From 025db13070cabde62aed0b9c694baaaa4538b205 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Wed, 11 Dec 2013 00:56:02 +0100 Subject: Configure dovecot's antispam filter. Mails to be retrained are stored in the spooldir /home/mail/spamspool; later a daemon catches them up and feed them to sa-learn(1p). (On busy systems batch-process the learning should be much more efficient.) The folder transisition matrix along with the corresponding actions can be found there: http://hg.dovecot.org/dovecot-antispam-plugin/raw-file/5ebc6aae4d7c/doc/dovecot-antispam.7.txt See also dovecot-antispam(7). --- roles/IMAP/files/etc/dovecot/conf.d/20-imap.conf | 68 ++++++++++++++++++ roles/IMAP/files/etc/dovecot/conf.d/90-plugin.conf | 21 ++++++ .../files/etc/dovecot/conf.d/auth-ldap.conf.ext | 2 +- .../files/etc/dovecot/dovecot-ldap-userdb.conf.ext | 84 ++++++++++++++++++++++ 4 files changed, 174 insertions(+), 1 deletion(-) create mode 100644 roles/IMAP/files/etc/dovecot/conf.d/20-imap.conf create mode 100644 roles/IMAP/files/etc/dovecot/conf.d/90-plugin.conf create mode 100644 roles/IMAP/files/etc/dovecot/dovecot-ldap-userdb.conf.ext (limited to 'roles/IMAP/files') diff --git a/roles/IMAP/files/etc/dovecot/conf.d/20-imap.conf b/roles/IMAP/files/etc/dovecot/conf.d/20-imap.conf new file mode 100644 index 0000000..6771cc7 --- /dev/null +++ b/roles/IMAP/files/etc/dovecot/conf.d/20-imap.conf @@ -0,0 +1,68 @@ +## +## IMAP specific settings +## + +protocol imap { + # Maximum IMAP command line length. Some clients generate very long command + # lines with huge mailboxes, so you may need to raise this if you get + # "Too long argument" or "IMAP command line too large" errors often. + #imap_max_line_length = 64k + + # Maximum number of IMAP connections allowed for a user from each IP address. + # NOTE: The username is compared case-sensitively. + #mail_max_userip_connections = 10 + + # Space separated list of plugins to load (default is global mail_plugins). + #mail_plugins = $mail_plugins antispam + + # IMAP logout format string: + # %i - total number of bytes read from client + # %o - total number of bytes sent to client + #imap_logout_format = bytes=%i/%o + + # Override the IMAP CAPABILITY response. If the value begins with '+', + # add the given capabilities on top of the defaults (e.g. +XFOO XBAR). + #imap_capability = + + # How long to wait between "OK Still here" notifications when client is + # IDLEing. + #imap_idle_notify_interval = 2 mins + + # ID field names and values to send to clients. Using * as the value makes + # Dovecot use the default value. The following fields have default values + # currently: name, version, os, os-version, support-url, support-email. + #imap_id_send = + + # ID fields sent by client to log. * means everything. + #imap_id_log = + + # Workarounds for various client bugs: + # delay-newmail: + # Send EXISTS/RECENT new mail notifications only when replying to NOOP + # and CHECK commands. Some clients ignore them otherwise, for example OSX + # Mail ( for list of plugins and +# their configuration. Note that %variable expansion is done for all values. + +plugin { + antispam_backend = spool2dir + + antispam_trash = TRASH + antispam_unsure_pattern_ignorecase = MailTrain;MailTrain/* + antispam_spam = SPAM + + # The first %%lu is replaced by the current time. + # The second %%lu is replaced by a counter to generate unique names. + # These two tokens MUST be present in the template! + antispam_spool2dir_spam = /home/mail/spamspool/%u-%%10lu-%%06lu.spam + antispam_spool2dir_notspam = /home/mail/spamspool/%u-%%10lu-%%06lu.ham +} diff --git a/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext b/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext index 8e88b27..15eb306 100644 --- a/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext +++ b/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext @@ -23,7 +23,7 @@ passdb { # args = /etc/dovecot/dovecot-ldap-userdb.conf.ext # # # Default fields can be used to specify defaults that LDAP may override -# #default_fields = home=/home/virtual/%u +# default_fields = home=/home/mail/%d/%n #} # If you don't have any user-specific settings, you can avoid the userdb LDAP diff --git a/roles/IMAP/files/etc/dovecot/dovecot-ldap-userdb.conf.ext b/roles/IMAP/files/etc/dovecot/dovecot-ldap-userdb.conf.ext new file mode 100644 index 0000000..6c39bf6 --- /dev/null +++ b/roles/IMAP/files/etc/dovecot/dovecot-ldap-userdb.conf.ext @@ -0,0 +1,84 @@ +# This file is opened as root, so it should be owned by root and mode 0600. +# +# http://wiki2.dovecot.org/AuthDatabase/LDAP/Userdb + +# Space separated list of LDAP hosts to use. host:port is allowed too. +#hosts = + +# LDAP URIs to use. You can use this instead of hosts list. Note that this +# setting isn't supported by all LDAP libraries. +uris = ldapi:// + +# Distinguished Name - the username used to login to the LDAP server. +# Leave it commented out to bind anonymously. +#dn = + +# Password for LDAP server, if dn is specified. +#dnpass = + +# Use SASL binding instead of the simple binding. Note that this changes +# ldap_version automatically to be 3 if it's lower. Also note that SASL binds +# and auth_bind=yes don't work together. +sasl_bind = yes +# SASL mechanism name to use. +sasl_mech = EXTERNAL +# SASL realm to use. +#sasl_realm = +# SASL authorization ID, ie. the dnpass is for this "master user", but the +# dn is still the logged in user. Normally you want to keep this empty. +#sasl_authz_id = + +# Use TLS to connect to the LDAP server. +#tls = no +# TLS options, currently supported only with OpenLDAP: +#tls_ca_cert_file = +#tls_ca_cert_dir = +#tls_cipher_suite = +# TLS cert/key is used only if LDAP server requires a client certificate. +#tls_cert_file = +#tls_key_file = +# Valid values: never, hard, demand, allow, try +#tls_require_cert = + +# Use the given ldaprc path. +#ldaprc_path = + +# LDAP library debug level as specified by LDAP_DEBUG_* in ldap_log.h. +# -1 = everything. You may need to recompile OpenLDAP with debugging enabled +# to get enough output. +#debug_level = 0 + +# LDAP protocol version to use. Likely 2 or 3. +ldap_version = 3 + +# LDAP base. %variables can be used here. +# For example: dc=mail, dc=example, dc=org +base = fvl=%n,fvd=%d,ou=virtual,o=mailHosting,dc=fripost,dc=org + +# Dereference: never, searching, finding, always +deref = never + +# Search scope: base, onelevel, subtree +scope = base + +# User attributes are given in LDAP-name=dovecot-internal-name list. The +# internal names are: +# uid - System UID +# gid - System GID +# home - Home directory +# mail - Mail location +# +# There are also other special fields which can be returned, see +# http://wiki2.dovecot.org/UserDatabase/ExtraFields +user_attrs = =mail_plugins=antispam + +# Filter for user lookup. Some variables can be used (see +# http://wiki2.dovecot.org/Variables for full list): +# %u - username +# %n - user part in user@domain, same as %u if there's no domain +# %d - domain part in user@domain, empty if user there's no domain +user_filter = (&(objectClass=FripostVirtualUser)(objectClass=AmavisAccount)) + +# Attributes and filter to get a list of all users +#iterate_attrs = uid=user +#iterate_filter = (objectClass=posixAccount) -- cgit v1.2.3