[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: spamassassin
Yes, I can "return ok;", but how & where do I tag?... the message passed
thru contentfilter, AFAIK, doesn't get back to the spool, it's just a
copy, or not?
El 6 Nov 2003 a las 14:59, James MacKinnon escribió:
>
> well, it would be easy to modify Eugene's contentfilter.c to
> always exit with:
>
> return ok;
>
>
> ( rather than return begone; )
>
> It sounds as if you just want a stub program there to call spamd
> and rewite the headers with the 'X-Spam' info, and exit. If you always
> exit(0) out of your stub, you won't be rejecting anything :-)
>
> Cheers,
> -Jim
>
> On Thu, 6 Nov 2003, Mariano Absatz wrote:
>
> > Yes... I thought about using Eugene's newer zmscanner (which I'll
> > probably use for antivirus w/clam-av), but, in this ISP environment I
> > can't afford to reject legit messages which show up as SpamAssassin false
> > positives, that is why I have to tag and deliver.
> >
> > smptserver's contentfilter doesn't let me do that.
> >
> > OTOH, I'm talking about 2M messages/day, rather than 100k msgs/week... I
> > can (and will) throw hardware at it, but not 10 dual xeon... :-)
> >
> > El 6 Nov 2003 a las 14:20, James MacKinnon escribió:
> >
> > > Hi Mariano,
> > >
> > > I wouldn't try to do it via process.cf
> > >
> > > Eugene at one time wrote a little insert for smtpserver called
> > > 'lean-mean-contentfilter' (in contrib/ in the source).
> > >
> > > I modified that a bit and use it directly in the smtpserver
> > > (so spamd is invoked inline during initial message receipt, and the
> > > result flags the contentfilter mechanism to accept/reject during
> > > the SMTP chat).
> > >
> > > zmailer already has hooks set up for a 'contentfilter'
> > >
> > > I have, in smtpserver.conf:
> > >
> > > # External program for received message content analysis:
> > > # my custom contentfilter is a hook to $MAILBIN/spamc.sh
> > > PARAM contentfilter $MAILBIN/contentfilter
> > >
> > >
> > > contentfilter really just passes a filename off to a shell script
> > > which then invokes spamd. It sets exit on the result back to
> > > contentfilter (which expects exit values 0 and -1).
> > >
> > > Typical smtpserver log entry on a spam transaction:
> > >
> > > ...
> > > NFww30942r MAIL From:<y5clzkuow@hotmail.com> SIZE=2867
> > > NFww30942w 250 2.1.0 Sender syntax Ok
> > > NFww30942# -- pipeline input exists 6 bytes
> > > NFww30942r RCPT To:<vf889r6@phys.ualberta.ca>
> > > NFww30942# test-rcpt-dns-rbl test; rblmsg='<none>'
> > > NFww30942w 250 2.1.5 Ok; can accomodate 2867 byte message for
> > > <vf889r6@phys.ualberta.ca>
> > > NFww30942r DATA
> > > NFww30942w 354 Start mail input; end with <CRLF>.<CRLF>
> > > NFww30942# policyprogram said: -1 550 5.7.1 Content Policy rejection
> > > - not acceptable content
> > > NFww30942# Content-policy analysis ordered message rejection.
> > > (code=-1); msg='550 5.7.1 Content Policy rejection - not
> > > acceptable content'
> > > NFww30942w 550 5.7.1 Content Policy rejection - not acceptable
> > > content
> > > NFww30942r QUIT
> > > NFww30942w 221 2.0.0 relay.phys.ualberta.ca Out
> > >
> > >
> > > It's been working very well now for just over a year here. My total
> > > smtp transaction volume is on the order of 100000 per week (I guess
> > > that might be considered small), but the machine rarely sees a load
> > > average greater than 0.5
> > >
> > > You could very easily put your idea into place using the
> > > existing contentfilter mechanism, and set it up to just tag
> > > rather than reject.
> > >
> > > Cheers,
> > > -Jim
> > >
> > >
> > > On Thu, 6 Nov 2003, Mariano Absatz wrote:
> > >
> > > > I know, I know... every 2 months someone (like me) comes to the list
> > > > asking how to integrate spamassassin with zmailer...
> > > >
> > > > I also know what Eugene will say: "spamassassin is waaaaay too slow to
> > > > handle any real traffic" :-)
> > > >
> > > > However, I'm being asked to do AntiSpam tagging (not deleting) for a
> > > > relatively high volume ISP, and the only open tool I know is
> > > > spamassassin...
