You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Paul Hugill <pa...@pdh.me.uk> on 2011/04/25 14:01:33 UTC
Editing Headers for SA Spam Report
Hi All,
I have SA (v3.2.3) installed along with hMailServer and it is
working great but I just wanted to check if you can make changes to the
default headers that are inherited on the spam report.
I would like to
include an extra one so that this header 'X-hMailServer-ExternalAccount' is
also included in the report headers.
In the tagging section here,
http://spamassassin.apache.org/full/3.2.x/doc/spamassassin.txt [1], it
mentions that From & To etc are inherited from the original and it would be
great to be able to add this one too so that I can tell which account is
getting all the spam.
Thanks in advance
Paul
P.S First post to a
mailing so sorry if I have done it wrong.
Links:
------
[1]
http://spamassassin.apache.org/full/3.2.x/doc/spamassassin.txt
Re: Editing Headers for SA Spam Report
Posted by Paul Hugill <pa...@pdh.me.uk>.
On Tue, 26 Apr 2011 04:38:36 +0200, Karsten Bräckelmann wrote:
>
Please keep the thread on-list, unless you definitely intend to
contact
> me personally. Even "topic solved" posts like this are
worthwhile to
> have on the list.
>
> On Mon, 2011-04-25 at 19:58
+0000, Paul Hugill wrote:
>
>> Looks like that will do the job
perfectly, thanks for pointing me in the right direction. I only skimmed
the Report Safe section and missed that so sorry.
>
> Unfortunately,
they are not in the same section of the docs, so it is
> easy to
overlook the header specific one. But then again it's a really
>
esoteric option, I believe not discussed in years on the list.
>
>
Anyway, both report_safe_copy_headers as well as report_safe should
>
solve your issue, depending on your preference.
>
>> Thanks for
pointing out the trusted network too, I'll take a look at that when I
get a chance but dont think I get enough traffic to worry about that too
much yet.
>
> It's not actually about traffic or volume. Point is, with
missing mail
> relays like in this forwarder case, almost none of the
highly valuable
> RCVD_IN_* network tests are going to work, just like a
whole lot of
> Received specific rules.
>
> They only will work if the
forwarders are included in the trusted
> network (or auto-detected, as
with fetchmail headers) -- in the POP3
> harvesting case, this includes
the POP3 server, internal infrastructure
> if any, and the MX if
different from the POP3 server.
> Ah, so you don't want to add that
header, but to inherit it from the attached, original mail. Got ya. :)
So, from your description and the issue being an issue at all, it
appears you have set the report_safe option to the default of 1, or
possibly even 2. This means, a report message will be created by SA for
identified spam, the original mail attached unaltered, and just a very
few essential headers are inherited to the report. See the M::SA::Conf
[1] docs, section Miscellaneous Options. The option you want is
report_safe_copy_headers X-hMailServer-ExternalAccount
> 00%">
Thanks
Karsten, solved perfectly.
Also, thanks for the pointers on keeping it
on-list. This is my first posting to a usergroup list so not quite up on
the etiquette yet.
Re: Editing Headers for SA Spam Report
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
Please keep the thread on-list, unless you definitely intend to contact
me personally. Even "topic solved" posts like this are worthwhile to
have on the list.
On Mon, 2011-04-25 at 19:58 +0000, Paul Hugill wrote:
> Looks like that will do the job perfectly, thanks for pointing me in
> the right direction.
> I only skimmed the Report Safe section and missed that so sorry.
Unfortunately, they are not in the same section of the docs, so it is
easy to overlook the header specific one. But then again it's a really
esoteric option, I believe not discussed in years on the list.
Anyway, both report_safe_copy_headers as well as report_safe should
solve your issue, depending on your preference.
> Thanks for pointing out the trusted network too, I'll take a look at
> that when I get a chance but dont think I get enough traffic to worry
> about that too much yet.
It's not actually about traffic or volume. Point is, with missing mail
relays like in this forwarder case, almost none of the highly valuable
RCVD_IN_* network tests are going to work, just like a whole lot of
Received specific rules.
They only will work if the forwarders are included in the trusted
network (or auto-detected, as with fetchmail headers) -- in the POP3
harvesting case, this includes the POP3 server, internal infrastructure
if any, and the MX if different from the POP3 server.
> On Mon, 25 Apr 2011 19:52:47 +0200, Karsten Bräckelmann wrote:
> > Ah, so you don't want to add that header, but to inherit it from the
> > attached, original mail. Got ya. :)
> >
> > So, from your description and the issue being an issue at all, it
> > appears you have set the report_safe option to the default of 1, or
> > possibly even 2. This means, a report message will be created by SA for
> > identified spam, the original mail attached unaltered, and just a very
> > few essential headers are inherited to the report.
> >
> > See the M::SA::Conf [1] docs, section Miscellaneous Options. The option
> > you want is
> >
> > report_safe_copy_headers X-hMailServer-ExternalAccount
> > On a related note, since you are processing mail fetched from a POP3
> > account, you should make sure your trusted networks are set up properly,
> > or correctly auto-detected by SA. These external mail servers should be
> > included, so SA checks the correct IP addresses against DNSBLs.
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Editing Headers for SA Spam Report
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Mon, 2011-04-25 at 18:18 +0100, Paul Hugill wrote:
> On Mon, 25 Apr 2011 16:59:22 +0200, Karsten Bräckelmann wrote:
> > > I would like to include an extra one so that this header
> > > 'X-hMailServer-ExternalAccount' is also included in the report
> > > headers. [...] add this one too so that I can tell which account is
> > > getting all the spam.
