[Mimedefang] all_spam_to abuse
Steffen Kaiser
skmimedefang at smail.inf.fh-bonn-rhein-sieg.de
Thu Feb 23 04:11:45 EST 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 21 Feb 2012, Chris Flav wrote:
> Hmm. I added this block to filter_end and it only rejects email sent if none of the recipients are listed in all_spam_to;
>
> #if score > 15 reject smtp connection
> if ($hits >= 15) {
> md_syslog('info',"REJECTED $QueueID - score: ($hits) - RULES: $names, $RelayAddr");
> action_bounce("Message rejected for policy reasons");
> }
>
> since one of the recipients is listed in all_spam_to, the returned SA
> score is -80. This is why I want to check for the existence of
> USER_IN_ALL_SPAM_TO in the scoring rules, and then strip out anyone who
> is not listed in local.cf.
you could implement "all spam to" in MIMEDefang rather SpamAssassin:
my %all_spam_to_addr = (
lc('spambox at example.com'} => 1,
lc('Mr.Observer at host.example.net'} => 1,
);
if($hits >= 15) {
my @spam_to = ( );
for(@Recipients) {
# <your condition, example to use hash>
push @spam_to, $_ if exists $all_spam_to_addr{lc $_};
}
md_syslog('info',"REJECTED $QueueID - score: ($hits) - RULES: $names, $RelayAddr");
if(@spam_to) {
md_syslog('info',"$QueueID send SPAM to: ".join(', ', @spam_to));
resend_message(@spam_to);
}
action_bounce("Message rejected for policy reasons");
}
The implementation of the condition with the %all_spam_to_addr hash is
just an example, use what seems fit best. And drop all_spam_to in SA.
BTW: Read man page about side effects of resend_message().
Regards,
- --
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBT0YC0f41+pMevzVSAQL4kwgAjj1XdHsuwQoywjlzNpGOMMvGNlLXhYH0
mzNY9qHBhq8oXo0AnIKWWrorSIvicxnOPmEwRkNrh/yU/DvTHgEGxLWBKKJTxE1r
cCuugtkhPccZbqjdRGoYVlBjW3qq1tNjS0p3l2p3SpoxYX8qSYyuv+LMjxtuWkJX
9PjvInWuV7wxihYLAvUMc5bsGOcVvTaJKffEF5sy8Z2XParbWC0uXqsEDDbqtA4I
jUbeHiOTOjiMa8wNB9uE16Z38rsASyBJOXaY6ExnJ9BvxwlQXQwBDTvKfn9RF+Iv
VlIS6z0DBxYzVLQPitHCpih7Rs+a3FqF+dv7pgtBokUqWJD9bQeqpg==
=gZGQ
-----END PGP SIGNATURE-----
More information about the MIMEDefang
mailing list