[Mimedefang] Passing on added Header from SpamAssassin to MIMEDefang

[Bill Cole]

On 12 Apr 2019, at 2:52, Benoit Panizzon wrote:

> Dear List
>
> I have started using the ASN SpamAssassin Plugin to penalize emails
> originating from certain know spam operation ASN with great success
> (especially for the actual sextortion email wave).
>
> Now I reckoned it would be nice to also have the X-SPAM-ASN Header 
> which
> is added by SpamAssassin to be passed on to MIMEDefang so it is added
> to the original message, just to be able to see with one glance, from
> which ASN it originated in case of spam which slips through.
>
> I know SpamAssassin operates on a copy of the message, so it is 
> normally
> not possible to keep headers added by SpamAssassin.
>
> But, is there a way to still achieve this, which I am missing?

There are 2 ways:

1. Instead of using the integrated SA support in MD, run spamd and have 
MD run spamc to do the scan, and replace the message entirely with what 
spamc returns. This has a performance penalty, but you get any of SA's 
header modifications that you want.

2. Build it yourself in mimedefang-filter, in filter_end(). This is how 
I do a similar thing on my personal system:

********* WARNING: This is a raw snippet that has not been cleaned 
*********
**********         up for general distribution or drop-in use       
*********

       # NOTE: MUST be done before spam_assassin_check finishes the 
object
       my $SAStatus  = spam_assassin_status();

       # Get Relay countries and ASNs and languages
       $relaycountry = $SAStatus->get_tag("RELAYCOUNTRY");
       $relayasn     = $SAStatus->get_tag("ASN");
       $relayasncidr = $SAStatus->get_tag("ASNCIDR");
       $languages    = $SAStatus->get_tag("LANGUAGES");

       #BEWARE: spam_assassin_check calls status->finish()
       my ($hits, $req, $names, $report) = spam_assassin_check();

       # Consistent with proposed patch for SA bug #6473 2018-02-04
       my $relayhops = '';
       my $lastcc    = '';
       if (length($relaycountry)) {
          my @rcs = split(' ', $relaycountry);
          while (my $cc = pop(@rcs)) {
             if (length($lastcc)) { $relayhops = $cc . $lastcc . " " . 
$relayhops; }
             $lastcc = $cc;
          }
          $relayhops = "Trusted_" . $lastcc . " " . $relayhops;
       }

       my ($score);
       if ($hits < 20) {
          $score = "*" x int($hits);
       } else {
          $score = "*" x 20;
       }

       md_graphdefang_log('spam', $hits, $MessageID, $RelayAddr);
       md_syslog('info', "SA: $hits ($score) $names");
       md_syslog('info', "SOURCE: from $relayasncidr on $relayasn via 
$relaycountry ($relayhops) in $languages");

       # Delete any existing X-Spam-* headers
       action_delete_header("X-Spam-Status");
       action_delete_header("X-Spam-Score");
       action_delete_header("X-Spam-Source");
       action_delete_header("X-Spam-Hops");
       action_add_header("X-Spam-Score", "$hits ($score) $names");
       action_add_header("X-Spam-Source", "$relayasncidr on $relayasn 
via $relaycountry in $languages");
       action_add_header("X-Spam-Hops",   "$relayhops");

************************************

Refer to the MD and/or SA docs to clarify anything in that which is 
non-obvious...

--
Bill Cole
bill at scconsult.com or billcole at apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Available For Hire: https://linkedin.com/in/billcole