> >
> > I am not absolutely sure which "external account" you are referring to
> > here, but it appears this is either specific to hMailServer, or your
> > particular environment (like fetching external mail accounts). In both
> > these cases, this information is not available to SA. So, no, SA can not
> > add such a header.
> >
> > You might want to elaborate on what that "external account" actually is,
> > though, just in case someone has an idea...
>
> I have hMailServer running and passing the emails to spamd when emails
> are received.
>
> The header 'X-hMailServer-ExternalAccount:<NAME OF ACCOUNT>' is added
> to incoming email if it is pulled from a pop account and put into the
> mailbox. hMailServer adds the header before passing the email to SA
> (the original email attached to the spam report includes this header)
> so I would assume that SA sees this header at the time of processing.
Ah, so you don't want to add that header, but to inherit it from the
attached, original mail. Got ya. :)
So, from your description and the issue being an issue at all, it
appears you have set the report_safe option to the default of 1, or
possibly even 2. This means, a report message will be created by SA for
identified spam, the original mail attached unaltered, and just a very
few essential headers are inherited to the report.
See the M::SA::Conf [1] docs, section Miscellaneous Options. The option
you want is
report_safe_copy_headers X-hMailServer-ExternalAccount
An alternative solution to your specific issue would be, to set
report_safe 0 -- in that case, SA does generate a new reporting message,
but simply adds its own X-Spam headers to the original, otherwise still
unaltered. This gets rid of the wrapper mail, which makes handling and
reviewing spam easier. Additionally, it solves your issue because the
original message and its headers are not wrapped in an attachment -- and
thus available in the message headers after SA processing.
On a related note, since you are processing mail fetched from a POP3
account, you should make sure your trusted networks are set up properly,
or correctly auto-detected by SA. These external mail servers should be
included, so SA checks the correct IP addresses against DNSBLs.
[1] http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Conf.html
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Editing Headers for SA Spam Report
Posted by Paul Hugill <pa...@pdh.me.uk>.
On Mon, 25 Apr 2011 16:59:22 +0200, Karsten Bräckelmann wrote:
> On Mon,
2011-04-25 at 13:01 +0100, Paul Hugill wrote:
>> I have SA (v3.2.3)
installed along with hMailServer and it is working
>> great but I just
wanted to check if you can make changes to the
>> default headers that are
inherited on the spam report.
>
> You can, though slightly limited. See
the 'add_header' option and the
> section Template Tags in the Conf docs.
>
Thanks Karsten
I had looked at that but I don't think it does quite what
I want.
I only want to add the header to certain emails (depending on the
original email) and it seems to be fairly limited in the types of headers
anyway.
>> I would like to include an extra one so that this header
>>
'X-hMailServer-ExternalAccount' is also included in the report
>> headers.
[...] add this one too so that I can tell which account is
>> getting all
the spam.
>
> I am not absolutely sure which "external account" you are
referring to
> here, but it appears this is either specific to hMailServer,
or your
> particular environment (like fetching external mail accounts). In
both
> these cases, this information is not available to SA. So, no, SA can
not
> add such a header.
>
> You might want to elaborate on what that
"external account" actually is,
> though, just in case someone has an
idea...
I have hMailServer running and passing the emails to spamd when
emails are received.
The header 'X-hMailServer-ExternalAccount:' is added
to incoming email if it is pulled from a pop account and put into the
mailbox.
hMailServer adds the header before passing the email to SA (the
original email attached to the spam report includes this header) so I would
assume that SA sees this header at the time of processing.
What I want is
to do is have SA do the same thing that it does for the From, To and Date
headers to the custom one and get the report to inherit that if it
exists.
If it isnt possible to make this header inherited on the report, is
it possible to write a line into the body of the report depending on what
the header was orignally?
Re: Editing Headers for SA Spam Report
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Mon, 2011-04-25 at 13:01 +0100, Paul Hugill wrote:
> I have SA (v3.2.3) installed along with hMailServer and it is working
> great but I just wanted to check if you can make changes to the
> default headers that are inherited on the spam report.
You can, though slightly limited. See the 'add_header' option and the
section Template Tags in the Conf docs.
> I would like to include an extra one so that this header
> 'X-hMailServer-ExternalAccount' is also included in the report
> headers. [...] add this one too so that I can tell which account is
> getting all the spam.
I am not absolutely sure which "external account" you are referring to
here, but it appears this is either specific to hMailServer, or your
particular environment (like fetching external mail accounts). In both
these cases, this information is not available to SA. So, no, SA can not
add such a header.
You might want to elaborate on what that "external account" actually is,
though, just in case someone has an idea...
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Editing Headers for SA Spam Report
Posted by jdow <jd...@earthlink.net>.
On 2011/04/25 05:01, Paul Hugill wrote:
> Hi All,
> I have SA (v3.2.3) installed along with hMailServer and it is working great
> but I just wanted to check if you can make changes to the default headers
> that are inherited on the spam report.
>
> I would like to include an extra one so that this header
> 'X-hMailServer-ExternalAccount' is also included in the report headers.
> In the tagging section here,
> http://spamassassin.apache.org/full/3.2.x/doc/spamassassin.txt, it mentions
> that From & To etc are inherited from the original and it would be great to
> be able to add this one too so that I can tell which account is getting all
> the spam.
With procmail you can do this:
# This happens when wibbles have wobbled.
:0 fw: wibbles.lock
* !^Subject: Wibbles
| formail -A "X-Wibbles: Wibbles wobbled properly."
(The "magic" is the "formail" line.)
{^_^}