Captured tags
Hi,
I'm aiming to extract the domain part from the To: address field,
specifically targeting email addresses like i...@domain.com to capture just
domain.com. However, the current rule consistently captures the string
starting with @, such as @domain.com.
header __TO_DOMAIN To:addr =~ /\@(?[^\s@]+)/
How to fix this rule or any easyway to capture value of To: domain
I noticed a test file where %{HEADER(From:addr:domain)} is used to extract
the domain. I'm unsure if %{HEADER(To:addr:domain)} is supported, as
testing it did not resolve the issue.
Jimmy
Re: dcc on empty email
Perhaps just check your old notes? :-P https://lists.apache.org/thread/6fspd1my9xjdjbz16zp7dk66vn44xccz On Wed, Apr 10, 2024 at 10:42:35PM -0400, Alex wrote: > Hi, > > I'm noticing DCC is triggering on emails with an empty body. I'd like to > create a hash that matches messages with an empty body and other simple > messages. > > What am I doing wrong? I've tried it with a zero-length file as well as > one > with just a few characters. It looks like I don't understand what the > format of the file should be. > > [root@beast dcc]# /usr/bin/dccproc -QCw whiteclnt < dcc-empty > missing message body; fatal error > > > I have a better understanding of how this works now. It apparently still > requires a valid email to be used, just with an actual empty body if I wanted > to whitelist that portion of it. > > /usr/bin/dccproc -QCw whiteclnt < email-with-empty-body > X-DCC-www.nova53.net-Metrics: [1]beast.example.com 1204; Body=0 Fuz1=0 Fuz2=0 > reported: 0 checksum server > env_From: d41d8cd9 8f00b204 e9800998 ecf8427e > From: 55a5141a 442cf35f 22622946 72511b73 > Message-ID: cebc1e5c 40f54129 90709930 ee918829 > Received: 9afca068 dc711459 c84cadb6 627877e9 > Body: d1b04397 6af3d941 68459a63 a155b202 0 > Fuz1: 3d69b970 c60c2b73 95050fee 7971cae8 0 > Fuz2: d35d922e 637a421c 0da33c04 8498ab36 0 > > although I'm not sure now where these values should be used/stored for dcc? > > I also happened across this link that contains a list of checksums for nearly > empty messages, although I don't know how current or useful it is. > [2]https://www.iecc.com/dcc-testmsg-whitelist.txt > > > > > References: > > [1] http://beast.example.com/ > [2] https://www.iecc.com/dcc-testmsg-whitelist.txt
Re: dcc on empty email
Hi, > I'm noticing DCC is triggering on emails with an empty body. I'd like to > create a hash that matches messages with an empty body and other simple > messages. > > What am I doing wrong? I've tried it with a zero-length file as well as > one with just a few characters. It looks like I don't understand what the > format of the file should be. > > [root@beast dcc]# /usr/bin/dccproc -QCw whiteclnt < dcc-empty > missing message body; fatal error > I have a better understanding of how this works now. It apparently still requires a valid email to be used, just with an actual empty body if I wanted to whitelist that portion of it. /usr/bin/dccproc -QCw whiteclnt < email-with-empty-body X-DCC-www.nova53.net-Metrics: beast.example.com 1204; Body=0 Fuz1=0 Fuz2=0 reported: 0 checksum server env_From: d41d8cd9 8f00b204 e9800998 ecf8427e From: 55a5141a 442cf35f 22622946 72511b73 Message-ID: cebc1e5c 40f54129 90709930 ee918829 Received: 9afca068 dc711459 c84cadb6 627877e9 Body: d1b04397 6af3d941 68459a63 a155b202 0 Fuz1: 3d69b970 c60c2b73 95050fee 7971cae8 0 Fuz2: d35d922e 637a421c 0da33c04 8498ab36 0 although I'm not sure now where these values should be used/stored for dcc? I also happened across this link that contains a list of checksums for nearly empty messages, although I don't know how current or useful it is. https://www.iecc.com/dcc-testmsg-whitelist.txt
Re: problems with Plugin::ASN and spam
> On Apr 10, 2024, at 2:52 PM, Benny Pedersen wrote: > > Darrell Budic skrev den 2024-04-10 19:48: > >> Anything I’m missing? > > using amavisd ? > > then try this in amavisd.conf: > > > @spam_scanners = ( ># ['SpamAssassin', 'Amavis::SpamControl::SpamAssassin'], >['SpamdClient', 'Amavis::SpamControl::SpamdClient'] > ); > > 1; # insure a defined return value > > if this works, its amavisd missing to add that header spamassassin add in > add-header > > dont enable both spam_scanners, just one of them, and with the last start > spamd, as you have you already have this > > would be nice if its just that > No, I”m using spamass-milter to send it over from postfix. Here’s my spamass-milter config in case I missed something there (systemd running it on alma 8 in this case): EXTRA_FLAGS="-e onholyground.com -u defang -m -r 15 -i 127.0.0.1 -g sa-milt -- --max-size=512 --dest=sa0.int.ohgnetworks.com,sa1.int.ohgnetworks.com --randomize" Both sa0 & sa1 run the same spamassassin/spamd configurations, neither of them add the X-Spam-ASN headers. All other add_header entries work fine.
