of aliases in SiteManager. Clearly, I'm doing this so I can run Spamassassin on the messages for the benefit of the people with the 'aliases'. Works pretty good ...

BUT, I've noticed that some messages will not all make it to the intended recipient and end up in catchall. I'm asking procmail to look for a ^TO_ user@domain but this misses distribution list, listmail e-mail, etc. etc.

Any ideas on tweaking my Procmail recipes? FZ? Jalal?

FZ
12-04-2003, 11:31 AM
I had a similar problem a while ago. The best solution (that I could come up with, at least) is to add this rule as an OR condition to your ^TO_user:


^Received.*username@yourdomain.com

What this does it looks at the received header, which should always contain the address the mail is being sent to, even if the actual To: is something else. Let me know if that works for you or not.

dansroka
12-04-2003, 11:39 AM
I just checked the heading of the emails that this forum sends (when a topic has a new entry), and this looks like it should work.