Ipurge

No, it’s not another Apple app, it’s an handy tool that comes with the Cyrus mailserver package to delete mail from IMAP mailboxes. I have setup two entries to get rid of unnecessary messages from the spam and trash folders for all users.
The following rules have been added to the EVENTS list on /etc/cyrus.conf.


# purge trash messages older than 2 weeks
purgetrash      cmd="/usr/sbin/ipurge -X -d 14 -f user.*.Trash" at=0600
# purge spam messages older than 4 weeks
purgetrash      cmd="/usr/sbin/ipurge -X -d 28 -f user.*.Spam" at=0630
[/code]

It took me some time to figure out the correct matching pattern and at first I was a little bit scared to use the -f option. The man page for ipurge says "-f Force deletion of mail in all mailboxes." But you'll need it, without it won't work.

I like this way of cleaning up!

iXhash does a good job

Some weeks ago I installed the iXhash spamassassin plugin and the spamtagging became noticeable better. Just look at the spam stats page.
What is does is it creates md5 checksums of parts of the body of an email and compares them to those of tagged spam using DNS.

Installation is very easy, just follow the online documentation. The default scores for the four zones are a on the safe site, so after I had monitored the results for a week I raised the scores to 1.5 for all zones.

Below you can see the result of a debug test to see if iXhash is working correctly. At the end of the test you’ll find an short explanation on how it works.

[code lang=”text”]
# spamassassin -D IXHASH < iXhash.eml [4346] dbg: IXHASH: Using iXhash plugin 1.5.5 [4346] dbg: IXHASH: IxHash querying ctyme.ixhash.net [4346] dbg: IXHASH: Computed hash-value cbdc00eaaf002aad4448b75f47a9784f via method 1, using perl exclusively [4346] dbg: IXHASH: Now checking cbdc00eaaf002aad4448b75f47a9784f.ctyme.ixhash.net [4346] dbg: IXHASH: Computed hash-value 464d43b6999bdbdf6071b8b1d3f9a525 via method 2, using perl exclusively [4346] dbg: IXHASH: Now checking 464d43b6999bdbdf6071b8b1d3f9a525.ctyme.ixhash.net [4346] dbg: IXHASH: Computed hash-value b02ad35492c64f721e97e9a2f63b700c via method 3 [4346] dbg: IXHASH: Now checking b02ad35492c64f721e97e9a2f63b700c.ctyme.ixhash.net [4346] dbg: IXHASH: IxHash querying hosteurope.ixhash.net [4346] dbg: IXHASH: Hash value for method #1 found in metadata, re-using that one [4346] dbg: IXHASH: Now checking cbdc00eaaf002aad4448b75f47a9784f.hosteurope.ixhash.net [4346] dbg: IXHASH: Hash value for method #2 found in metadata, re-using that one [4346] dbg: IXHASH: Now checking 464d43b6999bdbdf6071b8b1d3f9a525.hosteurope.ixhash.net [4346] dbg: IXHASH: Hash value for method #3 found in metadata, re-using that one [4346] dbg: IXHASH: Now checking b02ad35492c64f721e97e9a2f63b700c.hosteurope.ixhash.net [4346] dbg: IXHASH: IxHash querying generic.ixhash.net [4346] dbg: IXHASH: Hash value for method #1 found in metadata, re-using that one [4346] dbg: IXHASH: Now checking cbdc00eaaf002aad4448b75f47a9784f.generic.ixhash.net [4346] dbg: IXHASH: Received reply from generic.ixhash.net:127.0.0.2
[4346] dbg: IXHASH: IxHash querying ix.dnsbl.manitu.net
[4346] dbg: IXHASH: Hash value for method #1 found in metadata, re-using that one
[4346] dbg: IXHASH: Now checking cbdc00eaaf002aad4448b75f47a9784f.ix.dnsbl.manitu.net
[4346] dbg: IXHASH: Hash value for method #2 found in metadata, re-using that one
[4346] dbg: IXHASH: Now checking 464d43b6999bdbdf6071b8b1d3f9a525.ix.dnsbl.manitu.net
[4346] dbg: IXHASH: Hash value for method #3 found in metadata, re-using that one
[4346] dbg: IXHASH: Now checking b02ad35492c64f721e97e9a2f63b700c.ix.dnsbl.manitu.net
X-Spam-Virus: No
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on vleeuwen.net
X-Spam-Level: **
X-Spam-Status: No, score=2.0 required=5.0 tests=BAYES_50,GENERIC_IXHASH,
MISSING_DATE,NO_RECEIVED,NO_RELAYS autolearn=no version=3.2.5
From: “iXhash plugin test mail”
Message-ID:
To: admin@testsite.com
Subject: iXhash plugin test mail







This is an e-mail designed to test the iXhash plugin’s functionality.

If you run this mail through SpamAssassin (using ‘spamassassin -D IXHASH < iXhash.eml', you should see the plugin score with the list 'generic.ixhash.net'.
This is because the hashes this mail generates ( cbdc00eaaf002aad4448b75f47a9784f and 464d43b6999bdbdf6071b8b1d3f9a525 ) are permanently listed on that list.
Apart from that this mail is of no use.


#
[/code]

Just checking this with a manual DNS lookup:
[code lang=”text”]
$ host cbdc00eaaf002aad4448b75f47a9784f.generic.ixhash.net
cbdc00eaaf002aad4448b75f47a9784f.generic.ixhash.net has address 127.0.0.2
$
[/code]

What a surprise, it turns out to be a valid A record. The iXhash will tag the email with the score you set for ‘GENERIC_IXHASH’.

Sendmail and Realtime Blackhole lists

I’ve just updated my sendmail.mc with some RBL’s checks (dnsrbl feature) which is working out quite well. By using Sendmail with dnsrbl checks instead of a anti-spam program such as Mailscanner which also uses the same RBL mechanism you take the advantage of Sendmail dropping the connection before receiving the email. In this case you are not only reducing the amount of spam, but also the system resources and bandwidth.
Hopefully we’ll notice a slight drop in the spam stats I am collecting recently.

If this sounds interesting to you, have a look at the  cf/cf/knecht.mc file which comes with your distribution for more information.

Currently I am using the following dnsrbl checks:
[code lang=”bash”]
FEATURE(`dnsbl’, `dnsbl.sorbs.net’, `”550 Mail from ” $`’&{client_addr} ” refused – see http://www.dnsbl.sorbs.net/”‘)
FEATURE(`dnsbl’, `sbl-xbl.spamhaus.org’, `”550 Mail from ” $`’&{client_addr} ” refused – see http://www.spamhaus.org/sbl/”‘)
FEATURE(`dnsbl’, `bl.spamcop.net’, `”450 Mail from ” $`’&{client_addr} ” refused – see http://spamcop.net/bl.shtml”‘)
FEATURE(`dnsbl’, `dnsbl.njabl.org’, `”550 Mail from ” $`’&{client_addr} ” rejected – see http://njabl.org/”‘)
[/code]