> > > >
> > > > Situation is, I'm on a border smtp gateway with no users in it, just
> > > > accept, tag, and deliver.
> > > >
> > > > I don't like the procmail approach... Eugene once said he did it in
> > > > cf/process.cf ( http://www.zmailer.org/mhalist/2003/msg00166.html ).
> > > >
> > > > How would that be done?
> > > >
> > > > I don't know how to zmsh, but I could write a small C filter that reads a
> > > > queue file from stdin, calls spamd using libspamc passing the original
> > > > message (sàns envelope) and, based on what spamd answers, adds a couple
> > > > of headers before writing it (with envelope) to standard output...
> > > >
> > > > That should be invoked (if I understand correctly) just before calling
> > > > the rfc822 function... but can this be done without an intermediate file?
> > > >
> > > > Otherwise, could it look like this (on cf/process.cf)?
> > > > ========================<CUT>=============================
> > > > case "$file" in
> > > > # [0-9]*.x400) x400 "$file" ;;
> > > > # [0-9]*.uucp) uucpfilter "$file" > /tmp/X.$$
> > > > # cat /tmp/X.$$ > "$file"
> > > > # rfc822 "$file" ;;
> > > > [0-9]*) /usr/local/bin/CheckSpam "$file" > chkspm."$file"
> > > > /bin/rm -f "$file"
> > > > rfc822 chkspm."$file" ;;
> > > > core*) /bin/mv "$file" ../$file.router.$$
> > > > return
> > > > ;;
> > > > *) /bin/mv "$file" ../postman/rtr."$file".$$
> > > > return
> > > > ;;
> > > > esac
> > > > ========================<CUT>=============================
> > > >
> > > > or maybe:
> > > > ========================<CUT>=============================
> > > > case "$file" in
> > > > # [0-9]*.x400) x400 "$file" ;;
> > > > # [0-9]*.uucp) uucpfilter "$file" > /tmp/X.$$
> > > > # cat /tmp/X.$$ > "$file"
> > > > # rfc822 "$file" ;;
> > > > [0-9]*) /usr/local/bin/CheckSpam "$file" > chkspm."$file"
> > > > /bin/mv chkspm."$file" "$file"
> > > > rfc822 "$file" ;;
> > > > core*) /bin/mv "$file" ../$file.router.$$
> > > > return
> > > > ;;
> > > > *) /bin/mv "$file" ../postman/rtr."$file".$$
> > > > return
> > > > ;;
> > > > esac
> > > > ========================<CUT>=============================
> > > >
> > > > is this correct?
> > > > is it less unefficient than other methods?
> > > >
> > > > TIA.
> > > >
> > > > --
> > > > Mariano Absatz
> > > > El Baby
> > > > ----------------------------------------------------------
> > > > There's too much blood in my caffeine system.
> > > >
> > > >
> > > > -
> > > > To unsubscribe from this list: send the line "unsubscribe zmailer" in
> > > > the body of a message to majordomo@nic.funet.fi
> > > >
> > >
> > > --
> > > James S. MacKinnon Office: P-139 Avadh-Bhatia Physics Lab
> > > Team Physics Voice : (780) 492-8226 [old AC 403]
> > > University of Alberta email : Jim.MacKinnon@Phys.UAlberta.CA
> > > Edmonton, Canada T6G 2N5 WWW : http://www.phys.ualberta.ca/
> > >
> > > char*f="char*f=%c%s%c;main(){printf(f,34,f,34,10);}%c";main(){printf(f,34,f,34,10);}
> > > for all that we know the universe could cease to exist at any mo
> >
> >
> > --
> > Mariano Absatz
> > El Baby
> > ----------------------------------------------------------
> > Too much of a good thing can be wonderful.
> > -- Mae West
> >
> >
>
> --
> James S. MacKinnon Office: P-139 Avadh-Bhatia Physics Lab
> Team Physics Voice : (780) 492-8226 [old AC 403]
> University of Alberta email : Jim.MacKinnon@Phys.UAlberta.CA
> Edmonton, Canada T6G 2N5 WWW : http://www.phys.ualberta.ca/
>
> char*f="char*f=%c%s%c;main(){printf(f,34,f,34,10);}%c";main(){printf(f,34,f,34,10);}
> for all that we know the universe could cease to exist at any mo
--
Mariano Absatz
El Baby
----------------------------------------------------------
Beware of programmers with screwdrivers.
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi
- Follow-Ups:
- Re: spamassassin
- From: James MacKinnon <jmack@phys.ualberta.ca> (Fri, 7 Nov 2003 16:54:19 +0200)