search

MailScanner / v5

MailScanner v5
GNU General Public License v2.0
182 stars 58 forks source link

Check SpamAssassin If On Spam List = yes creates loop #609

Closed bogdanrotariu closed 1 year ago

bogdanrotariu commented 2 years ago

We are using MSFE from configserver and MailScanner version 5.3.3. When we enable Check SpamAssassin If On Spam List = yes in the config, the MailScanner starts on looping while scanning the messages and eventually MailScanner dies. Disabling the option fixes the issue.

This is the configuration we use:

Max Children = 6
Milter Max Children = 30

%org-name% = PROVIDER
%org-long-name% = PROVIDER company
%web-site% = www.PROVIDER.com

Spam-Virus Header = X-%org-name%-MailScanner-SpamVirus-Report:
Mail Header = X-%org-name%-MailScanner:
Spam Header = X-%org-name%-MailScanner-SpamCheck:
Spam Score Header = X-%org-name%-MailScanner-SpamScore:
Information Header = X-%org-name%-MailScanner-Information:
Envelope From Header = X-%org-name%-MailScanner-From:
Envelope To Header = X-%org-name%-MailScanner-To:
ID Header = X-%org-name%-MailScanner-ID:
IP Protocol Version Header = # X-%org-name%-MailScanner-IP-Protocol:
Hostname = The %org-name% ($HOSTNAME) MailScanner
Attachment Warning Filename = %org-name%-Attachment-Warning.txt
MCP Header = X-%org-name%-MailScanner-MCPCheck:

Use Watermarking = yes
Add Watermark = yes
Treat Invalid Watermarks With No Sender as Spam = nothing
Check Watermarks To Skip Spam Checks = yes
Watermark Secret = <REDACTED>
Watermark Lifetime = 604800
Watermark Header = X-%org-name%-MailScanner-Watermark:

Ignored Web Bug Filenames = spacer pixel.gif pixel.png gap shim 1xspacer.gif
Web Bug Replacement = https://s3.amazonaws.com/msv5/images/spacer.gif
Notify Senders Of Blocked Filenames Or Filetypes = no
Notify Senders Of Other Blocked Content = no
Max Spam Check Size = 50000k
Max SpamAssassin Size = 2000k
Max Custom Spam Scanner Size = 2000k
MCP Max SpamAssassin Size = 1000k
Spam List = SBL+XBL ABUSE-RO-RBL ABUSE-RO-URI-BL spamcop.net DRONE-DNS-BL RATS-SPAM Easynet-Proxies CBL
Spam Lists To Be Spam = 2
Spam Lists To Reach High Score = 3
Log SpamAssassin Rule Actions = yes
Clamd Use Threads = yes
SpamScore Number Instead Of Stars = yes
Spam Modify Subject = no
Spam Subject Text = [SPAM]
High Scoring Spam Modify Subject = start
High Scoring Spam Subject Text = [Definitely Spam]
Check SpamAssassin If On Spam List = yes
Find Phishing Fraud = yes
Also Find Numeric Phishing = yes
Use Stricter Phishing Net = no
Phishing Modify Subject = start
Phishing Subject Text = [FRAUD]

Disarmed Modify Subject = no
Spam List Definitions = /usr/mailscanner/etc/provider.spam.lists.conf
SpamAssassin Prefs File = /usr/mailscanner/etc/provider.spam.assassin.prefs.conf
Cache SpamAssassin Results = yes
Rebuild Bayes Every = 259200
Multiple Headers = replace
SpamAssassin Auto Whitelist = no

Gunzip Command = /bin/gunzip
Unrar Command = /usr/bin/unrar
Un7zip Command = /usr/bin/7z
Maximum Archive Depth = 8
Find Archives By Content = yes
Unpack Microsoft Documents = yes

Log Speed = yes
Log Permitted Filetypes = yes
Log Permitted Filenames = yes
Log Silent Viruses = yes

ClamAV Full Message Scan = yes
Find UU-Encoded Files = yes

Filetype Rules = %rules-dir%/filetype.rules.rules
Archives: Filename Rules = %rules-dir%/archives.filename.rules.rules
Archives: Filetype Rules = %rules-dir%/archives.filetype.rules.rules
Spam List Skip If Authenticated = yes
github-actions[bot] commented 2 years ago

Thank you for submitting your first issue to MailScanner! We will respond to you soon!

shawniverson commented 1 year ago

Tests on my instance with latest MailScanner aren't definitive. I'm not reproducing the loop, but I'm not sure that I am producing the same conditions to trigger the problem. Going to leave unconfirmed for now and keep investigating.

BrockWS commented 1 year ago

We hit the same issue running MailScanner 5.3.3 on WHM with MSFE/ConfigServer, using EXIM MTA

I enabled debug logging and found the following error: Not an ARRAY reference at /usr/mailscanner/usr/share/MailScanner/perl/MailScanner/Message.pm line 753.

Checking the Message.pm, I found that it was calling the postfix section of the code, instead of exim. I manually changed the code to the following, replacing == to eq:

  MailScanner::Log::InfoLog("TESTING MTA: %s | %s", MailScanner::Config::Value('mta'), MailScanner::Config::Value('spamlistskipifauthenticated'));
  MailScanner::Log::InfoLog("TESTING MTA == POSTFIX = %s", (MailScanner::Config::Value('mta') == "postfix"));
  MailScanner::Log::InfoLog("TESTING MTA eq POSTFIX = %s", (MailScanner::Config::Value('mta') eq "postfix"));
  my $isauthenticated = 0;
if (MailScanner::Config::Value('mta') eq "postfix" && MailScanner::Config::Value('spamlistskipifauthenticated')) {
    # MailScanner::Log::InfoLog(Dumper($metadata));
    # Test if sender is authenticated on mta
    MailScanner::Log::InfoLog("TESTING POSTFIX SKIP");
    foreach my $metadata (@{$this->{metadata}}) {
      #Postfix
      if ($metadata =~ m/^Asasl_method=(PLAIN|LOGIN)$/) {
        MailScanner::Log::InfoLog("Sender was authenticated - Not checking RBLs");
        $isauthenticated = 1;
      }
    }
  } elsif (MailScanner::Config::Value('mta') eq "exim" && MailScanner::Config::Value('spamlistskipifauthenticated')) {
    MailScanner::Log::InfoLog("TESTING EXIM SKIP");
    if (exists $this->{metadata}->{dv_auth_id}) {
        MailScanner::Log::InfoLog("Sender was authenticated - Not checking RBLs");
        $isauthenticated = 1;
    }
  }
  MailScanner::Log::InfoLog("Success AFTER");

SYSLOG:

Nov 10 01:45:22 server MailScanner: TESTING MTA: exim | 1
Nov 10 01:45:22 server MailScanner: TESTING MTA == POSTFIX = 1
Nov 10 01:45:22 server MailScanner: TESTING MTA eq POSTFIX = 0
Nov 10 01:45:22 server MailScanner: TESTING EXIM SKIP
Nov 10 01:45:22 server MailScanner: Sender was authenticated - Not checking RBLs
Nov 10 01:45:22 server MailScanner: TESTING AFTER

And everything is running as expected. I am not familiar with Perl so I can't help much.