Mailing List Archive: AuthRes plugin test rules

AuthRes plugin test rules

uhlar at fantomas

Mar 12, 2023, 1:15 AM

Post #1 of 8 (293 views)

Hello,

I'm further playing with AuthRes plugin, I have modified test rules so each
AUTHRES_ rule is equivalent to corresponding rule in SA.

I set scores to only produce small positive scores, usually to even SA scores
- valid spf/dkim/dmarc/arc is NOT a ham sign!

I have also commited patch to bug 6918 to handle "arc.chain=" results.

Let's see how these will go.

ifplugin Mail::SpamAssassin::Plugin::AuthRes

header AUTHRES_SPF_NONE eval:check_authres_result('spf', 'none')
score AUTHRES_SPF_NONE 0.001
describe AUTHRES_SPF_NONE Authentication-Results: has "spf=none" result

header AUTHRES_SPF_PASS eval:check_authres_result('spf', 'pass')
score AUTHRES_SPF_PASS 0.001
describe AUTHRES_SPF_PASS Authentication-Results: has "spf=pass" result

header AUTHRES_SPF_FAIL eval:check_authres_result('spf', 'fail')
score AUTHRES_SPF_FAIL 0.1
describe AUTHRES_SPF_FAIL Authentication-Results: has "spf=fail" result

header AUTHRES_SPF_NEUTRAL eval:check_authres_result('spf', 'neutral')
score AUTHRES_SPF_NEUTRAL 0.001
describe AUTHRES_SPF_NEUTRAL Authentication-Results: has "spf=neutral" result

header AUTHRES_SPF_SOFTFAIL eval:check_authres_result('spf', 'softfail')
score AUTHRES_SPF_SOFTFAIL 0.1
describe AUTHRES_SPF_SOFTFAIL Authentication-Results: has "spf=softfail" result

header AUTHRES_DKIM_VALID eval:check_authres_result('dkim', 'pass')
score AUTHRES_DKIM_VALID 0.1
describe AUTHRES_DKIM_VALID Authentication-Results: has "dkim=pass" result

header AUTHRES_DKIM_INVALID eval:check_authres_result('dkim', 'fail')
score AUTHRES_DKIM_INVALID 0.001
describe AUTHRES_DKIM_INVALID Authentication-Results: has "dkim=fail" result

header AUTHRES_DMARC_PASS eval:check_authres_result('dmarc', 'pass')
score AUTHRES_DMARC_PASS 0.001
describe AUTHRES_DMARC_PASS Authentication-Results: has "dmarc=pass" result

header AUTHRES_DMARC_FAIL eval:check_authres_result('dmarc', 'fail')
score AUTHRES_DMARC_FAIL 0.001
describe AUTHRES_DMARC_FAIL Authentication-Results: has "dmarc=fail" result

header AUTHRES_ARC_VALID eval:check_authres_result('arc', 'pass')
score AUTHRES_ARC_VALID 0.001
describe AUTHRES_ARC_VALID Authentication-Results: has "arc=pass" result

header AUTHRES_ARC_INVALID eval:check_authres_result('arc', 'fail')
score AUTHRES_ARC_INVALID 0.001
describe AUTHRES_ARC_INVALID Authentication-Results: has "arc=fail" result

endif

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
If Barbie is so popular, why do you have to buy her friends?

Re: AuthRes plugin test rules [ In reply to ]

Mar 12, 2023, 6:20 AM

Post #2 of 8 (293 views)

Matus UHLAR - fantomas skrev den 2023-03-12 10:15:

> I have also commited patch to bug 6918 to handle "arc.chain=" results.
> Let's see how these will go.

miss ARC rules imho

Re: AuthRes plugin test rules [ In reply to ]

uhlar at fantomas

Mar 12, 2023, 6:38 AM

Post #3 of 8 (293 views)

On 12.03.23 14:20, Benny Pedersen wrote:
>Matus UHLAR - fantomas skrev den 2023-03-12 10:15:
>
>>I have also commited patch to bug 6918 to handle "arc.chain=" results.
>>Let's see how these will go.
>
>miss ARC rules imho

there are no rules in arc.chain.
Or, so you mean something else than my patch?

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Support bacteria - they're the only culture some people have.

