Spamassin blew our server, we needed to try with dspam. Never did
anything with qmail-scanner before, did this last night, YMMV.
--
Jose Celestino | http://xpto.org/~japc/files/japc-pgpkey.asc
----------------------------------------------------------------
"...the law, cold and aloof by its very nature, has no access to
the passions that might justify the cruel act of murder." -- SADE
--- qmail-scanner-queue.pl.JAPC 2004-06-07 17:19:40.000000000 +0100
+++ qmail-scanner-queue.pl 2004-06-09 02:50:38.000000000 +0100
@@ -106,7 +106,7 @@
#Array of virus scanners used must point to subroutines
-my @scanner_array=("clamscan_scanner");
+my @scanner_array=("clamscan_scanner","dspam");
#Addresses that should be alerted of any quarantined Email
my $NOTIFY_ADDRS='none';
@@ -208,12 +208,11 @@
my $clamscan_options="-r -m --unzip --unrar --unzoo --lha --disable-summary
--max-recursion=10 --max-space=100000";
my $clamdscan_binary='';
my $clamdscan_options="-r --disable-summary --max-recursion=10 --max-space=100000";
-my $spamc_binary='';
-my $spamc_options='';
-my $spamc_subject='';
-my $spamassassin_binary='';
-my ($sa_comment,$sa_level);
-my $sa_symbol='+';
+my $dspam_options=" --mode=teft --feature=chained,noise --deliver=innocent,spam
--classify ";
+my $dspam_subject='*****SPAM*****';
+my $dspam_binary='/usr/local/bin/dspam';
+my ($dspam_comment,$dspam_level,$dspam_extra);
+my $dspam_symbol='+';
my ($tag_score)="";
my
$SNEAKY_WINDOWS_EXTENSIONS="exe|com|pps|w[pm][szd]|vcf|nws|cmd|bat|pif|sc[rt]|dll|ocx|do[ct]|xl[swt]|p[po]t|rtf|vb[se]?|hta|p[lm]|sh[bs]|hlp|chm|eml|ws[cfh]|ad[ep]|jse?|md[abew]|ms[ip]|reg|as[dfx]|cil";
my
$VALID_WINDOWS_EXTENSIONS="sav|htm|html|pst|ost|txt|gif|jpeg|mpeg|jpg|png|mny|wav|tif|$SNEAKY_WINDOWS_EXTENSIONS";
@@ -1254,8 +1253,9 @@
print QMQ "Received: from $returnpath by $hostname by uid $uid with
qmail-scanner-$VERSION \n";
print QMQ " ($SCANINFO Clear:$tag_score. \n";
print QMQ " Processed in $elapsed_time secs); $findate\n";
- print QMQ "X-Spam-Status: $sa_comment\n" if ($sa_comment ne "");
- print QMQ "X-Spam-Level: $sa_level\n" if ($sa_comment ne "" && $sa_level ne "");
+ print QMQ "X-DSPAM-Result: $dspam_comment\n" if ($dspam_comment ne "");
+ print QMQ "X-DSPAM-Probability: $dspam_level\n" if ($dspam_comment ne "" &&
$dspam_level ne "");
+ # print QMQ "$dspam_extra\n" if ($dspam_extra ne "");
if ( $descriptive_hdrs ) {
print QMQ "${V_HEADER}-Mail-From: $returnpath via $hostname\n";
print QMQ "${V_HEADER}-Rcpt-To: $recips\n" if ($descriptive_hdrs eq "2");
@@ -1272,7 +1272,7 @@
#next;
#}
#remove any X-Spam-Status/Level IFF we've set a SA value ourselves
- if (($sa_comment ne "" && /^X-Spam-Status:/i) || ($sa_level ne "" &&
/^X-Spam-Level:/i) ) {
+ if (($dspam_comment ne "" && /^X-Spam-Status:/i) || ($dspam_level ne "" &&
/^X-Spam-Level:/i) ) {
#Hmm, better get rid of any other continuation headers to this!
while (<STDIN>) {
$still_headers=0 if (/^(\r|\r\n|\n)$/);
@@ -1284,9 +1284,9 @@
}
}
}
- if ($sa_comment =~ /^yes/i && $spamc_subject ne "" && !/^Subject:
\Q$spamc_subject\E/i && /^(Subject):(\s?)([^\n]+)\n/i ) {
- $altered_subject="$1: $spamc_subject $3";
- if ($altered_subject !~ /^: \Q$spamc_subject\E/) {
+ if ($dspam_comment =~ /^Spam/i && $dspam_subject ne "" && !/^Subject:
\Q$dspam_subject\E/i && /^(Subject):(\s?)([^\n]+)\n/i ) {
+ $altered_subject="$1: $dspam_subject $3";
+ if ($altered_subject !~ /^: \Q$dspam_subject\E/) {
&debug("altering subject line to $altered_subject");
print QMQ "$altered_subject\n";
next;
@@ -1294,7 +1294,7 @@
}
$still_headers=0 if (/^(\r|\r\n|\n)$/);
#Insert Subject: line if e-mail dosn't contain one but must be tagged
- print QMQ "Subject: $spamc_subject\n" if ((!$still_headers) && ($sa_comment
=~ /^yes/i) && (!$altered_subject) && $spamc_subject ne "" );
+ print QMQ "Subject: $dspam_subject\n" if ((!$still_headers) &&
($dspam_comment =~ /^Spam/i) && (!$altered_subject) && $dspam_subject ne "" );
}
print QMQ;
@@ -1648,18 +1648,9 @@
}
}
close(CLAMS);
- } elsif ($scanner eq "spamassassin") {
+ } elsif ($scanner eq "dspam") {
#X-Spam-Checker-Version: SpamAssassin 2.01
- open(SPAS,"$spamassassin_binary -V |")||die "failed to call
$spamassassin_binary -V - $!";
- $spamassassin_eng="2.x";
- while (<SPAS>) {
- chomp;
- if (/^SpamAssassin version (.*)$/i) {
- $spamassassin_eng=$1;
- }
- }
- close(SPAS);
- $SCANINFO .= "spamassassin: $spamassassin_eng. ";
+ $SCANINFO .= "dspam: v666. ";
} else {
#Catch-all for other ones
$SCANINFO .= "$scanner: ???. ";
@@ -2138,6 +2129,99 @@
$clamscan_time = tv_interval ($start_clamscan_time, $stop_clamscan_time);
&debug("clamscan: finished scan of dir \"$ENV{'TMPDIR'}\" in $clamscan_time secs");
}
+
+sub dspam {
+ #Only run dspam if mail is from a "remote" SMTP client, or QS_SPAMASSASSIN
+ #is defined via tcpserver...
