I have tickled an ugly old bug in dspam that was discussed ages ago but 
never to my knowledge resolved. It exhibits like so in my logs (literally) :
Sep 12 20:03:41 garbo postfix/smtpd[12003]: warning: Illegal address 
syntax from localhost[127.0.0.1] in RCPT command: <????`?r?h?>
Sep 12 20:03:41 garbo dspam[11992]: Got error 501 in response to RCPT 
TO: 501 5.1.3 Bad recipient address syntax

The question is what is mangling the recipient address ?
I can work around this by not having dspam deliver the false positive, 
and just let dovecot-antispam refile into INBOX. The only problem with 
that is that the retrained mail ends up not going through my standard 
inbox filters, ending up at the top-level INBOX.

The bad behaviour is the result of the following command:

/usr/bin/dspam --deliver=spam,innocent --user hakon --rcpt-to hakon 
--class=spam --source=error

... which receives a mail on standard input from dovecot. It is run as 
the user hakon, I believe. Same thing happens without the "--rcpt-to".

I have pasted my config below (actually the output of "grep -h -v '^#' 
dspam.conf  dspam.d/*.conf |grep -v '^$' " )
It is an ungodly mess  carried over from several years. Unsanitized, 
with passwords and all. I know. Trusting shorewall too much.
Preferences for user hakon upon request. They are read from MySQL, while 
the default user prefs are read from file.
------------------------------------My dspam config 
-----------------------------------------
Home /var/spool/dspam
StorageDriver /usr/lib/dspam/libmysql_drv.so
TrustedDeliveryAgent "/usr/lib/dovecot/dovecot-lda"
UntrustedDeliveryAgent "/usr/lib/dovecot/dovecot-lda -a %u"
DeliveryHost        127.0.0.1
DeliveryPort        10025
DeliveryIdent       localhost
DeliveryProto       SMTP
FallbackDomains off
EnablePlusedDetail    on
OnFail unlearn
Trust root
Trust dspam
Trust mail
Trust mailnull
Trust smmsp
Trust daemon
DebugOpt process spam fp classify inoculation corpus
TrainingMode teft
TestConditionalTraining on
Feature wh
Algorithm graham burton
Tokenizer chain
PValue bcr
WebStats on
Preference "trainingMode=TEFT"        # { TOE | TUM | TEFT | NOTRAIN } 
-> default:teft
Preference "spamAction=tag"        # { quarantine | tag | deliver } -> 
default:quarantine
Preference "spamSubject=[SPAM]"        # { string } -> default:[SPAM]
Preference "statisticalSedation=5"    # { 0 - 10 } -> default:0
Preference "enableBNR=on"        # { on | off } -> default:off
Preference "enableWhitelist=on"        # { on | off } -> default:on
Preference "signatureLocation=message"    # { message | headers } -> 
default:message
Preference "tagSpam=off"        # { on | off }
Preference "tagNonspam=off"        # { on | off }
Preference "showFactors=off"        # { on | off } -> default:off
Preference "optIn=off"            # { on | off }
Preference "whitelistThreshold=10"    # { Integer } -> default:10
Preference "makeCorpus=off"        # { on | off } -> default:off
Preference "storeFragments=off"        # { on | off } -> default:off
Preference "localStore="        # { on | off } -> default:username
Preference "processorBias=on"        # { on | off } -> default:on
Preference "fallbackDomain=off"        # { on | off } -> default:off
Preference "trainPristine=off"        # { on | off } -> default:off
Preference "optOutClamAV=off"        # { on | off } -> default:off
Preference "ignoreRBLLookups=off"    # { on | off } -> default:off
Preference "RBLInoculate=off"        # { on | off } -> default:off
Preference "notifications=off"        # { on | off } -> default:off
AllowOverride enableBNR
AllowOverride enableWhitelist
AllowOverride fallbackDomain
AllowOverride ignoreGroups
AllowOverride ignoreRBLLookups
AllowOverride localStore
AllowOverride makeCorpus
AllowOverride optIn
AllowOverride optOut
AllowOverride optOutClamAV
AllowOverride processorBias
AllowOverride RBLInoculate
AllowOverride showFactors
AllowOverride signatureLocation
AllowOverride spamAction
AllowOverride spamSubject
AllowOverride statisticalSedation
AllowOverride storeFragments
AllowOverride tagNonspam
AllowOverride tagSpam
AllowOverride trainPristine
AllowOverride trainingMode
AllowOverride whitelistThreshold
AllowOverride dailyQuarantineSummary
AllowOverride notifications
Notifications    off
PurgeSignatures 14          # Stale signatures
PurgeNeutral    90          # Tokens with neutralish probabilities
PurgeUnused     90          # Unused tokens
PurgeHapaxes    30          # Tokens with less than 5 hits (hapaxes)
PurgeHits1S    15          # Tokens with only 1 spam hit
PurgeHits1I    15          # Tokens with only 1 innocent hit
LocalMX 127.0.0.1
SystemLog    on
UserLog        on
Opt in
TrackSources spam
Broken case
ServerMode auto
ServerParameters    "--deliver=innocent -d %u"
ServerIdent        "garbo.alstadheim.priv.no"
ProcessorURLContext on
ProcessorBias on
StripRcptDomain on
Include /etc/dspam/dspam.d/
StripRcptDomain on
ParseToHeaders off
ChangeModeOnParse off
ChangeUserOnParse off
ServerPass.Relay1    "Ra5pha8a"
ClientHost    /tmp/dspam.sock
ClientIdent    "Ra5pha8a@Relay1"
ServerDomainSocketPath  "/tmp/dspam.sock"
ClamAVPort    3310
ClamAVHost    127.0.0.1
ClamAVResponse spam
ExtLookup on
ExtLookupMode        strict                # available modes are 
'verify', 'map' and 'strict'.
                             # 'strict' enforces both verify and map
ExtLookupDriver    program                            # There are plans 
to support both MySQL and Postgres.
ExtLookupServer    "/usr/local/bin/rewrite-localpart %u"            # 
Can either be a database hostname or the full path to
ExtLookupQuery %u                            # an executable lookup 
program and its arguments.
                             # and ExtLookupMode 'map' or 'strict'
HashRecMax        98317
HashAutoExtend        on
HashMaxExtents        0
HashExtentSize        49157
HashPctIncrease        10
HashMaxSeek        10
HashConnectionCache    10
DebugOpt  process spam fp classify inoculation corpus
Debug *
OnFail unlearn
TrainingMode toe
AllowOverride optIn
PlusedUserLowercase    on
MySQLServer       /var/run/mysqld/mysqld.sock
MySQLUser         libdspam7-drv-my
MySQLPass         NV4dXWa6xMhm
MySQLDb           libdspam7drvmysql
MySQLUIDInSignature    on


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Dspam-user mailing list
Dspam-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspam-user

Reply via email to