'[SAtalk] Interesting SA 2.55 issue'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       spamassassin-users
Subject:    [SAtalk] Interesting SA 2.55 issue
From:       "Abel Jeffcoat" <abel () ablecc ! net>
Date:       2003-05-31 22:35:03
[Download RAW message or body]

Hello,

I'm using SA 2.55 on a Red Hat 7.3 Box running Qmail. I just came a cross
something interesting.

I place the following line in my .qmail files:

| Ifspamh e-mail-spam.

So, the e-mail gets filtered through SA, and if it is spam it gets sent to x
address.

Please look at the bottom of this e-mail for the spam message, which
actually got sent to my normal mailbox. I  did the following test. Does
anyone use this setup, and have any ideas?



[abel@ns cur]$ spamassassin -D <1054408756.25809.ns.ablecc.net:2, 2>&1 |
less
debug: Score set 0 chosen.
debug: running in taint mode? no
debug: using "/usr/share/spamassassin" for default rules dir
debug: using "/etc/mail/spamassassin" for site rules dir
debug: using "/home/abel/.spamassassin" for user state dir
debug: using "/home/abel/.spamassassin/user_prefs" for user prefs file
debug: using "/home/abel/.spamassassin" for user state dir
debug: bayes: 28326 tie-ing to DB file R/O
/home/abel/.spamassassin/bayes_toks
debug: bayes: 28326 tie-ing to DB file R/O
/home/abel/.spamassassin/bayes_seen
debug: debug: Only 77 spam(s) in Bayes DB < 200
debug: bayes: 28326 untie-ing
debug: bayes: 28326 untie-ing db_toks
debug: bayes: 28326 untie-ing db_seen
debug: Score set 1 chosen.
debug: Initialising learner
debug: using "/home/abel/.spamassassin" for user state dir
debug: bayes: 28326 tie-ing to DB file R/O
/home/abel/.spamassassin/bayes_toks
debug: bayes: 28326 tie-ing to DB file R/O
/home/abel/.spamassassin/bayes_seen
debug: debug: Only 77 spam(s) in Bayes DB < 200
debug: bayes: 28326 untie-ing
debug: bayes: 28326 untie-ing db_toks
debug: bayes: 28326 untie-ing db_seen
debug: is Net::DNS::Resolver available? yes
debug: trying (3) nytimes.com...
debug: looking up MX for 'nytimes.com'
debug: MX for 'nytimes.com' exists? 1
debug: MX lookup of nytimes.com succeeded => Dns available (set
dns_available to hardcode)
debug: is DNS available? 1
debug: running header regexp tests; score so far=0
debug: running body-text per-line regexp tests; score so far=0
debug: running raw-body-text per-line regexp tests; score so far=4.9
debug: running uri tests; score so far=6.5
debug: uri tests: Done uriRE
debug: running full-text regexp tests; score so far=6.5
debug: Razor2 is available
debug: Razor2 is available
debug: entering helper-app run mode
[28326]: [ 1] [bootup] Logging initiated LogDebugLevel=5 to
razor2 check skipped: Illegal seek Can't locate object method "do_conf" via
package "Razor2::Client::Agent" (perhaps you forgot to
load "Razor2::Client::Agent"?) at
/usr/lib/perl5/site_perl/5.6.1/Mail/SpamAssassin/Dns.pm line 394.
debug: leaving helper-app run mode
debug: Razor2 results: spam? 0  highest cf score: 0
debug: Current PATH is:
/bin:/usr/bin:/usr/local/bin:/usr/bin/X11:/usr/X11R6/bin:/home/abel/bin
debug: DCC is not available: dccproc not found
debug: Pyzor is not available: pyzor not found
debug: all '*To' addrs: abelj@callatg.com abel@ablecc.net
debug: time token found: 29566890 expected (from Date): 29566890: 0
debug: all '*From' addrs: sonjalittleda@freeler.nl
debug: forged_rcvd_trail: entry 0: by=(undef) from=(undef) mismatches=0
debug: forged_rcvd_trail: entry 1: by=ablecc.net from=atgi.net mismatches=0
debug: forged_rcvd_trail: entry 2: by=(undef) from=(undef) mismatches=0
debug: forged_rcvd_trail: entry 3: by=(undef) from=(undef) mismatches=0
debug: running meta tests; score so far=6.5
debug: auto-learn? safety=4, ham=-2, spam=15, body-hits=6.5, head-hits=1.6
debug: auto-learn: currently using scoreset 1.  no need to recompute.
debug: auto-learn? no: inside auto-learn thresholds or safety zone around
required_hits
debug: is spam? score=6.7 required=3
tests=BANG_MONEY,BASE64_ENC_TEXT,CLICK_BELOW,EMAIL_ATTRIBUTION,FREE_CONSULTA
TION,HTML_60_70,HT
ML_IMAGE_ONLY_02,HTML_LINK_CLICK_HERE,HTML_MESSAGE,MIME_HTML_ONLY
Received: from localhost [127.0.0.1] by ns.ablecc.net
        with SpamAssassin (2.55 1.174.2.19-2003-05-19-exp);
        Sat, 31 May 2003 14:56:12 -0700
From: "Sonja Little" <sonjalittleda@freeler.nl>
To: abelj@callatg.com
Subject: Save money!
Date: Sat, 31 May 2003 19:26:25 +0000
Message-Id: <3bed01c327aa$6c5f68a4$d64d2f0d@kr78rv2>
X-Spam-Flag: YES
X-Spam-Status: Yes, hits=6.7 required=3.0
        tests=BANG_MONEY,BASE64_ENC_TEXT,CLICK_BELOW,EMAIL_ATTRIBUTION,
              FREE_CONSULTATION,HTML_60_70,HTML_IMAGE_ONLY_02,
              HTML_LINK_CLICK_HERE,HTML_MESSAGE,MIME_HTML_ONLY
        version=2.55
X-Spam-Level: ******
X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_3ED924FC.B70BE198"

This is a multi-part message in MIME format.

