[Bug 6664] check_freemail_header() misses many domains
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=6664 --- Comment #8 from Giovanni Bechis--- The bug[¹] has been fixed in both trunk and 3.4 branch, as for the enhancement, I will finish the patch soon. [¹] -my $email = lc($pms->get(index($header,':') ? $header : $header.":addr")); +my $email = lc($pms->get(index($header,':') >= 0 ? $header : $header.":addr")); -- You are receiving this mail because: You are the assignee for the bug.
whitelist_* in default ruleset considered harmful (was Re: Extending the entries in 60_whitelist_spf.cf)
TL;DR: These need to be def_whitelist_auth NOT whitelist_auth as you have been committing them. See the earlier exchange between myself and RW, who had assumed this was only about def_whitelist_auth entries. Precisely because most users will never bother managing a large number of local rules, using whitelist_auth with its -100 score prevents the rest of SA (and prudent local rules) from mitigating the whitelisting effect in the event of a compromise or change in behavior of a 'trusted' sender. While the documentation doesn't say so explicitly, the implication in the Mail::SpamAssassin::Conf descriptions of the def_whitelist_* directives is that the default whitelist entries all use those less powerful versions. That was true until this week. I think changing back to that practice is imperative, albeit not enough of an emergency to fix unilaterally without discussion here. On 26 Nov 2017, at 12:04 (-0500), Dave Jones wrote: The current 60_whitelist_spf.cf is 11 years old. What does everyone think about starting a 60_whitelist_auth.cf and extending this list to known good senders like *@alertsp.chase.com and *@email.dropboxmail.com? My SA platform has very good results with thousands of whitelist_auth entries but 98% of the SA users are not going to know to create/manage these entries themselves. Combined with other rules this also helps with spoofing legit senders like the IRS, Bank of America, etc. I am not suggesting we put thousands of entries in the new 60_whitelist_auth.cf but the common, high-profile, large senders that often get spoofed. The current list of def_whitelist_from_spf entries is very beneficial and should be extended now that SPF and DKIM are widely deployed and are being taken seriously by the major mail hosting providers like Google. Thanks, Dave -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Currently Seeking Steady Work: https://linkedin.com/in/billcole
[Bug 7509] Missing free(3) in error path
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7509 --- Comment #4 from RW--- I don't see the point of this. The author very likely made a decision not to bother freeing these small strings as they can't add up to more than the size of the ARGV variables. On average you are probably wasting more memory on the free() calls than you gain on the heap. -- You are receiving this mail because: You are the assignee for the bug.
[Bug 7509] Missing free(3) in error path
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7509 Giovanni Bechischanged: What|Removed |Added CC||giova...@paclan.it --- Comment #3 from Giovanni Bechis --- Created attachment 5488 --> https://bz.apache.org/SpamAssassin/attachment.cgi?id=5488=edit More free(3) call -- You are receiving this mail because: You are the assignee for the bug.
[Bug 7510] Virtual Config dir: Insecure dependency in mkdir while running with -T switch
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7510 Kevin A. McGrailchanged: What|Removed |Added CC||kmcgr...@apache.org --- Comment #1 from Kevin A. McGrail --- I think perhaps the newer perl is more strict (or accurate) on a taint issue? What happens if you make the directory? Something like this might be in order in spamd to untaint the dir: if (mkdir untaint($spam_conf_dir), 0700) { That something you can modify and test to give feedback? regards, KAM -- You are receiving this mail because: You are the assignee for the bug.
[Bug 7509] Missing free(3) in error path
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7509 RWchanged: What|Removed |Added CC||rwmailli...@googlemail.com --- Comment #2 from RW --- Is it just the error path? I don't see where it's ever freed. It actually makes no practical difference whether opt is freed or not. -- You are receiving this mail because: You are the assignee for the bug.
[Bug 6664] check_freemail_header() misses many domains
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=6664 --- Comment #7 from Kevin A. McGrail--- I think it was just missed because of the duplicated bug. I had it my mind it was fixed. Do you mind looking at this and checking 3.4 and trunk to make a patch that you think is ready to commit? Regards, KAM -- You are receiving this mail because: You are the assignee for the bug.
