2002-12-09 09:47:15 +01:00
|
|
|
=head1 NAME
|
|
|
|
|
2003-03-18 10:53:37 +01:00
|
|
|
spamassassin - SpamAssassin integration for qpsmtpd
|
2002-12-09 09:47:15 +01:00
|
|
|
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
|
|
|
|
Plugin that checks if the mail is spam by using the "spamd" daemon
|
2003-03-18 10:53:37 +01:00
|
|
|
from the SpamAssassin package. F<http://www.spamassassin.org>
|
2002-12-09 09:47:15 +01:00
|
|
|
|
2004-02-22 03:17:29 +01:00
|
|
|
SpamAssassin 2.6 or newer is required.
|
2003-03-18 10:53:37 +01:00
|
|
|
|
2002-12-09 09:47:15 +01:00
|
|
|
=head1 CONFIG
|
|
|
|
|
|
|
|
Configured in the plugins file without any parameters, the
|
|
|
|
spamassassin plugin will add relevant headers from the spamd
|
|
|
|
(X-Spam-Status etc).
|
|
|
|
|
|
|
|
The format goes like
|
|
|
|
|
|
|
|
spamassassin option value [option value]
|
|
|
|
|
|
|
|
Options being those listed below and the values being parameters to
|
|
|
|
the options. Confused yet? :-)
|
|
|
|
|
|
|
|
=over 4
|
|
|
|
|
|
|
|
=item reject_threshold [threshold]
|
|
|
|
|
|
|
|
Set the threshold over which the plugin will reject the mail. Some
|
|
|
|
mail servers are so useless that they ignore 55x responses not coming
|
|
|
|
after RCPT TO, so they might just keep retrying and retrying and
|
|
|
|
retrying until the mail expires from their queue.
|
|
|
|
|
|
|
|
I like to configure this with 15 or 20 as the threshold.
|
|
|
|
|
|
|
|
The default is to never reject mail based on the SpamAssassin score.
|
|
|
|
|
|
|
|
=item munge_subject_threshold [threshold]
|
|
|
|
|
|
|
|
Set the threshold over which we will prefix the subject with
|
|
|
|
'***SPAM***'. A messed up subject is easier to filter on than the
|
|
|
|
other headers for many people with not so clever mail clients. You
|
|
|
|
might want to make another plugin that does this on a per user basis.
|
|
|
|
|
|
|
|
The default is to never munge the subject based on the SpamAssassin score.
|
|
|
|
|
2004-03-05 10:12:20 +01:00
|
|
|
=item spamd_socket [/path/to/socket]
|
|
|
|
|
|
|
|
Beginning with Mail::SpamAssassin 2.60, it is possible to use Unix
|
|
|
|
domain sockets for spamd. This is faster and more secure than using
|
|
|
|
a TCP connection.
|
|
|
|
|
2004-10-13 03:52:35 +02:00
|
|
|
=item leave_old_headers [drop|rename|keep]
|
|
|
|
|
|
|
|
Another mail server before might have checked this mail already and may have
|
|
|
|
added X-Spam-Status, X-Spam-Flag and X-Spam-Check-By lines. Normally you can
|
|
|
|
not trust such headers and should either rename them to X-Old-... (default,
|
|
|
|
parameter 'rename') or have them removed (parameter 'drop'). If you know
|
|
|
|
what you are doing, you can also leave them intact (parameter 'keep').
