Re: IMPORTANT NOTICE: Rules referencing WHITELIST or BLACKLIST in process of being Renamed

Sun, 19 Jul 2020 18:31:03 -0700 

On Sun, 19 Jul 2020, Kevin A. McGrail wrote:


On 7/19/2020 7:39 PM, John Hardin wrote:


The non-can_welcome_block branch should not be renaming the rule.
Doing that breaks existing production installs.


I agree is causing unexpected local rules and local rule scoring issues
trying to get pre-3.4.3 releases to work.

What do you think of this change along with removing the score from
50_scores.cf?  I think it will work back to 3.3.x:

if can(Mail::SpamAssassin::Conf::feature_blocklist_welcomelist)
  #bz7826 renames whitelist to welcomelist
  header USER_IN_WELCOMELIST_TO         eval:check_to_in_welcomelist()
  describe USER_IN_WELCOMELIST_TO       User is listed in 'welcomelist_to'
  tflags USER_IN_WELCOMELIST_TO         userconf nice noautolearn
  score USER_IN_WELCOMELIST_TO          -6.0
else
  header USER_IN_WELCOMELIST_TO         eval:check_to_in_whitelist()
  describe USER_IN_WELCOMELIST_TO       User is listed in 'welcomelist_to'
  tflags USER_IN_WELCOMELIST_TO         userconf nice noautolearn
  score USER_IN_WELCOMELIST_TO          -0.01

  meta USER_IN_WHITELIST_TO             (USER_IN_WELCOMELIST_TO)
  describe USER_IN_WHITELIST_TO         DEPRECATED: See USER_IN_WELCOMELIST_TO
  tflags USER_IN_WHITELIST_TO           userconf nice noautolearn
  score USER_IN_WHITELIST_TO            -6.0
endif



That seems a better approach to me. +1



I was mulling the utility of a new config directive in 4.0 to address 
backwards compatibility of rule names:


   alias  RULENAME  RULENAME_2


...which would recognize any config-file directives for RULENAME and apply 
them as if they'd been written for RULENAME_2.



This would discard any existing definition of RULENAME_2 (e.g. header 
RULENAME_2 ...), and a definition of RULENAME_2 subsequent to that alias 
would be ignored and a lint warning emitted.


That would allow the 4.0 release to be backwards-compatible thusly:

if can(Mail::SpamAssassin::Conf::feature_blocklist_welcomelist)
  #bz7826 renames whitelist to welcomelist
  header USER_IN_WELCOMELIST_TO         eval:check_to_in_welcomelist()
  describe USER_IN_WELCOMELIST_TO       User is listed in 'welcomelist_to'
  tflags USER_IN_WELCOMELIST_TO         userconf nice noautolearn
  score USER_IN_WELCOMELIST_TO          -6.0
  alias USER_IN_WHITELIST_TO            USER_IN_WELCOMELIST_TO
else
  header USER_IN_WELCOMELIST_TO         eval:check_to_in_whitelist()
  describe USER_IN_WELCOMELIST_TO       User is listed in 'welcomelist_to'
  tflags USER_IN_WELCOMELIST_TO         userconf nice noautolearn
  score USER_IN_WELCOMELIST_TO          -0.01

  meta USER_IN_WHITELIST_TO             (USER_IN_WELCOMELIST_TO)
  describe USER_IN_WHITELIST_TO         DEPRECATED: See USER_IN_WELCOMELIST_TO
  tflags USER_IN_WHITELIST_TO           userconf nice noautolearn
  score USER_IN_WHITELIST_TO            -6.0
endif


There is the use case of post-SA message processing looking for specific 
rule name hits - I can see custom post-SA message processing looking for a 
hit on "USER_IN_WHITELIST_TO" et al. To avoid breaking that we could add a 
"report" option to the alias command:


  alias  RULENAME  RULENAME_2 report


...which would include RULENAME in the rules hit list if RULENAME_2 hits. 
However, that would expose RULENAME to user visibility and if the goal 
here is to shield sensitive users from seeing "WHITELIST" or "BLACKLIST" 
then we have conflicting goals. The report option probably shouldn't be in 
the base rules as a default, unless we get information that such a utility 
is in wide use.



The alias would be removed from the rule definition when the backwards 
compatibility period expires in 4.1+, and we could document in 4.0 UPGRADE 
that *IF* a given local post-SA processing utility is looking for these 
rule names in the rules hit list then either that utility needs to be 
modified to look for the new rule names or the following needs to be put 
into the local SA config:


  alias USER_IN_WHITELIST_TO USER_IN_WELCOMELIST_TO report


...(etc.) to set the "report" option on the alias to feed the external 
utility until it gets modified to recognize the new rule names.


--
 John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
 [email protected]    FALaholic #11174     pgpk -a [email protected]
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  What the hell is an "Aluminum Falcon"??        -- Emperor Palpatine
-----------------------------------------------------------------------
 Tomorrow: the 51st anniversary of Apollo 11 landing on the Moon





















					Reply via email to