kopano antispam and antivirus

does kopano have a antivirus option? incl attachment blocking?

@ckruijntjens
this is not answering your question, but I do attachmentblocking via postfix mime_header_checks.

Perhaps this is what you search for: https://documentation.kopano.io/kopanocore_administrator_manual/special_kc_configurations.html?highlight=spamd#configuring-kopano-spamd-for-automatic-spam-ham-learning

@ckruijntjens Kopano does not have built-in antivirus or antispam blocking - but it works well with tools such as amavis with spamassassin and clamav.

for our customer we use a relaysever with https://www.mailscanner.info/ in combination with kopano this works also good as an alternative.

I use mailscanner on centos together with relaydelay (greylisting) and things like pyzor / razor (if I remember correctly) and others.

Thank you all for your reply’s

ive linked the mailscanner (spamassassin DB ) base to the kopano spam setup train works great.

hi @thctlo

Do you got any documentation on how to do this?

Hi @ckruijntjens

Have a look at Rspamd. Very versatile solution for filtering spam based on many different factors (DNSBL, IP reputation, SPF, DKIM, DMARC, Bayes, Fuzzy hashes, phishing checks, …). Can be used together with several anti virus engines (Sophos, Clam AV, …). Mails containing attachments with blacklisted extentions can be rejected (with multimap module). Can easily be integrated with kopano-spamd. Works great for me.

hi @ashceryth

thanks for the information. i will definitly loop into this!

@ashceryth

Is there anything special we need to configure to let kopano-spamd work with rspamd?

@ckruijntjens

You can use it together with inotify-spamlearn.py script (https://github.com/bkram/inotify-spamlearn). Do you want to run Rspamd on the same host as Kopano or on a different machine? Assuming Rspamd is running on the same host the following settings for spamcmd and hamcmd should work (untested):

spamcmd = /usr/bin/rspamc learn_spam
hamcmd = /usr/bin/rspamc learn_ham

Edit:
If Rspamd runs on a different host than the Kopano installation my modified version of inotify-spamlearn (https://github.com/ashceryth/inotify-spamlearn/blob/master/inotify-spamlearn.py) can be used with curl for learning (tested):

spamcmd = /usr/bin/curl --data-binary @- https://rspamd.host/learnspam?password=pass
hamcmd = /usr/bin/curl --data-binary @- https://rspamd.host/learnham?password=pass

slightly unrelated question: is rspamd better than spamassassin (which is the one I use)?

@mcostan

There is a comparison on their website: https://rspamd.com/comparison.html

I was using AMaViS with SpamAssassin and switched to Rspamd a while ago. I prefer the latter because it is more modern, performant and versatile . I like that it can be integrated with Postfix via Milter (so that mails can be rejected before queuing them) by default (well, can also be done with amavisd-milter). If you utilize DKIM and DMARC you don’t need additional tools like opendkim and opendmarc anymore. There are already modules for Rspamd which can be used for signing, checking and reporting. Filtering works better (for me) as there are more factors that contribute to the spam score of a mail. There are official repos with frequent updates. Personally, I would always prefer Rspamd over SA.

Hi,

now i run efa project and think i want to run this a little longer. can I let kopano-spamd learn efa. So that if i drag a mesage to the spam folder that my efa appliance detects this?

My second question is that i can not get inotify-spamlearn working. i think i have an older pyton version? i am on centos 7. anyone has experiense with this?

If you drag a mail from your inbox to the junk folder kopano-spamd saves the raw mail to the spam directory specified in spamd.cfg. When a mail is moved from junk folder to inbox (ham) the mail is stored in the configured ham directory. The mails can then be picked up and used for learning spam/ham. One way to pickup these mails and hand them to your spam filter for learning is inotify-spamlearn script. Inotify-spamlearn simply monitores the directories for new mails and executes the learning command for each of them.

You need python3 for inotify-spamlearn. You also need to install python3 version of inotify module with pip.

@ashceryth

Hi thanks for your reply. The only thing i am missing now is how can i tell that spamassasin, efa is on a different machine?

I’m not familiar with efa. Is it just using SpamAssassin and can you simply use the sa-learn command? If yes, you could use ssh and pipe the mail over ssh to the sa-learn command on the efa host. Maybe there are also other and better possibilities…

You could try to use something like /usr/bin/ssh amavis@your.spamassassin.host /usr/bin/sa-learn --spam as spamcmd (haven’t tested it this way, but used something similiar a while ago) with my version of the script. Authentication can be done with ssh pub-key.

This version of inotify-spamlearn pipes the content of the mail to the specified spamcmd/hamcmd in the config file: https://github.com/ashceryth/inotify-spamlearn/blob/master/inotify-spamlearn.py

@ashceryth

im thinking of installing rspamd for a try. i am now installing this. however how i we install python 3 on centos 7 for the other package with the modules? (Inotify-spamlearn)

i also have a question about rspamd. i cant get the webui working. i followed the quick tutorial but can not connect to my internal ip port 11334

also i install python 3.6 and with pip i installed inotify. however the module still can not be found?

any tips on this one?