- configures dovecot to use the spamtest sieve plugins
- configures sieve to read the score from X-Spamd-Result: headers
- before.sieve applies the ${spam_threshold} to the spamtest percentage
- freeposte.db stores a percentage for ${spam_threshold}
- migrate freeposte.db spam_threshold from X/15 to percentages
the filter investigates the overall ratio of the `rspamd` header
`X-Spamd-Result` that looks something like this:
X-Spamd-Result: default: True [12.36 / 15.00]
RBL_SPAMHAUS_XBL(4.00)[]
BAYES_SPAM(3.06)[92.67%]
RBL_SPAMHAUS_XBL_ANY(4.00)[]
ONCE_RECEIVED_STRICT(4.00)[]
HFILTER_HELO_BAREIP(3.00)[]
RBL_SORBS_DUL(2.00)[]
HFILTER_HOSTNAME_UNKNOWN(2.50)[]
RBL_SPAMHAUS_PBL(2.00)[]
RBL_SORBS_RECENT(1.50)[]
MIME_UNKNOWN(0.10)[application/x-rar-compressed]
RDNS_NONE(1.00)[]
RBL_SORBS(0.00)[]
R_SPF_NEUTRAL(0.00)[?all]
ONCE_RECEIVED(0.10)[]
RBL_SEM(1.00)[]
MIME_HTML_ONLY(0.20)[]
RBL_UCEPROTECT_LEVEL1(1.00)[]
MIME_GOOD(-0.10)[multipart/mixed]
the sieve `spamtest :percent :value` in this case would be
100*12.36/15 = 82.4%
A couple of things are important to note for this commit:
- it only implements the new access control for alias and admin management
- the access control code is located in access.py
The idea behind simpler access control is auditability. There have been a
couple of bugs related to functions not checking permissions properly. If
checking permissions is as simple as decorating a function, exporting the
permission scheme for an audit should be simple.
Also, this still does not address the information leakage related to 404 errors
when an object does not exist, independently of permissions the user has over
the domain.
Christoph Rissner