Spamassasin Rainloop SPAM Filtering [Sieve]


Spamassasin Rainloop SPAM Filtering [Sieve]

Introduction

Like it or not, you’re probably going to end up with some spam in your rainloop inbox. It’s going to start with a few emails per week and you’ll think you can manage it manually, but it’s going to escalate relatively quickly. Soon you’re going to start receiving dozens of emails per day/hour and your rainloop inbox is going to look like s***, making it difficult to see relevant emails. Spamassasin rainloop SPAM filtering is a necessity and Sieve is a great programming language designed just for that purpose.

Spamassasin Rainloop SPAM Filtering [Sieve] - Rainloop Spam Example
Rainloop Spam Example

Dovcot Sieve Setup

First, you’re going to need a spamassasin (mailserver server setup, anti-spam section). That’s going to mark problematic emails as SPAM, but they’re still going to be present in inbox. To move them to spam automatically, we’re going to rely on Sieve (Dovecot Pigeonhole Sieve support).

Debian/Ubuntu:

$ apt-get install dovecot-sieve dovecot-managesieved

RedHat/CentOS:

$ yum install dovecot-pigeonhole

Enable plugin in /etc/dovecot/conf.d/20-lmtp.conf, add:

protocol lmtp {
  postmaster_address = [email protected]
  mail_plugins = $mail_plugins sieve
}

Edit /etc/dovecot/conf.d/90-sieve.conf, add:

plugin {
   sieve = ~/.dovecot.sieve
   sieve_global_path = /var/lib/dovecot/sieve/default.sieve
   sieve_dir = ~/sieve
   sieve_global_dir = /var/lib/dovecot/sieve/
}

Extended sieve config, just a sample:

service auth {
     unix_listener auth-client {
         group = postfix
         mode = 0660
         user = postfix
     } 
     unix_listener auth-master {
         group = vmail
         mode = 0660
         user = vmail
     }
     user = root
}

service managesieve-login {
   inet_listener sieve {
     port = 4190
   }
}

service managesieve {
}

protocol sieve {
     managesieve_max_line_length = 65536
     managesieve_implementation_string = dovecot
     log_path = /var/log/dovecot-sieve-errors.log
     info_log_path = /var/log/dovecot-sieve.log
}

plugin {
     sieve = ~/dovecot.sieve
     sieve_global_path = /etc/dovecot/sieve/default.sieve
     sieve_dir = ~/sieve
     sieve_global_dir = /etc/dovecot/sieve/global/
}

lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes

protocol lda {
     mail_plugins = $mail_plugins autocreate sieve quota
     postmaster_address = [email protected]
     hostname = mail.cyberpunk.rs
     auth_socket_path = /var/run/dovecot/auth-master
     log_path = /var/log/dovecot-lda-errors.log
     info_log_path = /var/log/dovecot-lda.log
}

protocol lmtp {
     mail_plugins = $mail_plugins autocreate sieve quota
     log_path = /var/log/dovecot-lmtp-errors.log
     info_log_path = /var/log/dovecot-lmtp.log
}

Create and adjust permissions:

$ touch /var/log/{dovecot-lda-errors.log,dovecot-lda.log}
$ touch /var/log/{dovecot-sieve-errors.log,dovecot-sieve.log}
$ touch /var/log/{dovecot-lmtp-errors.log,dovecot-lmtp.log}
$ mkdir -p /etc/dovecot/sieve/global
$ chown vmail: -R /etc/dovecot/sieve
$ chown vmail:mail /var/log/dovecot-*

Edit /etc/dovecot/dovecot.conf, append sieve in protocols:

protocols = imap lmtp sieve

Restart Dovecot:

$ service dovecot restart

Check if managesieve is running on port 4190, either with netstat -tulpn or simply by connecting to it with telnet:

telnet localhost 4190

Trying 127.0.0.1…
Connected to localhost.
Escape character is '^]'.
"IMPLEMENTATION" "Dovecot Pigeonhole"
"SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext"
"NOTIFY" "mailto"
"SASL" "PLAIN LOGIN"
"STARTTLS"
"VERSION" "1.0"
OK "Dovecot ready."

Global Sieve Rules

You could create a file with sieve rules:

$ mkdir /var/lib/dovecot/sieve/
$ nano /var/lib/dovecot/sieve/default.sieve

Move spam emails from Inbox to Junk folder automatically (X-Spam-Flag is added by Spamassassin):

require "fileinto";
if header :contains "X-Spam-Flag" "YES" {
fileinto "Junk";
}

Adjust ownership:

$ chown -R vmail:vmail /var/lib/dovecot

Compile rules:

$ sievec /var/lib/dovecot/sieve/default.sieve

Rainloop Sieve Filtering

By default rainloop account settings is missing “Filters” option, so first you’ll need to enable it in rainloop admin panel:

Spamassasin Rainloop SPAM Filtering [Sieve] - Rainloop Sieve Filtering

Enable Sieve in Rainloop:

Spamassasin Rainloop SPAM Filtering [Sieve] - Rainloop Sieve Filtering
Spamassasin Rainloop SPAM Filtering [Sieve] - Rainloop Sieve Filtering

To adjust filter, login to your rainloop account, go to settings -> Filters:

Spamassasin Rainloop SPAM Filtering [Sieve] - Rainloop Sieve Filtering

Create fillter:

Spamassasin Rainloop SPAM Filtering [Sieve] - Rainloop Sieve Filtering: Available Actions

Available actions:

  • Move to
  • Forward to
  • Reject
  • Vacation message
  • Discard

In cases where you want to explicitly mark email addresses as spam via spamassasin, add them to /etc/spamassassin/local.cf:

blacklist_from *@126.com
blacklist_from [email protected]

Conclusion

Spamassasin Rainloop SPAM filtering is something you’ll need in your fight with spam. In general, dovecot sieve filtering is a very usefull feature in Rainloop email management. You can use it to keep you rainloop inbox clear and ordered. Move spam emails to spam folder automatically, create new folders and organize/redirect your incoming emails (e.g. from instagram, twitter, etc).