Author: jm
Date: Fri Sep 1 10:27:37 2006
New Revision: 439387
URL: http://svn.apache.org/viewvc?rev=439387&view=rev
Log:
anti-bounce ruleset now supports configuration via "whitelist_bounce_relays" setting, which should be set to the names of relays you want to allow bounces from; implemented via a new plugin
Added:
spamassassin/rules/trunk/sandbox/jm/VBounce.pm
Modified:
spamassassin/rules/trunk/sandbox/jm/20_vbounce.cf
Modified: spamassassin/rules/trunk/sandbox/jm/20_vbounce.cf
URL: http://svn.apache.org/viewvc/spamassassin/rules/trunk/sandbox/jm/20_vbounce.cf?rev=439387&r1=439386&r2=439387&view=diff
==============================================================================
--- spamassassin/rules/trunk/sandbox/jm/20_vbounce.cf (original)
+++ spamassassin/rules/trunk/sandbox/jm/20_vbounce.cf Fri Sep 1 10:27:37 2006
@@ -22,9 +22,20 @@
#
# Change the pattern to match your servers' IPs or hostnames.
#
-body MY_SERVERS_FOUND /(?:195\.218\.96\.101|radish\.jmason\.org)/
+loadplugin Mail::SpamAssassin::Plugin::VBounce VBounce.pm
+
+ifplugin Mail::SpamAssassin::Plugin::VBounce
+
+# add 'whitelist_bounce_relays' lines, like so:
+#
+# whitelist_bounce_relays dogma.boxhost.net
+#
+# see 'perldoc VBounce.pm' for documentation.
+
+body MY_SERVERS_FOUND eval:check_whitelist_bounce_relays()
tflags MY_SERVERS_FOUND nice
-score MY_SERVERS_FOUND -1
+score MY_SERVERS_FOUND -0.001
+endif
# ---------------------------------------------------------------------------
# General bounce messages
Added: spamassassin/rules/trunk/sandbox/jm/VBounce.pm
URL: http://svn.apache.org/viewvc/spamassassin/rules/trunk/sandbox/jm/VBounce.pm?rev=439387&view=auto
==============================================================================
--- spamassassin/rules/trunk/sandbox/jm/VBounce.pm (added)
+++ spamassassin/rules/trunk/sandbox/jm/VBounce.pm Fri Sep 1 10:27:37 2006
@@ -0,0 +1,145 @@
+# <@LICENSE>
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to you under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at:
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# </@LICENSE>
+
+=head1 NAME
+
+Mail::SpamAssassin::Plugin::VBounce
+
+=head1 SYNOPSIS
+
+ loadplugin Mail::SpamAssassin::Plugin::VBounce [/path/to/VBounce.pm]
+
+=cut
+
+package Mail::SpamAssassin::Plugin::VBounce;
+
+use Mail::SpamAssassin::Plugin;
+use strict;
+use warnings;
+
+our @ISA = qw(Mail::SpamAssassin::Plugin);
+
+sub new {
+ my $class = shift;
+ my $mailsaobject = shift;
+
+ $class = ref($class) || $class;
+ my $self = $class->SUPER::new($mailsaobject);
+ bless ($self, $class);
+
+ $self->register_eval_rule("check_whitelist_bounce_relays");
+
+ $self->set_config($mailsaobject->{conf});
+
+ return $self;
+}
+
+sub set_config {
+ my($self, $conf) = @_;
+ my @cmds = ();
+
+=head1 USER PREFERENCES
+
+The following options can be used in both site-wide (C<local.cf>) and
+user-specific (C<user_prefs>) configuration files to customize how
+SpamAssassin handles incoming email messages.
+
+=over 4
+
+=item whitelist_bounce_relays hostname [hostname2 ...]
+
+The hostnames of relays that we trust to generate "good" bounce messages.
+
+The hostnames can be file-glob-style patterns, so C<relay*.isp.com> will work.
+Specifically, C<*> and C<?> are allowed, but all other metacharacters are not.
+Regular expressions are not used for security reasons.
+
+Multiple addresses per line, separated by spaces, is OK. Multiple
+C<whitelist_from> lines is also OK.
