Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
setup_basic_mailserver_with_postfix_dovecot_sieve [02.01.2020 08:34]
Pascal Suter [proxmox mail gateway]
setup_basic_mailserver_with_postfix_dovecot_sieve [02.01.2020 11:57] (current)
Pascal Suter [proxmox mail gateway]
Line 467: Line 467:
   * for DKIM to work you need to add a TXT entry to your domian'​s DNS record. you can click on "View DNS Record"​ to get a copy-paste snippet to paste right into your bind zone file if you're using bind as your name-server. ​   * for DKIM to work you need to add a TXT entry to your domian'​s DNS record. you can click on "View DNS Record"​ to get a copy-paste snippet to paste right into your bind zone file if you're using bind as your name-server. ​
   * once all these settings where done, i had to login to the filter via ssh and **manually restart postfix**. otherwise postfix would bind port 25 to 127.0.0.1 only. i guess rebooting the entire filter would fix this issue as well.   * once all these settings where done, i had to login to the filter via ssh and **manually restart postfix**. otherwise postfix would bind port 25 to 127.0.0.1 only. i guess rebooting the entire filter would fix this issue as well.
 +
 +==== tag and deliver spam instead of quarantine ====
 +I'm not sure I or my users would be happy with waiting for reports to find out why a recently sent mail did not reach them. after all it's always a good feeling if you can tell someone on the phone that you didn't find their email in your spam folder either, to convince them that they might have had a typo in your email address :) .. 
 +
 +First you need to make sure that spam is no longer quarantined but instead marked and forwarded. ​
 +
 +you can either mark an email by modifying its subject or by adding a header element.. i don't like changing the visible part of the email message, so i opted to go for an additional header field that marks spam. 
 +
 +to create it, go to the ''​Mail Filter-->​Action Objects''​ page in the PMG web-interface and add a new action object of the ''​Header Attribute''​ type. start the header atribute with ''​x-''​ and choose something meaningful.. i went for ''​x-spam-mail:​yes'' ​
 +
 +next we need to make sure that all spam mail is tagged with this header field instead of quarantined.  ​
 +
 +in the PMG web interface click on ''​Mail Filter''​ in the left column. you will now see a list of all active or inactive mail filters. by selecting a filter, you can then see on the right hand side column which actions will be executed. you can simply remove the Quarantine action from the active ones and then drag and drop the newly created action object to the active actions or click the + sign to add it. 
 +
 +now on to your postfix mail server.. we need to add a global sieve rule to dovecot that will move spam into a spam folder.. edit ''/​etc/​dovecot/​conf.d/​90-sieve.conf''​ and look for "​sieve_after"​ templates.. add a new line after those that looks like this: 
 +  sieve_after = /​etc/​dovecot/​sieve-after
 +now create the sieve-after directory: ​
 +  mkdir /​etc/​dovecot/​sieve-after
 +all filters found in this directory will be executed AFTER each user's own filters. so a user can create his own filters to whitelist spam in our case. 
 +<​code>​
 +cat > /​etc/​dovecot/​sieve-after/​spam-to-folder.sieve <<EOF
 +require ["​fileinto","​mailbox"​];​
 +
 +if header :contains "​x-spam-mail"​ "​yes"​ {
 + ​fileinto :create "​INBOX.Junk";​
 + stop;
 +}
 +EOF
 +</​code>​
 +now compile the sieve filter: ​
 +  sievec /​etc/​dovecot/​sieve-after/​spam-to-folder.sieve
 +lastly restart dovecot to re-read the config we altered bove 
 +  systemctl restart dovecot ​
 +to test, send an email from outside to your mail account with the following line in the body: 
 +<​code>​
 +XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
 +</​code>​
  
 ==== future improvements ==== ==== future improvements ====
 +=== Bayesian learning by moving mail to junk folder ===
 in order for proxmox'​s Bayesian filter to learn and start working you need to provide spam and ham mails. to do this, one needs to copy spam that passed the filter to a temporary location on the proxmox mail gateway and then tell the Bayesian filter that this is spam. it needs at least 200 spam and ham mails to start working. ideally, we should be able to do this by simply moving an email to the spam folder on our imap account and the email should then be submitted to the bayesian filter of PMG automatically.. ​ in order for proxmox'​s Bayesian filter to learn and start working you need to provide spam and ham mails. to do this, one needs to copy spam that passed the filter to a temporary location on the proxmox mail gateway and then tell the Bayesian filter that this is spam. it needs at least 200 spam and ham mails to start working. ideally, we should be able to do this by simply moving an email to the spam folder on our imap account and the email should then be submitted to the bayesian filter of PMG automatically.. ​
  
Line 475: Line 513:
   * a solution on how to use imap sieve filters to trigger a bash script when a mail is moved into a specific folder can be found in the [[https://​workaround.org/​ispmail/​buster/​filtering-out-spam-with-rspamd-2/​|all mighty ISPmail tutorial]]   * a solution on how to use imap sieve filters to trigger a bash script when a mail is moved into a specific folder can be found in the [[https://​workaround.org/​ispmail/​buster/​filtering-out-spam-with-rspamd-2/​|all mighty ISPmail tutorial]]
  
-i'm not sure yet, but i might want to only tag spam but still send it to the mailserver so that it can be stored to a spam folder and is instantly searchable by any user in his own account. not sure I or my users are happy with waiting for reports to find out why a recently sent mail did not reach them.  
  
 ==== adjustments to postfix settings on our mailserver ==== ==== adjustments to postfix settings on our mailserver ====