You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2009/09/08 21:07:44 UTC

[Bug 6195] New: tflag to capture matching text of rule to log?

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6195

           Summary: tflag to capture matching text of rule to log?
           Product: Spamassassin
           Version: unspecified
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: spamc/spamd
        AssignedTo: dev@spamassassin.apache.org
        ReportedBy: jhardin@impsec.org


Anybody think it would be useful to have a tflag that would say "Write the
matching text for this rule to the log" ?

-- 
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

[Bug 6195] tflag to capture matching text of rule to log?

Posted by bu...@bugzilla.spamassassin.org.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6195





--- Comment #1 from Karsten Bräckelmann <gu...@rudersport.de>  2009-09-08 13:42:59 PST ---
Sounds like a request for an 80s style printf debugging. :)

Thinking of something like tflags debug, to get the same result as -D for a
specific rule, without all of the un-interesting, very verbose debug spewage?

Could be useful to watch rules still in development, or added fresh on a
production machine.

However, IMHO it needs to be used with caution. In particular it never should
be enabled in the stock rule-set, nor sandboxes. This should be entirely at the
discretion of the admin or developer.

-- 
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

[Bug 6195] tflag to capture matching text of rule to log?

Posted by bu...@bugzilla.spamassassin.org.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6195





--- Comment #4 from John Hardin <jh...@impsec.org>  2009-09-08 16:43:20 PST ---
(In reply to comment #3)
> (In reply to comment #2)
> > Actually, it's in response to a thread currently underway on the users list,
> > where the OP was lamenting that SA didn't log the first external IP address
> > (among other bits of the message).
> 
> That's an entirely different cattle of fish then. That user is missing the
> spamd logs where it does report all rules hit, the score, user and much more.
> About all he has are the prefork logs -- a user problem, SA does indeed log
> more.

I pointed that out to him, I don't know if he picked up on my comment.

> So the next stop is a simple, custom logging plugin. Easy to log what he asked
> for -- not sure if it also could log arbitrary rules' matches. Probably not,
> I'm afraid.

That's why I suggested a tflag rather than a plugin. It's more flexible.

> Anyway, he first needs to sort out his log issues. That's outside the scope of
> this enhancement request. As-is, this cannot possibly help him.

Agreed, but it did suggest the idea.

> > I was thinking such a tflag would be a more-general solution than playing
> > whack-a-mole with hardcoded lists of "what about the message do we want to
> > log?"
> 
> My interpretation sounds more like a promising reason to ever implement this.
> ;)

That, too. :)

> > Granted you could easily blow your foot off with it... :)
> 
> Definitely agreed. WRT this reason for the enhancement request, I'd be much
> more happy with some options to add logging lines or alter existing ones. And
> restrict its scope to the templates, rather than arbitrary RE matches.

But what about the Unix philosophy of "here's plenty of rope..."

-- 
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

[Bug 6195] tflag to capture matching text of rule to log?

Posted by bu...@bugzilla.spamassassin.org.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6195


John Hardin <jh...@impsec.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jhardin@impsec.org




--- Comment #2 from John Hardin <jh...@impsec.org>  2009-09-08 14:00:08 PST ---
Actually, it's in response to a thread currently underway on the users list,
where the OP was lamenting that SA didn't log the first external IP address
(among other bits of the message).

I was thinking such a tflag would be a more-general solution than playing
whack-a-mole with hardcoded lists of "what about the message do we want to
log?"

Granted you could easily blow your foot off with it... :)

-- 
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

[Bug 6195] tflag to capture matching text of rule to log?

Posted by bu...@bugzilla.spamassassin.org.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6195





--- Comment #5 from Karsten Bräckelmann <gu...@rudersport.de>  2009-09-08 16:53:59 PST ---
> But what about the Unix philosophy of "here's plenty of rope..."

Don't get too hung on the "restrict".  Instead, read it as altering this
enhancement request from tflags to some add_log option, equivalent to the
add_header options.

As per comment 1, I do see some use for the tflags, or rather per-rule options,
though not exactly in the sense of what triggered this in the first place --
but an aid to watch some yet un-trusted RE matches.

-- 
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

[Bug 6195] tflag to capture matching text of rule to log?

Posted by bu...@bugzilla.spamassassin.org.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6195





--- Comment #3 from Karsten Bräckelmann <gu...@rudersport.de>  2009-09-08 15:57:56 PST ---
(In reply to comment #2)
> Actually, it's in response to a thread currently underway on the users list,
> where the OP was lamenting that SA didn't log the first external IP address
> (among other bits of the message).

That's an entirely different cattle of fish then. That user is missing the
spamd logs where it does report all rules hit, the score, user and much more.
About all he has are the prefork logs -- a user problem, SA does indeed log
more.

(Just noticed: "All he has shown", mind you. The snippet posted to the list is
starting and stopping SA minutes later. He didn't even claim he fed spamd a
message.)


The last-external is available as templates, and easily could be injected into
all messages for dead-simple checking. Well, if he wouldn't "reject" spam.

So the next stop is a simple, custom logging plugin. Easy to log what he asked
for -- not sure if it also could log arbitrary rules' matches. Probably not,
I'm afraid.

Anyway, he first needs to sort out his log issues. That's outside the scope of
this enhancement request. As-is, this cannot possibly help him.


> I was thinking such a tflag would be a more-general solution than playing
> whack-a-mole with hardcoded lists of "what about the message do we want to
> log?"

My interpretation sounds more like a promising reason to ever implement this.
;)

> Granted you could easily blow your foot off with it... :)

Definitely agreed. WRT this reason for the enhancement request, I'd be much
more happy with some options to add logging lines or alter existing ones. And
restrict its scope to the templates, rather than arbitrary RE matches.

-- 
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.