I have tickled an ugly old bug in dspam that was discussed ages ago but
never to my knowledge resolved. It exhibits like so in my logs (literally) :
Sep 12 20:03:41 garbo postfix/smtpd[12003]: warning: Illegal address
syntax from localhost[127.0.0.1] in RCPT command: <????`?r?h?>
Sep 12 20:03:41 garbo dspam[11992]: Got error 501 in response to RCPT
TO: 501 5.1.3 Bad recipient address syntax
The question is what is mangling the recipient address ?
I can work around this by not having dspam deliver the false positive,
and just let dovecot-antispam refile into INBOX. The only problem with
that is that the retrained mail ends up not going through my standard
inbox filters, ending up at the top-level INBOX.
The bad behaviour is the result of the following command:
/usr/bin/dspam --deliver=spam,innocent --user hakon --rcpt-to hakon
--class=spam --source=error
... which receives a mail on standard input from dovecot. It is run as
the user hakon, I believe. Same thing happens without the "--rcpt-to".
I have pasted my config below (actually the output of "grep -h -v '^#'
dspam.conf dspam.d/*.conf |grep -v '^$' " )
It is an ungodly mess carried over from several years. Unsanitized,
with passwords and all. I know. Trusting shorewall too much.
Preferences for user hakon upon request. They are read from MySQL, while
the default user prefs are read from file.
------------------------------------My dspam config
-----------------------------------------
Home /var/spool/dspam
StorageDriver /usr/lib/dspam/libmysql_drv.so
TrustedDeliveryAgent "/usr/lib/dovecot/dovecot-lda"
UntrustedDeliveryAgent "/usr/lib/dovecot/dovecot-lda -a %u"
DeliveryHost 127.0.0.1
DeliveryPort 10025
DeliveryIdent localhost
DeliveryProto SMTP
FallbackDomains off
EnablePlusedDetail on
OnFail unlearn
Trust root
Trust dspam
Trust mail
Trust mailnull
Trust smmsp
Trust daemon
DebugOpt process spam fp classify inoculation corpus
TrainingMode teft
TestConditionalTraining on
Feature wh
Algorithm graham burton
Tokenizer chain
PValue bcr
WebStats on
Preference "trainingMode=TEFT" # { TOE | TUM | TEFT | NOTRAIN }
-> default:teft
Preference "spamAction=tag" # { quarantine | tag | deliver } ->
default:quarantine
Preference "spamSubject=[SPAM]" # { string } -> default:[SPAM]
Preference "statisticalSedation=5" # { 0 - 10 } -> default:0
Preference "enableBNR=on" # { on | off } -> default:off
Preference "enableWhitelist=on" # { on | off } -> default:on
Preference "signatureLocation=message" # { message | headers } ->
default:message
Preference "tagSpam=off" # { on | off }
Preference "tagNonspam=off" # { on | off }
Preference "showFactors=off" # { on | off } -> default:off
Preference "optIn=off" # { on | off }
Preference "whitelistThreshold=10" # { Integer } -> default:10
Preference "makeCorpus=off" # { on | off } -> default:off
Preference "storeFragments=off" # { on | off } -> default:off
Preference "localStore=" # { on | off } -> default:username
Preference "processorBias=on" # { on | off } -> default:on
Preference "fallbackDomain=off" # { on | off } -> default:off
Preference "trainPristine=off" # { on | off } -> default:off
Preference "optOutClamAV=off" # { on | off } -> default:off
Preference "ignoreRBLLookups=off" # { on | off } -> default:off
Preference "RBLInoculate=off" # { on | off } -> default:off
Preference "notifications=off" # { on | off } -> default:off
AllowOverride enableBNR
AllowOverride enableWhitelist
AllowOverride fallbackDomain
AllowOverride ignoreGroups
AllowOverride ignoreRBLLookups
AllowOverride localStore
AllowOverride makeCorpus
AllowOverride optIn
AllowOverride optOut
AllowOverride optOutClamAV
AllowOverride processorBias
AllowOverride RBLInoculate
AllowOverride showFactors
AllowOverride signatureLocation
AllowOverride spamAction
AllowOverride spamSubject
AllowOverride statisticalSedation
AllowOverride storeFragments
AllowOverride tagNonspam
AllowOverride tagSpam
AllowOverride trainPristine
AllowOverride trainingMode
AllowOverride whitelistThreshold
AllowOverride dailyQuarantineSummary
AllowOverride notifications
Notifications off
PurgeSignatures 14 # Stale signatures
PurgeNeutral 90 # Tokens with neutralish probabilities
PurgeUnused 90 # Unused tokens
PurgeHapaxes 30 # Tokens with less than 5 hits (hapaxes)
PurgeHits1S 15 # Tokens with only 1 spam hit
PurgeHits1I 15 # Tokens with only 1 innocent hit
LocalMX 127.0.0.1
SystemLog on
UserLog on
Opt in
TrackSources spam
Broken case
ServerMode auto
ServerParameters "--deliver=innocent -d %u"
ServerIdent "garbo.alstadheim.priv.no"
ProcessorURLContext on
ProcessorBias on
StripRcptDomain on
Include /etc/dspam/dspam.d/
StripRcptDomain on
ParseToHeaders off
ChangeModeOnParse off
ChangeUserOnParse off
ServerPass.Relay1 "Ra5pha8a"
ClientHost /tmp/dspam.sock
ClientIdent "Ra5pha8a@Relay1"
ServerDomainSocketPath "/tmp/dspam.sock"
ClamAVPort 3310
ClamAVHost 127.0.0.1
ClamAVResponse spam
ExtLookup on
ExtLookupMode strict # available modes are
'verify', 'map' and 'strict'.
# 'strict' enforces both verify and map
ExtLookupDriver program # There are plans
to support both MySQL and Postgres.
ExtLookupServer "/usr/local/bin/rewrite-localpart %u" #
Can either be a database hostname or the full path to
ExtLookupQuery %u # an executable lookup
program and its arguments.
# and ExtLookupMode 'map' or 'strict'
HashRecMax 98317
HashAutoExtend on
HashMaxExtents 0
HashExtentSize 49157
HashPctIncrease 10
HashMaxSeek 10
HashConnectionCache 10
DebugOpt process spam fp classify inoculation corpus
Debug *
OnFail unlearn
TrainingMode toe
AllowOverride optIn
PlusedUserLowercase on
MySQLServer /var/run/mysqld/mysqld.sock
MySQLUser libdspam7-drv-my
MySQLPass NV4dXWa6xMhm
MySQLDb libdspam7drvmysql
MySQLUIDInSignature on
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Dspam-user mailing list
Dspam-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspam-user
