dspam integration with dovecot

In a previous message I spoke about training dspam automatically. The script I posted there works, but it’s not brilliant so I started looking for other ways of achieving spam training from the client.

Whilst looking for alternatives I found the dovecot antispam plugin which seems almost perfect. Configure a spam folder (I called mine “Junk” to integrate with Thunderbird) and it will detect when the user moves mail in or out of the folder. This automatically trains as ham or spam, depending on the direction mail is moved.

I grabbed a source tarball from the website and started there. Installing is simple:

  1. After extracting, copy defconfig to .config
  2. Edit .config to set the user and enable the backends you require
  3. Run make and then make install (as root, obviously)
  4. Edit the dovecot configuration to set plugin configuration

I chose the dspam-exec backend, but read the documentation before using it as it will spawn the dspam binary for each mail moved in.

You should ensure that the user that the dspam-antispam plugin runs as is trusted by dspam (edit /etc/dspam/dspam.conf and ensure there is a Trust <user> line) and does not violate dovecot security settings (set at compile time). On Debian, this seemed to mean running the plugin as root.

Editing the dovecot configuration includes enabling the plugin in the protocol imap section:

mail_plugins = antispam

And, for the dspam-exec plugin, configuring it like so:

# Which folder the antispam plugin monitors
antispam_spam = Junk
# Antispam trash folder
antispam_trash = trash;Trash;Deleted Items;Deleted Messages

antispam_signature = X-DSPAM-Signature
antispam_signature_missing = move

# dspam-exec plugin

# dspam binary
antispam_dspam_binary = /usr/bin/dspam

# semicolon-separated list of extra arguments to dspam
# (default unset i.e. none)
antispam_dspam_args = --deliver;--user;%u
# antispam_dspam_args = --deliver=;--user;%u  # % expansion done by dovecot
# antispam_dspam_args = --mode=teft

This seems to be the minimum to get the dspam-exec backend working. Note that configuration for other options will be different, if somebody fancies sharing a configuration that sends mail to <user>[email protected]<domain> I’d be very grateful 😄

Thanks to Johannes for writing this plugin.

David Cannings
Cyber Security Geek

My interests include computer security, digital electronics and writing tools to help analysis of cyber attacks.