You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by John Horne <jo...@plymouth.ac.uk> on 2009/06/30 22:57:51 UTC
SA report header added to ham mail
Hello,
Using SA 3.2.5 I read in the Mail::SpamAssassin::Conf man page that:
report_safe ( 0 | 1 | 2 ) (default: 1)
...
If this option is set to 0, incoming spam is only modified
by adding some "X-Spam-" headers and no changes will be made
to the body. In addition, a header named X-Spam-Report will
be added to spam.
I am currently reconfiguring SA, and have set report_safe to 0. Our
'required' score is 8, and I have also configured:
clear_report_template
report "Score=_SCORE_ tests=_TESTS_ autolearn=_AUTOLEARN_"
However, as far as I can tell, the X-Spam-Report header gets added to
ham mail as well as spam. For example:
X-spam-report: Score=-6.9
tests=BAYES_00,DCC_CHECK,RCVD_IN_DNSWL_HI autolearn=ham
(taken from a received message; line wrapped be me). I have no problem
with the header being added, and in fact that is what I wanted. However,
I am a bit confused because the man page says it should only be added
for spam mail.
Can someone clarify what is going on please. Is there anything I need to
do to the config to ensure that the above report is added to all mail
(despite is seeming to happen anyway)?
Thanks,
John.
--
---------------------------------------------------------------
John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287
E-mail: John.Horne@plymouth.ac.uk Fax: +44 (0)1752 587001
Re: SA report header added to ham mail
Posted by LuKreme <kr...@kreme.com>.
On 30-Jun-2009, at 19:38, Karsten Bräckelmann wrote:
> Yes, that *might* result in images being loaded off the net auto-
> matically, depending on your MUA settings. Hence the "safe". But it
> really makes reviewing harder, having the user scroll and klick each
> single spam.
Erm.. I don't understand how report-safe 1 means scrolling and
clicking each spam? The vast majority of tagged spam can be discarded
without ever looking at the actual message in the attachment. And if a
message is mistagged, opening the attachment gives you the entire
original message with no SA tags at all.
> Recovering from report_safe 0 is a piece of cake, too. Just get rid of
> the X-Spam headers. Done. What's destructive about that?
That's well beyond most MUAs and most users.
--
You know, Calculus is sort of like measles. Once you've had it, you
probably won't get it again, and you're glad of it. -- W. Carr
Re: SA report header added to ham mail
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Tue, 2009-06-30 at 18:36 -0600, LuKreme wrote:
> On 30-Jun-2009, at 14:57, John Horne wrote:
> > I am currently reconfiguring SA, and have set report_safe to 0. Our
> > 'required' score is 8, and I have also configured:
>
> Raising the required score is clearly a mistake. Setting report safe
> to 0 is generally user-hostile. Setting it to one is the best option
> because it is the least destructive. The original message is
> completely untouched and can be easily recovered.
I don't necessarily agree. It might depend on the users. It's just a
safe (sic) default.
I once (long ago) had a hack to always have the wrapped original mail
displayed inline, rather than attached. Think "expanded by default".
Cause it made reviewing easier. Long ago I switched to report_safe 0,
cause it makes reviewing even easier. ;) The difference being nothing
way down to scroll to...
Yes, that *might* result in images being loaded off the net auto-
matically, depending on your MUA settings. Hence the "safe". But it
really makes reviewing harder, having the user scroll and klick each
single spam.
Recovering from report_safe 0 is a piece of cake, too. Just get rid of
the X-Spam headers. Done. What's destructive about that?
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: SA report header added to ham mail
Posted by LuKreme <kr...@kreme.com>.
On 30-Jun-2009, at 14:57, John Horne wrote:
> I am currently reconfiguring SA, and have set report_safe to 0. Our
> 'required' score is 8, and I have also configured:
Raising the required score is clearly a mistake. Setting report safe
to 0 is generally user-hostile. Setting it to one is the best option
because it is the least destructive. The original message is
completely untouched and can be easily recovered.
> However, as far as I can tell, the X-Spam-Report header gets added to
> ham mail as well as spam.
You must have
add_header all Report _REPORT_
somewhere
--
And, while it was regarded as pretty good evidence of criminality
to be living in a slum, for some reason owning a whole street
of them merely got you invited to the very best social
occasions.
Re: SA report header added to ham mail
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Wed, 2009-07-01 at 01:26 +0200, Mark Martinec wrote:
> > > X-spam-report: Score=-6.9
> > > tests=BAYES_00,DCC_CHECK,RCVD_IN_DNSWL_HI autolearn=ham
> >
> > That is not a standard SA header. Actually, there's quite a lot fishy
> > about that.
