Train SpamAssassin Spam Email Message Detection in Zentyal

Train SpamAssassin Spam Email Message Detection in Zentyal

Category : How-to

Get Social!

SpamAssassin_logo

SpamAssassin does a great job at identifying SPAM emails and is probably one of the most popular in it’s class. An important part of fighting SPAM email is keeping up with the changes in both SPAM and non-SPAM (often called Ham) email content. Luckily for us, whatever magic SpamAssassin employs to decide if email is SPAM or not can be trained so that emails wrongly classified can be correctly classified in future.

I’m using SpamAssasin as part of Zentyal email server, however a stand alone SpamAssassin install could also be used with a similar process.

spam-training-inboxThe first step is to create a folder for a given email account which will be used to manually classify SPAM email messages. You could use your existing SPAM/ Junk folder but I’ve called mine ‘Spam Training’ to keep it separate. When you receive email to your inbox that hasn’t been classed as SPAM but should be, you’ll manually move the email to your new ‘Spam Training’ folder and SpamAssassin will update it’s detection routine accordingly. Messages could be falsely marked as SPAM and kept in the SPAM folder and you wouldn’t want SpamAssassin to automatically learn those to be SPAM which is why I’ve kept them separate.

Cron Job

The next step is to set up a cron that will execute the SpamAssassin utility sa-learn to consume the emails and update its detection mechanism. sa-learn will learn from messages that you specify as SPAM with the –spam switch and messages that are not SPAM with the –ham switch.

Open up a crontab shell and enter one or more of the below lines as required.

crontab -e

Crontab entries to teach SpamAssassin

Add one or more of the below lines to your crontab. Each entry is set to trigger every 24 hours at 0330 and log to /var/log/spam_train.log – both of these items can be changed as per your requirements. In addition, the mailbox location for these commands is set as /mailvol/jamescoyle.net/ and will need to be changed to match your email server environment.

There are a couple of other things to note with this process:

  1. Emails will only be learnt once. If you re-run the commands on the same emails they will not be learnt again.
  2. Emails will not be deleted from these folders so you’ll need to set up data retention rules.

Learn SPAM messages for a specific mailbox folder ‘Spam Training’

30 03 * * * L=/var/log/spam_train.log && echo `date` >> $L && sa-learn --spam --showdots /mailvol/jamescoyle.net/james.coyle/Maildir/.Spam\ Training/cur/ >> $L

Learn Ham messages for a specific mailbox folder ‘Spam Training’

30 03 * * * L=/var/log/spam_train.log && echo `date` >> $L && sa-learn --ham --showdots /mailvol/jamescoyle.net/james.coyle/Maildir/.Ham\ Training/cur/ >> $L

Search all users for a folder called ‘Spam Training’ and learn them as SPAM

Note: this could be process intensive for large mailboxes. 

30 03 * * * L=/var/log/spam_train.log && echo `date` >> $L && find /mailvol/jamescoyle.net/* -name '*Spam Training' -exec sa-learn --spam --showdots {}  >> $L \;

 


How To Change The Zentyal Certificate Algorithm From SHA-1 To SHA256

Get Social!

logo-zentyal-blackAs of Zentyal version 4.2 the bundled certificate authority (CA) module is creating signed certificates using the SHA-1 algorithm which is an old algorithm and pretty much deprecated.

Google Chrome, for example, will give a warning when accessing any SSL page that’s encrypted stating that your connection is not secure.

SSL Certificates created now should, as a minimum, use the the SHA256 algorithm to ensure encrypted connections are kept private. To change Zentyal to use the SHA256 algorithm, you’ll need to make a small edit to your openssl.cnf file.

vi /var/lib/zentyal/conf/openssl.cnf

And look for default_md within the file. It will currently show as sha1 like below:

default_md = sha1

Edit the value and enter sha256.

default_md = sha256

You’ll then need to log into the Zentyal Admin site and revoke and re-issue all of your sha1 certificates.

I’ve submitted a pull request on Github to have the default changed for new installations.


Configure Zentyal 4.2 To Move SPAM Email To Junk Folder

Get Social!

logo-zentyal-blackZentyal, the “all-in-one” exchange server replacement and does quite a good job delivering AD-like management and authentication, file shares, email and webmail straight out of the box. The out-of-the-box set-up is a good starting point and most people will be up and running in no time.

Once you start to dig a little deeper into Zentyal’s configuration, and start to use it day-to-day, you’ll notice that a few basic things are missing.

Take for example the email offering – it all works quite nicely until you start to receive SPAM. You may, as I did, enable the email filter ‘Antispam’ to help fight your SPAM problems. The interesting thing with Zentyal is that enabling all of this will enable you to mark messages as SPAM, but not do anything with it. So now all of your users will still have all their messages in their Inbox, just some will have a SPAM rating in their header.

What you really need is to have Zentyal move all of the SPAM marked messages into a Junk folder (which is actually created for all users by default). To do that you’ll need to create your own Sieve rules configuration to move any received email message to the Junk folder. It’s easy enough to do,  with just a few small configuration file changes.

Log onto your Zentyal server using a Terminal and open the dovecot.conf configuration file using your favourite file editor.

vi /etc/dovecot/dovecot.conf

Add the following code in the ## Plugin settings section at the bottom of the file:

plugin {
    sieve = ~/.dovecot.sieve
    sieve_global_path = /etc/dovecot/sieve/default.sieve
    sieve_dir = ~/sieve
    sieve_global_dir = /etc/dovecot/sieve/global/
}

Create the global directory, if it doesn’t already exist:

mkdir -p /etc/dovecot/sieve/global

And add your Sieve rule file to move all incoming email into the Spam/ Junk folder which has the X-Spam-Flag set by SpamAssassin:

require ["fileinto"];
# rule:[SPAM]
if header :contains "X-Spam-Flag" "YES" {
        fileinto "Spam";
}

Finally you’ll need to restart dovecot for the changes to be picked up.

service dovecot restart

And that’s all there is too it. All new SPAM mail will be moved directly into the Spam/ Junk folder.


Visit our advertisers

Quick Poll

Do you use ZFS on Linux?

Visit our advertisers