Re: Spamassassin "ignoring" mail with embedded picture
On Fri, 15 Feb 2019, Claudio Kuenzler wrote: Is there a size limit active in Spamassassin (spamc or spamd) which would refuse this e-mail? Even if there is, there should be something logged, right? Either spamc or spamd should log/output something helpful. Dang it. No idea why I didn't see this before: *s* *max_size*, *--max-size*= *max_size* According to man spamc the default is 500KB. Bigger content "will be returned unprocessed". Hence it will never be sent to spamd, did I understand this correctly? I just tested it again with the embedded picture and an increased max size: # time cat /tmp/working2.eml | spamc -t 900 -s 800 [...] real3m22.921s user0m0.004s sys0m0.144s So this worked after all. It's possible the message got truncated in a manner that confused the message body parser in a way that caused something like runaway backtracking in a rule that doesn't expect to be looking at a huge block of base64 text... What version of SA are you using? Is the original message safe (from a privacy standpoint) to provide to some SA devs to verify whether that's indeed the cause and see if there's a failure mode we can fix? -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- When I say "I don't want the government to do X", do not automatically assume that means I don't want X to happen. --- 7 days until George Washington's 287th Birthday
Re: Spamassassin "ignoring" mail with embedded picture
On 2019-02-15 16:07, Claudio Kuenzler wrote: > The man page calls it "will be returned unprocessed" > What does that mean for Postfix, what kind of response does it get from > spamc? It depends on how spamc is invoked. Please read the whole manpage. If you invoke it just for the exit status, it will exit the same way as if the mail were determined by spamd to be ham. If you invoke it to output a modified copy of message (or just headers) on standard output, it will just echo the original. I have no idea how postfix calls spamc; I think that should in fact be your first line of investigation. -- Please don't Cc: me privately on mailing lists and Usenet, if you also post the followup to the list or newsgroup. To reply privately _only_ on Usenet and on broken lists which rewrite From, fetch the TXT record for no-use.mooo.com.
Re: Spamassassin "ignoring" mail with embedded picture
Just wanted to add that there are new size options coming It's committed to 4.0 in trunk: Use the new SpamAssassin rawbody_part_scan_size option to implement limits on scanned data size. https://bz.apache.org/SpamAssassin/show_bug.cgi?id=6582 Regards, KAM -- Kevin A. McGrail Member, Apache Software Foundation Chair Emeritus Apache SpamAssassin Project https://www.linkedin.com/in/kmcgrail - 703.798.0171
Re: Spamassassin "ignoring" mail with embedded picture
> >I took this e-mail and sent it manually via spamc to spamd while running > >spamd in foreground in debug mode (spamd --D): > > > ># cat /tmp/mailcausingproblems.eml | spamc > >-> nothing happened in the terminal where i'm running spamd! > > >I took a simple test mail and did the same: > > > ># cat /tmp/working.eml | spamc > >-> got tons of entries in the terminal where i'm running spamd > > apparently the mail was scanned. look at its headers. > Only the "working.eml" testmail was received and scanned by spamd. The problematic e-mail with the embedded picture "/tmp/mailcausingproblems.eml" experienced the problem. Please see my other mail I sent a couple of minutes after my initial mail, in the meantime I had found the max size parameter for spamc. > > >I was able to narrow it down to the embedded picture which has a size of > >~3.9MB. > > strange, spamc should put mail over 500K back unscanned. > So what does "put mail ... back" exactly mean? The man page calls it "will be returned unprocessed" What does that mean for Postfix, what kind of response does it get from spamc? If the mail staid in the mail queue and was obviously waiting for spamc to respond, shouldn't something have happened?
