Please see minor correction below.
On 12. sep. 2012 20:44, Håkon Alstadheim wrote:
> I have tickled an ugly old bug in dspam that was discussed ages ago but
> never to my knowledge resolved. It exhibits like so in my logs (literally) :
> Sep 12 20:03:41 garbo postfix/smtpd[12003]: warning: Illegal address
> syntax from localhost[127.0.0.1] in RCPT command:<????`?r?h?>
> Sep 12 20:03:41 garbo dspam[11992]: Got error 501 in response to RCPT
> TO: 501 5.1.3 Bad recipient address syntax
>
> The question is what is mangling the recipient address ?
> I can work around this by not having dspam deliver the false positive,
> and just let dovecot-antispam refile into INBOX. The only problem with
> that is that the retrained mail ends up not going through my standard
> inbox filters, ending up at the top-level INBOX.
>
> The bad behaviour is the result of the following command:
>
> /usr/bin/dspam --deliver=spam,innocent --user hakon --rcpt-to hakon
> --class=spam --source=error
Following up my self here with a minor correction. A false positive
would naturally have --class=innocent
as seen in this config grom dovecot-antispam:
antispam_pipe_program = /usr/local/bin/dspam-stub
antispam_pipe_program_spam_arg = --class=spam --source=error
antispam_pipe_program_notspam_arg = --class=innocent --source=error
antispam_pipe_program_args = --deliver=spam,innocent --user %u
--rcpt-to %u
The script at /usr/local/bin/dspam-stub is:--------
/usr/bin/logger -p mail.info -t dspam-stub "$0:$1:$2:$3:$4:$5:$6"
exec /usr/bin/dspam $*
-------------------------------------------
So, the command-example in my original mail is obviously from a miss,
and not a false positive. Same problem with recipient mangling happens
for both cases though.
>
> ... which receives a mail on standard input from dovecot. It is run as
> the user hakon, I believe. Same thing happens without the "--rcpt-to".
>
> I have pasted my config below (actually the output of "grep -h -v '^#'
> dspam.conf dspam.d/*.conf |grep -v '^$' " )
> It is an ungodly mess carried over from several years. Unsanitized,
> with passwords and all. I know. Trusting shorewall too much.
> Preferences for user hakon upon request. They are read from MySQL, while
> the default user prefs are read from file.
> ------------------------------------My dspam config
> -----------------------------------------
> Home /var/spool/dspam
> StorageDriver /usr/lib/dspam/libmysql_drv.so
> TrustedDeliveryAgent "/usr/lib/dovecot/dovecot-lda"
> UntrustedDeliveryAgent "/usr/lib/dovecot/dovecot-lda -a %u"
> DeliveryHost 127.0.0.1
> DeliveryPort 10025
> DeliveryIdent localhost
> DeliveryProto SMTP
> FallbackDomains off
> EnablePlusedDetail on
> OnFail unlearn
> Trust root
> Trust dspam
> Trust mail
> Trust mailnull
> Trust smmsp
> Trust daemon
> DebugOpt process spam fp classify inoculation corpus
> TrainingMode teft
> TestConditionalTraining on
> Feature wh
> Algorithm graham burton
> Tokenizer chain
> PValue bcr
> WebStats on
> Preference "trainingMode=TEFT" # { TOE | TUM | TEFT | NOTRAIN }
> -> default:teft
> Preference "spamAction=tag" # { quarantine | tag | deliver } ->
> default:quarantine
> Preference "spamSubject=[SPAM]" # { string } -> default:[SPAM]
> Preference "statisticalSedation=5" # { 0 - 10 } -> default:0
> Preference "enableBNR=on" # { on | off } -> default:off
> Preference "enableWhitelist=on" # { on | off } -> default:on
> Preference "signatureLocation=message" # { message | headers } ->
> default:message
> Preference "tagSpam=off" # { on | off }
> Preference "tagNonspam=off" # { on | off }
> Preference "showFactors=off" # { on | off } -> default:off
> Preference "optIn=off" # { on | off }
> Preference "whitelistThreshold=10" # { Integer } -> default:10
> Preference "makeCorpus=off" # { on | off } -> default:off
