On 11/09/17 20:20, RW wrote:
On Mon, 11 Sep 2017 17:39:16 +0100
Sebastian Arcus wrote:
Is there any way to tell SA to skip pyzor checks on emails with an
empty body (even if there are attachments). I've noticed for a while
now that emails which don't contain any text in their bodies seem to
automatically trigger PYZOR_CHECK (even if they have an attachment) -
although they are private emails so can't possibly match the digest
of spam emails. I can only guess that Pyzor matches the digest of
empty emails automatically.
It's because pyzor is based only on a simplified version of the body
text. This includes stripping any URIs or email addresses from the text.
It's not just emails with no body text there are also variants of
this that reduce to common phrases such as "Sent from my iPhone"
I have clients who receive important
emails from their customers just with an attachment and a subject
line - and they all seem to go to Junk - because they trigger the
PYZOR_CHECK rule - which is causing problems. Any way to deal with
this?
This is why pyzor has the local_whitelist command. At very least it's
a good idea to pipe an empty string through
"pyzor local_whitelist" (probably as the user running spamassassin).
I have spotted that command in the docs - and if it worked, it would
seem like a good solution. But it doesn't seem to. I have added the hash
of the empty string to the local whitelist. If I try to re-add the same
hash, or the hash of the problem emails - I get a message stating that
it is already in the whitelist - so it would appear to be working. But
when running the email message through SA, it still hits PYZOR_CHECK. I
have found the location of Pyzor's local whitelist - and the permissions
are correct. It appears that SA completely ignores the fact that the
digest is whitelisted locally:
su - spamd -c "spamassassin -D 2>&1 < /test1.eml" | grep -i pyzor
Sep 12 00:31:49.080 [23559] dbg: plugin: loading
Mail::SpamAssassin::Plugin::Pyzor from @INC
Sep 12 00:31:49.090 [23559] dbg: pyzor: network tests on, attempting Pyzor
Sep 12 00:31:50.679 [23559] dbg: config: fixed relative path:
/var/lib/spamassassin/3.004001/updates_spamassassin_org/25_pyzor.cf
Sep 12 00:31:50.679 [23559] dbg: config: using
"/var/lib/spamassassin/3.004001/updates_spamassassin_org/25_pyzor.cf"
for included file
Sep 12 00:31:50.680 [23559] dbg: config: read file
/var/lib/spamassassin/3.004001/updates_spamassassin_org/25_pyzor.cf
Sep 12 00:31:57.411 [23559] dbg: util: executable for pyzor was found at
/usr/bin/pyzor
Sep 12 00:31:57.412 [23559] dbg: pyzor: pyzor is available: /usr/bin/pyzor
Sep 12 00:31:57.413 [23559] dbg: pyzor: opening pipe: /usr/bin/pyzor
--homedir /var/spool/spamd check < /tmp/.spamassassin23559DIrl4Ktmp
Sep 12 00:31:58.154 [23559] dbg: pyzor: [23560] finished: exit 1
Sep 12 00:31:58.155 [23559] dbg: pyzor: got response:
public.pyzor.org:24441 (200, 'OK') 2749542 82562
Sep 12 00:31:58.156 [23559] dbg: check: tagrun - tag PYZOR is now ready,
value: Whitelisted.
Sep 12 00:31:58.157 [23559] dbg: pyzor: listed: COUNT=2749542/5
WHITELIST=82562
Sep 12 00:31:58.159 [23559] dbg: rules: ran eval rule PYZOR_CHECK
======> got hit (1)
</snip>
* 2.5 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
2.5 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
