On 12 Apr 2019, at 2:52, Benoit Panizzon wrote:
Dear List
I have started using the ASN SpamAssassin Plugin to penalize emails
originating from certain know spam operation ASN with great success
(especially for the actual sextortion email wave).
Now I reckoned it would be nice to also have the X-SPAM-ASN Header
which
is added by SpamAssassin to be passed on to MIMEDefang so it is added
to the original message, just to be able to see with one glance, from
which ASN it originated in case of spam which slips through.
I know SpamAssassin operates on a copy of the message, so it is
normally
not possible to keep headers added by SpamAssassin.
But, is there a way to still achieve this, which I am missing?
There are 2 ways:
1. Instead of using the integrated SA support in MD, run spamd and have
MD run spamc to do the scan, and replace the message entirely with what
spamc returns. This has a performance penalty, but you get any of SA's
header modifications that you want.
2. Build it yourself in mimedefang-filter, in filter_end(). This is how
I do a similar thing on my personal system:
********* WARNING: This is a raw snippet that has not been cleaned
*********
********** up for general distribution or drop-in use
*********
# NOTE: MUST be done before spam_assassin_check finishes the
object
my $SAStatus = spam_assassin_status();
# Get Relay countries and ASNs and languages
$relaycountry = $SAStatus->get_tag("RELAYCOUNTRY");
$relayasn = $SAStatus->get_tag("ASN");
$relayasncidr = $SAStatus->get_tag("ASNCIDR");
$languages = $SAStatus->get_tag("LANGUAGES");
#BEWARE: spam_assassin_check calls status->finish()
my ($hits, $req, $names, $report) = spam_assassin_check();
# Consistent with proposed patch for SA bug #6473 2018-02-04
my $relayhops = '';
my $lastcc = '';
if (length($relaycountry)) {
my @rcs = split(' ', $relaycountry);
while (my $cc = pop(@rcs)) {
if (length($lastcc)) { $relayhops = $cc . $lastcc . " " .
$relayhops; }
$lastcc = $cc;
}
$relayhops = "Trusted_" . $lastcc . " " . $relayhops;
}
my ($score);
if ($hits < 20) {
$score = "*" x int($hits);
} else {
$score = "*" x 20;
}
md_graphdefang_log('spam', $hits, $MessageID, $RelayAddr);
md_syslog('info', "SA: $hits ($score) $names");
md_syslog('info', "SOURCE: from $relayasncidr on $relayasn via
$relaycountry ($relayhops) in $languages");
# Delete any existing X-Spam-* headers
action_delete_header("X-Spam-Status");
action_delete_header("X-Spam-Score");
action_delete_header("X-Spam-Source");
action_delete_header("X-Spam-Hops");
action_add_header("X-Spam-Score", "$hits ($score) $names");
action_add_header("X-Spam-Source", "$relayasncidr on $relayasn
via $relaycountry in $languages");
action_add_header("X-Spam-Hops", "$relayhops");
************************************
Refer to the MD and/or SA docs to clarify anything in that which is
non-obvious...
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Available For Hire: https://linkedin.com/in/billcole
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
