Rocksolid Light

Welcome to Rocksolid Light

mail  files  register  newsreader  groups  login

Message-ID:  

When the blind lead the blind they will both fall over the cliff. -- Chinese proverb

rocksolid / Rocksolid Nodes Help / Re: How does rslight work with spamassassin?

Re: How does rslight work with spamassassin?

<ulvqn3$o6rc$2@paganini.bofh.team>

  copy mid

https://news.novabbs.org/rocksolid/article-flat.php?id=741&group=rocksolid.nodes.help#741

  copy link   Newsgroups: rocksolid.nodes.help
Path: i2pn2.org!i2pn.org!paganini.bofh.team!tor-network!not-for-mail
From: none@none.none (Nobody)
Newsgroups: rocksolid.nodes.help
Subject: Re: How does rslight work with spamassassin?
Date: Wed, 20 Dec 2023 16:45:04 -0600
Organization: To protect and to server
Message-ID: <ulvqn3$o6rc$2@paganini.bofh.team>
References: <uluu01$mi8d$1@paganini.bofh.team>
<1a8f06b429babaf01ad2875184a92755$1@news.novabbs.org>
<ulvmo7$o6rc$1@paganini.bofh.team>
<010e43fe9d15135071be38ca2fd17ca6$1@news.novabbs.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Injection-Date: Wed, 20 Dec 2023 22:43:48 -0000 (UTC)
Injection-Info: paganini.bofh.team; logging-data="793452"; posting-host="F+F38+zMWVH/XwdWUJrE5w.user.paganini.bofh.team"; mail-complaints-to="usenet@bofh.team"; posting-account="9dIQLXBM7WM9KzA+yjdR4A";
Cancel-Lock: sha256:n2Y0uLhpXc4AOrsaxlaYgxFroA2RzPukb1PKNl+Zxes=
X-Notice: Filtered by postfilter v. 0.9.3
X-TOR-Router: sha256:MjYwMjpmYzI0OjE4OjFjNTQ6OjE= --
 by: Nobody - Wed, 20 Dec 2023 22:45 UTC

On Wed, 20 Dec 2023 21:48:40 +0000
Retro Guy <retroguy@novabbs.org> wrote:

> On Wed, 20 Dec 2023 15:37:25 -0600, SugarBug wrote:
>
> > On Wed, 20 Dec 2023 14:57:23 +0000 Retro Guy <retroguy@novabbs.org>
> > wrote:
> >
> >> On Wed, 20 Dec 2023 08:34:55 -0600, SugarBug wrote:
> >>
> >> > What data and type does rslight pass to the spamassassin
> >> > application?
> >> >
> >> > What data and type is returned from spamassassin back to rslight?
> >> >
> >> > Does spamassassin return a boolean, path, filename, blob, score
> >> > integer, etc.? Or what type of data does rslight expect from
> >> > spamassassin?
> >> >
> >> > Does spamassassin handle the message/article files directly, or
> >> > does it pass a value to rslight which then handles the data?
> >> >
> >> > The reason I ask is because I want to know the exact nature of
> >> > the data passed between the applications so I can make a script
> >> > to buffer between spamassassin and catch a short list of rules
> >> > without invoking spamc.
> >>
> >> Spam filtering is handled in the function: 'function check_spam' in
> >> newsportal.php (line 1260).
> >>
> >> It builds a message with by finishing the header, then combining
> >> with the body, so: $tmpheader.$body is the entire message.
> >>
> >> I use spamc because my spamassassin install is remote from my
> >> rslight servers, but you should be able to call spamassassin
> >> directly at line 1276 (change to):
> >> $spamcommand = 'spamassassin -t < '.$spamfile;
> >>
> >> Then you will need to read $spamresult to see what comes back, and
> >> act on the reply.
> >>
> >> I do not have much familiarity with what the result might be, as I
> >> always use spamc.
> >>
> >> Anyway, the function mentioned above is where this all takes
> >> place. I hope I've provided at least a bit of helpful information
> >> :)
> >
> > No matter what I do, nothing is blocked, not spam headers are
> > generated, and nothing is moved to the spam group.
> >
> > I have copied the same custom blacklist_from config to every
> > spamassassin config directory on the machine, restarted, rebooted,
> > wiped and started over, and nada. It's like spamc and spamd don't
> > even exist on the machine. They work fine with exim, but nothing is
> > happening when called from rslight.
> >
> > How are you adding custom header scoring rules and blacklist_from
> > rules?
>
> Ok... Let's start here:
>
> First check your rslight.inc.php:
>
> 'spamassassin' => '1', // enables spamassassin checking

Yup, checked.

> 'spamc' => 'spamc', // points to your spamc. If not in your path,

Yup, checked.

