On Thu, 8 Jan 2009, JVlad wrote:
sendmail + spamassassin milter (written by Georg C. F. et al)
everything works great so far, except I need to save the spamassassin
results (score+sender) and do this synchronously, right after the score
is calculated.
How about a perl script that opens a reader on
"<tail --follow=/var/log/maillog --max-unchanged-stats=10"
?
Look for these lines:
Jan 8 11:05:49 ga sendmail[9706]: n08J5iaW009706:
from=<aw-conf...@cgi1-ebay.com>, size=13543, class=0, nrcpts=1,
msgid=<efserverequl3teaiey00000...@mail.rootcapital.org>, proto=ESMTP,
daemon=MTA, relay=mail.rootcapital.org [151.204.235.90] (may be forged)
Jan 8 11:05:57 ga spamd[1952]: spamd: result: Y 21 -
BAYES_50,FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_HTML,FORGED_OUTLOOK_TAGS,HTML_EMBED_IMG_04,HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,HTML_STOOPID_01,J_CHICKENPOX_44,MIME_HTML_ONLY,NORMAL_HTTP_TO_IP,PUNCT_URI_HTML_01,SARE_BANK_URI_IP,SARE_EBAY_SPOOF_NAME,SARE_URI_EQUALS,TO_CC_NONE,URIBL_PH_SURBL,URI_HIDDEN
scantime=8.5,size=13943,user=root,uid=99,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=47441,mid=<efserverequl3teaiey00000...@mail.rootcapital.org>,bayes=0.505095260584322,autolearn=disabled
...and associate them by msgid. Together they give you sender address, IP,
and SA score.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
I'm seriously considering getting one of those bright-orange prison
overalls and stencilling PASSENGER on the back. Along with the paper
slippers, I ought to be able to walk right through security.
-- Brian Kantor in a.s.r
-----------------------------------------------------------------------
9 days until Benjamin Franklin's 303rd Birthday