3

So here's the deal.

Basically, I am looking for a convenient way to get spam from my Exchange 2010 mail server to my spam filter/proxy (whatever you want to call it) in a mail format for SpamAssassin to do its Bayesian filtering (Maildir or Mbox apparently).

I have created a gateway that filters mail and then passes it through to my Exchange server, as per this tutorial. From the research I have done it should be easy to apply the Bayesian filtering once the mail is in a format that it knows how to use:

sa-learn -mbox --spam ~/mbox/spam ~/mbox/bad-spam

Essentially, SpamAssassin needs a certain number of SPAM and HAM emails to do its thing and was thinking I could have users dump their emails into this public folder.

My initial inclination was to use something like IMAP2mbox and then dumping it into a directory on the SpamAssassin gateway. Therein lies my problem, it seems that this has become tricky to do with Exchange Server 2010 as there is no longer support for IMAP public folders built in.

I am stumped trying to come up with a way to get spam emails from my Exchange server into a format that SpamAssassin can use.

I am guessing there is a similar way to do this, but I'm not sure where to look next.

jmreicha
  • 791
  • 1
  • 16
  • 29
  • Are you looking for an automatic way of copying messages out of your exchange mailboxes to your spamassassin machine - e.g. reading the "SPAM" folder where your users move SPAM mails to? – the-wabbit Oct 12 '11 at 10:31
  • @syneticon-dj more or less yes. From what I have read I should be able to feed it >200 spam messages and it should start working. Either finding a way to automatically copy the spam folder or just copying the messages over at once would make me happy. – jmreicha Oct 12 '11 at 13:30

2 Answers2

4

Exchange 2010 might allow using the domain/user/mailbox notation for accessing foreign user's mailboxes through IMAP. According to KB937359 this feature was originally removed from Exchange 2007, but re-introduced in SP1 Rollup 4. So it would be worth a try.

There is also DavMail which might be of some help - it gateways standard internet mail protocols through to Exchange over WebDAV or EWS. I have not tried, but accessing other user's mailboxes might work there using the DOMAIN\USERNAME\MAILBOX notation, public folders are apparently accessible as well.

The basic idea how to get the spam mail into SA is to simply set up fetchmail on your Postfix/Amavisd-Box to retrieve it and feed it to sa-learn. Make sure to specify the right database path for sa-learn so your updated bayes database is actually used by amavis. On an Ubunty system the command to do this should look like this:

/usr/bin/fetchmail -a -n -m '/usr/bin/sa-learn --dbpath /var/lib/amavis/.spamassassin' --spam

with your .fetchmailrc containing the necessary information for username, password, mailbox to access and the folder to fetch:

poll your.exchange.server protocol IMAP user "DOMAIN/spamadmin/user1" with password "spamadmin-password" folder "SPAM"
poll your.exchange.server protocol IMAP user "DOMAIN/spamadmin/user2" with password "spamadmin-password" folder "SPAM"
poll your.exchange.server protocol IMAP user "DOMAIN/spamadmin/user3" with password "spamadmin-password" folder "SPAM"

Specifying the -v parameter for the fetchmail command and the -D parameter for sa-learn will give you some debug output. The fetchmail docs contain more useful information and some examples for a working fetchmail configuration.

the-wabbit
  • 40,319
  • 13
  • 105
  • 169
  • I'll take a look at that, thanks. The DavMail route may be more than I am willing to put up with to get this to work. – jmreicha Oct 12 '11 at 14:19
  • I haven't given up on this yet and want to get you some points, but I don't think I am going the DavMail route. I have learned that Exchange 2010 doesn't support IMAP public folders but I may be able to download an entire IMAP inbox in Firebird. What if anything can I do from that point? I feel like I'm close here. – jmreicha Oct 17 '11 at 15:44
  • I've added some information to the original answer, you should be able to work from there. – the-wabbit Oct 17 '11 at 21:36
  • Almost there, how do I tell fetchmail to use port 993? Oops, nevermind. adding 'port 993' fixed it. – jmreicha Oct 18 '11 at 15:47
  • One more tiny problem. When I attempt to download the messages fetchmail hangs up on the user name. It looks like user@mail.domain.com but it should be user@domain.com. Suggestions? – jmreicha Oct 18 '11 at 16:12
  • The username should be DOMAIN/user/mailbox - note that you can use any "user" as long as he has been granted access to the foreign user's "mailbox" (either through Outlook or by giving him full mailbox access through the Exchange management console or PowerShell). – the-wabbit Oct 18 '11 at 17:34
  • It acts like it is going to fetch the mail from my Exchange server but at the very end spits out an error message, fetchmail: MDA error while fetching from domain/user@server. Should I just open a new question? – jmreicha Oct 18 '11 at 18:45
  • Ok, I got it figured out. It was a facepalm moment. Thanks for all your help. – jmreicha Oct 18 '11 at 18:56
1

For my SBS2011 / Exchange 2011 20-person office server, I purchased the $100 license to Exchange Server Toolbox, which shoves Spam Assassin inline with Exchange's hub transport and augments Exchange's built-in Content Filtering.

I get fully configurable Spam Assassin, header and subject rewriting, and a secret backup of all messages that have passed through Exchange as .eml files.

I guess this sounds like a slashvertisement, but srsly this $100 gizmo works really keen for me.

mgorven
  • 30,036
  • 7
  • 76
  • 121
Presence
  • 11
  • 1