Unjunkmgr

From SME Server
Revision as of 11:07, 11 May 2010 by Timn (talk | contribs) (categorisation)
Jump to navigationJump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Maintainer

This contrib has been developed by Jesper Knudsen

Description

I have for a long time had ”customers” that POP’ed emails from my servers and that therefore did not have a good chance to see and/or retrieve emails that had been sorted to the junkmail folder by SpamAssassin. The same actually goes for IMAP users that often forgot to look the junkmail folder when they thought emails were missing.

I have therefore made a junkmail manager that on a weekly basis sends out a summary email to all users with a list of emails that have been sorted into the junkmail folder the recent week.

If the user wishes to get one of these emails sent to the users inbox he/she can push the “UnJunk” link to the left. The system will, if UnJunk is pressed, teach SpamAssassin via the “sa-learn” command that this can be considered as “ham” next time. This means that it’s more likely that an email from this sender or with this content will pass the spam check next time.

The Summary email that arrives per default Fridays at 1PM looks something like this:

Emailsummary.jpg

Installation

The package needs the Perl-MIME-Lite package to be able to send out HTML formatted emails and MRTG to create the statistics graphs. These packages are available from smecontribs and base respectively.

wget http://distro.ibiblio.org/pub/linux/distributions/smeserver/contribs/swerts-knudsen/SME7/UnJunkMgr/sme-unjunkmgr-1.1.3-1.noarch.rpm
yum  --enablerepo=smecontribs --enablerepo=base localinstall sme-unjunkmgr-1.1.3-1.noarch.rpm

Upgrading

wget http://distro.ibiblio.org/pub/linux/distributions/smeserver/contribs/swerts-knudsen/SME7/UnJunkMgr/sme-unjunkmgr-1.1.3-1.noarch.rpm
yum  --enablerepo=smecontribs --enablerepo=base localupdate sme-unjunkmgr-1.1.3-1.noarch.rpm


Important.png Note:
Note that I have found a bug in the older releases (1.0.x) causing updates to fail (main directory will be deleted by post install script...). This means that in order to upgrade to 1.1.3-1 you will need to uninstall the old version first and then do the install of the new. Side effect is that your old log files (statistics) will also be deleted. If you want to avoid this you need to save a copy of all *.old and *.log files within /usr/local/unjunkmgr directory. These can be copied back after install is completed.


Uninstall

You can simply remove the package again with the usual yum command.

yum remove sme-unjunkmgr

NOTE: If you are uninstalling version 1.0.0-1 you also need to also expand templates.

expand-template /etc/crontab
expand-template /etc/httpd/conf/httpd.conf
/etc/rc.d/init.d/httpd-e-smith restart

Configuration

Email Notifications

The UnJunk Manager sends out the summary email every Friday at 1PM to all users with emails stored in their junkmail folder. If you wish the admin account to get copied on all these user emails then this can be enabled/disabled with (default: no):

/sbin/e-smith/db configuration setprop unjunkmgr adminemails <no|yes>

If you just want to use the UnJunk Manager to gather statistics and not send out any summary emails to the users you can disable this functionality with (default: yes):

/sbin/e-smith/db configuration setprop unjunkmgr useremails <no|yes>

How do I configure the UnJunkMgr to use an IP address or a different hostname rather than the primary domain name when it sends out the weekly overview (default: domainname)?

/sbin/e-smith/db configuration setprop unjunkmgr unjunkhost <hostname|IP address>

The summary emails contain a link to an web page where emails can be unjunked (released to he inbox). These URLs cann, by default, only be seen from the local network (IP ranges defined in Local Network in the server-manager) but if you want this to be accessible from remote networks (public access) this can be done via (default: yes):

/sbin/e-smith/db configuration setprop unjunkmgr LocalOnly <no|yes>
expand-template /etc/httpd/conf/httpd.conf
/etc/rc.d/init.d/httpd-e-smith restart

Statistics

The UnJunk Manager also collects statistics on the emails passing through the mail server. This is accessible from:

http://your.domain.com/unjunkmgr

This web page and the unjunk functionality as described above can, by default, only be seen from the local network (IP ranges defined in Local Network in the server-manager) but if you want this to be accessible from remote networks (public access) this can be done via (default: yes):

/sbin/e-smith/db configuration setprop unjunkmgr LocalOnly <no|yes>
expand-template /etc/httpd/conf/httpd.conf
/etc/rc.d/init.d/httpd-e-smith restart

Unjunkwebstat.jpg

An additional feature of the UnJunk Manager is to send the collected statistics to a central statistics central at http://central.swerts-knudsen.dk. The gathering of data is not stressful for the server and the data sent is not sensitive (well in my opinion) and consists of:

  • Amount of emails scanned
  • Number of spam infected (tagged and rejected) or virus infected emails (if virus found the ClamAV name)
  • The version of SME server used
  • Public IP address of server (used to plot in Google Maps on central.swerts-knudsen.com)

Should you want to disable this functionality then this can obviously be done:

/sbin/e-smith/db configuration setprop unjunkmgr statsclient <disabled|enabled>

SpamAssassin bayes filters

The SpamAssassin learning requires that the SpamAssassin bayes filters have been enabled though. How this is done can be read at http://wiki.contribs.org/Email#Setup_Blacklists_.26_Bayesian_Autolearning or through these few shell commands.

config setprop spamassassin UseBayes 1
config setprop spamassassin BayesAutoLearnThresholdSpam 4.00
config setprop spamassassin BayesAutoLearnThresholdNonspam 0.10
expand-template /etc/mail/spamassassin/local.cf
sa-learn --sync --dbpath /var/spool/spamd/.spamassassin -u spamd
chown spamd.spamd /var/spool/spamd/.spamassassin/bayes_*
chown spamd.spamd /var/spool/spamd/.spamassassin/bayes.mutex
chmod 640 /var/spool/spamd/.spamassassin/bayes_*
config setprop spamassassin status enabled
signal-event email-update


Personally I also think that the default 90 days of retention for emails in the junkmail folder is way to long - who bothers to look at 90 days old emails anyways? I run with 15 days of retention on all my installations.

db configuration setprop spamassassin MessageRetentionTime 15  
signal-event email-update 

Unofficial ClamAV signatures

I would also recommend to install the script that downloads all the unofficial ClamAV signatures as these detects not only virus but equally importantly various kinds of malware and spam.

Follow the guide for Additional Virus Signatures to do that.

FAQ

How do I see what this Summary of Junkmail looks like without sending to all my users?

You will need to change config via:

/sbin/e-smith/db configuration setprop unjunkmgr useremails no
/sbin/e-smith/db configuration setprop unjunkmgr adminemails yes
Then launch the reminder manually with: 
/usr/local/unjunkmgr/spamreminder.pl

All the summary emails will now be sent to “admin”.

How do I change when the reminder email is sent out?

Currently this requires a manual change. Open in you preferred editor:

/etc/e-smith/templates-custom/etc/crontab/unjunk

Add extra lines to have reminder sent out more often or change the hour/day in the last line with the $OUT - Change the "5" to "1" for Monday rather than Friday.

{
   use esmith::ConfigDB;

       my $dbh = esmith::ConfigDB->open() || die "Unable to open configuration dbase.";
       my %sa_conf = $dbh->get('unjunkmgr')->props;

       while (my ($parameter,$value) = each(%sa_conf)) {
         if ($parameter eq 'enabled') {
          $enabled = $value;
         }
       }

       $OUT = "";
       if (uc($enabled) eq 'YES') {
        $OUT .= "# Schedule the UnJunk every 5 minutes\n";
        $OUT .= "0-59/5 * * * * root /usr/local/unjunkmgr/spamchanger.pl -file=/tmp/unjunk.file\n";
        $OUT .= "\n";
        $OUT .= "# Schedule the weekly Blocked Junk Summary to arrive at 1PM Friday\n";
        $OUT .= "0 13 * * 5 root /usr/local/unjunkmgr/spamreminder.pl\n"; # Friday
       }
}

See the following schema for modifying the job scheduling:

*     *     *     *     *  command to be executed

|     |     |     |     |
|     |     |     |     +----- day of week (0 - 6) (Sunday=0)
|     |     |     +------- month (1 - 12)
|     |     +--------- day of month (1 - 31)
|     +----------- hour (0 - 23)
+------------- min (0 - 59)

For example, the original entry:

$OUT .= "0 13 * * 5 root /usr/local/unjunkmgr/spamreminder.pl\n"; # Friday

is set to run at 13:00 (1pm) on Friday of every week, to change it to say run at 4:30pm Monday to Friday:

$OUT .= "30 16 * * 1-5 root /usr/local/unjunkmgr/spamreminder.pl\n"; # Monday to Friday

To see more detail on crontab scheduling see [1]

Then expand templates

expand-template /etc/crontab

How do I report a problem or a suggestion?

This contrib has not yet been created in the bugtracker so just send an email to mailto:contribs@swerts-knudsen.dk

Revisions

Release Changes
1.0.0-1 First release
1.0.1-1 Updated web overview to have virus rigth and spam to the left.

Fixed regex causing some warning messages during weekly spamreminder run if email subject were empty

Improved uninstall to clean up properly

1.1.0-1 Updated statistics overview to use pie charts for spam and different tables for virus found

Added new configuration parameters for most commonly asked changes to avoid hard-coding

Improved log file checks to avoid catching errors and warnings from ClamAV

Generally improved code to remove warnings to admin when sending weekly summary emails

1.1.1-1 Fixed problem with weekly emails (error line 112 in spamreminder.pl)

Fixed problem in post-upgrade script that caused upgrades from earlier versions to fail

1.1.3-1 Now also counting rejected emails that never reaches SpamAssassin (rejected due to missing mailbox, reverse DNS fails, etc.)

Fixed problem using unjunkhost configuration parameter

Updated style sheets (CSS) to show nicely also using IE

Added statistic for top spammed email accounts