[[documentation:anti_spam:spamassassin:sa-learn:msexchange]]
 
Trace: » dccifd_install » examples » quarantine_reports » reject_non_existent_users » sql » index » posting_guidelines » msexchange

How to Teach Bayes Spam from Exchange Users

When you have MailScanner running as your mail gateway/primary anti spam device in front of your Exchange environment you will still get a few spams delivered to your users. What you need is an easy way to harvest these spams from your users and learn them in your bayes database to increase your chances of stopping them in the future. Jeff Mills has provided me with a method to easily achieve this, which I will document below.

Exchange 1. Create a new public folder – I called mine SPAM. 2. Set the permissions. a. You or your admin group need Owner access. b. Default should be Contributor with only Create Items checked. (during testing change Default to None and list your team with Contributor) This will allow your users to drag and drop spam onto the folder, but not open it and view potentially offensive content. c. Create a MailScanner user and give delete access to this public folder.

MailScanner 1. Make sure Python is installed 2. Create yourself a script with the code from Appendix A and change the Servername to your Exchange server, Public Folder Name created in step1 and MailScanner Username and Password you create in step 2c.

That’s it.

Now you can drop some spam into the spam folder and run your script, check the log, default is /var/log/learn.sa.log and see what the result was. Note that if you run the script twice on the same emails they will not be learned twice and your logs will show 0 learned on the second pass. Use new spam for each test.

Notes You could cron the script to run regularly, but suggest having a quick look over the spam folder first to ensure that users aren’t adding email from the boss etc. You could also change the commands in the script to learn HAM if you had a need. I have tested this on Exchange 2003 only

Still Needed If there is any changes required to spam.assassin.prefs.conf to not learn local headers or anything could some one please add that?

Appendix A (the script) 

#!/usr/bin/env python
import commands, time
import imaplib
import StringIO, rfc822

# Set required variables
PREFS = "/opt/MailScanner/etc/spam.assassin.prefs.conf"
TMPFILE = "/var/tmp/salearn.tmp"
SALEARN = "/usr/bin/sa-learn"
SERVER = "x.x.x.x"
USER  = "someuserwithaccesstopublicfolder" 
PASSWORD = "somepassword"
LOGFILE = "/var/log/learn.spam.log"
log = file(LOGFILE, 'a+')
log.write("\n\nTraining SpamAssassin on %s at %s\n" % (time.strftime("%Y-%m-%d"), time.strftime("%H:%M:%S")))
 
# connect to server
server = imaplib.IMAP4(SERVER)
 
# login
server.login(USER, PASSWORD)
# Set your public spam folder name here 
server.select("Public Folders/Spam")
 
# Get messages
typ, data = server.search(None, 'ALL') 
for num in data[0].split():
        typ, data = server.fetch(num, '(RFC822)') 
        tmp = file(TMPFILE, 'w+')
        tmp.write(data[0][1])
        tmp.close()
        log.write(commands.getoutput("%s --prefs-file=%s --spam %s" % \  
                (SALEARN, PREFS, TMPFILE))) 
        log.write("\n") 
        # Mark learned spam as "Deleted" 
        server.store(num, '+FLAGS', '\\Deleted') 
# Delete messages marked as "Deleted" from server uncomment the following line
#server.expunge() 
server.logout()
 
documentation/anti_spam/spamassassin/sa-learn/msexchange.txt · Last modified: 2009/12/10 08:25 by newacct
 
Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki