I have tickled an ugly old bug in dspam that was discussed ages ago but never to my knowledge resolved. It exhibits like so in my logs (literally) : Sep 12 20:03:41 garbo postfix/smtpd[12003]: warning: Illegal address syntax from localhost[127.0.0.1] in RCPT command: <????`?r?h?> Sep 12 20:03:41 garbo dspam[11992]: Got error 501 in response to RCPT TO: 501 5.1.3 Bad recipient address syntax
The question is what is mangling the recipient address ? I can work around this by not having dspam deliver the false positive, and just let dovecot-antispam refile into INBOX. The only problem with that is that the retrained mail ends up not going through my standard inbox filters, ending up at the top-level INBOX. The bad behaviour is the result of the following command: /usr/bin/dspam --deliver=spam,innocent --user hakon --rcpt-to hakon --class=spam --source=error ... which receives a mail on standard input from dovecot. It is run as the user hakon, I believe. Same thing happens without the "--rcpt-to". I have pasted my config below (actually the output of "grep -h -v '^#' dspam.conf dspam.d/*.conf |grep -v '^$' " ) It is an ungodly mess carried over from several years. Unsanitized, with passwords and all. I know. Trusting shorewall too much. Preferences for user hakon upon request. They are read from MySQL, while the default user prefs are read from file. ------------------------------------My dspam config ----------------------------------------- Home /var/spool/dspam StorageDriver /usr/lib/dspam/libmysql_drv.so TrustedDeliveryAgent "/usr/lib/dovecot/dovecot-lda" UntrustedDeliveryAgent "/usr/lib/dovecot/dovecot-lda -a %u" DeliveryHost 127.0.0.1 DeliveryPort 10025 DeliveryIdent localhost DeliveryProto SMTP FallbackDomains off EnablePlusedDetail on OnFail unlearn Trust root Trust dspam Trust mail Trust mailnull Trust smmsp Trust daemon DebugOpt process spam fp classify inoculation corpus TrainingMode teft TestConditionalTraining on Feature wh Algorithm graham burton Tokenizer chain PValue bcr WebStats on Preference "trainingMode=TEFT" # { TOE | TUM | TEFT | NOTRAIN } -> default:teft Preference "spamAction=tag" # { quarantine | tag | deliver } -> default:quarantine Preference "spamSubject=[SPAM]" # { string } -> default:[SPAM] Preference "statisticalSedation=5" # { 0 - 10 } -> default:0 Preference "enableBNR=on" # { on | off } -> default:off Preference "enableWhitelist=on" # { on | off } -> default:on Preference "signatureLocation=message" # { message | headers } -> default:message Preference "tagSpam=off" # { on | off } Preference "tagNonspam=off" # { on | off } Preference "showFactors=off" # { on | off } -> default:off Preference "optIn=off" # { on | off } Preference "whitelistThreshold=10" # { Integer } -> default:10 Preference "makeCorpus=off" # { on | off } -> default:off Preference "storeFragments=off" # { on | off } -> default:off Preference "localStore=" # { on | off } -> default:username Preference "processorBias=on" # { on | off } -> default:on Preference "fallbackDomain=off" # { on | off } -> default:off Preference "trainPristine=off" # { on | off } -> default:off Preference "optOutClamAV=off" # { on | off } -> default:off Preference "ignoreRBLLookups=off" # { on | off } -> default:off Preference "RBLInoculate=off" # { on | off } -> default:off Preference "notifications=off" # { on | off } -> default:off AllowOverride enableBNR AllowOverride enableWhitelist AllowOverride fallbackDomain AllowOverride ignoreGroups AllowOverride ignoreRBLLookups AllowOverride localStore AllowOverride makeCorpus AllowOverride optIn AllowOverride optOut AllowOverride optOutClamAV AllowOverride processorBias AllowOverride RBLInoculate AllowOverride showFactors AllowOverride signatureLocation AllowOverride spamAction AllowOverride spamSubject AllowOverride statisticalSedation AllowOverride storeFragments AllowOverride tagNonspam AllowOverride tagSpam AllowOverride trainPristine AllowOverride trainingMode AllowOverride whitelistThreshold AllowOverride dailyQuarantineSummary AllowOverride notifications Notifications off PurgeSignatures 14 # Stale signatures PurgeNeutral 90 # Tokens with neutralish probabilities PurgeUnused 90 # Unused tokens PurgeHapaxes 30 # Tokens with less than 5 hits (hapaxes) PurgeHits1S 15 # Tokens with only 1 spam hit PurgeHits1I 15 # Tokens with only 1 innocent hit LocalMX 127.0.0.1 SystemLog on UserLog on Opt in TrackSources spam Broken case ServerMode auto ServerParameters "--deliver=innocent -d %u" ServerIdent "garbo.alstadheim.priv.no" ProcessorURLContext on ProcessorBias on StripRcptDomain on Include /etc/dspam/dspam.d/ StripRcptDomain on ParseToHeaders off ChangeModeOnParse off ChangeUserOnParse off ServerPass.Relay1 "Ra5pha8a" ClientHost /tmp/dspam.sock ClientIdent "Ra5pha8a@Relay1" ServerDomainSocketPath "/tmp/dspam.sock" ClamAVPort 3310 ClamAVHost 127.0.0.1 ClamAVResponse spam ExtLookup on ExtLookupMode strict # available modes are 'verify', 'map' and 'strict'. # 'strict' enforces both verify and map ExtLookupDriver program # There are plans to support both MySQL and Postgres. ExtLookupServer "/usr/local/bin/rewrite-localpart %u" # Can either be a database hostname or the full path to ExtLookupQuery %u # an executable lookup program and its arguments. # and ExtLookupMode 'map' or 'strict' HashRecMax 98317 HashAutoExtend on HashMaxExtents 0 HashExtentSize 49157 HashPctIncrease 10 HashMaxSeek 10 HashConnectionCache 10 DebugOpt process spam fp classify inoculation corpus Debug * OnFail unlearn TrainingMode toe AllowOverride optIn PlusedUserLowercase on MySQLServer /var/run/mysqld/mysqld.sock MySQLUser libdspam7-drv-my MySQLPass NV4dXWa6xMhm MySQLDb libdspam7drvmysql MySQLUIDInSignature on ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Dspam-user mailing list Dspam-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspam-user