Mailing List Archive

BCC Rule and Subject change for specific rule
Hello All,

If I'm understanding things correctly, there is a way for me to BCC spam
messages which lets say score 10 and send a BCC to an email address, but
I'm trying to do it within only 1 rule, as well as modify the subject.

What I don't want is a BCC sent for every messages which is scored a 10,
but only the specific rule.

Is there a way for me to accomplish this set of actions?

Thanks!

--
Thanks!
Joey
Re: BCC Rule and Subject change for specific rule [ In reply to ]
On Mon, 4 Jan 2021, Joey J wrote:

> If I'm understanding things correctly, there is a way for me to BCC spam
> messages which lets say score 10 and send a BCC to an email address, but
> I'm trying to do it within only 1 rule, as well as modify the subject.
>
> What I don't want is a BCC sent for every messages which is scored a 10,
> but only the specific rule.
>
> Is there a way for me to accomplish this set of actions?

You can't BCC the message within SpamAssassin, as SA only scores messages.
The MTA or glue layer (what ties SA into your MTA) is what determines
*delivery* of the message based on SA's score.

Potentially, your MTA or glue layer could be configured to look for a
specific scored rule name appearing in the header that lists rule hits and
if found deliver the message to another destination.

But specifically how to do that depends on your MTA and/or your glue. What
are you using?

I'm pretty sure SA only allows setting the subject tag by language, not
based on rule hits. You may beable to modify the subject in the MTA/glue
at the same point you do the extra delivery.

--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
News flash: Lowest Common Denominator down 50 points
-----------------------------------------------------------------------
219 days since the first private commercial manned orbital mission (SpaceX)
Re: BCC Rule and Subject change for specific rule [ In reply to ]
Thanks for the follow up.

I understand what you are saying.
This is SA within ProxMox Mail gateway, I added my custom rule via SA which
is working, just this additional function.

On Mon, Jan 4, 2021 at 8:23 PM John Hardin <jhardin@impsec.org> wrote:

> On Mon, 4 Jan 2021, Joey J wrote:
>
> > If I'm understanding things correctly, there is a way for me to BCC spam
> > messages which lets say score 10 and send a BCC to an email address, but
> > I'm trying to do it within only 1 rule, as well as modify the subject.
> >
> > What I don't want is a BCC sent for every messages which is scored a 10,
> > but only the specific rule.
> >
> > Is there a way for me to accomplish this set of actions?
>
> You can't BCC the message within SpamAssassin, as SA only scores messages.
> The MTA or glue layer (what ties SA into your MTA) is what determines
> *delivery* of the message based on SA's score.
>
> Potentially, your MTA or glue layer could be configured to look for a
> specific scored rule name appearing in the header that lists rule hits and
> if found deliver the message to another destination.
>
> But specifically how to do that depends on your MTA and/or your glue. What
> are you using?
>
> I'm pretty sure SA only allows setting the subject tag by language, not
> based on rule hits. You may beable to modify the subject in the MTA/glue
> at the same point you do the extra delivery.
>
> --
> John Hardin KA7OHZ http://www.impsec.org/~jhardin/
> jhardin@impsec.org pgpk -a jhardin@impsec.org
> key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
> -----------------------------------------------------------------------
> News flash: Lowest Common Denominator down 50 points
> -----------------------------------------------------------------------
> 219 days since the first private commercial manned orbital mission
> (SpaceX)
>


--
Thanks!
Joey
Re: BCC Rule and Subject change for specific rule [ In reply to ]
On 4 Jan 2021, at 20:49, Joey J wrote:

> Thanks for the follow up.
>
> I understand what you are saying.
> This is SA within ProxMox Mail gateway, I added my custom rule via SA
> which
> is working, just this additional function.

So this is really a question for Proxmox experts. There seems to be a
user forum at https://forum.proxmox.com/#proxmox-mail-gateway.4 where
you may find help specific to Proxmox.

In general, the way to handle messages differently based on specific SA
test hits is to have whatever is calling SA look for the special rule
name(s) in the list of hits returned by SA and change the handling based
on what is found. Depending on how exactly the "glue" (e.g: a milter, a
proxy filter, or a delivery filter) operates, that can mean examining a
parsed rule list in the glue layer itself or examining a header added by
the glue layer in the MTA or even downstream from the MTA in the
delivery path.

