[SA-exim] Re: feedback: SpamAssassin at SMTP time in local_scan

Marc MERLIN marc at merlins.org
Wed, 8 May 2002 12:03:50 -0700 

---------------------- multipart/signed attachment
On Wed, May 08, 2002 at 12:18:16PM -0500, dman wrote:
> | Yeah,  thanks  (working  on   your  Subject  suggestion  right  now). T=
hat's
> | obviously left over from the  hardcoding I had before transfering every=
thing
> | to options.
>=20
> Cool, I see the Subject thing works now.
=20
Yep,  I just  wanted to  run  the code  overnight before  announcing it  and
announcing this  list (no  need to  further annoy  people on  exim-users who
aren't interested)

So, you probably saw I posted version 1.1 (changelog on the web site and
inside the code)
=20
> | My  plan was  for it  to  try reading  the config  file from  /etc/mail,
> | /etc/exim, and /etc
> | I'll probably do that tonight.
>=20
> I don't think  that's a big deal  since there's no dynamic  loading of the
> function anyways.   Each installation  must compile  it for  themself, and
> thus can change it.  KISS.  Worst-case scenario is to use a symlink.

I didn't get around to it since I had to go to bed eventually, but I agree
with you. I think that's why I didn't do it the first time around.

> I added these lines at line 175 in version 1.1.
>=20
>     /* make the file a valid mbox for convenience */
> #define FROM "From Wed Dec 31 23:59:59 UTC 1969\n"
>     ret=3Dwrite( writefd , FROM , strlen(FROM) ) ;
>     CHECKERR(ret,string_sprintf("'From ' line write in %s", filename),__L=
INE__);
>=20
> It's convenient because 'mutt -f' will see it as a mbox folder (with
> just one message) and 'vim' wil automatically syntax highlight it
> correctly.
=20
That's a good idea, I'll add that.
=20
> I'm planning on adjusting the logic a bit at some point.  My idea is
> to read the first line of output from the program to determine whether
> it passes or fails and to extract the error message from that.  The
> rest of the output would be RFC2822 headers to update in the message.
> Obviously 'spamc' would not work as the program in this scenario.  My
> reasoning is to generalize it a bit to facilitate writing my own
> scanner that, in addition to delegating to spamc, would check for klez
> and similar junk for immediate rejection.  This program, at a minimum,
> would frontend spamc and adapt spamc's output to fit the format (and
> include the logic to determine pass/fail and build the error message).
=20
Yeah, I've also given some thought into moving my system_filter rejects at
SMTP time.
That said, each of them can be done with a condition statement in the RCPT
or DATA ACL, so they may be better off there.
=20
> This would make the local_scan more similar to exiscan in operation
> (deferring to an external program for result and message) but would
> keep the ability to modify a message's headers and save them for the
> admin to monitor.  I also expect it would reduce the amount of C in
> the local_scan.

That's an option.
=20
> I am having a problem with the saving of messages, though.  I want
> them in a maildir folder.  That's easy enough; I just specified a path
> like /var/mail/dman/SApermreject/new and made the cur and tmp
> directories myself.  The problem is in permissions.  All the
> /var/mail/dman/SA**/* directories are dman:mail, 6770.  However files
> would still be created as mail:mail 0600.  Thus my user account
> couldn't read them.  I've temporarily solved the problem by adjusting
> the creat() call to set the perms to 666. =20

I hadn't envisionned that use (i.e. a user, not root, reading the mailboxes)
Yeah, the creat call forces the permissions.

> I thought making the  directory SUID me would force the  files to be owned
> by me.

Nope, it doesn't do that :-)

Marc
--=20
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet coo=
king
 =20
Home page: http://marc.merlins.org/   |   Finger marc_f@merlins.org for PGP=
 key

---------------------- multipart/signed attachment
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 350 bytes
Desc: not available
Url : http://lists.merlins.org/archives/sa-exim/attachments/d24ba9c6/attachment.bin

---------------------- multipart/signed attachment--