Beating Spam and Viruses with amavisd-new and Maia Mailguard
Maia's Web-based interface lets users authenticate against a variety of sources, including a POP3 or IMAP server, an LDAP server, an external SQL database or Maia's own internal database. Users can be added manually by an administrator or automatically when mail arrives for a local address that Maia hasn't seen before.
Users can have multiple e-mail addresses linked to their accounts, but each e-mail address has its own content-filtering settings (Figure 1). Users can add and remove addresses from their whitelists and blacklists with the Web interface (Figure 2), while administrators manage domain-level and system-wide settings from another set of Web pages (Figure 3). Statistics are maintained for all four of amavisd-new's mail types, as well as blacklisted and whitelisted items, oversized items, false positives and false negatives (Figure 4). Other tables keep track of viruses by type and by how often specific SpamAssassin rules are triggered. Graphical charts can be generated on the fly from this data or generated as static pages at scheduled intervals.
Thanks to the fact that Maia puts quarantine management and content-filtering controls in the hands of users themselves, there isn't a lot of work left for administrators to do on a day-to-day basis. With Maia's Perl scripts running at scheduled intervals to report user-confirmed spam and to expire old quarantine items, the system all but manages itself.
When mail gets quarantined on behalf of a user, it's important that the user has a convenient way to access that mail. Maia provides a list of the items in a user's quarantine, sorted by spam score so that the items most likely to be there by mistake—the false positives—are kept closer to the top of the list and are easier to spot (Figure 5).
If you're not sure from the subject line whether the mail is legitimate, you can click on the subject to open the e-mail in Maia's mail viewer (Figure 6). The mail viewer is safe to use on all types of mail, as it doesn't decode most attachments but does block remote images and strip away HTML tags that could redirect you to another site. You can view the mail in its decoded form or in its raw form, complete with all of the original mail headers.
If you decide that the mail is legitimate after all, you can click a button to rescue the item from your quarantine and have it delivered to you. At the same time, Maia tells SpamAssassin about the mistake; the Bayesian learning system is less likely to make the same mistake in the future. You also can configure Maia to add the sender's address to your whitelist automatically when you rescue an item in this manner.
In addition to the quarantine, Maia offers a ham cache, which essentially is a list of the legitimate mail that you've received recently (Figure 7). The purpose of the ham cache is to let you report spam that somehow got past the filters—the false negatives. By marking these items properly as spam, you help to train SpamAssassin's Bayesian learning system.
The quarantine and ham cache also provide a means for you to confirm the status of the mail you've received. This not only helps train the Bayesian learning system, it also makes it possible to report spam properly, because it's been confirmed by a human being.
Free DevOps eBooks, Videos, and more!
Regardless of where you are in your DevOps process, Linux Journal can help!
We offer here the DEFINITIVE DevOps for Dummies, a mobile Application Development Primer, and advice & help from the expert sources like:
- Linux Journal
- Users, Permissions and Multitenant Sites
- New Products
- Flexible Access Control with Squid Proxy
- Security in Three Ds: Detect, Decide and Deny
- High-Availability Storage with HA-LVM
- Tighten Up SSH
- DevOps: Everything You Need to Know
- Solving ODEs on Linux
- Non-Linux FOSS: MenuMeters
- March 2015 Issue of Linux Journal: System Administration