--
Bill Cole
bill@scconsult.com or billcole@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
Re: BCC Rule and Subject change for specific rule [ In reply to ]
On Mon, Jan 04, 2021 at 05:23:30PM -0800, John Hardin wrote:
> On Mon, 4 Jan 2021, Joey J wrote:
>
> > If I'm understanding things correctly, there is a way for me to BCC spam
> > messages which lets say score 10 and send a BCC to an email address, but
> > I'm trying to do it within only 1 rule, as well as modify the subject.
> >
> > What I don't want is a BCC sent for every messages which is scored a 10,
> > but only the specific rule.
> >
> > Is there a way for me to accomplish this set of actions?
>
> You can't BCC the message within SpamAssassin, as SA only scores messages.
> The MTA or glue layer (what ties SA into your MTA) is what determines
> *delivery* of the message based on SA's score.
>
> Potentially, your MTA or glue layer could be configured to look for a
> specific scored rule name appearing in the header that lists rule hits and
> if found deliver the message to another destination.
>
> But specifically how to do that depends on your MTA and/or your glue. What
> are you using?
>
> I'm pretty sure SA only allows setting the subject tag by language, not
> based on rule hits. You may beable to modify the subject in the MTA/glue
> at the same point you do the extra delivery.
>
Starting from 3.4.3 you can add a prefix to the email subject like that:
header FROM_ME From:name =~ /Me/
subjprefix FROM_ME [From Me]

Giovanni
Re: BCC Rule and Subject change for specific rule [ In reply to ]
On Tue, 5 Jan 2021, Giovanni Bechis wrote:

> On Mon, Jan 04, 2021 at 05:23:30PM -0800, John Hardin wrote:
>>
>> I'm pretty sure SA only allows setting the subject tag by language, not
>> based on rule hits.
>
> Starting from 3.4.3 you can add a prefix to the email subject like that:
> header FROM_ME From:name =~ /Me/
> subjprefix FROM_ME [From Me]

Cool, I missed that at the time. Thanks!

The documentation does mention it exists but does not give an example of
using it...


--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Your mouse has moved. Your Windows Operating System must be
relicensed due to this hardware change. Please contact Microsoft
to obtain a new activation key. If this hardware change results in
added functionality you may be subject to additional license fees.
Your system will now shut down. Thank you for choosing Microsoft.
-----------------------------------------------------------------------
220 days since the first private commercial manned orbital mission (SpaceX)
Re: BCC Rule and Subject change for specific rule [ In reply to ]
On Tue, 5 Jan 2021, John Hardin wrote:

> On Tue, 5 Jan 2021, Giovanni Bechis wrote:
>
>> On Mon, Jan 04, 2021 at 05:23:30PM -0800, John Hardin wrote:
>>>
>>> I'm pretty sure SA only allows setting the subject tag by language, not
>>> based on rule hits.
>>
>> Starting from 3.4.3 you can add a prefix to the email subject like that:
>> header FROM_ME From:name =~ /Me/
>> subjprefix FROM_ME [From Me]
>
> Cool, I missed that at the time. Thanks!
>
> The documentation does mention it exists but does not give an example of
> using it...

Does this work if you're using a milter for your glue?

Is there some special status/command that spamd returns to the milter for this
kind of modification? If so the milters may need to be recoded to implement it.


--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center, 103 S Capitol St.
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
Re: BCC Rule and Subject change for specific rule [ In reply to ]
On Tue, 5 Jan 2021, Dave Funk wrote:

> On Tue, 5 Jan 2021, John Hardin wrote:
>
>> On Tue, 5 Jan 2021, Giovanni Bechis wrote:
>>
>>> On Mon, Jan 04, 2021 at 05:23:30PM -0800, John Hardin wrote:
>>>>
>>>> I'm pretty sure SA only allows setting the subject tag by language, not
>>>> based on rule hits.
>>>
>>> Starting from 3.4.3 you can add a prefix to the email subject like that:
>>> header FROM_ME From:name =~ /Me/
>>> subjprefix FROM_ME [From Me]
>>
>> Cool, I missed that at the time. Thanks!
>>
>> The documentation does mention it exists but does not give an example of
>> using it...
>
> Does this work if you're using a milter for your glue?
>
> Is there some special status/command that spamd returns to the milter for
> this kind of modification? If so the milters may need to be recoded to
> implement it.

