add action to watermarking

Eric Hoeve ebhoeve-ms at ehoeve.com
Thu Feb 26 16:04:14 GMT 2009


On Thu, February 26, 2009 4:33 am, Julian Field wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> On 26/2/09 10:26, Julian Field wrote:
>> * PGP Signed: 02/26/09 at 10:26:22
>>
>>
>>
>> On 24/2/09 19:16, Eric Hoeve wrote:
>>> Glenn Steen said the following, On 2/24/2009 2:59 AM:
>>>> 2009/2/23 Eric Hoeve <ebhoeve-ms at ehoeve.com>:
>>>>> First off I want to say that MailScanner is a great piece of
>>>>> software that
>>>>> has helped me tremendously.
>>>>>
>>>>> Background: I have Spam and High Scoring Spam setup to deliver with a
>>>>> special header that allows the MUA know it should drop the message
>>>>> in the
>>>>> spam bucket.
>>>>>
>>>>> Now I am getting a ton of 'backscatter' from spammer(s) spoofing
>>>>> one of our
>>>>> users email address to send spam. Now they get tons of 'bounce'
>>>>> messages and
>>>>> fillingup their mailbox (spam bucket) because I am using the
>>>>> watermark
>>>>> feature. Would their be a way to make it so I could just delete all
>>>>> email
>>>>> that bounces to a specific user and also failing the watermark
>>>>> test. I see
>>>>> my current choices are 'spam', 'high scoring spam', etc but no
>>>>> delete/drop
>>>>> option. It would be nice if I could do something like this in
>>>>> 'rules'.
>>>>>
>>>>> Current MS Version is: 4.73.4.
>>>>>
>>>>> Thanks in advance.
>>>>>
>>>>> -Eric
>>>>> -=-=-=-=-=-=-=-=-=-=-=-
>>>>> Eric Hoeve
>>>>
>>>> Why not delete the High Scoring Spam and set it to that?
>>>>
>>>> Cheers
>>> Thanks for the prompt relies.
>>>
>>> I had kind of thought about doing it that way.However, I was looking
>>> at the code for the watermark in
>>> /usr/lib/MailScanner/MailScanner/Message.pm
>>>
>>> Unfortunately I do not have a spare system hanging around where I can
>>> test these code changes, but what if I add the following code:
>>>
>>> --- MailScanner/Message.bak 2009-02-24 12:50:31.000000000 -0600
>>> +++ MailScanner/Message.pm  2009-02-24 13:02:05.000000000 -0600
>>> @@ -569,6 +569,12 @@
>>>     #print STDERR "mshmacnull = $mshmacnull\n";
>>>     # This can be "none", "spam" or "high-scoring spam"
>>>     #$mshmacnull =~ s/[^a-z]//g;
>>> +    if ($mshmacnull =~ /delete/) {
>>> +      $this->{deleted} = 1;
>>> +      $this->{dontdeliver} = 1;
>>> +      MailScanner::Log::InfoLog("Message %s from %s has no (or
>>> invalid) watermark or sender address delete message", $this->{id},
>>> $this->{clientip}) if $LogSpam;;
>>> +      return 1;
>>> +    }
>>>     if ($mshmacnull =~ /high/) {
>>>       my $highscore =
>>> MailScanner::Config::Value('highspamassassinscore', $this);
>>>       $this->{isspam} = 1;
>>>
>>> ---------- End of Code --------------------------------------------
>>>
>>> Would that mark the message as 'deleted' and thus delete the message???
>>> Then I could just use 'Treat Invalid Watermarks With No Sender as
>>> Spam = delete'.
>>>
>>> If that would work maybe you could add that code snippet to the next
>>> release of MailScanner.
>>>
>>> This was just a thought. Otherwise I will probably just end use what
>>> Glenn or Gareth mentioned.
>> You nearly got the code right, very close in fact. I have added code
>> to do this, and it will be in the next release.
> As in the release I just made for you :-)
>
> Jules
>
> - --
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your boss?
> Contact me!
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.9.1 (Build 287)
> Comment: Use Enigmail to decrypt or check this message is legitimate
> Charset: UTF-8
>
> wj8DBQFJpm/8EfZZRxQVtlQRAhLtAKDx+ZgFrlRQtSMzr3BzRwjBpNan2wCguIaG
> vyPzJ0noDVPvtAdGD1ggfiM=
> =E3Z0
> -----END PGP SIGNATURE-----
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
Jules,

Thanks. This is why I use open-source software like MailScanner.

kind regards,

-Eric

--
Eric Hoeve


More information about the MailScanner mailing list