|
|
|
|
|
2002-12-09 09:47:15 +01:00
|
|
|
=back
|
|
|
|
|
2004-03-05 10:12:20 +01:00
|
|
|
With both of the first options the configuration line will look like the following
|
2002-12-09 09:47:15 +01:00
|
|
|
|
|
|
|
spamasssasin reject_threshold 18 munge_subject_threshold 8
|
|
|
|
|
2004-03-05 10:12:20 +01:00
|
|
|
=head1 TODO
|
|
|
|
|
|
|
|
Make the "subject munge string" configurable
|
|
|
|
|
2002-12-09 09:47:15 +01:00
|
|
|
=cut
|
2002-08-06 14:27:35 +02:00
|
|
|
|
|
|
|
|
2006-01-25 03:59:31 +01:00
|
|
|
use Qpsmtpd::DSN;
|
2002-08-06 14:01:22 +02:00
|
|
|
use Socket qw(:DEFAULT :crlf);
|
|
|
|
use IO::Handle;
|
|
|
|
|
|
|
|
sub register {
|
2002-12-09 09:47:15 +01:00
|
|
|
my ($self, $qp, @args) = @_;
|
2002-08-06 14:01:22 +02:00
|
|
|
|
2004-03-05 13:46:24 +01:00
|
|
|
$self->log(LOGERROR, "Bad parameters for the spamassassin plugin")
|
2002-12-09 09:47:15 +01:00
|
|
|
if @_ % 2;
|
|
|
|
|
|
|
|
%{$self->{_args}} = @args;
|
|
|
|
|
|
|
|
$self->register_hook("data_post", "check_spam_reject")
|
|
|
|
if $self->{_args}->{reject_threshold};
|
|
|
|
|
|
|
|
$self->register_hook("data_post", "check_spam_munge_subject")
|
|
|
|
if $self->{_args}->{munge_subject_threshold};
|
|
|
|
|
|
|
|
}
|
2002-08-06 14:01:22 +02:00
|
|
|
|
2005-07-07 06:17:39 +02:00
|
|
|
sub hook_data_post { # check_spam
|
2002-08-06 14:01:22 +02:00
|
|
|
my ($self, $transaction) = @_;
|
|
|
|
|
2004-11-27 08:02:23 +01:00
|
|
|
$self->log(LOGDEBUG, "check_spam");
|
2002-08-06 14:57:59 +02:00
|
|
|
return (DECLINED) if $transaction->body_size > 500_000;
|
|
|
|
|
2004-10-13 03:52:35 +02:00
|
|
|
my $leave_old_headers = lc($self->{_args}->{leave_old_headers}) || 'rename';
|
|
|
|
|
2002-08-06 14:01:22 +02:00
|
|
|
my $remote = 'localhost';
|
|
|
|
my $port = 783;
|
|
|
|
if ($port =~ /\D/) { $port = getservbyname($port, 'tcp') }
|
|
|
|
die "No port" unless $port;
|
2002-09-08 12:02:10 +02:00
|
|
|
my $iaddr = inet_aton($remote) or
|
2004-03-05 13:46:24 +01:00
|
|
|
$self->log(LOGERROR, "Could not resolve host: $remote") and return (DECLINED);
|
2002-08-06 14:01:22 +02:00
|
|
|
my $paddr = sockaddr_in($port, $iaddr);
|
2002-12-09 09:47:15 +01:00
|
|
|
|
2002-08-06 14:01:22 +02:00
|
|
|
my $proto = getprotobyname('tcp');
|
2004-07-18 13:02:24 +02:00
|
|
|
if ($self->{_args}->{spamd_socket} and
|
|
|
|
$self->{_args}->{spamd_socket} =~ /^([\w\/.-]+)$/ ) { # connect to Unix Domain Socket
|
2004-03-05 10:12:20 +01:00
|
|
|
my $spamd_socket = $1;
|
|
|
|
|
|
|
|
socket(SPAMD, PF_UNIX, SOCK_STREAM, 0)
|
2004-03-05 13:46:24 +01:00
|
|
|
or $self->log(LOGERROR, "Could not open socket: $!") and return (DECLINED);
|
2004-03-05 10:12:20 +01:00
|
|
|
|
|
|
|
$paddr = sockaddr_un($spamd_socket);
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
socket(SPAMD, PF_INET, SOCK_STREAM, $proto)
|
2004-03-05 13:46:24 +01:00
|
|
|
or $self->log(LOGERROR, "Could not open socket: $!") and return (DECLINED);
|
2004-03-05 10:12:20 +01:00
|
|
|
}
|
2002-09-08 12:02:10 +02:00
|
|
|
|
|
|
|
connect(SPAMD, $paddr)
|
2004-03-05 13:46:24 +01:00
|
|
|
