This page is now obsolete. See the GOLD BOOK.
Basic idea is to have a central procmail rule that diverts email tagged by spamassassin to a users webmail directory. Users can then access the quarantine using squirrelmail or any other mua that understands and can access the mbox file in which such messages are stored. As part of the system users get a daily digest email of what is currently in their quarantine.
The scheme will be opt-in for existing users and opt-out for new users. Whether the scheme is active for a user will depend on the existence of a file in their home directory called ".QUARANTINE_SPAM" The existence of this file indicates that the user is opted in. Conversley it's absence indicates the user is opted out.
The first rule in the procmailrc file effectively whitelists the daily digest emails to prevent them being sent to the quarantine.
The second rule checks for the existence of $HOME/.QUARANTINE_SPAM file and only proceeds if it does exist.
# Whitelist the digests!
:0H:
* ^Subject: .*(NRAO Daily Quarantine Digest)
$DEFAULT
# quarantine spam
:0:
* ? test -f $HOME/.QUARANTINE_SPAM
* ^X-MailScanner-(SpamScore: sssss|SpamCheck:.(ORDB|INfinite-Monkeys|SpamAssassin| SBL+XBL))
$HOME/webmail/QUARANTINE
:0:
* ? test -f $HOME/.QUARANTINE_VIRUS
* ^Subject: .*\{VIRUS?\}
$HOME/webmail/QUARANTINE
- .DELETE_SPAM
- .DELETE_VIRUS
- .QUARANTINE_FOREIGN (Foreign char sets)
- .DELETE_FOREIGN
A suitable procmailrc is in /home/nraosoft/apps/quarantine/promailrc just copy it to /etc/procmailrc on the mail delivery host.
To save users having to manually check their quarantine we need a method to send them an email with a list of what is currently in their quarantine.
An awk script that generates a tidy summary is in /home/nraosoft/apps/quarantine/spam-digest copy to /opt/services/quarantine/spam-digest on the delivery host.
Rather than have the digest generation keyed off the .QUARANTINE_SPAM file add another seperate file for requesting daily digests, .QUARANTINE_DIGEST Should we add other central quarantine rules this will save some tortuous logic later on. It also more closely follows the puremessage paradigm of allowing a user to have the digest or not.
61 quarantined messages:
Tehran@techsoftamerica.com {SPAM?} FW: Shy Lady in prrrevet action
yenalykyf@info.com.tr {SPAM?} Busty amateur on table
hwang@news.com {SPAM?} Girl in nude pantyhose
name@hsuchi.net {SPAM?} Babe Hardcore Pussy Fucked & Cum Covered
pmk@sesmail.com {SPAM?} Dirty Bitch Suck & Messy Facial Cumshot
ZEPKTI@radiance-ind.com {SPAM?} Re: [IMPORTANT] Notice to Home Owner [531
wqfgnujhqdlbwf@yahoo.com {SPAM?} Pay Less For Branded Watches 4Dv1
TAJRAXYWSBPH@alti-byg.dk {SPAM?} valium
Lisha@marshjewelers.com Your limited time savings code, don't delay!
bernard@radiomexico.com {SPAM?} Asian Babe Blwojob Hardcroe scrutiny
dulfer@earthlink.net {SPAM?} helen Clark it's happeend derivate
# Modified 09/14/05 to not send digest if quarantine is empty
#
for i in /users/*
do
name=`basename $i`
if
[[ -a /netapp/users/$name/.QUARANTINE_DIGEST && -s /users/$name/webmail/QUARANTINE ]]
then
awk -f /opt/services/quarantine/spam-digest /users/$name/webmail/QUARANTINE | /bin/mail -s "NRAO Daily Quarantine Digest" $name
fi
done
- rotate QUARANTINE daily
- run cronjob that appends the newly rotated QUARANTINE.1 to OLDQUARANTINE daily
- delete QUARANTINE.1 daily
- rotate OLDQUARANTINE weekly
Find the files in /home/nraosoft/apps/quarantine/quarantine ..../quarantine-weekly and ..../logrotate-cronjob
Copy quarantine and quarantine-weekly to /etc/logrotate.d/ and logrotate-cronjob to /etc/cron.daily
- Digest frequency
Daily. More frequently is annoying, less often is also bad imho.
- Digest contents
Should it list only messages that arrived since the last digest was sent or everything currently in the quarantine? I favour the latter as it is much simpler to do. Listing the contents in reverse order of arrival makes more sense to me than oldest to newest.
- Digest sanitation
Should the digest script try and sanitize the subject lines? Some users may be offended by the contents. To be honest I don't think we can really do much about it.
- Logrotate frequency
Weekly. Doing it more often, especially if we use the compress option in logrotate, makes acessing quarantine folders older than a day or two a royal pain. Think about getting back from vacation! This may in fact be an argument for not compressing with logrotate.
- Personal procmailrc files
If a message is shunted into quarantine by the global procmail then the users procmail is not run. Otherwise it is.
- Quarantine folder name
Just call it QUARANTINE and have done.
- Ensure a webmail folder exists. If the user is already using an MUA that understands mbox and can access the users unix filespace use a link or whatever is most appropriate.
- Create the QUARANTINE and OLDQUARANTINE folders (Simply touching them into existence is fine)
- Ensure ownership and permissions of webmail and *QUARANTINE are right
- Touch .QUARANTINE_SPAM (optionally .QUARANTINE_FOREIGN)
- If user desires the daily digest also touch .QUARANTINE_DIGEST into existence.
- Check ownership/permissions on the above 2 'trigger' files.
- echo webmail/QUARANTINE >> .mailboxlist (again check ownership/permissions) to subscribe the folder.
- Educate user on squirrelmail basics. How to access QUARANTINE, how to 'deliver' a false positive. Actually run them through it.
- Ensure user is aware of location of documentation on squirrelmail and spam quaranting setup.
- Relax in the knowledge of a job well done
Green Bank now has 8 alpha testers. So far so good. Of the 8, 6 are squirrelmail users already. One is a vm user and one is on thunderbird.
09/13/05 add nradziwi
09/14/05 added koneil, degan & bmckean. Also modified the digest cronjob to not send an email if a users quarantine folder is empty.
09/15/05 If a user accesses their quarantine through an mua other than webmail and they have filtering within the mua then simply opening the quarantine folder can cause it to be emptied to wherever their filters say. This generates a helpdesk ticket pointing out the inaccuracy of the digest email.
09/16/05 Added tweadon, mholstin. Added line about subscribing the quarantine foler.
09/28/05 Modified logrotation to do it daily with wekkly archive.
-- ChrisClark - 11 Sep 2005
Revision r1.15 - 28 Jun 2006 - 18:04 GMT - WolfgangBaudler
Parents: WebHome
|
Content copyright © 1999-2007 by the contributing authors.
All material on this collaboration platform is the property of the contributing authors.
|
| |