> enter the full path.
> 'spamgroup' => 'rocksolid.spam', // where to post detected spam

Yup, then after it didn't work for many runs, I created the group
spam.spam.spam and changed it to spam.spam.spam then back to
rocksolid.spam. Still no workie. Currently set back to rocksolid.spam.
Three runs on blank spool. No workie.
> You can test spamassassin by saving a full article, including headers
> to a file, then:
>
> spamc -E < spam_filename

The addresses in the blocklist are throwing the spam flag. I spun up a
test message just to be sure, and the rule:

blacklist_from black@hole.url does indeed throw the 100 points for
spam. Here is syslog:

<testing@spamc.test>,autolearn=no autolearn_force=no
2023-12-20T17:20:26.498352-05:00 nightbulb spamd[5466]: spamd:
processing message <testing@spamc.test> for sybershock.com:1003
2023-12-20T17:20:26.664107-05:00 nightbulb spamd[5466]: spamd: result:
Y 103 -
DKIM_ADSP_NXDOMAIN,EMPTY_MESSAGE,NO_RECEIVED,NO_RELAYS,USER_IN_BLOCKLIST
scantime=0.2,size=243,user=sybershock.com,uid=1003,required_score=5.0,rhost=localhost,raddr=::1,rport=55386,mid=<testing@spamc.test>,autolearn=no
autolearn_force=no

Here is the spamc output:

$> $ spamc -E < deleteme.eml
Received: from localhost by nightbulb.net
with SpamAssassin (version 4.0.0);
Wed, 20 Dec 2023 17:20:26 -0500
From: black@hole.url
To: deep@dark.url
Subject: 40 Trillion Pounds of Free Mushrooms to Recover Your Lost
Bitcoin Date: Wed, 20 Dec 2023 17:18:49 -0500
Message-Id: <testing@spamc.test>
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on nightbulb.net
X-Spam-Flag: YES
X-Spam-Level: **************************************************
X-Spam-Status: Yes, score=103.1 required=5.0 tests=DKIM_ADSP_NXDOMAIN,
EMPTY_MESSAGE,NO_RECEIVED,NO_RELAYS,USER_IN_BLOCKLIST
autolearn=no autolearn_force=no version=4.0.0
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_658368AA.04D6ACDD"

This is a multi-part message in MIME format.

------------=_658368AA.04D6ACDD
Content-Type: text/plain; charset=UTF-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit

Spam detection software, running on the system "nightbulb.net",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.

Content preview:

Content analysis details: (103.1 points, 5.0 required)

pts rule name description
---- ----------------------
-------------------------------------------------- -0.0 NO_RECEIVED
Informational: message has no Received headers 2.3
EMPTY_MESSAGE Message appears to have no textual parts 100
USER_IN_BLOCKLIST From: user is listed in the block-list 0.8
DKIM_ADSP_NXDOMAIN No valid author signature and domain not in DNS
-0.0 NO_RELAYS Informational: message was not relayed via
SMTP

------------=_658368AA.04D6ACDD
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: inline
Content-Transfer-Encoding: 8bit

From: black@hole.url
To: deep@dark.url
Newsgroups: spam.spam.spam
Message-ID: <testing@spamc.test>
Subject: 40 Trillion Pounds of Free Mushrooms to Recover Your Lost
Bitcoin Date: Wed, 20 Dec 2023 17:18:49 -0500
This is a test of the spamc.
..

------------=_658368AA.04D6ACDD--

Then I tested for this famous Usenet celebrity (HeartDoc Andrew
<disciple@T3WiJ.com>), who I placed in the blacklist, and sure enough,
spamc marks it as spam, but the article still shows up in the groups.
None of his messages are moved to spam:

Received: from localhost by nightbulb.net
with SpamAssassin (version 4.0.0);
Wed, 20 Dec 2023 17:29:48 -0500
From: HeartDoc Andrew <disciple@T3WiJ.com>
Subject: WDJW thought for 11/30/23 ...
Date: Thu, 30 Nov 2023 00:50:41 -0500
Message-Id: <7k8gmi98v09e9i12otj07unm5oudn1c5t4@4ax.com>
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on nightbulb.net
X-Spam-Flag: YES
X-Spam-Level: **************************************************
X-Spam-Status: Yes, score=101.2 required=5.0
tests=MISSING_HEADERS,NO_RECEIVED,
NO_RELAYS,URIBL_BLOCKED,USER_IN_BLOCKLIST autolearn=no
autolearn_force=no version=4.0.0 MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_65836ADC.7C778723"

This is a multi-part message in MIME format.

------------=_65836ADC.7C778723
Content-Type: text/plain; charset=UTF-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit

Spam detection software, running on the system "nightbulb.net",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.

Content preview: "He said in a loud voice, 'Fear GOD and give Him
glory, because the hour of His judgment has come. Worship Him Who made
the heavens, the Earth, the sea and the springs of water.'” (Revelation
14:7)

Content analysis details: (101.2 points, 5.0 required)

pts rule name description
---- ----------------------
-------------------------------------------------- -0.0 NO_RECEIVED
Informational: message has no Received headers 100
USER_IN_BLOCKLIST From: user is listed in the block-list 0.0
URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
information. [URI: bit.ly]
[URI: wdjw.net]
[URI: wonderfullyhungry.org]
-0.0 NO_RELAYS Informational: message was not relayed via
SMTP 1.2 MISSING_HEADERS Missing To: header

[truncated]

Multiple times I deleted the entire spool, set overrides so they would
pull only a few messages per run, and ran multiple times, and none of
the spam is moved to spam.

SubjectRepliesAuthor
o How does rslight work with spamassassin?

By: SugarBug on Wed, 20 Dec 2023

37SugarBug
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor