You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Andreas Dunkl <ml...@dunkl.net> on 2010/08/09 17:16:20 UTC
spamc REPORT/PROCESS Confusion
Hi there,
For a Test, we setup the following scenario:
Box-A: Running Ubuntu 10.04, Spamassassin 3.3.1 compiled from source.
SA is configured to accept remote connections from specified IP´s, which
works perfectly. No special Setup yet, no external rules, no nothing.
Box-B: Running a Commercial Product with some-kind-of SA integrated
(MDaemon), and the Option to configure an external SA.
When setting up Box-A as external spamd on Box-B, the following occurs:
(I just dumped the Traffic via ngrep to see what happens, IP/Hostnames
wiped out for Privacy Reasons)
T B.B.B.B:1751 -> A.A.A.A:783 [AP]
REPORT SPAMC/1.3..Content-length: 2172....
T B.B.B.B:1751 -> A.A.A.A:783 [A]
Return-Path: <bl...@tld.invalid>..Received: from somehost.tld
(somehost.tld [x.x.x.x]) by hostname-of-box-B (--MDaemon Spam Filter--);
Mon, 09 Aug 2010 16:47:52 +0200..Received: from
and so on.
The interesting Part is the Answer of spamd:
T A.A.A.A:783 -> B.B.B.B:1751 [AP]
SPAMD/1.1 0 EX_OK..
T A.A.A.A:783 -> B.B.B.B:1751 [AFP]
Content-length: 693..Spam: False ; 0.8 / 6.5....Spam detection
software, running on the system "hostname-of-Box-A", has.identified this
incoming email as possible spam. The original message.has bee
n attached to this so you can view it (if it isn't spam) or
label.similar future email. If you have any questions, see.the
administrator of that system for details...Content preview: FFF bla etc
[...]
This happens everytime, no matter if the Score is above Threshold or
not. For sure, Box-B dumps this information into the headers :)
Just for Fun, i configured another box (Box-C) (which is in Production
for months) as an external spamd for Box-B, which gives me the same
curios results as above.
Using another spamc (The one running on Box-C), the answers are as
expected (report_safe 1) Notice PROCESS instead of REPORT, also the
Protocolversions are diferent:
T C.C.C.C:37088 -> A.A.A.A:783 [AP]
PROCESS SPAMC/1.5..User: someuser@tld.invalid..Content-length:
1189....
T C.C.C.C:37088 -> A.A.A.A:783 [AFP]
X-Envelope-From: whatever@whatever.invalid.Received: from <snip>
Results in:
T B.B.B.B:783 -> C.C.C.C:37088 [AP]
SPAMD/1.1 0 EX_OK..Content-length: 1362..Spam: False ; -1.9 /
6.5....X-Spam-Level: .X-Spam-Status: No, score=-1.9 require
d=6.5 tests=BAYES_00,TVD_SPACE_RATIO..autolearn=no
version=3.3.1.X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16).
Am i doing something completely wrong here? Just wondering.
andy
Re: spamc REPORT/PROCESS Confusion
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
Please keep threads on-list, unless you specifically want to talk to me.
Even "boring" end-of-line posts are worthwhile information to the full
thread.
On Tue, 2010-08-10 at 18:43 +0200, Andreas Dunkl wrote:
> Am 10.08.2010 13:42, schrieb Karsten Bräckelmann:
> > Well, that one paragraph isn't a good summary of my point. ;)
>
> :)
>
> > It might be worth digging up where these options are set on your box,
> > and correct them.
>
> not possible for me, there´s no Src and no config, which i can modify...
>
> I will post some questions on another place, anyway, thx for input!
Ah, I see. Right, in that case, talking to the vendor is your only
option. Hope my previous explanation helped understanding the issue, and
maybe even helps talking to the vendor's support.
