[Mimedefang] Question about Quarantining msgs w/ high SA score
Cormack, Ken
kcormack at acs.roadway.com
Tue Jul 15 14:04:01 EDT 2003
List -
I am running MIMEDefang 2.35, with Sendmail 8.12.9 and Mail::SpamAssassin
2.55, on a RedHat 8.0 box. The Perl is v5.8.0. The output of
"mimedefang.pl -features" appears at the end of this message, so that you
can see what other modules/versions are installed on this particular system.
The box in question is an external gateway in our DMZ. We've had great
success with MIMEDefang over the past couple months, and have enjoyed adding
a few of our own customizations to the rules. However, a simple little
thing has me puzzled, at the moment.
In /etc/mail/mimedefang-filter, in sub filter_end, just above the
"action_change_header" call which adds the X-Spam-Score header, we've added
the following code.
if ($hits >= 20) {
action_add_part($entity, "text/plain", "-suggest",
"$report\n",
"SpamAssassinReport.txt", "inline");
action_quarantine_entire_message("Message quarantined as spam,
with a score of $hits\n");
md_graphdefang_log('high_sa_score');
return action_discard();
}
The intent was to quarantine any message with an SA score greater than )or
equal to) 20, but before quarantining it, we wanted the SA report added.
Although the quarantining is working fine, and the MSG.* file in
/var/spool/MD-Quarantine/qdir-whatever is there with our "Message
quarantined as spam" message, there is no report output from SpamAssassin
present in the directory.
Am I just missing something simple?
As an FYI, we commented out, the occurance of the occurance of the folowing
lines, in there original location:
# If you find the SA report useful, add it, I guess...
# action_add_part($entity, "text/plain", "-suggest",
# "$report\n",
# "SpamAssassinReport.txt", "inline");
We merely wanted to add the report data only to quarantined messages, not to
every message (though we do still add the X-Spam-Score header).
Any thoughts from the group, on what I missed, would be a great help.
Thanks!
Here's the output of "mimedefang.pl -features"...
MIMEDefang version 2.35
File::Scan : yes
HTML::Parser : yes
HTML::TokeParser : yes
HTMLCleaner : yes
Path:CONFDIR : yes (/etc/mail)
Path:QUARANTINEDIR : yes (/var/spool/MD-Quarantine)
Path:SENDMAIL : yes (/usr/sbin/sendmail)
Path:SPOOLDIR : yes (/var/spool/MIMEDefang)
SpamAssassin : yes
Unix::Syslog : yes
Virus:FileScan : yes
Virus:AVP : no
Virus:CLAMAV : no
Virus:CLAMD : no
Virus:FPROT : no
Virus:FPROTD : no
Virus:FSAV : no
Virus:HBEDV : no
Virus:NAI : no
Virus:NVCC : no
Virus:OpenAV : no
Virus:SOPHIE : no
Virus:SOPHOS : no
Virus:SymantecCSS : no
Virus:TREND : no
Virus:TROPHIE : no
Virus:VEXIRA : no
IO::Socket : Version 1.27
MIME::Tools : Version 5.411
MIME::Words : Version 5.404
Digest::SHA1 : Version 2.02
Mail::SpamAssassin : Version 2.55
Anomy::HTMLCleaner : Version 1.21
File::Scan : Version 0.59
HTML::Parser : Version 3.28
HTML::TokeParser : Version 2.24
Unix::Syslog : Version 0.99
KEN CORMACK
Sr. UNIX Systems Analyst,
Open Systems Group
Sr. Software Analyst,
TSG Midrange Systems Group
AFFILIATED COMPUTER SERVICES, INC.
557 E. Tallmadge Ave., Akron, OH 44310
mailto:kcormack at acs.roadway.com
mailto:ken.cormack at acs-inc.com
Phone: (330) 643-6372
Fax: (330) 643-6367
Pager: (800) 946-4646 Pin 1437331
E-Page: mailto:1437331 at archwireless.net
"If that that is 'is' is that that is not 'not is', is that that is 'not is'
that that is not 'is'? It is!" - Ken Cormack
More information about the MIMEDefang
mailing list