Sendmail Maildrop Spam Assassin

Years ago, I set up a qmail/vpopmail server for a small business, but found that it was a bit of a hassle to set up on Debian. Also, using vpopmail was a bit of a waste of time when there were only three mail users in one domain. After encountering a qmail quirk that meant that large DNS responses were dropped (which has been patched, but this meant I'd have to recompile everything), I decided to convert them over to Sendmail.

A decision was made was to just use Unix users for authentication. This was mostly because there are only three users, so anything else was overkill.

I ran in to all sorts of annoying problems. The solutions are listed here!

"handle_user: unable to find user"

SpamAssassin was having trouble with Sendmail aliases and returning a "handle_user: unable to find user" error, because it didn't know how to map the alias to the real user.

Configure spamass-milter with the -x command line, which does the alias expansion for you. In /etc/default/spamass-milter:

 OPTIONS="-u spamass-milter -i -x"

According to the Debian docs, you also have to do:

 adduser spamass-milter smmsp

Maildrop and creation of Maildirs

I thought I'd use Maildrop instead of procmail because I was very tired and thought that it would save me the hassle of automatically creating Maildirs. I now have no idea what made me think it would do this!!

My final /etc/maildroprc looks like


`test -d "$HOME/Maildir/"`
if ( $RETURNCODE == 1 )
	`/usr/bin/maildirmake $HOME/Maildir/`

`test -d "$HOME/Maildir/.SPAM/"`
if ( $RETURNCODE == 1 )
	`/usr/bin/maildirmake $HOME/Maildir/.SPAM/`

if ( /^X-Spam-Status: Yes/ )
	to "$HOME/Maildir/.SPAM/"

It was totally necessary to ensure that the SPAM folder existed before putting things in it. Annoyingly, the Maildrop logging is very poor indeed. Even if you have a a logfile configured, exceptions are not logged, so you're left guessing why things didn't work. If you have an exception {} clause, it's impossible to distinguish a bad regular expression from some other error because mail is happily delivered to the default location. I don't think I'd bother using Maildrop ever again.

Outlook clients keep sending ms-tnef/winmail.dat attachments

For some reason Outlook kept sending these unreadable attachments and the usual settings didn't seem to help, so I did the following:

  • Install mimedefang, libfile-type-perl and libconvert-tnef-perl
  • Add mimedefang milter configuration from README.Debian to
  • Replace mimedefant-filter's filter sub with the one from Replace winmail.dat TNEF Attachments with Encoded Contents
  • Disable spam checking by adding the line $Features{"SpamAssassin"} = 0; to (since I'm using spamass-milter already)

Strip domains from dovecot usernames

With vpopmail, IMAP usernames were the complete email address. By default when using the Unix password database, Dovecot didn't like seeing the domain part. Complicating the issue was the fact that one user had a different domain name in their login (which has long since lapsed). Rather than get them to change it, I worked out that Dovecot had a nice option for modifying usernames:

 auth_username_format = %n

This converts an incoming foo@bar to foo, no matter what bar is.

Another thing that gets me pretty much every time with Dovecot is plaintext authentication. By default it is disabled, but since it's a hassle organising certificates and such, and because users have to go through a VPN if they want to check mail externally anyway, just turn it on:

 disable_plaintext_auth = no