+
+
+=cut
+
+ push (@cmds, {
+ setting => 'whitelist_bounce_relays',
+ type => $Mail::SpamAssassin::Conf::CONF_TYPE_ADDRLIST
+ });
+
+ $conf->{parser}->register_commands(\@cmds);
+}
+
+sub check_whitelist_bounce_relays {
+ my ($self, $pms) = @_;
+
+ my $body = $pms->get_decoded_stripped_body_text_array();
+ my $res;
+
+ # catch lines like:
+ # Received: by dogma.boxhost.net (Postfix, from userid 1007)
+
+ # check the plain-text body, first
+ foreach my $line (@{$body}) {
+ next unless ($line =~ /Received: /);
+ while ($line =~ / (\S+\.\S+) /g) {
+ return 1 if $self->_relay_is_in_whitelist_bounce_relays($pms, $1);
+ }
+ }
+
+ # now check any "message/anything" attachment MIME parts, too
+ foreach my $p ($pms->{msg}->find_parts(qr/^message\//)) {
+ my $line = $p->decode();
+ {
+ next unless ($line =~ /Received: /);
+ while ($line =~ / (\S+\.\S+) /g) {
+ return 1 if $self->_relay_is_in_whitelist_bounce_relays($pms, $1);
+ }
+ }
+ }
+
+ return 0;
+}
+
+sub _relay_is_in_whitelist_bounce_relays {
+ my ($self, $pms, $relay) = @_;
+ return 1 if $self->_relay_is_in_list(
+ $pms->{conf}->{whitelist_bounce_relays}, $pms, $relay);
+ dbg("rules: relay $relay doesn't match any whitelist");
+}
+
+sub _relay_is_in_list {
+ my ($self, $list, $pms, $relay) = @_;
+ $relay = lc $relay;
+
+ if (defined $list->{$relay}) { return 1; }
+
+ foreach my $regexp (values %{$list}) {
+ if ($relay =~ qr/$regexp/i) {
+ dbg("rules: relay $relay matches regexp: $regexp");
+ return 1;
+ }
+ }
+
+ return 0;
+}
+
+1;
+__DATA__
+
+=back
+
+=cut
+
Date: Fri Sep 1 10:27:37 2006
New Revision: 439387
URL: http://svn.apache.org/viewvc?rev=439387&view=rev
Log:
anti-bounce ruleset now supports configuration via "whitelist_bounce_relays" setting, which should be set to the names of relays you want to allow bounces from; implemented via a new plugin
Added:
spamassassin/rules/trunk/sandbox/jm/VBounce.pm
Modified:
spamassassin/rules/trunk/sandbox/jm/20_vbounce.cf
Modified: spamassassin/rules/trunk/sandbox/jm/20_vbounce.cf
URL: http://svn.apache.org/viewvc/spamassassin/rules/trunk/sandbox/jm/20_vbounce.cf?rev=439387&r1=439386&r2=439387&view=diff
==============================================================================
--- spamassassin/rules/trunk/sandbox/jm/20_vbounce.cf (original)
+++ spamassassin/rules/trunk/sandbox/jm/20_vbounce.cf Fri Sep 1 10:27:37 2006
@@ -22,9 +22,20 @@
#
# Change the pattern to match your servers' IPs or hostnames.
#
-body MY_SERVERS_FOUND /(?:195\.218\.96\.101|radish\.jmason\.org)/
+loadplugin Mail::SpamAssassin::Plugin::VBounce VBounce.pm
+
+ifplugin Mail::SpamAssassin::Plugin::VBounce
+
+# add 'whitelist_bounce_relays' lines, like so:
+#
+# whitelist_bounce_relays dogma.boxhost.net
+#
+# see 'perldoc VBounce.pm' for documentation.