> Preference "storeFragments=off" # { on | off } -> default:off
> Preference "localStore=" # { on | off } -> default:username
> Preference "processorBias=on" # { on | off } -> default:on
> Preference "fallbackDomain=off" # { on | off } -> default:off
> Preference "trainPristine=off" # { on | off } -> default:off
> Preference "optOutClamAV=off" # { on | off } -> default:off
> Preference "ignoreRBLLookups=off" # { on | off } -> default:off
> Preference "RBLInoculate=off" # { on | off } -> default:off
> Preference "notifications=off" # { on | off } -> default:off
> AllowOverride enableBNR
> AllowOverride enableWhitelist
> AllowOverride fallbackDomain
> AllowOverride ignoreGroups
> AllowOverride ignoreRBLLookups
> AllowOverride localStore
> AllowOverride makeCorpus
> AllowOverride optIn
> AllowOverride optOut
> AllowOverride optOutClamAV
> AllowOverride processorBias
> AllowOverride RBLInoculate
> AllowOverride showFactors
> AllowOverride signatureLocation
> AllowOverride spamAction
> AllowOverride spamSubject
> AllowOverride statisticalSedation
> AllowOverride storeFragments
> AllowOverride tagNonspam
> AllowOverride tagSpam
> AllowOverride trainPristine
> AllowOverride trainingMode
> AllowOverride whitelistThreshold
> AllowOverride dailyQuarantineSummary
> AllowOverride notifications
> Notifications off
> PurgeSignatures 14 # Stale signatures
> PurgeNeutral 90 # Tokens with neutralish probabilities
> PurgeUnused 90 # Unused tokens
> PurgeHapaxes 30 # Tokens with less than 5 hits (hapaxes)
> PurgeHits1S 15 # Tokens with only 1 spam hit
> PurgeHits1I 15 # Tokens with only 1 innocent hit
> LocalMX 127.0.0.1
> SystemLog on
> UserLog on
> Opt in
> TrackSources spam
> Broken case
> ServerMode auto
> ServerParameters "--deliver=innocent -d %u"
> ServerIdent "garbo.alstadheim.priv.no"
> ProcessorURLContext on
> ProcessorBias on
> StripRcptDomain on
> Include /etc/dspam/dspam.d/
> StripRcptDomain on
> ParseToHeaders off
> ChangeModeOnParse off
> ChangeUserOnParse off
> ServerPass.Relay1 "Ra5pha8a"
> ClientHost /tmp/dspam.sock
> ClientIdent "Ra5pha8a@Relay1"
> ServerDomainSocketPath "/tmp/dspam.sock"
> ClamAVPort 3310
> ClamAVHost 127.0.0.1
> ClamAVResponse spam
> ExtLookup on
> ExtLookupMode strict # available modes are
> 'verify', 'map' and 'strict'.
> # 'strict' enforces both verify and map
> ExtLookupDriver program # There are plans
> to support both MySQL and Postgres.
> ExtLookupServer "/usr/local/bin/rewrite-localpart %u" #
> Can either be a database hostname or the full path to
> ExtLookupQuery %u # an executable lookup
> program and its arguments.
> # and ExtLookupMode 'map' or 'strict'
> HashRecMax 98317
> HashAutoExtend on
> HashMaxExtents 0
> HashExtentSize 49157
> HashPctIncrease 10
> HashMaxSeek 10
> HashConnectionCache 10
> DebugOpt process spam fp classify inoculation corpus
> Debug *
> OnFail unlearn
> TrainingMode toe
> AllowOverride optIn
> PlusedUserLowercase on
> MySQLServer /var/run/mysqld/mysqld.sock
> MySQLUser libdspam7-drv-my
> MySQLPass NV4dXWa6xMhm
> MySQLDb libdspam7drvmysql
> MySQLUIDInSignature on
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Dspam-user mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/dspam-user
>
--
Håkon Alstadheim / N-7510 Skatval / email:[email protected]
tlf: 74 82 60 27 mob: 47 35 39 38
http://alstadheim.priv.no/hakon/
spamtrap: [email protected] -- 1 hit& you are out
------------------------------------------------------------------------------
Got visibility?
Most devs has no idea what their production app looks like.
Find out how fast your code is with AppDynamics Lite.
http://ad.doubleclick.net/clk;262219671;13503038;y?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________
Dspam-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspam-user
