« Simon Pegg is doing awfully wellInstalled B2Evolution »

Training SpamAssassin, Horde, IMAP, Plesk user configuration

What a nightmare! It has taken me about a month of web searching, playing, testing and configuring to get user specific spam training with SpamAssassin running on an Horde IMAP email client on a Plesk virtual hosts system.

The problem with the default set up is that in order to train SpamAssassin you need to log into the server’s plesk interface and select emails which are spam and which are ham. From that interface you can’t read the emails, so you never know for sure. Also this interface will only let you scan the inbox. This whole process does not work well for users who are using Horde with IMAP.

Bet you want to know how? There are several issues which need to be addressed in order to make it work properly.

  • Horde application needs to fill in the correct SpamAssassin variables
  • Horde needs to know what to do with the spam or ham emails
  • Web user is different from the SpamAssassin user so the difference needs to be resolved.

Firstly Horde needs to fill in the correct variables when parsing the spam / notspam command program. In file /usr/share/psa-horde/imp/lib/Spam.php make the following changes:

PHP:

/* If a (not)spam reporting program has been provided, use
* it. */
if (!empty($GLOBALS['conf'][$action]['program'])) {
$raw_msg = $imp_contents->fullMessageText();
/* Use a pipe to write the message contents. This should
* be secure. */
$email_address = explode("@", Auth::getAuth());
 
$prog = str_replace('%u', escapeshellarg(Auth::getAuth()), $GLOBALS['conf'][$action]['program']);
$prog = str_replace('%l', escapeshellarg($email_address[0]), $prog);
$prog = str_replace('%d', escapeshellarg($email_address[1]), $prog);
$proc = proc_open($prog,

Next tell Horde what to do with the spam / notspam emails. Edit the configuration file (/usr/share/psa-horde/imp/config/conf.php) to tell Horde how to do the training, and when to show the “Report as Spam” and “Report as Innocent” links.
Add the following lines:

PHP:

$conf['spam']['reporting'] = true;
$conf['notspam']['reporting'] = true;
$conf['spam']['program'] = '/var/qmail/popuser/bin/saver.sh %l %d spam > /dev/null 2> /dev/null';
$conf['notspam']['program'] = '/var/qmail/popuser/bin/saver.sh %l %d ham > /dev/null 2> /dev/null';

The reporting variables tell Horde to print the report links on every page and the program variables tell it what to do.

The popuser’s home directory does not exist by default so we will create it which will give us somewhere to house all the required programs.

Code:

mkdir /var/qmail/popuser
cd /var/qmail/popuser
mkdir bin train
chown popuser:popuser bin train
chmod 755 bin
chmod 703 train

The training directory must be closed, we are going to store copies of emails while they are waiting to be processed and we don’t what prying eyes looking over them.

Now we must recreate the saver.sh and trainer.sh programs, to handle the different user permissions.

saver.sh:

Code:

#!/bin/bash
#
# Author: David Newcomb
# Copyright: BigSoft Limited (c) 2007
#
 
 
# Handle parameters
USER=$1
DOMAIN=$2
WHAT=$3
 
TRAIN_DIR="/var/qmail/popuser/train"
DATE=`date +'%Y%m%d%H%M%S%N'`
UNIQFILE="$USER:$DOMAIN:$WHAT:$DATE.$$"
FILE="$TRAIN_DIR/$UNIQFILE"
 
cat > $FILE
 
# Mark as ready to pick up
chmod o+r $FILE
mv "$FILE" "$FILE.done"

This simple program takes input from stdin and writes it into a special file in a special directory.

trainer.sh:

Code:

#!/bin/bash
#
# Author: David Newcomb
# Copyright: BigSoft Limited (c) 2007
#
 
 
TRAINER_DIR=/var/qmail/popuser/train
SPAM="/usr/bin/sa-learn -u %u --dbpath /var/qmail/mailnames/%d/%l/.spamassassin -L --spam"
HAM="/usr/bin/sa-learn -u %u --dbpath /var/qmail/mailnames/%d/%l/.spamassassin -L --ham"
PATH=/bin:$PATH
 
ls $TRAINER_DIR/*.done | \
while read FILENAME
do
        `echo "$FILENAME" | sed 's/.*\/\(.*\):\(.*\):\(.*\):\(.*\)/export USER=\1 DOMAIN=\2 WHAT=\3/'`
 
        if [ "$WHAT" = "spam" ]
        then
                DO=$SPAM
        else
                DO=$HAM
        fi
 
        PARSED=`echo $DO | sed "s/%u/$USER@$DOMAIN/g"`
        PARSED=`echo $PARSED | sed "s/%l/$USER/g"`
        PARSED=`echo $PARSED | sed "s/%d/$DOMAIN/g"`
 
        cat $FILENAME | $PARSED
        rm -f $FILENAME
 
done

This program reads the special directory and decodes the special filenames into user, domain and what its contents are. It then runs the sa-learn program pointing it at the specific users bayes_toks files.

The saver.sh is run by the apache webmail process and the trainer.sh is run by the popuser. One could tell apache to run webmail.domain under popuser but I want to avoid touching the webserver’s configuration.

The question now is how often do you run the trainer. This will depend on the various resource requirements your system has, how many mail users you have, how much mail they receive and how much free disk space you have. For example if you have a small number of users then every hour would be enough, whereas if the server is heavily used during the day you may want to run the trainer during one of the more quieter times.

To add to the popuser’s cron enter the following:

Code:

crontab -u popuser -e

When inside the editor, enter the line:

Code:

0 * * * * /var/qmail/popuser/bin/trainer.sh >/dev/null 2> /dev/null

This will run the trainer as the popuser every hour.

In all the cases above the output is directed to /dev/null but for debug you can change it to whatever you like.

There is another method that can be used. This is to set up a special user to whom you forward your spam / ham to. I think that this is a pain for users because you have to forward it and then delete it, where as both of these can be done using the above method.

It seems strange that there is no documentation for this feature as I think effective spam training is essential when administering a mail server. I understand that everyone loves coding, but hates writing documentation!

If anyone has any comments, suggestions or improvements to any of the above then please add to the comments.


This entry was posted on August 30th, 2007 at 12:24:35 pm and is filed under Techie. Tags: horde, imap, plesk, spamassassin

15 comments

Comment from: Sam [Visitor]
Great product...I was struggling with the same functionality (or lack there of).

Btw, I run FC6 with IMP and it works great. The only additions I have is to ensure you place the saver.sh and trainer.sh in the bin folder and

$ chmod popuser:popuser saver.sh trainer.sh
$ chmod +x saver.sh trainer.sh

Otherwise, fantastic work...you should offer this how-to up to the Horde-IMP folks...
11/19/07 @ 15:10
Comment from: Paul KPOGNON [Visitor]
This product is exactly what I was looking for since.

Now I can let my users themselves report their spam as well.

That is fantastic
03/28/08 @ 13:29
Comment from: Matt Earwicker [Visitor]
Have successfully done this on RHEL4 and FC5 servers, but RHEL5 has no $conf['spam'] settings in the /usr/share/psa-horde/config/conf.php file. If I add them, it doesn't complain, but it doesn't show up either.

I tried adding myself as an administrator, and changing it from there, but it doesn't manage to save either, but suggests I edit the file manually. If I copy the suggested text into the conf.php file, it still doesn't appear.

Any thoughts?

Matt
07/25/08 @ 16:38
Comment from: David Newcomb [Member]
Email
It looks like you have not added the options to the correct config file.
You state:
/usr/share/psa-horde/config/conf.php
but the article states the IMP config file:
/usr/share/psa-horde/imp/config/conf.php

Try adding the options to that instead.
07/25/08 @ 17:39
Comment from: Matt Earwicker [Visitor]
Whoops! Too late at night. Thanks.
07/26/08 @ 07:16
Comment from: Matt Earwicker [Visitor]
Ideal! Just what we needed.