No, it's rewriting the message headers before passing the message back to
the MTA. It's already adding a [SPAM] tag to the subject by default (if
enabled). This just allows customization of that behavior.


--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
220 days since the first private commercial manned orbital mission (SpaceX)
Re: BCC Rule and Subject change for specific rule [ In reply to ]
On Tue, 5 Jan 2021 10:14:45 -0800 (PST)
John Hardin wrote:

> On Tue, 5 Jan 2021, Dave Funk wrote:
>
> > On Tue, 5 Jan 2021, John Hardin wrote:

> >>> subjprefix FROM_ME [From Me]
> >>

> >
> > Does this work if you're using a milter for your glue?
> >
> > Is there some special status/command that spamd returns to the
> > milter for this kind of modification? If so the milters may need to
> > be recoded to implement it.
>
> No, it's rewriting the message headers before passing the message
> back to the MTA. It's already adding a [SPAM] tag to the subject by
> default (if enabled). This just allows customization of that behavior.

Assuming that the scan itself adds the headers. I was under the
impression that amavisd adds its own headers.


There's also this rather vague remark in the documentation:

"To be able to use this feature a "add_header all Subjprefix
_SUBJPREFIX_" configuration line could be needed on some setups."
Re: BCC Rule and Subject change for specific rule [ In reply to ]
On 1/6/21 2:40 PM, RW wrote:
> On Tue, 5 Jan 2021 10:14:45 -0800 (PST)
> John Hardin wrote:
>
>> On Tue, 5 Jan 2021, Dave Funk wrote:
>>
>>> On Tue, 5 Jan 2021, John Hardin wrote:
>
>>>>> subjprefix FROM_ME [From Me]
>>>>
>
>>>
>>> Does this work if you're using a milter for your glue?
>>>
>>> Is there some special status/command that spamd returns to the
>>> milter for this kind of modification? If so the milters may need to
>>> be recoded to implement it.
>>
>> No, it's rewriting the message headers before passing the message
>> back to the MTA. It's already adding a [SPAM] tag to the subject by
>> default (if enabled). This just allows customization of that behavior.
>
> Assuming that the scan itself adds the headers. I was under the
> impression that amavisd adds its own headers.
>
>
> There's also this rather vague remark in the documentation:
>
> "To be able to use this feature a "add_header all Subjprefix
> _SUBJPREFIX_" configuration line could be needed on some setups."
>
This is needed to let amavisd (from next released version afaik) or Mimedefang (with a custom mimedefang-filter snippet) parse the headers
and correctly rewrite the subject.

Giovanni
Re: BCC Rule and Subject change for specific rule [ In reply to ]
On Wed, 6 Jan 2021, Giovanni Bechis wrote:

>
> On 1/6/21 2:40 PM, RW wrote:
>> On Tue, 5 Jan 2021 10:14:45 -0800 (PST)
>> John Hardin wrote:
>>
>>> On Tue, 5 Jan 2021, Dave Funk wrote:
>>>
>>>> On Tue, 5 Jan 2021, John Hardin wrote:
>>
>>>>>> subjprefix FROM_ME [From Me]
>>>>>
>>
>>>>
>>>> Does this work if you're using a milter for your glue?
>>>>
>>>> Is there some special status/command that spamd returns to the
>>>> milter for this kind of modification? If so the milters may need to
>>>> be recoded to implement it.
>>>
>>> No, it's rewriting the message headers before passing the message
>>> back to the MTA. It's already adding a [SPAM] tag to the subject by
>>> default (if enabled). This just allows customization of that behavior.
>>
>> Assuming that the scan itself adds the headers. I was under the
>> impression that amavisd adds its own headers.
>>
>>
>> There's also this rather vague remark in the documentation:
>>
>> "To be able to use this feature a "add_header all Subjprefix
>> _SUBJPREFIX_" configuration line could be needed on some setups."
>>
> This is needed to let amavisd (from next released version afaik) or Mimedefang (with a custom mimedefang-filter snippet) parse the headers
> and correctly rewrite the subject.

The docs should probably be amended to reflect that, and add a usage
example.

--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Je ne suis pas Charlie. Je suis armé.
-----------------------------------------------------------------------
Tomorrow: the 6th anniversary of the Charlie Hebdo massacre