dcc on empty email
Hi, I'm noticing DCC is triggering on emails with an empty body. I'd like to create a hash that matches messages with an empty body and other simple messages. What am I doing wrong? I've tried it with a zero-length file as well as one with just a few characters. It looks like I don't understand what the format of the file should be. [root@beast dcc]# /usr/bin/dccproc -QCw whiteclnt < dcc-empty missing message body; fatal error
Re: problems with Plugin::ASN and spam
Darrell Budic skrev den 2024-04-10 19:48: Anything I’m missing? using amavisd ? then try this in amavisd.conf: @spam_scanners = ( # ['SpamAssassin', 'Amavis::SpamControl::SpamAssassin'], ['SpamdClient', 'Amavis::SpamControl::SpamdClient'] ); 1; # insure a defined return value if this works, its amavisd missing to add that header spamassassin add in add-header dont enable both spam_scanners, just one of them, and with the last start spamd, as you have you already have this would be nice if its just that
Re: problems with Plugin::ASN and spam
> On Apr 10, 2024, at 1:30 PM, Bill Cole > wrote: > > On 2024-04-10 at 13:48:47 UTC-0400 (Wed, 10 Apr 2024 12:48:47 -0500) > Darrell Budic mailto:bu...@onholyground.com>> > is rumored to have said: > >> Just checking in here that I’m not doing something wrong with the ASN plugin >> before I file a bug on this. SpamAssassin 4.0.1 installed from cpan on Alma >> 9. >> >> I’ve got it configured to use the local maxmind db files, and those show up >> in logs. Testing in spamassassin itself show that it finds the ASN and >> includes it in the headers as expected. But when I let spamc/spamd process >> emails, the X-Spam-ASN headers do not appear. Enabling debug logging on >> spamd shows it does find the ASN properly, but doesn’t include the header. >> All my other add_header entries show up as expected. > > This smells like a case of not using the config that you think you are. I keep thinking that, but the default ruleset's /var/lib/spamassassin/4.01/updates_spamassassin_org/25_asn.cf should also add headers, and isn’t. >> Relevant config: > > Says you... :) Sure do :) > When you run the spamassassin script from the command line, it loads your > user prefs from ~/.spamassassin/user_prefs and uses them. When you use spamc > to talk to spamd, which prefs are loaded depends on your configuration of > spamd, perhaps using only the global config, possibly using the config of the > user running spamd, and possibly (with configuration of spamd that allows it > to use per-user configs properly) that of arbitrary users per message. > > Differences in how spamc/spamd and spamassassin on the command line behave > are almost always due to this. It certainly appears to be reading the right files. From the same debug log snipped earlier: Wed Apr 10 17:06:48 2024 [2246409] dbg: plugin: loading Mail::SpamAssassin::Plugin::ASN from @INC Wed Apr 10 17:06:50 2024 [2246409] dbg: plugin: Mail::SpamAssassin::Plugin::ASN=HASH(0x55c6b04063d8) implements 'extract_metadata', priority 0 Wed Apr 10 17:06:48 2024 [2246409] dbg: config: read file /etc/mail/spamassassin/custom.cf Wed Apr 10 17:06:49 2024 [2246409] dbg: config: parsing file /etc/mail/spamassassin/custom.cf Wed Apr 10 17:06:49 2024 [2246409] dbg: config: using "/var/lib/spamassassin/4.01/updates_spamassassin_org/25_asn.cf" for included file Wed Apr 10 17:06:49 2024 [2246409] dbg: config: read file /var/lib/spamassassin/4.01/updates_spamassassin_org/25_asn.cf Wed Apr 10 17:06:49 2024 [2246409] dbg: config: parsing file /var/lib/spamassassin/4.01/updates_spamassassin_org/25_asn.cf Wed Apr 10 17:07:09 2024 [2246418] dbg: check: tagrun - tag ASN is now ready, value: 11377 SENDGRID Wed Apr 10 17:07:09 2024 [2246418] dbg: asn: GeoDB lookup successful, skipping DNS lookup The asn_prefix and add_header below are in /etc/mail/spamassassin/custom.cf. >> report_safe 0 >> ifplugin Mail::SpamAssassin::Plugin::ASN >> asn_prefix '' >> asn_lookup asn.routeviews.org _ASN_ _ASNCIDR_ >> add_header all ASN _ASN_ _ASNCIDR_ >> >> # IPv6 support (Bug 7211) >> asn_lookup_ipv6 origin6.asn.cymru.com _ASN_ _ASNCIDR_ >> endif # Mail::SpamAssassin::Plugin::ASN >> >> From the spamd debug log: >> >> Wed Apr 10 17:06:50 2024 [2246409] dbg: geodb: GeoIP2: search found asn >> /usr/share/GeoIP/GeoLite2-ASN.mmdb >> Wed Apr 10 17:06:50 2024 [2246409] dbg: geodb: GeoIP2: loaded asn from >> /usr/share/GeoIP/GeoLite2-ASN.mmdb >> Wed Apr 10 17:07:09 2024 [2246418] dbg: asn: using GeoDB ASN for lookups >> Wed Apr 10 17:07:09 2024 [2246418] dbg: asn: using first external relay IP >> for lookups: 149.72.37.58 >> Wed Apr 10 17:07:09 2024 [2246418] dbg: asn: GeoDB found ASN 11377 >> >> There are no dgb: markup: entries for the ASN header. >> >> Anything I’m missing? > > Look at the debug channel for config and etermine which config files are > actually being used by spamd and by spamassassin. (spamc knows nothing of SA > configs…) Spamassassin reads the same ones. [root@sa0 spamassassin]# /usr/local/bin/spamassassin -t -D < ~telsin/testemail.eml 2>&1 | egrep -i 'asn' Apr 10 19:18:24.185 [2249580] dbg: plugin: loading Mail::SpamAssassin::Plugin::ASN from @INC Apr 10 19:18:24.628 [2249580] dbg: config: fixed relative path: /var/lib/spamassassin/4.01/updates_spamassassin_org/25_asn.cf Apr 10 19:18:24.628 [2249580] dbg: config: using "/var/lib/spamassassin/4.01/updates_spamassassin_org/25_asn.cf" for included file Apr 10 19:18:24.629 [2249580] dbg: config: read file /var/lib/spamassassin/4.01/updates_spamassassin_org/25_asn.cf Apr 10 19:18:24.629 [2249580] dbg: config: parsing file /var/lib/spamassassin/4.01/updates_spamassassin_org/25_asn.cf Apr 10 19:18:26.380 [2249580] dbg: geodb: GeoIP2: search found asn /usr/share/GeoIP/GeoLite2-ASN.mmdb Apr 10 19:18:26.380 [2249580] dbg: geodb: GeoIP2: loaded asn from /usr/share/GeoIP/GeoLite2-ASN.mmdb Apr 10 19:18:26.384 [2249580] dbg: geodb: database info: GeoIP2 asn: GeoLite2 ASN dat
Re: problems with Plugin::ASN and spam
On 2024-04-10 at 13:48:47 UTC-0400 (Wed, 10 Apr 2024 12:48:47 -0500) Darrell Budic is rumored to have said: > Just checking in here that I’m not doing something wrong with the ASN plugin > before I file a bug on this. SpamAssassin 4.0.1 installed from cpan on Alma 9. > > I’ve got it configured to use the local maxmind db files, and those show up > in logs. Testing in spamassassin itself show that it finds the ASN and > includes it in the headers as expected. But when I let spamc/spamd process > emails, the X-Spam-ASN headers do not appear. Enabling debug logging on spamd > shows it does find the ASN properly, but doesn’t