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: spamc REPORT/PROCESS Confusion
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Tue, 2010-08-10 at 10:51 +0200, Andreas Dunkl wrote:
> Am 09.08.2010 18:17, schrieb Karsten Bräckelmann:
>
> > That commercial application running on box B uses different options with
> > spamc. If it adds the returned string as headers, it is broken.
>
> Ooook, i got the Point.
>
> Thx for your Input.
Well, that one paragraph isn't a good summary of my point. ;)
By detailed in-line comments explaining all your findings, I was showing
that the problem spamc on box B (if it is spamc), is using some options
that are not standard. As pointed out, these options are either
explicitly added when calling spamc, or are placed in the site config
spamc.conf file.
It might be worth digging up where these options are set on your box,
and correct them.
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: spamc REPORT/PROCESS Confusion
Posted by Andreas Dunkl <ml...@dunkl.net>.
Hi there,
Am 09.08.2010 18:17, schrieb Karsten Bräckelmann:
> That commercial application running on box B uses different options with
> spamc. If it adds the returned string as headers, it is broken.
Ooook, i got the Point.
Thx for your Input.
andy
Re: spamc REPORT/PROCESS Confusion
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Mon, 2010-08-09 at 17:16 +0200, Andreas Dunkl wrote:
> Box-A: Running Ubuntu 10.04, Spamassassin 3.3.1 compiled from source.
> SA is configured to accept remote connections from specified IP´s, which
> works perfectly. No special Setup yet, no external rules, no nothing.
>
> Box-B: Running a Commercial Product with some-kind-of SA integrated
> (MDaemon), and the Option to configure an external SA.
>
> When setting up Box-A as external spamd on Box-B, the following occurs:
> (I just dumped the Traffic via ngrep to see what happens, IP/Hostnames
> wiped out for Privacy Reasons)
>
> T B.B.B.B:1751 -> A.A.A.A:783 [AP]
> REPORT SPAMC/1.3..Content-length: 2172....
Protocol version 1.3? This appears to be a really old spamc, AFAIK
pre-dating SA 3.2.0.
> The interesting Part is the Answer of spamd:
>
> T A.A.A.A:783 -> B.B.B.B:1751 [AP]
> SPAMD/1.1 0 EX_OK..
>
> T A.A.A.A:783 -> B.B.B.B:1751 [AFP]
> Content-length: 693..Spam: False ; 0.8 / 6.5....Spam detection
REPORT -- Check if message is spam or not, and return score plus report
> Just for Fun, i configured another box (Box-C) (which is in Production
> for months) as an external spamd for Box-B, which gives me the same
> curios results as above.
Sure. The behavior you see is caused by the command spamc issues, not
affected by the spamd server.
> Using another spamc (The one running on Box-C), the answers are as
> expected (report_safe 1) Notice PROCESS instead of REPORT, also the
> Protocolversions are diferent:
>
> T C.C.C.C:37088 -> A.A.A.A:783 [AP]
> PROCESS SPAMC/1.5..User: someuser@tld.invalid..Content-length:
> 1189....
PROCESS -- Process this message as described above and return modified
message
> Results in:
>
> T B.B.B.B:783 -> C.C.C.C:37088 [AP]
> SPAMD/1.1 0 EX_OK..Content-length: 1362..Spam: False ; -1.9 /
> 6.5....X-Spam-Level: .X-Spam-Status: No, score=-1.9 require
> d=6.5 tests=BAYES_00,TVD_SPACE_RATIO..autolearn=no
> version=3.3.1.X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16).
The original message, with the X-Spam headers added.
> Am i doing something completely wrong here? Just wondering.
That commercial application running on box B uses different options with
spamc. If it adds the returned string as headers, it is broken.
See man spamc. Command line options resulting in the observed behavior
can directly be given when calling spamc, or in a special spamc.conf
file in your site configuration dir.
If the application doesn't actually call spamc, it is just plain broken
and you want to take t up with the support of the commercial product.
The spamd/PROTOCOL file in the sources might be interesting, too.
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}