+
+body MY_SERVERS_FOUND eval:check_whitelist_bounce_relays()
tflags MY_SERVERS_FOUND nice
-score MY_SERVERS_FOUND -1
+score MY_SERVERS_FOUND -0.001
+endif
# ---------------------------------------------------------------------------
# General bounce messages
Added: spamassassin/rules/trunk/sandbox/jm/VBounce.pm
URL: http://svn.apache.org/viewvc/spamassassin/rules/trunk/sandbox/jm/VBounce.pm?rev=439387&view=auto
==============================================================================
--- spamassassin/rules/trunk/sandbox/jm/VBounce.pm (added)
+++ spamassassin/rules/trunk/sandbox/jm/VBounce.pm Fri Sep 1 10:27:37 2006
@@ -0,0 +1,145 @@
+# <@LICENSE>
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to you under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at:
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# </@LICENSE>
+
+=head1 NAME
+
+Mail::SpamAssassin::Plugin::VBounce
+
+=head1 SYNOPSIS
+
+ loadplugin Mail::SpamAssassin::Plugin::VBounce [/path/to/VBounce.pm]
+
+=cut
+
+package Mail::SpamAssassin::Plugin::VBounce;
+
+use Mail::SpamAssassin::Plugin;
+use strict;
+use warnings;
+
+our @ISA = qw(Mail::SpamAssassin::Plugin);
+
+sub new {
+ my $class = shift;
+ my $mailsaobject = shift;
+
+ $class = ref($class) || $class;
+ my $self = $class->SUPER::new($mailsaobject);
+ bless ($self, $class);
+
+ $self->register_eval_rule("check_whitelist_bounce_relays");
+
+ $self->set_config($mailsaobject->{conf});
+
+ return $self;
+}
+
+sub set_config {
+ my($self, $conf) = @_;
+ my @cmds = ();
+
+=head1 USER PREFERENCES
+
+The following options can be used in both site-wide (C<local.cf>) and
+user-specific (C<user_prefs>) configuration files to customize how
+SpamAssassin handles incoming email messages.
+
+=over 4
+
+=item whitelist_bounce_relays hostname [hostname2 ...]
+
+The hostnames of relays that we trust to generate "good" bounce messages.
+
+The hostnames can be file-glob-style patterns, so C<relay*.isp.com> will work.
+Specifically, C<*> and C<?> are allowed, but all other metacharacters are not.
+Regular expressions are not used for security reasons.
+
+Multiple addresses per line, separated by spaces, is OK. Multiple
+C<whitelist_from> lines is also OK.
+
+
+=cut
+
+ push (@cmds, {
+ setting => 'whitelist_bounce_relays',
+ type => $Mail::SpamAssassin::Conf::CONF_TYPE_ADDRLIST
+ });
+
+ $conf->{parser}->register_commands(\@cmds);
+}
+
+sub check_whitelist_bounce_relays {
+ my ($self, $pms) = @_;
+
+ my $body = $pms->get_decoded_stripped_body_text_array();
+ my $res;
+
+ # catch lines like:
+ # Received: by dogma.boxhost.net (Postfix, from userid 1007)
+
+ # check the plain-text body, first
+ foreach my $line (@{$body}) {
+ next unless ($line =~ /Received: /);
+ while ($line =~ / (\S+\.\S+) /g) {
+ return 1 if $self->_relay_is_in_whitelist_bounce_relays($pms, $1);
+ }
+ }
+
+ # now check any "message/anything" attachment MIME parts, too
+ foreach my $p ($pms->{msg}->find_parts(qr/^message\//)) {
+ my $line = $p->decode();
+ {
+ next unless ($line =~ /Received: /);
+ while ($line =~ / (\S+\.\S+) /g) {
+ return 1 if $self->_relay_is_in_whitelist_bounce_relays($pms, $1);
+ }
+ }
+ }
+
+ return 0;
+}
+
+sub _relay_is_in_whitelist_bounce_relays {
+ my ($self, $pms, $relay) = @_;
+ return 1 if $self->_relay_is_in_list(
+ $pms->{conf}->{whitelist_bounce_relays}, $pms, $relay);
+ dbg("rules: relay $relay doesn't match any whitelist");
+}
+
+sub _relay_is_in_list {
+ my ($self, $list, $pms, $relay) = @_;
+ $relay = lc $relay;
+
+ if (defined $list->{$relay}) { return 1; }
+
+ foreach my $regexp (values %{$list}) {
+ if ($relay =~ qr/$regexp/i) {
+ dbg("rules: relay $relay matches regexp: $regexp");
+ return 1;
+ }
+ }
+
+ return 0;
+}
+
+1;
+__DATA__
+
+=back
+
+=cut
+