You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by "Dan Mahoney, System Admin" <da...@prime.gushi.org> on 2006/12/14 18:11:11 UTC
Re: [sa-list] Re: Way to skip scanning per-user?
On Thu, 14 Dec 2006, Theo Van Dinter wrote:
> On Thu, Dec 14, 2006 at 11:59:26AM -0500, Dan Mahoney, System Admin wrote:
>> I'm looking for an easy way to override ALL scanning (NOT scoring) for a
>> specific user.
>
> Don't send mails for that user to SA.
At the moment, that's a hack in the system-wide procmailrc that I don't
know how to do, since the only thing procmail knows about userspace is
"dropprivs="yes"", and there's no translation for an easy way to equate
that to email address (i.e. it allows me to do it per *domain* not per
user, i.e. *@mydomain.com, but if a user has two domains, then I'd have to
do them each separately).
>> what I want instead is some special way that SA will say "nope, not even
>> testing" and "short circuit".
>
> At the moment, you can't do that.
>> This shouldn't be a difficult feature to implement at all -- I'd imagine
>> about three lines of code :)
>
> There's code in 3.2 to do it, but it's still the most efficient to just not
> call SA for mails you don't want scanned (SA will still need to do all the
> processing to start looking at the mail, until it realizes that the mail is
> whitelisted or whatever, and then stop processing).
Presuming we're looking for the value of the "user" based on the email
address, yes, I understand, but can't you check the value of -u before you
even do that? (i.e. at the earliest point)
-Dan
--
"A mother can be an inspiration to her little son, change his thoughts,
his mind, his life, just with her gentle hum."
-No Doubt, "Different People", from "Tragic Kingdom"
--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
Site: http://www.gushi.org
---------------------------
Re: Way to skip scanning per-user?
Posted by "Dan Mahoney, System Admin" <da...@prime.gushi.org>.
On Thu, 14 Dec 2006, Theo Van Dinter wrote:
As an aside, part of this is why I had asked for (a while back) a way to
specify the "domain" portion of the -u argument, i.e. so it could be done
per-calling server (i.e. it is assumed that if shell server A and shell
server B, each with a distinct user-base are sharing a spamd machine, then
their user bases will have prefnames derived from the hostnames of A and
B.) -- regardless of the email address used.
i.e. localusername @ suffix (where the suffix is supplied to spamc in some
global config file, and the localusername is automatic). Knowing how to
do this (get the current username) in procmail (without firing up perl or
even SED -- I could call a binary like "whoami" but that's a bit less
universal) would also make THIS mostly unnecessary.
Again, this is not at all based on email address (except in the case of
emails like mine, where my address accurately reflects the FQDN of the
calling server -- but then I've always been the exception rather than the
rule), but on UID and HOSTNAME.
The servers in question have 400 uids each, two hostnames, and potentially
MILLIONS of email addresses, especially in a dictionary attack, where the
user has a catch-all account. Which does it make sense to modify stats
by?
--
"I am a professional drinker, and I know that that was NOT Jose Cuervo!"
"Well, what was it then?"
"I think it was some mixture of Rubbing Alcohol, and Desenex(TM) Foot
Powder, because my feet feel okay, and my back doesn't hurt, but my
stomach is killing me!"
-Dan Mahoney, Costa Rica, August 12th, 1994
--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
Site: http://www.gushi.org
---------------------------
Re: [sa-list] Re: [sa-list] Re: Way to skip scanning per-user?
Posted by Theo Van Dinter <fe...@apache.org>.
On Thu, Dec 14, 2006 at 12:26:54PM -0500, Dan Mahoney, System Admin wrote:
> I'm running procmail with dropprivs=yes. There's no easy procmail thing
> for (getpwnam($<)) and I do NOT feel like firing up perl on every message
> to evaluate that just to figure out if I should fire up the C program that
> I use so I don't have to fire up perl.
There are environment variables with this kind of info. Look at LOGNAME, for
instance. Worst case, you could run "id -un" and get the information that
way.
--
Randomly Selected Tagline:
"To the engineer, the world is a toy box full of sub-optimized and
feature-poor toys." - Scott Adams
Re: [sa-list] Re: [sa-list] Re: Way to skip scanning per-user?
Posted by "Dan Mahoney, System Admin" <da...@prime.gushi.org>.
On Thu, 14 Dec 2006, Theo Van Dinter wrote:
> On Thu, Dec 14, 2006 at 12:11:11PM -0500, Dan Mahoney, System Admin wrote:
>> At the moment, that's a hack in the system-wide procmailrc that I don't
>> know how to do, since the only thing procmail knows about userspace is
>> "dropprivs="yes"", and there's no translation for an easy way to equate
>> that to email address (i.e. it allows me to do it per *domain* not per
>> user, i.e. *@mydomain.com, but if a user has two domains, then I'd have to
>> do them each separately).
