Applied fixes from here to fedora 34 base for spamass-milter:
https://bz.apache.org/SpamAssassin/attachment.cgi?id=5745&action=diff
With the exception of setting a default macro_r based on whether or not
there was a cipher since r doesn't seem to be a postfix thing.
macro_cipher = smfi_getsymval(ctx, const_cast<char *>("{cipher}"));
if (!macro_cipher)
{
macro_cipher = "";
/* Protocol used to receive the message */
macro_r = smfi_getsymval(ctx, const_cast<char *>("r"));
if (!macro_r)
{
macro_r = "ESMTP";
warnmacro("r", "ENVRCPT");
}
}
else {
/* Protocol used to receive the message */
macro_r = smfi_getsymval(ctx, const_cast<char *>("r"));
if (!macro_r)
{
macro_r = "ESMTPS";
warnmacro("r", "ENVRCPT");
}
}
and including the changes to append so the lines aren't dropped (setting
the connected flag after a successful connect, moving the dump of the
buffer to be after if (!connected) in ::output before the output of
desired line).
Then corrected the fedora 34 base to include the -I option in the debian
code.
Then made the final output for computed last hop to be
rec_header = (string) "Received: from " + macro_s + " (" + macro__ +
")\r\n\t";
if (strlen(macro_tls_version)!=0)
{
rec_header += (string) "(using ";
if (strlen(macro_tls_version)!=0) {
rec_header+=macro_tls_version;
}
if (strlen(macro_cipher)!=0) {
rec_header+=(string) " cipher="+macro_cipher;
}
if (strlen(macro_auth_ssf))
{
rec_header += (string) " ("+macro_auth_ssf+"/"+macro_auth_ssf+" bits)";
}
rec_header += (string) ")\r\n\t";
}
if (strlen(macro_auth_authen)!=0) {
rec_header += (string) "(Authenticated sender:
"+macro_auth_authen+")\r\n\t";
}
rec_header += (string) "by " + macro_j + " (Postfix) with " +
macro_r + " id " + macro_i + ";\r\n\t" +
"for "+envrcpt[0]+"; "+macro_b + "\r\n";
Which gets rid of unparseable relays and dropped lines. I'm not sure
what the best fix would or should be - adding a postfix flag so it would
generate postfix worthy lines for spamassassin or making spamassassin
recognize the lines put out by spamass-milter as "sendmail" lines. But
getting the client ip address for the sender seems to be the big thing.
Bill