[Bug 7509] Missing free(3) in error path
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7509 Kevin A. McGrailchanged: What|Removed |Added CC||kmcgr...@apache.org Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #1 from Kevin A. McGrail --- Thanks Giovanni. It's very helpful with these patches and your BZ grooming. I look forward to looking at your bigger patches and having you earn committer karma sooner than later. Trunk: Committed revision 1816708. 3.4: Committed revision 1816710. -- You are receiving this mail because: You are the assignee for the bug.
[Bug 7511] New: SpamAssassin Plugin to detect VBA/OLE2 Macros
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7511 Bug ID: 7511 Summary: SpamAssassin Plugin to detect VBA/OLE2 Macros Product: Spamassassin Version: SVN Trunk (Latest Devel Version) Hardware: PC OS: OpenBSD Status: NEW Severity: normal Priority: P2 Component: Plugins Assignee: dev@spamassassin.apache.org Reporter: giova...@paclan.it Target Milestone: Undefined I developed a plugin (originally forked from JonathanThorpe plugin but then rewrote from scratch) to detect VBA/OLE2 Macros. Full code available here, permission to include in spamassassin source tree is granted. https://github.com/bigio/spamassassin-vba-macro -- You are receiving this mail because: You are the assignee for the bug.
[Bug 7510] New: Virtual Config dir: Insecure dependency in mkdir while running with -T switch
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7510 Bug ID: 7510 Summary: Virtual Config dir: Insecure dependency in mkdir while running with -T switch Product: Spamassassin Version: 3.4.1 Hardware: PC OS: Linux Status: NEW Severity: minor Priority: P2 Component: spamc/spamd Assignee: dev@spamassassin.apache.org Reporter: mathia...@gmx.at Target Milestone: Undefined Currently moving to a new Server with newer OS, Perl and SpamAssassin Version. From: Ubuntu 14.04.5 LTS Perl 5.18.2 SpamAssassin version 3.4.0 To: Ubuntu 16.04.3 LTS Perl 5.22.1 SpamAssassin version 3.4.1 /etc/default/spamassassin OPTIONS="-u spamd -D --create-prefs -m5 --virtual-config-dir=/var/opt/spamd/%u -x --daemonize --max-children 5" The above Options worked fine on the old Server, on the new Server i get a Perl error during creating the Folders for the User directories. Could not find anyone with the same problem, bug or a config error on my side? /var/opt/spamd exists rights should also be fine. Part from the Log: (Recipient address was off...@domain.tld) spamd[1468]: spamd: using default config for office: /var/opt/spamd/office/user_prefs spamd[1468]: info: user has changed spamd[1468]: bayes: learner_new self=Mail::SpamAssassin::Plugin::Bayes=HASH(0x3065950), bayes_store_module=Mail::SpamAssassin::BayesStore::DBM spamd[1468]: bayes: learner_new: got store=Mail::SpamAssassin::BayesStore::DBM=HASH(0x35da948) spamd[1468]: config: using "/var/opt/spamd/office" for user state dir spamd[1468]: config: mkdir /var/opt/spamd/office failed: Insecure dependency in mkdir while running with -T switch at /usr/share/perl/5.22/File/Path.pm line 136, line 2. spamd[1468]: bayes: no dbs present, cannot tie DB R/O: /var/opt/spamd/office/bayes_toks spamd[1468]: config: score set 1 chosen. spamd[1468]: spamd: running as uid 1001 spamd[1468]: config: time limit 300.0 s spamd[1468]: message: line ending changed to CRLF spamd[1468]: message: main message type: text/plain spamd[1468]: spamd: processing message (unknown) for office:1001 spamd[1468]: check: pms new, time limit in 299.978 s spamd[1468]: bayes: no dbs present, cannot tie DB R/O: /var/opt/spamd/office/bayes_toks Has anyone seen this before? Thanks, Mathias -- You are receiving this mail because: You are the assignee for the bug.
[Bug 6664] check_freemail_header() misses many domains
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=6664 Giovanni Bechischanged: What|Removed |Added CC||giova...@paclan.it --- Comment #6 from Giovanni Bechis --- Bug is a duplicated of bz #6871 and fixed in svn r1416457. Enhancement is not documented and is lying for 6 years. Is somebody interested in this enhancement or we should close the bz ? -- You are receiving this mail because: You are the assignee for the bug.