1. Forum
  2. Usenet
  3. COMP.MAIL.SENDMAIL

  • Subject header check question

    From Stefan Parvu@21:1/5 to All on Sun Mar 6 11:40:02 2022
    Hi,

    I need a bit help to understand what Im doing wrong. From the BAT book I have tried to reuse 7.3.1 Virus Screening by Subject on FreeBSD 13 with sendmail 8.17.1.

    I have created a flat file where I keep some email subjects, called spamsubjects. the content of the file is something like this:

    This is a spam REJECT
    Another line REJECT

    and create a hash out of it using makemap.
    makemap -t\tab hash spamsubjects < spamsubjects

    Then inside my .mc file I have defined:

    LOCAL_CONFIG
    Kspamsubdb hash /etc/mail/spamsubjects
    HSubject: $>ScreenSubject

    LOCAL_RULESETS
    SScreenSubject
    R $* $: $(spamsubdb $&{currHeader} $: OK $) $1
    R REJECT $* $#error $: "553 Subject:" $1 ": Not allowed"

    But it does not work. Nothing gets blocked. Any ideas what I am doing wrong?

    Thanks,
    Stefan

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Stefan Parvu@21:1/5 to All on Sun Mar 6 11:41:06 2022
    This is a spam REJECT
    Another line REJECT

    In the real file, I have TAB between the spam subject and REJECT.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Stefan Parvu@21:1/5 to All on Mon Mar 7 02:41:27 2022
    Thanks for message.

    So this should work:
    This is a spam REJECT
    (space.........tab)

    Let me see if I understood you correctly. Are you saying I should reformat my spamsubjects file? Not to use spaces within?
    Or

    Even If I have a single word like:

    MYPATTERN\tabREJECT

    won't work

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Stefan Parvu@21:1/5 to All on Mon Mar 7 03:03:02 2022
    `` This is a spam''
    that is, it has a _leading_ space.

    Huh. Got it. 10 x thanks.
    It works fine. I will continue experimenting with this.

    Thanks again!

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Claus =?iso-8859-1?Q?A=DFmann?= @21:1/5 to Stefan Parvu on Mon Mar 7 05:53:12 2022
    Stefan Parvu wrote:

    This is a spam REJECT
    (space.........tab)

    What removed the leading space and changed the TAB?

    Let me see if I understood you correctly. Are you saying I should reformat my spamsubjects file? Not to use spaces within?

    No. The LHS must be (without the quotes):
    `` This is a spam''
    that is, it has a _leading_ space.

    Run something like
    sendmail -bs -d38.20 -d39.20
    ...
    to see what's going on (or start a daemon with
    -D/tmp/sm.log -d89.9 -d38.20 -d39.20
    and send a message through it).

    --
    Note: please read the netiquette before posting. I will almost never
    reply to top-postings which include a full copy of the previous
    article(s) at the end because it's annoying, shows that the poster
    is too lazy to trim his article, and it's wasting the time of all readers.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Claus =?iso-8859-1?Q?A=DFmann?= @21:1/5 to Stefan Parvu on Mon Mar 7 10:26:08 2022
    Stefan Parvu wrote:

    This is a spam REJECT

    makemap -t\tab hash spamsubjects < spamsubjects

    Kspamsubdb hash /etc/mail/spamsubjects
    HSubject: $>ScreenSubject

    SScreenSubject
    R $* $: $(spamsubdb $&{currHeader} $: OK $) $1
    R REJECT $* $#error $: "553 Subject:" $1 ": Not allowed"

    But it does not work. Nothing gets blocked. Any ideas what I am doing wrong?

    "It's complicated"

    op.txt: {currHeader} ... ``Header value as quoted string''
    which means
    'a b c'
    is represented as
    '" a b c "'
    BUT for the map lookup the quotes are removed leaving us with:
    ' a b c'
    "interesting", isn't it?

    So this should work:
    This is a spam REJECT
    (space.........tab)

    In general it is better to use a regex map to match the values
    of "unstructured" headers (non-address fields).


    --
    Note: please read the netiquette before posting. I will almost never
    reply to top-postings which include a full copy of the previous
    article(s) at the end because it's annoying, shows that the poster
    is too lazy to trim his article, and it's wasting the time of all readers.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Stefan Parvu@21:1/5 to All on Mon Mar 7 05:51:21 2022
    In general it is better to use a regex map to match the values
    of "unstructured" headers (non-address fields).

    how could I change and improve the rulesets to use a regex map to match the values from my spam subject file?
    Is it difficult? Any pointers?


    Right now, Im using something like this:

    LOCAL_RULESETS
    SScreenSubject
    R $* $: $(subdb $&{currHeader} $: OK $) $1
    R REJECT $* $#error $: "553 Subject:" $1 ": Not allowed"

    Thank you
    Stefan

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Claus =?iso-8859-1?Q?A=DFmann?= @21:1/5 to Stefan Parvu on Mon Mar 7 15:22:48 2022
    Stefan Parvu wrote:

    how could I change and improve the rulesets to use a regex map to match the values from my spam subject file?

    You would have to put all of the data into the regex. If you have
    many entries or if you change the content often, then it might be
    better to use milter-regex so you don't have to restart sendmail
    after each change.

    Otherwise it's fairly simple: just replace the map definition,
    e.g., something like this:
    Kspamsubdb regex (This is spam|Another line)


    --
    Note: please read the netiquette before posting. I will almost never
    reply to top-postings which include a full copy of the previous
    article(s) at the end because it's annoying, shows that the poster
    is too lazy to trim his article, and it's wasting the time of all readers.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Stefan Parvu@21:1/5 to All on Tue Mar 8 00:48:05 2022
    You would have to put all of the data into the regex. If you have
    many entries or if you change the content often, then it might be
    better to use milter-regex so you don't have to restart sendmail
    after each change.

    I see. Im not familiar with milter-regex (plugins to sendmail
    written in C AFAIK) but probable will just use the basic regex
    within the ruleset. Lets see if I can make it happen.


    Otherwise it's fairly simple: just replace the map definition,
    e.g., something like this:
    Kspamsubdb regex (This is spam|Another line)

    Thanks

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)