Means that we can finally get our users to sort out their own spam settings a bit, rather than having to try and do them for them within Plesk (a step too far for many), which requires a bit of guesswork anyway.

Thanks for the walk-through, I had given up trying to sort something out myself.
07/27/08 @ 06:17
Comment from: Michael [Visitor]
· http://www.magicspam.com
Another thing you may want to look at is MagicSpam for Plesk. This works at the SMTP layer before filtering, and helps to reduce the overhead normally associated with Spam Assassin checking, but knocking the bulk off before hand. It also helps to greatly reduce backscatter, keeping you off those blacklists.
09/02/08 @ 22:58
Comment from: Matt Earwicker [Visitor]
Just to add to Sam's first post:

First command should be:

$ chown popuser:popuser saver.sh trainer.sh

Matt
01/28/09 @ 09:29
Comment from: Adam H [Visitor]
· http://www.joolpool.com
Thanks for this Matt! Just one thing - is it possible to get Horde to set mails to "deleted" as & when they are reported as spam? I followed the steps above, but while I see the temp mail files appearing in "train", the original emails seem to remain in the user mailbox?
02/04/09 @ 18:33
Comment from: Christine [Visitor]
· http://www.magicspam.com
Sounds like a lot of work to add in all these configurations. Why not use an antispam that can tie into the plesk interface and provide simple on/off controls. MagicSpam doesn't require manual configurations and stops bouncing emails.
Adam - Why not try something that blocks email rather than accepting and filtering it?
03/19/09 @ 18:48
Comment from: David Newcomb [Member]
Email
Thanks Christine, MagicSpam is not free whereas the above solution is.
Also there are some companies that go through their captured spam to check for false positives, which blocking it would prevent.
03/20/09 @ 10:04
Comment from: Mini [Visitor]
Email
Hey guys I need your help! I've got the Plesk server recently and every time I try to access the webmail of any of the mails created inside it appears this:

A fatal error has occurred
Failed to import Horde configuration: Strict Standards: Non-static method Horde::getTempDir() should not be called statically, assuming $this from incompatible context in /etc/psa-horde/horde/conf.php on line 81 Strict Standards: Non-static method Util::getTempDir() should not be called statically, assuming $this from incompatible context in /usr/share/psa-horde/lib/Horde.php on line 987
Strict Standards: Assigning the return value of new by reference is deprecated in /usr/share/psa-pear/PEAR.php on line 563

Where do i find this: /usr/share/psa-horde/ in the Plesk Panel.. I have no clue..Please Help!!
07/22/09 @ 21:52
Comment from: David Newcomb [Member]
Email
Does this have anything to do with the article "Training SpamAssassin, Horde, IMAP, Plesk user configuration" or is it a general Plesk enquiry?
07/23/09 @ 02:00
Comment from: DeadSet [Visitor]
Email
I did the following:

Edit the configuration file (/usr/share/psa-horde/imp/config/conf.php) to tell Horde how to do the training, and when to show the “Report as Spam” and “Report as Innocent” links.

But where should this “Report as Spam” and “Report as Innocent” links be displayed in Horde?
09/26/09 @ 15:30
Comment from: David Newcomb [Member]
Email
In the message index page:

Delete | Blacklist | Whitelist | Forward | Report as Spam | Report as Innocent | View Messages

and on the view message page:

Delete | Reply | Forward | Redirect | View Thread | Blacklist | Whitelist | Message Source | Save as | Print | Report as Spam | Report as Innocent
09/27/09 @ 19:35

Leave a comment


Your email address will not be revealed on this site.

Your URL will be displayed.
(Line breaks become <br />)
(Name, email & website)
(Allow users to contact you through a message form (your email will not be revealed.)
Please enter "notspam" (without the quotes) in the box below
antispam test