Cyrus on ClearOs 7 - how to teach it about spam and ham

Question

I have recently set up a Cyrus IMAP email system on ClearOs 7 - it is configured as it comes out of the box, to deliver mail locally, and to receive mail for my users from elsewhere.

A lot of spam from people who claim to be Russian has been arriving. It seems to be detected as such (the Subject is prefixed by [SPAM]), but it still appears in the user's inboxes.

Also some ham has been filed in the SPAM folder.

I want to set up a system for the users to tell spamassassin about unrecognised spam, and incorrectly spammed ham. To that end I set up additional folders in each user's mailboxes for Junk and NotSpam. The users move any spam they find in their inbox to Junk, and and normal mail they find in their spam to NotSpam.

I now want to write or find a script which will look in the Junk folder, send the contents to sa-learn --spam, then move the messages to the regular spam folder. It should also look in the NotSpam folder, send the contents to sa-learn --ham, and move them into the inbox.

I have tried to write shell scripts for this, and I have also downloaded and tried to follow sa-learn-cyrus, plus looked at the script I found at wiki.apache.org/spamassassin/RemoteImapFolder.

My script finds the email files OK, and sends them to sa-learn (although I worry that the Spam score and subject alteration should really be reversed before doing this, and I don't know how). I'm stuck on moving the messages to the correct folder, as I suspect a plain Linux mv command will just confuse cyrus, as it has cache, header, index and squat files in the folder, which presumably need to be updated.

sa-learn-cyrus seems to be able to find emails ok, but (as far as I can tell from running it in simulate mode) it does not attempt to move the mails to the right folder, just purges them.

The other script runs OK (after suitable modifications for my setup), but the Junk emails keep reappearing in the inbox.

Specific questions I need to answer are:

1) Why does mail with [SPAM] in the Subject still appear in the INBOX?

2) Is there an existing script which does what I want?

3) What is the proper method to move an email from one mailbox folder to another in Cyrus? Ideally callable from a shell script.

Answer 1

Answers I have found, for posterity:

1) Why does mail with [SPAM] in the Subject still appear in the INBOX?

Cyrus has a built-in filtering system which can redirect mail to folders according to rules you supply. I found on my old server I had set up some rules, but had forgotten all about it.

The rule I needed (for user nikki) was:

# cat spamrule
require                                                   
["fileinto","envelope","reject","vacation","imapflags","relational","comparator-i;ascii-numeric","regex","notify"];
if header :contains "x-spam-flag" "YES" {
  fileinto "user/nikki/SPAM";
  stop;
}

And, when logged in as user nikki, I can add this rule to the system using sieveshell as follows (nb: the sieveshell prompt is >):

sieveshell -u nikki localhost:2000
Please enter your password:
> put spamrule
> activate spamrule
> list
spamrule  <- active script
> quit

Of course, this presupposes you can open a shell for each user (I logged in as root and used su -s /bin/bash - nikki), and that you know each user's password (which I do).

There is a helpful web interface to Cyrus sieve called SmartSieve which I am trying to get working, but struggling with at present. Ideally you would add it to the server webconfig, and let the users alter their scripts themselves.

2) Is there an existing script which does what I want?

I used the script from Apache Spamassassin RemoteImapFolder, slighly modified:

# $u is the user name
/usr/bin/fetchmail -a -s -n -u $u -p IMAP --folder 'INBOX/Junk E-mail' -m 'bash -c "/usr/bin/tee >(/usr/bin/sa-learn --spam --single \
> /dev/null)|/usr/bin/spamc|/usr/lib/cyrus-imapd/deliver -m SPAM '$u'"' localhost 2>/dev/null
/usr/bin/fetchmail -a -s -n -u $u -p IMAP --folder 'INBOX/NotSpam' -m 'bash -c "/usr/bin/tee >(/usr/bin/sa-learn --ham --single \
> /dev/null)|/usr/bin/spamassassin -d|/usr/lib/cyrus-imapd/deliver '$u'"' localhost 2>/dev/null

Improved script

I have approached the idea from a different, and I think better, angle. All mail which SpamAssassin things is spam has an X-Spam-Flag: YES header, and mail which it thinks is ham has a X-Spam-Flag: NO header. So, if I just tell users to move any misfiled mail into the right folder, I can then look through it for headers which don't match the folder.

To that end, I have written a bash script to do that very job, and placed it on GitHub at cyrus-mark-ham-spam.