>
> If you're using procmail, you could look at the X-Original-To (or similar)
> header to figure out who the mail is going to. Otherwise, you could modify
> your setup to pass information in to procmail from the MTA.
>
>> Presuming we're looking for the value of the "user" based on the email
>> address, yes, I understand, but can't you check the value of -u before you
>> even do that? (i.e. at the earliest point)
>
> Ah, there you're talking about spamc/spamd which is a different beasty all
> together. If you want to skip checks based on how you're calling spamc, then
> check the value you're going to use for the username and don't call spamc if
> you don't want the mail scanned.
I'm running procmail with dropprivs=yes. There's no easy procmail thing
for (getpwnam($<)) and I do NOT feel like firing up perl on every message
to evaluate that just to figure out if I should fire up the C program that
I use so I don't have to fire up perl.
I see procmail macros for the email address, and for the _TO thing, but
NOTHING that just gives you the goddamned login.
I don't need -u on spamc, spamc just picks up that username and runs with
it. If I'm running spamc as danm, spamd grabs danm's prefs.
When I said -u, I was asking how spamd would recognize the implied value
of -u, not the actual command line flag.
If that makes sense?
-Dan
--
"It would be bad."
-Egon Spengler, "Ghostbusters"
--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
Site: http://www.gushi.org
---------------------------
Re: [sa-list] Re: [sa-list] Re: Way to skip scanning per-user?
Posted by "Dan Mahoney, System Admin" <da...@prime.gushi.org>.
One of my users just started getting slammed. This one user, out of 400+
is getting a dictionary attack that's overwhelming all my spamd process
slots.
Doing this on the spamd side would make simply stopping this really simple
-- even programmatically (i.e. automatically). Manually, even with the
best .procmailrc in the world I don't have a way.
Just my 0.02
-Dan
--
"We are basically...'Bandwidth Pimps'...Hrmmm...But that's cool man! You see these gold chains? It's all good!"
-Ali Dhoon
03/03/2003, 7PM
--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
Site: http://www.gushi.org
---------------------------
Re: [sa-list] Re: Way to skip scanning per-user?
Posted by "John D. Hardin" <jh...@impsec.org>.
On Thu, 14 Dec 2006, Theo Van Dinter wrote:
> On Thu, Dec 14, 2006 at 12:11:11PM -0500, Dan Mahoney, System Admin wrote:
> > At the moment, that's a hack in the system-wide procmailrc that I don't
> > know how to do, since the only thing procmail knows about userspace is
> > "dropprivs="yes"", and there's no translation for an easy way to equate
> > that to email address (i.e. it allows me to do it per *domain* not per
> > user, i.e. *@mydomain.com, but if a user has two domains, then I'd have to
> > do them each separately).
>
> If you're using procmail, you could look at the X-Original-To (or
> similar) header to figure out who the mail is going to.
> Otherwise, you could modify your setup to pass information in to
> procmail from the MTA.
Try looking at $LOGNAME. Procmail knows who it's delivering the
message to - it's a *delivery agent* after all.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
It is not the business of government to make men virtuous or
religious, or to preserve the fool from the consequences of his own
folly. -- Henry George
-----------------------------------------------------------------------
Tomorrow: Bill of Rights day
Re: [sa-list] Re: Way to skip scanning per-user?
Posted by Theo Van Dinter <fe...@apache.org>.
On Thu, Dec 14, 2006 at 12:11:11PM -0500, Dan Mahoney, System Admin wrote:
> At the moment, that's a hack in the system-wide procmailrc that I don't
> know how to do, since the only thing procmail knows about userspace is
> "dropprivs="yes"", and there's no translation for an easy way to equate
> that to email address (i.e. it allows me to do it per *domain* not per
> user, i.e. *@mydomain.com, but if a user has two domains, then I'd have to
> do them each separately).
If you're using procmail, you could look at the X-Original-To (or similar)
header to figure out who the mail is going to. Otherwise, you could modify
your setup to pass information in to procmail from the MTA.
> Presuming we're looking for the value of the "user" based on the email
> address, yes, I understand, but can't you check the value of -u before you
> even do that? (i.e. at the earliest point)
Ah, there you're talking about spamc/spamd which is a different beasty all
together. If you want to skip checks based on how you're calling spamc, then
check the value you're going to use for the username and don't call spamc if
you don't want the mail scanned.
--
Randomly Selected Tagline:
Every man has the freedom to jump as high as his own penis.