1

Topic: HOWTO: Per User Spam Settings & Spamassassin Whitelisting via iRedAdmi

==== Required information ====
- iRedMail version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Linux/BSD distribution name and version:
- Related log if you're reporting an issue:
====
Required: iRedAdmin-Pro-MySQL-1.8.2 - Ubuntu/Debian

Our team has developed an semi-custom integration for iRedAdmin-Pro-MySQL-1.8.2 which allows for:

* per user spam settings via amacube plugin + amavis/spamassassin via roundcube
* per user spam ham + spam training via markasjunk2 plugin in roundcube
* per domain admin access to server whitelist via iredadmin
* sync cluebringer/policy.d whitelist to spamassassin local.cf whitelist_from

Before I take the time to formally share this with the community I wanted to ensure this wasn't documented elsewhere (I could never find it) and that there is a level of interest from the community.

Please let me know and I'll check back and would be happy to post.

/A

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: HOWTO: Per User Spam Settings & Spamassassin Whitelisting via iRedAdmi

This is the first time iRedAdmin-Pro customer reports the customization.

Upcoming iRedAdmin-Pro release will provide self-service for normal mail users, and it has deeper Amavisd integration.

With self-service, users are allowed to login to iRedAdmin-Pro to manage their own preferences, including:

    + change password
    + set mail forwarding

    [Below features are implemented with Amavisd integration]

    + manage quarantined mails
    + whitelist senders or sender domains in Quarantined Mails page
    + check received emails
    + blacklist senders or sender domains in Received Mails page
    + manage per-user white/blacklist
    + set basic spam policy.

adcoment wrote:

* per domain admin access to server whitelist via iredadmin
* sync cluebringer/policy.d whitelist to spamassassin local.cf whitelist_from

i don't know how you implement these 2 features, would you mind sharing technical details? Maybe we can implement it in iRedAdmin-Pro officially and you don't need to maintain the code.

I plan to switch global whitelist/blacklist in Amavisd, and provide an iRedAPD plugin for Postfix to REJECT/BYPASS black/whitelisted senders. This way we have a central database (Amavisd) instead of storing data in Cluebringer, Amavisd, iRedAPD, etc.

3

Re: HOWTO: Per User Spam Settings & Spamassassin Whitelisting via iRedAdmi

Thanks ZhangHuangbin,

With your enhancements the other integration may prove unnecessary - good to hear!  I do suggest integrating Amacube+Markasjunk2 RC plugins however so domain admins can have individuals update their spam settings (I would eliminate the "discard" level as the per user level--- too much user power to lose emails).

The whitelisting is currently in cluebringer and not in amavisd/spamassasin.  It needs to be in both. Hence, it needs to be managed in /etc/spamassasin/local.cf, or ideally mysql.

AFA:

adcoment wrote:

* per domain admin access to server whitelist via iredadmin

We just modified iredamin to allow domain admins to add to but not delete from whitelist--- not ideal, but effective.

adcoment wrote:

* sync cluebringer/policy.d whitelist to spamassassin local.cf whitelist_from

From a technical standpoint here's how it works (I can share the code if you like):
* external script to read in cluebringer DB and write (securely w/backup) to local.cf in spamassassin a whitelist_from version
* call script from GET/POST wblist functions
* make the script sudo executable NOPASS to restart amavis as well after GET/POST

I'm certain this isn't perfect technically; however, my clients now love iredmail with the additional levels of control

Let me know if I can assist further.

p.s. the forum reply of your post went to my spam because iredmail@box673.bluehost.com  - just FYI

4

Re: HOWTO: Per User Spam Settings & Spamassassin Whitelisting via iRedAdmi

Technical details:

+ install cluebrnger2spamassin.pl to /etc/spamassasin (700 root)
+ edit /usr/share/apache2/iredadmin/controllers/cluebringer/wblist.py  # see attached
= wblist_post/get:   
                       subprocess.call('/usr/bin/sudo /etc/spamassassin/cluebringer2spamassassin.pl',shell=True);
+ edit /etc/sudoers
= add: 
                       iredadmin ALL=(ALL) NOPASSWD:/etc/spamassassin/cluebringer2spamassassin.pl
+ edit /etc/spamassassin/local.cf
= add two lines at end at end (no leading space):
                           ###### CLUEBRINGER2SPAMASSASIN START ######
                           ###### CLUEBRINGER2SPAMASSASIN END ######

I'm positive to get some negative feedback on best practice but that is why I wanted to contribute.

