[Mimedefang] all_spam_to abuse

Steffen Kaiser skmimedefang at smail.inf.fh-bonn-rhein-sieg.de
Thu Feb 23 04:11:45 EST 2012 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 21 Feb 2012, Chris Flav wrote:

> Hmm.  I added this block to filter_end and it only rejects email sent if none of the recipients are listed in all_spam_to;
>
> #if score > 15 reject smtp connection
>   if ($hits >= 15) {
>      md_syslog('info',"REJECTED $QueueID - score: ($hits) - RULES: $names, $RelayAddr");
>      action_bounce("Message rejected for policy reasons");
>   }
>
> since one of the recipients is listed in all_spam_to, the returned SA 
> score is -80.  This is why I want to check for the existence of 
> USER_IN_ALL_SPAM_TO in the scoring rules, and then strip out anyone who 
> is not listed in local.cf.

you could implement "all spam to" in MIMEDefang rather SpamAssassin:

my %all_spam_to_addr = (
 	lc('spambox at example.com'} => 1,
 	lc('Mr.Observer at host.example.net'} => 1,
);

if($hits >= 15) {
 	my @spam_to = ( );
 	for(@Recipients) {
 		                     # <your condition, example to use hash>
 		push @spam_to, $_ if exists $all_spam_to_addr{lc $_};
 	}
 	md_syslog('info',"REJECTED $QueueID - score: ($hits) - RULES: $names, $RelayAddr");
 	if(@spam_to) {
 		md_syslog('info',"$QueueID send SPAM to: ".join(', ', @spam_to));
 		resend_message(@spam_to);
 	}
 	action_bounce("Message rejected for policy reasons");
}

The implementation of the condition with the %all_spam_to_addr hash is 
just an example, use what seems fit best. And drop all_spam_to in SA.
BTW: Read man page about side effects of resend_message().

Regards,

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBT0YC0f41+pMevzVSAQL4kwgAjj1XdHsuwQoywjlzNpGOMMvGNlLXhYH0
mzNY9qHBhq8oXo0AnIKWWrorSIvicxnOPmEwRkNrh/yU/DvTHgEGxLWBKKJTxE1r
cCuugtkhPccZbqjdRGoYVlBjW3qq1tNjS0p3l2p3SpoxYX8qSYyuv+LMjxtuWkJX
9PjvInWuV7wxihYLAvUMc5bsGOcVvTaJKffEF5sy8Z2XParbWC0uXqsEDDbqtA4I
jUbeHiOTOjiMa8wNB9uE16Z38rsASyBJOXaY6ExnJ9BvxwlQXQwBDTvKfn9RF+Iv
VlIS6z0DBxYzVLQPitHCpih7Rs+a3FqF+dv7pgtBokUqWJD9bQeqpg==
=gZGQ
-----END PGP SIGNATURE-----

More information about the MIMEDefang mailing list