or $self->log(LOGERROR, "Could not connect to spamassassin daemon: $!") and return DECLINED;
|
|
|
|
$self->log(LOGDEBUG, "check_spam: connected to spamd");
|
2002-08-06 14:01:22 +02:00
|
|
|
|
|
|
|
SPAMD->autoflush(1);
|
|
|
|
|
|
|
|
$transaction->body_resetpos;
|
2004-11-27 08:02:23 +01:00
|
|
|
my $username = getpwuid($>);
|
|
|
|
|
|
|
|
print SPAMD "SYMBOLS SPAMC/1.3" . CRLF;
|
|
|
|
print SPAMD "User: $username" . CRLF;
|
|
|
|
# Content-Length:
|
|
|
|
print SPAMD CRLF;
|
2002-08-06 14:01:22 +02:00
|
|
|
# or CHECK or REPORT or SYMBOLS
|
|
|
|
|
2004-03-05 10:12:20 +01:00
|
|
|
print SPAMD "X-Envelope-From: ", $transaction->sender->format, CRLF
|
2005-03-03 03:37:04 +01:00
|
|
|
or $self->log(LOGWARN, "Could not print to spamd: $!");
|
2004-03-05 10:12:20 +01:00
|
|
|
|
2002-12-09 09:47:15 +01:00
|
|
|
print SPAMD join CRLF, split /\n/, $transaction->header->as_string
|
2005-03-03 03:37:04 +01:00
|
|
|
or $self->log(LOGWARN, "Could not print to spamd: $!");
|
2002-12-09 09:47:15 +01:00
|
|
|
|
|
|
|
print SPAMD CRLF
|
2005-03-03 03:37:04 +01:00
|
|
|
or $self->log(LOGWARN, "Could not print to spamd: $!");
|
2002-08-06 15:39:44 +02:00
|
|
|
|
2002-08-06 14:01:22 +02:00
|
|
|
while (my $line = $transaction->body_getline) {
|
|
|
|
chomp $line;
|
2002-12-09 09:47:15 +01:00
|
|
|
print SPAMD $line, CRLF
|
2005-03-03 03:37:04 +01:00
|
|
|
or $self->log(LOGWARN, "Could not print to spamd: $!");
|
2002-08-06 14:01:22 +02:00
|
|
|
}
|
2002-12-09 09:47:15 +01:00
|
|
|
|
2002-08-06 14:01:22 +02:00
|
|
|
print SPAMD CRLF;
|
|
|
|
shutdown(SPAMD, 1);
|
2004-11-27 08:02:23 +01:00
|
|
|
$self->log(LOGDEBUG, "check_spam: finished sending to spamd");
|
2002-08-06 14:01:22 +02:00
|
|
|
my $line0 = <SPAMD>; # get the first protocol lines out
|
|
|
|
if ($line0) {
|
2004-11-27 08:02:23 +01:00
|
|
|
$self->log(LOGDEBUG, "check_spam: spamd: $line0");
|
2004-10-13 03:52:35 +02:00
|
|
|
|
|
|
|
if ( $leave_old_headers eq 'rename' )
|
|
|
|
{
|
|
|
|
foreach my $header ( $transaction->header->get('X-Spam-Check-By') )
|
|
|
|
{
|
|
|
|
$transaction->header->add('X-Old-Spam-Check-By', $header);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if ( $leave_old_headers eq 'drop' || $leave_old_headers eq 'rename' )
|
|
|
|
{
|
|
|
|
$transaction->header->delete('X-Spam-Check-By');
|
|
|
|
}
|
|
|
|
|
2004-09-24 19:29:56 +02:00
|
|
|
$transaction->header->add("X-Spam-Check-By", $self->qp->config('me'), 0);
|
2002-08-06 14:01:22 +02:00
|
|
|
}
|
2002-12-09 09:47:15 +01:00
|
|
|
|
2004-02-22 03:17:29 +01:00
|
|
|
my ($flag, $hits, $required);
|
2002-08-06 14:01:22 +02:00
|
|
|
while (<SPAMD>) {
|
2004-11-27 08:02:23 +01:00
|
|
|
$self->log(LOGDEBUG, "check_spam: spamd: $_");
|
2002-12-09 09:47:15 +01:00
|
|
|
#warn "GOT FROM SPAMD1: $_";
|
2004-02-22 03:17:29 +01:00
|
|
|
last unless m/\S/;
|
|
|
|
if (m{Spam: (True|False) ; (-?\d+\.\d) / (-?\d+\.\d)}) {
|
|
|
|
($flag, $hits, $required) = ($1, $2, $3);
|
|
|
|
}
|
2002-08-06 14:01:22 +02:00
|
|
|
|
|
|
|
}
|
2004-02-22 03:17:29 +01:00
|
|
|
my $tests = <SPAMD>;
|
2004-03-11 10:34:38 +01:00
|
|
|
$tests =~ s/\015//; # hack for outlook
|