/A

Post's attachments

cluebringer2spamassassin.pl 2.31 kb, 3 downloads since 2014-11-13 

local.cf 4.56 kb, 1 downloads since 2014-11-13 

wblist.py 3.57 kb, 2 downloads since 2014-11-13 

You don't have the permssions to download the attachments of this post.

5

Re: HOWTO: Per User Spam Settings & Spamassassin Whitelisting via iRedAdmi

adcoment wrote:

From a technical standpoint here's how it works (I can share the code if you like):
* external script to read in cluebringer DB and write (securely w/backup) to local.cf in spamassassin a whitelist_from version
* call script from GET/POST wblist functions
* make the script sudo executable NOPASS to restart amavis as well after GET/POST
I'm certain this isn't perfect technically; however, my clients now love iredmail with the additional levels of control

I think this can be solved easily by using white/blacklist in Amavisd.

*) If sender (or sender domain) is whitelisted in Amavisd, it won't invoke SpamAssassin for spam scanning at all, and no need to touch /etc/mail/spamassassin/local.cf at all.

*) As mentioned in my previous post, "I plan to switch global whitelist/blacklist in Amavisd, and provide an iRedAPD plugin for Postfix to REJECT/BYPASS black/whitelisted senders. This way we have a central database (Amavisd) instead of storing data in Cluebringer, Amavisd, iRedAPD, etc." then you don't need to customize iRedAdmin-Pro at all, that means you don't need to maintain your code after we release a new version of iRedAdmin-Pro.

*) With a iRedAPD plugin, we can reject emails from blacklisted sender (or sender domain) during SMTP session, not after email enters your server or mail queue. It will save CPU/Memory resource.

So, you just need to manage wblist in Amavisd database, that's all. iRedAdmin-Pro and iRedAPD will handle addition operations.
This way, i believe it's more effective than your solution.

6

Re: HOWTO: Per User Spam Settings & Spamassassin Whitelisting via iRedAdmi

ZhangHuangbin wrote:
adcoment wrote:

From a technical standpoint here's how it works (I can share the code if you like):
* external script to read in cluebringer DB and write (securely w/backup) to local.cf in spamassassin a whitelist_from version
* call script from GET/POST wblist functions
* make the script sudo executable NOPASS to restart amavis as well after GET/POST
I'm certain this isn't perfect technically; however, my clients now love iredmail with the additional levels of control

I think this can be solved easily by using white/blacklist in Amavisd.

*) If sender (or sender domain) is whitelisted in Amavisd, it won't invoke SpamAssassin for spam scanning at all, and no need to touch /etc/mail/spamassassin/local.cf at all.

*) As mentioned in my previous post, "I plan to switch global whitelist/blacklist in Amavisd, and provide an iRedAPD plugin for Postfix to REJECT/BYPASS black/whitelisted senders. This way we have a central database (Amavisd) instead of storing data in Cluebringer, Amavisd, iRedAPD, etc." then you don't need to customize iRedAdmin-Pro at all, that means you don't need to maintain your code after we release a new version of iRedAdmin-Pro.

*) With a iRedAPD plugin, we can reject emails from blacklisted sender (or sender domain) during SMTP session, not after email enters your server or mail queue. It will save CPU/Memory resource.

So, you just need to manage wblist in Amavisd database, that's all. iRedAdmin-Pro and iRedAPD will handle addition operations.
This way, i believe it's more effective than your solution.

How does one make amavisd use "white/blacklist" in the non Pro version?

adcoment, great work, I am understanding more of the inner workings from your post.

7

Re: HOWTO: Per User Spam Settings & Spamassassin Whitelisting via iRedAdmi

jpforte wrote:

How does one make amavisd use "white/blacklist" in the non Pro version?

You can always update Amavisd SQL database to manage white/blacklists. smile