Brian Ipsen <[EMAIL PROTECTED]> writes: > I posted a message to the forum about this issue sunday, but haven't gotten > any response on it - so I'll try again.
I tagged it and was hoping that one of the tmda-cgi authors would answer. Apparently they're offline for a while. > I've been emailing with some SpamCop.net people, because one of my > submissions by mistake pointed my backup MX up as spam-relaying :-( > > The fuzz has been identified to be caused by the reporter.py script (which > actually also is present on SpamCop's own webpage) - because the script > masks the hostname/domain of the last mailserver, which is not allowed > according to the SpamCop-admin I was mailing with. The headers need to > remain intact - only the recipient name is allowed to be masked. I investigated this briefly. Yes, SpamCop is distributing this script. Yes, it doesn't match with their current rules, if the person you're corresponding with knows anything. No, it doesn't now and never did understand qmail virtual domains, so the virtual user's name was never masked anyhow! Alan Eldridge (the author of the script) doesn't list an email address, so without more work than I intend to put into this, there's no obvious way to communicate with him. I looked at the Perl version of the script on SpamCop's site, http://www.spamcop.net/reporter.pl, and it does no masking of anything at all. So I hacked up reporter.py to behave the same way. It won't attempt to mask domain names, which SpamCop says it shouldn't, and it won't attempt to mask usernames, which it didn't anyhow in the virtual domain case. If you're not comfortable with that, you might want to consider turning off SpamCop reporting for now, until the problem is addressed. I've attached a diff that you can apply (with patch) for now. From the directory where reporter.py resides on your system, run # patch < /path/to/screport.diff You may need to run patch with the -p0 flag on Linux. I'm really not sure what the best thing to do is for ongoing tmda-cgi development so I'm just going to leave it an open issue. Gre7g can decide what he thinks is best when he returns. Tim
--- reporter.py.orig Wed Nov 12 14:51:35 2003 +++ reporter.py Wed Nov 12 15:08:00 2003 @@ -60,68 +60,30 @@ # 2002/03/07 # Use textsub regex matching to deal with problems about overlapping # strings to hide. +# 2003/11/12 - Tim Legant +# Ripped out all address/domain hiding code. SpamCop is now complaining +# about that. # import getopt import os -import pwd import re -import socket -import string import sys import time -import UserDict -class Textsub(UserDict.UserDict): - """Do multiple string replacements in one pass. - - Original algorithm by Xavier Defrang. Posted on - http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/81330. - """ - def __init__(self, dict = None): - self.re = None - self.regex = None - UserDict.UserDict.__init__(self, dict) - - def compile(self): - if len(self.data) > 0: - tmp = "(%s)" % "|".join(map(re.escape, - self.data.keys())) - if self.re != tmp: - self.re = tmp - self.regex = re.compile(self.re) - - def __call__(self, match): - return self.data[match.string[match.start():match.end()]] - - def replace(self, s): - if len(self.data) == 0: - return s - return self.regex.sub(self, s) class SpamcopConf: def __init__(self): pid = os.getpid() - uid = os.getuid() - pwent = pwd.getpwuid(uid) tm = time.localtime(time.time()) self.mailto = None self.sendmail = "/usr/sbin/sendmail" self.MIME_delim = 'DeathToSpammers' * 3 + '%05d' % (pid,) self.subject = time.strftime("SPAM REPORT %Y/%m/%d %H:%M:%S %Z", tm) - self.hidden = Textsub() - self.hide_string(pwent[0]) - tmp = socket.gethostname().split('.') - if len(tmp) > 1: - self.hide_string(string.join(tmp[-2:],'.')) - for w in tmp[:-2]: - self.hide_string(w) def set_mailto(self, val): self.mailto = val def set_sendmail(self, val): self.sendmail = val - def hide_string(self, str): - self.hidden[str] = 'X' * len(str) def usage(ec): print """ @@ -131,7 +93,6 @@ -h show this help and exit -V show version and exit -s sendmail-path set path to sendmail program - -H string[,string] strings to hide in submitted message Notes: 1. Spamcop now uses per-user spam submission email addresses. You @@ -142,8 +103,7 @@ is given on the command line. 3. If no address is given on the command line, and the environment var SPAMCOP_MAIL is not set, the message is written to standard output. -4. The environment var SPAMCOP_HIDE is equivalent to '-H' option. -5. The environment var SPAMCOP_SENDMAIL is equivalent to '-s' option. +4. The environment var SPAMCOP_SENDMAIL is equivalent to '-s' option. """ sys.exit(ec) @@ -172,7 +132,6 @@ skip = 0 body = 0 for l in spam: - l = conf.hidden.replace(l) if re.match(r"^Subject:\s+\*+SPAM\*+\s+", l): outfile.write(re.sub(r"\s+\*+SPAM\*+", "", l, 1)) elif re.match(r"^X-Spam-", l): @@ -194,7 +153,6 @@ % (subjstr, mailto)) def write_mail(spam, conf): - conf.hidden.compile() spams = [] currspam = [] for l in spam: @@ -216,9 +174,6 @@ if os.environ.has_key('SPAMCOP_MAIL'): Gconf.set_mailto(os.environ['SPAMCOP_MAIL']) -if os.environ.has_key('SPAMCOP_HIDE'): - for w in os.environ['SPAMCOP_HIDE'].split(','): - Gconf.hide_string(w) if os.environ.has_key('SPAMCOP_SENDMAIL'): Gconf.set_sendmail(os.environ['SPAMCOP_SENDMAIL']) @@ -228,16 +183,13 @@ if opt == '-h': usage(0) elif opt == '-V': - print '%s: $Revision: 1.2 $' % (sys.argv[0],) + print '%s: $Revision: 1.3 $' % (sys.argv[0],) sys.exit(0) elif opt == '-s': Gconf.set_sendmail(val) - elif opt == '-H': - for w in val.split(','): - Gconf.hide_string(w) if len(args) > 0: - Gconf.set_mailto(string.join(args)) + Gconf.set_mailto(' '.join(args)) write_mail(sys.stdin.readlines(), Gconf)
_____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
