XMailforum is a readonly knowledge archive now.

First off, I would like to thank Davide for such a great product. I have been using xmail for about 8 months and have never had any issues with my mailserver I recommend Xmail to everyone.

I'm running a Linux box with Xmail version 1.5 and have
been trying to cut-down on the amount of spam I'm receiving using Mail::Audit and SpamAssassin. Unfortunately, I cannot get Mail::Audit to read my incoming mail... here is what's happening:

I have a script to test SpamAssassin in the /var/MailRoot/bin directory (of course, I have a .tab file setup in the /var/MailRoot/filters directory that calls this script)... here is what the script looks like:

/var/MailRoot/bin/test.pl

#!/usr/bin/perl

use Mail::Audit
use Mail::SpamAssassin

my $mail = Mail::Audit->new()
my $spamtest = Mail::SpamAssassin->new()
my $status = $spamtest->check($mail)

if ($status->is_spam ()) {
$status->rewrite_mail()
$mail->accept("/var/MailRoot/spam")

} else {
$mail->accept()
}

All incoming mail is directed to the /var/MailRoot/spam/new directory and tagged as spam because Mail::Audit does not read the mail and all fields are left blank (to, from, subject... etc.). Here is the mail that is received and filtered by SpamAssassin:

/var/MailRoot/spam/new/235625.245_1.ns

From:
Subject: *****SPAM*****
X-Spam-Status: Yes, hits=11.8 required=5.0
tests=FROM_MALFORMED,REPLY_TO_EMPTY,TO_EMPTY,SUBJ_MISSING,
TO_MALFORMED,INVALID_DATE,MISSING_HEADERS
version=2.31
X-Spam-Flag: YES
X-Spam-Level: ***********
X-Spam-Checker-Version: SpamAssassin 2.31 (devel $Id: SpamAssassin.pm,v 1.94.2.2 2002/06/20 17:20:29 hughescr Exp $)
Lines: 2

SPAM: -------------------- Start SpamAssassin results ----------------------
SPAM: This mail is probably spam. The original message has been altered
SPAM: so you can recognise or block similar unwanted mail in future.
SPAM: See http://spamassassin.org/tag/ for more details.
SPAM:
SPAM: Content analysis details: (11.8 hits, 5 required)
SPAM: FROM_MALFORMED (3.7 points) From: has a malformed address
SPAM: REPLY_TO_EMPTY (2.6 points) Reply-To: is empty
SPAM: TO_EMPTY (1.4 points) To: is empty
SPAM: SUBJ_MISSING (1.4 points) Subject: is empty or missing
SPAM: TO_MALFORMED (1.1 points) To: has a malformed address
SPAM: INVALID_DATE (0.5 points) Invalid Date: header (not RFC 822)
SPAM: MISSING_HEADERS (1.1 points) Missing To: header
SPAM:
SPAM: -------------------- End of SpamAssassin results ---------------------

If anyone has successfully configured SpamAssassin with Xmail, your help would be greatly appreciated. Also, if you have any other suggestions for filtering spam, I'm open to any suggestions.

Thank you.

Hi,
i have not tested XMail with spam problems yet, but there is an internal spam-address-filtering method for XMail.

You can use:

SPAMMERS.TAB
Description--> Set up a ban list for spammers based on ip address and a netmask
SYNTAX--> "ipaddr"[TAB]"netmask"[NEWLINE]
Ex-->. "212.131.173.0"[TAB]"255.255.255.0"[NEWLINE]

register all hosts of the class "C" network "212.131.173.XXX" as spammers, and block them the use of XMail SMTP server.

SPAM-ADDRESS.TAB
Description--> Set up a ban list for spammers based on email address SYNTAX--> "spam-address"[NEWLINE] Ex. "*@rude.net"[NEWLINE]

"*-admin@even.more.rude.net"[NEWLINE]

will block mails coming from the entire domain rude.net and comig from all addresses that end with -admin@even.more.rude.net.

These are for known addresses or IP of spamers



Edited by CyberUX

Speedracer05,

please send your mailproc.tab for further investigations ...
If possible, also send an unprocessed mail before it is consumed by mail::audit.