Copy of ifspamh below:

#!/bin/bash
# A wrapper for SpamAssassin suitable for calling from a dot-qmail file
# Version: 1.5
#
# Usage:
#  |ifspamh mail-address
#
# Mail will be reinjected to the given mail-address, with annotatations
# if SpamAssassin thinks that it is a likely spam message.
#
# For example, in your .qmail file:
#    |ifspamh <user>-isspam
#    ./Mailbox
# (or however you want to deliver the mail if it isn't a spam message)
#
# This will forward anything that SpamAssassin deems spam to the
# given address.
#
# in your .qmail-isspam file:
#    ./Mail/isspam
# (or wherever you want to save the Spam mail)
#
# For more details on SpamAssassin, how to set preferences, whitelists,
# etc, see 'Mail::SpamAssassin::Conf(3)' - and put the preferences
# in ~/.spamassassin/user_prefs
#
# For more detail on .qmail files, see dot-qmail(5) and qmail-command(8)
#
# Author: James R Grinter
# jrg@watching.org 24/03/2002
# Last Update: 28/02/2003
# URL: http://www.gbnet.net/~jrg/qmail/ifspamh/
#
# Requires: spamc, spamd, qmail and 822field (from DJB's mess822 package)
# to be installed and working.
#
# Also requires your /bin/sh to have a "printf" available
# (most do, if yours doesn't then consider fetching ksh-93
# from http://www.research.att.com/sw/download/, or using bash)
#
# N.B.
# If you are using vpopmail, make sure you are using at least
# version 5.3.6.
#
# If you want to run SpamAssassin globally for every email, see the
# qmail-spamc/qmail-scanner approach in the qmail/ subdirectory of the
# SpamAssassin distribution
#

# spamc - client location
SPAMC=/usr/bin/spamc
# qmail's forward program location
FORWARDBIN=/var/qmail/bin/forward
# mess822 822field location
M822FIELD=/usr/local/bin/822field

#################################################################
# nothing beyond here should require adjustment
#################################################################

FORWARD="$1"

if [ -z "$FORWARD" ]; then
  echo "Usage: ifspamh [address]"
  exit 111
fi

# we used to skip 'From ' - the 1st line that got added by spamd/spamc
# but it seems newer versions don't add it (and SA 2.50 adds a 3 line
# Received header)
output="`$SPAMC | sed '1{/^From .*/d;}'`"
exitcode=$?

# spamc will not process a "large email"
msize=`echo "$output" | wc -c`
# there's also a sizelimit with some shells that triggers around the 512kB
mark
# with an external printf and arguments size so we stop at this point
if [ $msize -gt 250000 ]; then
  # probably deemed too large anyway .. let it through
  exit 0
fi

flagvalue=`printf "%s\n" "$output" | $M822FIELD X-Spam-Flag | sed 's/^ //'`
# X-Spam-Flag might contain "YES"

if [ "$flagvalue" = "YES" ]; then
  # match - likely spam
  # no match - not a spam
  # forward on the email
  printf "%s\n" "$output" | $FORWARDBIN $FORWARD
  if [ $? -eq 0 ]; then
    # so qmail will not do any further deliveries in .qmail file
    exit 99
  fi
  # problem calling inject - temp failure
  exit 111
else
  # spamc doesn't distinguish temporary failure
  # if we're passing through the message
  # so look for signs that spamd provided the output..
  flag2value=`printf "%s\n" "$output" | $M822FIELD X-Spam-Status`
  exitcode2=$?
  if [ $exitcode2 -ne 0 ]; then
    # X-Spam-Status header not present in message -> failure of spamc/spamd?
    # spamc will not process a "large email", but this is accounted for
above
    # so indicate temporary failure
    echo "spamc returned temporary failure"
    exit 111
  fi

  # indicate that qmail should continue processing dot-qmail file
  exit 0
fi


Spam:

-----Original Message-----
From: Sonja Little [mailto:sonjalittleda@freeler.nl]
Sent: Saturday, May 31, 2003 12:26 PM
To: abelj@callatg.com
Subject: Save money!



Free consultation, Win Win situation
Read More Here

----Original Message----

abelj@callatg.com wrote:
> I wish I could be there

click here to unsubscribe.



Sincerely,

System Administrator
Able Computer Consulting
abel@ablecc.net




-------------------------------------------------------
This SF.net email is sponsored by: eBay
Get office equipment for less on eBay!
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
Spamassassin-talk mailing list
Spamassassin-talk@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic