≡ Menu

per-user spamassassin preferences in ldap with mimedefang

[This page originally lived at http://www.natecarlson.com/linux/mimedefang-ldap-prefs.php. I am working on migrating all content over to WordPress, which is why this post exists. This document is mostly up-to-date; please leave a comment with any changes!]

This document describes how to set up my patches for Mimedefang which allow you to store per-user preferences for SpamAssassin in LDAP. If you run into any problems, please drop me an e-mail at ipsec@natecarlson.com

First of all, let’s go over some background info on Mimedefang, in case you’re not familiar with it. Mimedefang is a program that ties into Sendmail using the Milter API. It allows you to do basically whatever type of filtering you’d like in Perl. It has built-in ties to SpamAssasin, virus scanners, and many other useful programs. More information is available at the web site.

Note that the authors of Mimedefang do offer a commercial program called Can-It Pro! that integrates per-user preferences, per-user bayesian filters, and many other nice features with a slick web front-end. This is available from Roaring Penguin, at http://www.roaringpenguin.com. If you’d like per-user everything, with a nice management interface, check it out! My previous employer is also a Can-It reseller; if you’d like more information, their site is at http://www.real-time.com.

One of the weaknesses in Mimedefang’s ties to SpamAssassin are that there isn’t any good way to implement per-user preferences and such. SpamAssassin 3.0 and above has support for storing the preferences in LDAP or MySQL, so I figured it was time to try to figure out a method of having per-user preferences. Since my users are already in LDAP, it seemed to make sense to store the preferences in LDAP, so that’s the approach I took. This code should be easily adaptable to store preferences in MySQL instead, though.

Note that this code does not seem to work if enable Mimedefang’s embedded perl interpretor.

Now, to the code!

[ad name=”Google Adsense 728×90″]

Contents:
Download patch, rebuild Mimedefang
Configure SpamAssassin for LDAP preferences
Configure Slapd for LDAP preferences
Configure your mimedefang-filter to use LDAP
Add SpamAssassin Attributes, and test!
My TODO List

Download patch, rebuild Mimedefang

My patch to enable LDAP in Mimedefang is available from:
http://www.natecarlson.com/downloads/mimedefang/mimedefang-sa-prefs-ldap.patch

You’ll need to apply this to the root of the Mimedefang source, and rebuild and reinstall Mimedefang. The patch will also probably apply to /usr/bin/mimedefang.pl, but I haven’t tested that. If you’re a Debian Testing user, I have a deb package available at:
http://www.natecarlson.com/downloads/mimedefang/mimedefang_2.51-2.nc.1_i386.deb

This package is based on Debian’s Mimedefang 2.51-2 package.

Configure SpamAssassin for LDAP preferences

You’ll need to configure SpamAssassin to use LDAP as your preference container. I personally put the configuration in /etc/mail/spamassassin/prefs-ldap.cf. Here’s what I use:

user_scores_dsn ldap://ldap.server/dc=example,dc=com?spamassassin?sub?uid=__USERNAME__
user_scores_ldap_username cn=binduser,dc=example,dc=com
user_scores_ldap_password bindpw

You’ll need to create a user to bind to the LDAP server as, along with a password. I haven’t managed to convince SpamAssassin to do an anonymous bind yet; if you do figure this out, please let me know. This example will search for an entry with the attribute ‘uid’ equal to the username (passed from Mimedefang in the filter section below). Edit as needed.

Configure Slapd for LDAP preferences
You’ll also need to set up the schema for your LDAP server to support the SpamAssassin tag. Based on the sample documentation with SpamAssassin, I edited ‘/etc/ldap/schema/inetorgperson.schema’, and added the following:

spamassassin
see http://SpamAssassin.org/ .
attributetype ( 2.16.840.1.113730.3.1.220
NAME 'spamassassin'
DESC 'SpamAssassin user preferences settings'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

You’ll also need to add ‘$ spamassassin’ to the end of the ‘MAY’ entry at the end of the file. Once you’ve added these entries, restart slapd, and make sure you don’t get any errors.

Configure your mimedefang-filter to use LDAP

The next step is to configure your mimedefang-filter to use the new code.

My patch to the example config file is available from:
http://www.natecarlson.com/downloads/mimedefang/mimedefang-ldap-filter.patch

This should be pretty self-explanitory. Search for XXXXX’s for things you need to fill in (LDAP server and base). My example code will search the ldap server for the first recipient, as ‘mail=mail@domain’ and for just ‘mail=@domain’. You’ll likely want to replace the get_username_ldap subroutine altogether, depending on your needs. Be sure to test your config with ‘mimedefang.pl -test’, and then reload your config.

Add SpamAssassin Attributes, and test!

Once you’ve got all of the above set up, you should be set to go. First thing you’ll want to do is add some SpamAssassin preferences to the LDAP database. You want to add an attribute of ‘spamassassin’ with a value of ‘sa_config_option config_value’. For example, to whitelist mail from ‘user@example.com’ to your user named ‘nate’ in LDAP, you’d add the attribute ‘spamassassin’ with a value of ‘whitelist_from user@example.com’ to the ‘nate’ user. Then, send a mail through, and see if it worked!

My TODO List

  • Write a web-based interface to modify user’s SpamAssassin entries
  • Write better documentation, with more details
  • Add support for MySQL preferences
  • Document using Bayes in MySQL for individual users (it works, just have to config it)
  • Lots more, I’m sure!
{ 0 comments… add one }

Leave a Comment