+# if (defined($ENV{'RELAYCLIENT'}) && !defined($ENV{'QS_SPAMASSASSIN'})) {
+# &debug("dspam: don't scan as RELAYCLIENT implies this was sent by a local user");
+# return;
+# }
+ #dspam client scanner
+ my ($dspam_found,$dspam_status);
+ my ($start_dspam_time)=[gettimeofday];
+ my ($dspam_tag,$DD,$dspam_status,$stop_dspam_time,$cmdline_recip,$dspam_fast);
+ my ($dspam_status)=0;
+ my ($dspam_score)=0; my ($dspam_max)=0;
+ my $dspam_time;
+
+ $dspam_extra="";
+
+ #Cleanup $one_recip so it's usable from the commandline...
+ #any char that isn't supported to changed into an '_'
+ ($cmdline_recip=$one_recip)=~s/[EMAIL PROTECTED]/_/gi;
+ $cmdline_recip=~/^([EMAIL PROTECTED])$/i;
+ $cmdline_recip=tolower($1);
+
+ $cmdline_recip =~ s/[EMAIL PROTECTED]//;
+ if ($cmdline_recip eq "") {
+ $cmdline_recip = "global";
+ }
+
+ $dspam_fast=1 if ($dspam_options =~ /classify/);
+ $dspam_options=" --user $cmdline_recip $dspam_options";
+
+ &debug("DSPAM: run $dspam_binary $dspam_options < $scandir/$wmaildir/new/$file_id");
+ open(DSPAM,"$dspam_binary $dspam_options <
$scandir/$wmaildir/new/$file_id|")||&error_condition("cannot run $dspam_binary <
$scandir/$wmaildir/new/$file_id - $!");
+ open(SOUT,">$scandir/$wmaildir/new/$file_id.dspam")||&error_condition("cannot open
for write $scandir/$wmaildir/new/$file_id.dspam - $!");
+ open(MYDEBUG,">/tmp/dspam.debug");
+ while (<DSPAM>) {
+ if ($dspam_fast) {
+# X-DSPAM-Result: alias; result="Innocent"; probability=0.0000; confidence=1.00
+ chomp;
+ /result="(\w+)";/;
+ if ($1 eq "Spam") {
+ $dspam_status=1;
+ $dspam_comment="Spam";
+ /probability=(.*)\;/;
+ $dspam_level=$1;
+ } else {
+ $dspam_status=0;
+ $dspam_comment="Innocent";
+ /probability=(.*)\;/;
+ $dspam_level=$1;
+ }
+ } else {
+ if (/^X-DSPAM-Result: Spam/) {
+ $dspam_status=1;
+ $dspam_comment="Spam";
+ if (/^X-DSPAM-Probability: (.*)\n/) {
+ $dspam_level=$1;
+ }
+ } else {
+ $dspam_status=0;
+ $dspam_comment="Innocent";
+ if (/^X-DSPAM-Probability: (.*)\n/) {
+ $dspam_level=$1;
+ }
+ }
+ if (/^X-DSPAM/) {
+ $dspam_extra .=$_;
+ }
+ }
+ print SOUT;
+ print MYDEBUG "[$_]\n";
+ }
+ close DSPAM ;
+ $dspam_status=($? >> 8);
+
+ close SOUT;
+ close MYDEBUG;
+
+
+ if (!$dspam_fast && -s "$scandir/$wmaildir/new/$file_id.dspam" && $dspam_status ==
0) {
+ &debug("DSPAM: overwriting $scandir/$wmaildir/new/$file_id with
$scandir/$wmaildir/new/$file_id.dspam");
+ rename
("$scandir/$wmaildir/new/$file_id.dspam","$scandir/$wmaildir/new/$file_id");
+ } else {
+ unlink("$scandir/$wmaildir/new/$file_id.dspam");
+ }
+ $stop_dspam_time=[gettimeofday];
+ $dspam_time = tv_interval ($start_dspam_time, $stop_dspam_time);
+ &debug("DSPAM: finished scan of dir \"$ENV{'TMPDIR'}\" in $dspam_time secs");
+}
+
+
+
#########################
## END of scanner definitions
##