> >
> > First of all, SA is incapable of adding it -- all SA generated headers
> > start with X-Spam- (note the uppercase S, since I assume you actually
> > copy-n-pasted it). So something else (your glue, Amavis?) added it? In
> > that case the SA add_header options are likely futile, and instead you
> > should configure your glue.
>
> Btw, not amavis (any), it would add X-Spam-Report, i.e. capitalized.
Oh, capitalization enforced? Thanks, good to know, Mark. Now I'm even
more confused about the header...
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: SA report header added to ham mail
Posted by Mark Martinec <Ma...@ijs.si>.
> > X-spam-report: Score=-6.9
> > tests=BAYES_00,DCC_CHECK,RCVD_IN_DNSWL_HI autolearn=ham
>
> That is not a standard SA header. Actually, there's quite a lot fishy
> about that.
>
> First of all, SA is incapable of adding it -- all SA generated headers
> start with X-Spam- (note the uppercase S, since I assume you actually
> copy-n-pasted it). So something else (your glue, Amavis?) added it? In
> that case the SA add_header options are likely futile, and instead you
> should configure your glue.
Btw, not amavis (any), it would add X-Spam-Report, i.e. capitalized.
Mark
Re: SA report header added to ham mail
Posted by John Horne <jo...@plymouth.ac.uk>.
On Wed, 2009-07-01 at 01:14 +0200, Karsten Bräckelmann wrote:
> On Tue, 2009-06-30 at 21:57 +0100, John Horne wrote:
> > However, as far as I can tell, the X-Spam-Report header gets added to
> > ham mail as well as spam. For example:
> >
> > X-spam-report: Score=-6.9
> > tests=BAYES_00,DCC_CHECK,RCVD_IN_DNSWL_HI autolearn=ham
>
> That is not a standard SA header. Actually, there's quite a lot fishy
> about that.
>
Sorry, lack of information and understanding from my part. SA is called
at SMTP time by the Exim MTA.
I have now found out that exim invokes a connection to spamd, and hence
gets the 'report' back regardless of whether the message is spam or not.
Exim then builds up what it calls:
$spam_report
A multiline text table, containing the full SpamAssassin report
for the message.
I took the $spam_report variable contents to be the same as the
X-Spam-Report header from SA. It is not, it is built from the output
received from spamd.
(The header quoted above by me is deliberately built by us in the MTA,
and called X-Spam-Report by us. Either exim or my mail client is
lowercasing part of it.)
Thanks,
John.
--
---------------------------------------------------------------
John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287
E-mail: John.Horne@plymouth.ac.uk Fax: +44 (0)1752 587001
Re: SA report header added to ham mail
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Tue, 2009-06-30 at 21:57 +0100, John Horne wrote:
> I am currently reconfiguring SA, and have set report_safe to 0. Our
> 'required' score is 8, and I have also configured:
>
> clear_report_template
> report "Score=_SCORE_ tests=_TESTS_ autolearn=_AUTOLEARN_"
The report option does not affect the template used for the Report
header, but the verbatim, mortal user readable form used in the plain
text part of the wrapping mail with report_safe 1.
While it actually matches the given header, I don't think you can change
the header with that. ;) (Or I've missed a template that will be
substituted with the given report option lines.)
> However, as far as I can tell, the X-Spam-Report header gets added to
> ham mail as well as spam. For example:
>
> X-spam-report: Score=-6.9
> tests=BAYES_00,DCC_CHECK,RCVD_IN_DNSWL_HI autolearn=ham
That is not a standard SA header. Actually, there's quite a lot fishy
about that.
First of all, SA is incapable of adding it -- all SA generated headers
start with X-Spam- (note the uppercase S, since I assume you actually
copy-n-pasted it). So something else (your glue, Amavis?) added it? In
that case the SA add_header options are likely futile, and instead you
should configure your glue.
Also, that actually looks like a SA Status header (customized), minus a
leading YesNo and a trailing version. So either this is your glue
responsible, or you got some custom add_header options in your cf files.
Oh, any typo'd the snippet. ;)
A Status header by default tersely lists all tests hit, similar to the
above. A Report header lists all tests hit including score, description
and meta info.
> (taken from a received message; line wrapped be me). I have no problem
> with the header being added, and in fact that is what I wanted. However,
> I am a bit confused because the man page says it should only be added
> for spam mail.
>
> Can someone clarify what is going on please. Is there anything I need to
> do to the config to ensure that the above report is added to all mail
> (despite is seeming to happen anyway)?
Since your glue appears to add its own headers instead of stock SA ones,
you should look there. As far as SA itself is concerned, the Status
header (similar to the above) will be added by default anyway.
A verbose Report header added to add mail should be doable with
something like this:
add_header all Report _REPORT_
See the add_header option in the docs [1], Basic Message Tagging Options
section. Also see the Template Tags section.
guenther
[1] http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Conf.html
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}