summaryrefslogtreecommitdiff
path: root/src/_posts/2016-10-31-freebsd-mailserver-part-5-filtering-mail.md
diff options
context:
space:
mode:
Diffstat (limited to 'src/_posts/2016-10-31-freebsd-mailserver-part-5-filtering-mail.md')
-rw-r--r--src/_posts/2016-10-31-freebsd-mailserver-part-5-filtering-mail.md127
1 files changed, 127 insertions, 0 deletions
diff --git a/src/_posts/2016-10-31-freebsd-mailserver-part-5-filtering-mail.md b/src/_posts/2016-10-31-freebsd-mailserver-part-5-filtering-mail.md
new file mode 100644
index 0000000..d1797eb
--- /dev/null
+++ b/src/_posts/2016-10-31-freebsd-mailserver-part-5-filtering-mail.md
@@ -0,0 +1,127 @@
+---
+title: "FreeBSD email server - Part 5: Filtering mail"
+date: 2016-10-31 20:02:19
+tags: Tutorial FreeBSD Email Postfix SpamAssassin Pigeonhole
+layout: post
+---
+
+Being able to send mail and not be flagged as spam is pretty awesome on itself.
+But you also get hit by a lot of spam. The more you give out your email address
+and domain name, the more spam you will receive over time. I welcome you to
+another part of the FreeBSD email server series. In this part, we will set up
+email filtering at the server side.
+
+We will accomplish this with a couple packages, [SpamAssassin][spamassassin]
+and [Pigeonhole][pigeonhole]. The former deals with scanning the emails to
+deduce whether it is spam or not. The latter filters messages. We will use this
+filtering to drop emails marked as spam by SpamAssassin into the Junk folder,
+instead of the inbox.
+
+## Installing the packages
+Both packages are available through FreeBSD's `pkg` utility. Install them as
+such.
+
+{% highlight sh %}
+pkg install dovecot-pigeonhole spamassassin
+{% endhighlight %}
+
+## SpamAssassin
+### Enabling the service
+Like most services, you have to enable them as well. Pigeonhole is an extension
+to Dovecot, and Dovecot will handle this one. SpamAssassin requires you to
+configure the service as well. You can enable it and set sane configuration to
+it with the following two commands.
+
+{% highlight sh %}
+echo 'spamd_enable="YES"' >> /etc/rc.conf.local
+echo 'spamd_flags="-u spamd -H /srv/mail"' >> /etc/rc.conf.local
+{% endhighlight %}
+
+### Acquiring default spam rules
+SpamAssassin has to "learn" what counts as *spam* and what counts as *ham*. To
+fetch these rules, you should execute the updates for SpamAssassin with the
+following command.
+
+{% highlight sh %}
+sa-update
+{% endhighlight %}
+
+You most likely want to run this once every while, so it is advised to setup a
+cronjob for this purpose.
+
+## Postfix
+In order to have mails checked by SpamAssassin, Postfix must be instructed to
+pass all email through to SpamAssassin, which will hand them back with a
+`X-Spam-Flag` header attached to them. This header can be used by other
+applications to treat it as spam.
+
+### master.cf
+There's not much to include to the already existing Postfix configuration to
+enable SpamAssassin to do its job. Just open `/usr/local/etc/postfix/master.cf`
+and append the block given below.
+
+{% highlight ini %}
+spamassassin unix - n n - - pipe
+ user=spamd argv=/usr/local/bin/spamc
+ -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
+{% endhighlight %}
+
+## Pigeonhole
+Pigeonhole is an implementation of Sieve for Dovecot. It deals with filtering
+messages on the server side using a set of rules, defined in a file usually
+named `sieve`. This file is generally saved at
+`/srv/mail/domain.tld/user/sieve`. A default file to filter spam out is the
+following example.
+
+```
+require [
+ "fileinto",
+ "mailbox"
+];
+
+if header :contains "X-Spam-Flag" "YES" {
+ fileinto :create "Junk";
+ stop;
+}
+```
+
+This looks for the `X-Spam-Flag` header, which is added by SpamAssassin. If it
+is set to `YES`, this indicates SpamAssassin thinks the message is spam. As
+such, sieve is instructed to filter this message into the folder `Junk`, and to
+create this folder if it does not exist yet. The `stop;` makes sieve stop
+trying to process this message further based on later rules.
+
+## Dovecot
+Dovecot needs some additional configuration to work with Pigeonhole. Modify the
+following files and add the contents described.
+
+### conf.d/20-lmtp.conf
+This will enable Pigeonhole in Dovecot.
+
+{% highlight ini %}
+protocol lmtp {
+ mail_plugins = $mail_plugins sieve
+}
+{% endhighlight %}
+
+### conf.d/90-plugin.conf
+This configures Pigeonhole to look for a file named `sieve` in the mailbox
+homedir, and execute that when delivering mail.
+
+{% highlight ini %}
+plugin {
+ sieve = /srv/mail/%d/%n/sieve
+}
+{% endhighlight %}
+
+## Conclusion
+Spam is a pain, especially if you get a lot of it. The configuration added in
+this part of the FreeBSD email server series should get rid of most of it. This
+also concludes the series. If you have any questions or suggestions, please
+contact me via any of the methods detailed on [my home page][home].
+
+Thanks for reading along, and enjoy your very own email server!
+
+[home]: {{ "/" | prepend: site.baseurl }}
+[pigeonhole]: http://pigeonhole.dovecot.org/
+[spamassassin]: https://spamassassin.apache.org/