2004-02-22 03:17:29 +01:00
|
|
|
$flag = $flag eq 'True' ? 'Yes' : 'No';
|
2004-11-27 08:02:23 +01:00
|
|
|
$self->log(LOGDEBUG, "check_spam: finished reading from spamd");
|
2004-02-22 03:17:29 +01:00
|
|
|
|
2004-10-13 03:52:35 +02:00
|
|
|
if ( $leave_old_headers eq 'rename' )
|
|
|
|
{
|
|
|
|
foreach my $header ( $transaction->header->get('X-Spam-Flag') )
|
|
|
|
{
|
|
|
|
$transaction->header->add('X-Old-Spam-Flag', $header);
|
|
|
|
}
|
|
|
|
|
|
|
|
foreach my $header ( $transaction->header->get('X-Spam-Status') )
|
|
|
|
{
|
|
|
|
$transaction->header->add('X-Old-Spam-Status', $header);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if ( $leave_old_headers eq 'drop' || $leave_old_headers eq 'rename' )
|
|
|
|
{
|
|
|
|
$transaction->header->delete('X-Spam-Flag');
|
|
|
|
$transaction->header->delete('X-Spam-Status');
|
|
|
|
}
|
|
|
|
|
2004-09-24 19:29:56 +02:00
|
|
|
$transaction->header->add('X-Spam-Flag', 'YES', 0) if ($flag eq 'Yes');
|
|
|
|
$transaction->header->add('X-Spam-Status',
|
2004-02-22 03:17:29 +01:00
|
|
|
"$flag, hits=$hits required=$required\n" .
|
|
|
|
"\ttests=$tests", 0);
|
2005-06-22 16:08:57 +02:00
|
|
|
$self->log(LOGNOTICE, "check_spam: $flag, hits=$hits, required=$required, " .
|
2004-02-22 03:17:29 +01:00
|
|
|
"tests=$tests");
|
2002-12-09 09:47:15 +01:00
|
|
|
|
2002-11-06 12:03:00 +01:00
|
|
|
return (DECLINED);
|
2002-08-06 14:01:22 +02:00
|
|
|
}
|
2002-12-09 09:47:15 +01:00
|
|
|
|
|
|
|
sub check_spam_reject {
|
|
|
|
my ($self, $transaction) = @_;
|
|
|
|
|
2004-11-27 08:02:23 +01:00
|
|
|
$self->log(LOGDEBUG, "check_spam_reject: reject_threshold=" . $self->{_args}->{reject_threshold});
|
2002-12-09 09:47:15 +01:00
|
|
|
my $score = $self->get_spam_score($transaction) or return DECLINED;
|
2004-11-27 08:02:23 +01:00
|
|
|
$self->log(LOGDEBUG, "check_spam_reject: score=$score");
|
2002-12-09 09:47:15 +01:00
|
|
|
|
2006-01-25 03:59:31 +01:00
|
|
|
# default of media_unsupported is DENY, so just change the message
|
|
|
|
return Qpsmtpd::DSN->media_unsupported("spam score exceeded threshold")
|
2002-12-09 09:47:15 +01:00
|
|
|
if $score >= $self->{_args}->{reject_threshold};
|
|
|
|
|
2004-11-27 08:02:23 +01:00
|
|
|
$self->log(LOGDEBUG, "check_spam_reject: passed");
|
2002-12-09 09:47:15 +01:00
|
|
|
return DECLINED;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
sub check_spam_munge_subject {
|
|
|
|
my ($self, $transaction) = @_;
|
|
|
|
my $score = $self->get_spam_score($transaction) or return DECLINED;
|
|
|
|
|
|
|
|
return DECLINED unless $score >= $self->{_args}->{munge_subject_threshold};
|
|
|
|
|
|
|
|
my $subject = $transaction->header->get('Subject') || '';
|
|
|
|
$transaction->header->replace('Subject', "***SPAM*** $subject");
|
|
|
|
|
|
|
|
return DECLINED;
|
|
|
|
}
|
|
|
|
|
|
|
|
sub get_spam_score {
|
|
|
|
my ($self, $transaction) = @_;
|
|
|
|
my $status = $transaction->header->get('X-Spam-Status') or return;
|
2004-02-22 03:17:29 +01:00
|
|
|
my ($score) = ($status =~ m/hits=(-?\d+\.\d+)/)[0];
|
2002-12-09 09:47:15 +01:00
|
|
|
return $score;
|
|
|
|
}
|