include the header. All my > other add_header entries show up as expected. This smells like a case of not using the config that you think you are. > Relevant config: Says you... :) When you run the spamassassin script from the command line, it loads your user prefs from ~/.spamassassin/user_prefs and uses them. When you use spamc to talk to spamd, which prefs are loaded depends on your configuration of spamd, perhaps using only the global config, possibly using the config of the user running spamd, and possibly (with configuration of spamd that allows it to use per-user configs properly) that of arbitrary users per message. Differences in how spamc/spamd and spamassassin on the command line behave are almost always due to this. > report_safe 0 > ifplugin Mail::SpamAssassin::Plugin::ASN > asn_prefix '' > asn_lookup asn.routeviews.org _ASN_ _ASNCIDR_ > add_header all ASN _ASN_ _ASNCIDR_ > > # IPv6 support (Bug 7211) > asn_lookup_ipv6 origin6.asn.cymru.com _ASN_ _ASNCIDR_ > endif # Mail::SpamAssassin::Plugin::ASN > > From the spamd debug log: > > Wed Apr 10 17:06:50 2024 [2246409] dbg: geodb: GeoIP2: search found asn > /usr/share/GeoIP/GeoLite2-ASN.mmdb > Wed Apr 10 17:06:50 2024 [2246409] dbg: geodb: GeoIP2: loaded asn from > /usr/share/GeoIP/GeoLite2-ASN.mmdb > Wed Apr 10 17:07:09 2024 [2246418] dbg: asn: using GeoDB ASN for lookups > Wed Apr 10 17:07:09 2024 [2246418] dbg: asn: using first external relay IP > for lookups: 149.72.37.58 > Wed Apr 10 17:07:09 2024 [2246418] dbg: asn: GeoDB found ASN 11377 > > There are no dgb: markup: entries for the ASN header. > > Anything I’m missing? Look at the debug channel for config and etermine which config files are actually being used by spamd and by spamassassin. (spamc knows nothing of SA configs...) -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire
problems with Plugin::ASN and spam
Just checking in here that I’m not doing something wrong with the ASN plugin before I file a bug on this. SpamAssassin 4.0.1 installed from cpan on Alma 9. I’ve got it configured to use the local maxmind db files, and those show up in logs. Testing in spamassassin itself show that it finds the ASN and includes it in the headers as expected. But when I let spamc/spamd process emails, the X-Spam-ASN headers do not appear. Enabling debug logging on spamd shows it does find the ASN properly, but doesn’t include the header. All my other add_header entries show up as expected. Relevant config: report_safe 0 ifplugin Mail::SpamAssassin::Plugin::ASN asn_prefix '' asn_lookup asn.routeviews.org _ASN_ _ASNCIDR_ add_header all ASN _ASN_ _ASNCIDR_ # IPv6 support (Bug 7211) asn_lookup_ipv6 origin6.asn.cymru.com _ASN_ _ASNCIDR_ endif # Mail::SpamAssassin::Plugin::ASN From the spamd debug log: Wed Apr 10 17:06:50 2024 [2246409] dbg: geodb: GeoIP2: search found asn /usr/share/GeoIP/GeoLite2-ASN.mmdb Wed Apr 10 17:06:50 2024 [2246409] dbg: geodb: GeoIP2: loaded asn from /usr/share/GeoIP/GeoLite2-ASN.mmdb Wed Apr 10 17:07:09 2024 [2246418] dbg: asn: using GeoDB ASN for lookups Wed Apr 10 17:07:09 2024 [2246418] dbg: asn: using first external relay IP for lookups: 149.72.37.58 Wed Apr 10 17:07:09 2024 [2246418] dbg: asn: GeoDB found ASN 11377 There are no dgb: markup: entries for the ASN header. Anything I’m missing? Thanks! -Darrell