Re: Spamassassin "ignoring" mail with embedded picture
On 15.02.19 11:53, Claudio Kuenzler wrote: Came across a strange problem today where a mail is bounced by Postfix because it was never "accepted" by Spamassassin. This is the error, Postfix logged: : Command time limit exceeded: "/usr/bin/spamc". Command output:[the mail content] maybe the filtering should not be done by spamc directly. There are other ways - using spamass-milter, amavisd-milter, amavisd-new as content_filter or smtp_proxy ... In Spamassassin's log file nothing was logged. A manual retry of sending the mail (both via remote mail client and local webmail client) resultet in the mail being stuck in the Postfix queue: # date Fri Feb 15 11:19:10 CET 2019 # mailq -Queue ID- --Size-- Arrival Time -Sender/Recipient--- D01A1202E3* 4102925 Fri Feb 15 10:08:53 sen...@example.com redact...@example.com redact...@example.com This stays in the queue until the default timeout (15min) hits and then the mail gets bounced by Postfix, sending a non-delivery report to the sender address. I took this e-mail and sent it manually via spamc to spamd while running spamd in foreground in debug mode (spamd --D): # cat /tmp/mailcausingproblems.eml | spamc -> nothing happened in the terminal where i'm running spamd! I took a simple test mail and did the same: # cat /tmp/working.eml | spamc -> got tons of entries in the terminal where i'm running spamd apparently the mail was scanned. look at its headers. I was able to narrow it down to the embedded picture which has a size of ~3.9MB. strange, spamc should put mail over 500K back unscanned. I placed the whole base64 embedded picture stuff into the working.eml mail before, sent it again via spamc and same effect as the original mail (nothing happened). Is there a size limit active in Spamassassin (spamc or spamd) which would refuse this e-mail? Even if there is, there should be something logged, right? Either spamc or spamd should log/output something helpful. spamc default limit is 500K, you can increase it to 256M. scanning of bigger mail can take minutes, e.g. FuzzyOCR calling OCR programs. I think the default timeout is 5 minutes. All other mails (with or without attachments) are going through just fine. Any ideas? Is there a known bug which could cause this behaviour? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Fucking windows! Bring Bill Gates! (Southpark the movie)
Re: Spamassassin "ignoring" mail with embedded picture
> > Is there a size limit active in Spamassassin (spamc or spamd) which would > refuse this e-mail? Even if there is, there should be something logged, > right? Either spamc or spamd should log/output something helpful. > Dang it. No idea why I didn't see this before: *s* *max_size*, *--max-size*= *max_size* According to man spamc the default is 500KB. Bigger content "will be returned unprocessed". Hence it will never be sent to spamd, did I understand this correctly? I just tested it again with the embedded picture and an increased max size: # time cat /tmp/working2.eml | spamc -t 900 -s 800 [...] real3m22.921s user0m0.004s sys0m0.144s So this worked after all.
Spamassassin "ignoring" mail with embedded picture
Hello y'all Came across a strange problem today where a mail is bounced by Postfix because it was never "accepted" by Spamassassin. This is the error, Postfix logged: : Command time limit exceeded: "/usr/bin/spamc". Command output:[the mail content] In Spamassassin's log file nothing was logged. A manual retry of sending the mail (both via remote mail client and local webmail client) resultet in the mail being stuck in the Postfix queue: # date Fri Feb 15 11:19:10 CET 2019 # mailq -Queue ID- --Size-- Arrival Time -Sender/Recipient--- D01A1202E3* 4102925 Fri Feb 15 10:08:53 sen...@example.com redact...@example.com redact...@example.com This stays in the queue until the default timeout (15min) hits and then the mail gets bounced by Postfix, sending a non-delivery report to the sender address. I took this e-mail and sent it manually via spamc to spamd while running spamd in foreground in debug mode (spamd --D): # cat /tmp/mailcausingproblems.eml | spamc -> nothing happened in the terminal where i'm running spamd! I took a simple test mail and did the same: # cat /tmp/working.eml | spamc -> got tons of entries in the terminal where i'm running spamd I was able to narrow it down to the embedded picture which has a size of ~3.9MB. I placed the whole base64 embedded picture stuff into the working.eml mail before, sent it again via spamc and same effect as the original mail (nothing happened). Is there a size limit active in Spamassassin (spamc or spamd) which would refuse this e-mail? Even if there is, there should be something logged, right? Either spamc or spamd should log/output something helpful. All other mails (with or without attachments) are going through just fine. Any ideas? Is there a known bug which could cause this behaviour?