Bye,
Harald

Edited by - hschneider on 24 July 2002 11:41:24

CyberUX -

Thank you for the fast reply.

Currently, I have a growing spam-address.tab file in place. Because there is a large amount of spam hitting my server, I was hoping to automate the spam rejection process.

I have checked various sites for a pre-compiled list of known spammers that I could insert into the spam-address.tab and spammers.tab files, but haven't located such a list yet.

Harald -

Thank you for your quick reply too.

I was under the impression that I could filter the mail from the /var/MailRoot/filters directory without a mailproc.tab file in place. Would filtering using the mailproc.tab file be a better solution?

Here is another example using Mail::Audit:

/var/MailRoot/bin/test.pl

#!/usr/bin/perl

use Mail::Audit

$item = Mail::Audit->new()

open (LOG, ">>/var/MailRoot/logs/filterlog")

my $from = $item->from()
my $to = $item->to()
my $subject = $item->subject()
chomp($from, $to, $subject)

print LOG ("From: $from
")
print LOG ("To: $to
")
print LOG ("Subject: $subject
")

________________________________________________

The resulting log file looks like this (blank fields):

/var/MailRoot/logs/filterlog

From:
To:
Subject:

________________________________________________

And this is the orginal email message (you can apply this to my first post... same email test):

Return-Path: <myemailaddress@hotmail.com>
Delivered-To: mymail@mydomain.com
Received: from hotmail.com (207.68.163.33)
by ns.mydomain.com (192.168.0.0) with [XMail 1.5 (Linux/Ix86) ESMTP Server]
id <S11D3> for <mymail@mydomain.com> from <myemailaddress@hotmail.com>
Wed, 24 Jul 2002 11:06:03 -0700
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC
Wed, 24 Jul 2002 11:06:02 -0700
Received: from xx.xx.xx.xxx by sea1fd.sea1.hotmail.msn.com with HTTP
Wed, 24 Jul 2002 18:06:02 GMT
X-Originating-IP: [xx.xx.xx.xxx]
From: "me" <myemailaddress@hotmail.com>
To: mymail@mydomain.com
Subject: test
Date: Wed, 24 Jul 2002 11:06:02 -0700
Mime-Version: 1.0
Content-Type: text/plain format=flowed
Message-ID: <F33GJ2TUSzbAUfKRfcj00019b4d@hotmail.com>
X-OriginalArrivalTime: 24 Jul 2002 18:06:02.0593 (UTC) FILETIME=[C5981D10:01C2333C]

test



_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com

As you can see, this shouldn't be labeled as spam (refering to my original post), but SpamAssassin thinks all fields are blank and filters accordingly.

Thank you for your help!

Hi,

>I was under the impression that I could filter the mail from the /var/MailRoot/filters >directory without a mailproc.tab file in place. Would filtering using the mailproc.tab >file be a better solution?

No, you can also use filters/ ... I think here is the prob:

Mail::Audit relies on RFC-conform messages, but the spool files have the following structure:

SmtpDomain [ 1st line ]
SmtpMessageID [ 2nd line ]
MAIL FROM:<...> [ 3th line ]
RCPT TO:<...> [ 4th line ]
<<MAIL-DATA>> [ 5th line ]
...

So line 1,2,5 cannot be handled and Mail::Audit and parsing results in empty header fields. Altering this format is forbidden, when writing filtes.

Solution:
Convert the spool file before handing it out to Mail::Audit and even make sure, that the result is in spool format again.




Bye,
Harald

Hi,

here some Python code .. it's easy to convert to Perl :)

def spool2mail(self):
"""
Converts spool format to
RFC conform mail format
"""
# Split into 3 parts and skip first 2 lines
(id1,id2,mail) = string.split(spoolfile,"
",2)
# Remove mail_data line
return(string.replace(mail,"<<MAIL-DATA>>
",''))

You can also compile and run econv.c from Davide's site, but this will destroy your mail envelope.

Bye,
Harald

Edited by - hschneider on 25 July 2002 10:45:02

Hello Harald,

Thank you for all your help.

Your code example is really helpful also.

Thank you

Hi,

you're welcome :)

Let me know, when you have managed an interface to Mail::Audit. Your experience will be very helpful for other people in the community.



Bye,
Harald