Re: AuthRes plugin test rules [ In reply to ]

Mar 12, 2023, 7:34 AM

Post #4 of 8 (293 views)

Matus UHLAR - fantomas skrev den 2023-03-12 14:38:
> On 12.03.23 14:20, Benny Pedersen wrote:
>> Matus UHLAR - fantomas skrev den 2023-03-12 10:15:
>>
>>> I have also commited patch to bug 6918 to handle "arc.chain="
>>> results.
>>> Let's see how these will go.
>>
>> miss ARC rules imho
>
> there are no rules in arc.chain.

ah missed that

> Or, so you mean something else than my patch?

your posted rules have arc testing, but it miss testing for untrusted /
trusted authserv-id's

i have added list.sys4.de so testing shows results from the first mails
from postfix maillist when thay started breaking dkim with mailman 3 :=)

hopefully ARC with be enabled again on that maillist so origin dkim can
be tested before mailman 3 breaks dkim, why have mailman at all support
for dkim, its a job for rspamd, not mailman

there inbound and outbound is brokken at sys4

check arc in dovecot maillist, there is lot of working examples there

thanks for solve authres in trunk

Re: AuthRes plugin test rules [ In reply to ]

uhlar at fantomas

Mar 12, 2023, 8:41 AM

Post #5 of 8 (293 views)

>>>Matus UHLAR - fantomas skrev den 2023-03-12 10:15:
>>>>I have also commited patch to bug 6918 to handle "arc.chain="
>>>>results.
>>>>Let's see how these will go.

>>On 12.03.23 14:20, Benny Pedersen wrote:
>>>miss ARC rules imho

>Matus UHLAR - fantomas skrev den 2023-03-12 14:38:
>>Or, so you mean something else than my patch?

On 12.03.23 15:34, Benny Pedersen wrote:
>your posted rules have arc testing, but it miss testing for untrusted
>/ trusted authserv-id's

in such case it would be great to remove what you are NOT commenting about
and keep what your comments are related to, not vice versa.

rules I posted use only what AuthRes plugin found.

The plugin has options which headers to handle (internal/trusted/all, the
default is "internal"), and trusted authentication servers (default: none)
- you must configure at least one server.

So the trust is processes out of rules (correct approach imho).

I set SA only to trust authentication server on my machine and I'm watching
the results.

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
He who laughs last thinks slowest.

Re: AuthRes plugin test rules [ In reply to ]

Mar 14, 2023, 1:38 PM

Post #6 of 8 (289 views)

Matus UHLAR - fantomas skrev den 2023-03-12 16:41:

> I set SA only to trust authentication server on my machine and I'm
> watching the results.

okay, i have now added ARC (Seal/Sign) to fuglu, its not perfekt imho,
but works as designed in fuglu

with this i got iprev working with can be seen in sa authres

let me see what i get back if anything

Re: AuthRes plugin test rules [ In reply to ]

mysqlstudent at gmail

Mar 18, 2023, 6:34 AM

Post #7 of 8 (285 views)

Hi,

I'm trying to use it with amavis but there's a warning/error:

Mar 18 09:30:12 iceman amavis[2970427]: (2970427-10) _WARN: Use of
uninitialized value $result in string eq at
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/AuthRes.pm line
302.

Mar 18 09:31:50.577 [2987252] dbg: plugin: loading
Mail::SpamAssassin::Plugin::AuthRes from @INC

This is from SA 4.0.0:

298 if ($wanted_result eq 'missing') {
299 return !defined($result) ? 1 : 0;
300 }
301
302 return ($wanted_result eq $result);
303 }
304
305 sub parsed_metadata {
306 my ($self, $opts) = @_;
307

Any idea how to troubleshoot this?

Thanks,
Alex

On Sun, Mar 12, 2023 at 11:41?AM Matus UHLAR - fantomas <uhlar@fantomas.sk>
wrote:

> >>>Matus UHLAR - fantomas skrev den 2023-03-12 10:15:
> >>>>I have also commited patch to bug 6918 to handle "arc.chain="
> >>>>results.
> >>>>Let's see how these will go.
>
> >>On 12.03.23 14:20, Benny Pedersen wrote:
> >>>miss ARC rules imho
>
> >Matus UHLAR - fantomas skrev den 2023-03-12 14:38:
> >>Or, so you mean something else than my patch?
>
> On 12.03.23 15:34, Benny Pedersen wrote:
> >your posted rules have arc testing, but it miss testing for untrusted
> >/ trusted authserv-id's
>
> in such case it would be great to remove what you are NOT commenting about
> and keep what your comments are related to, not vice versa.
>
> rules I posted use only what AuthRes plugin found.
>
> The plugin has options which headers to handle (internal/trusted/all, the
> default is "internal"), and trusted authentication servers (default: none)
> - you must configure at least one server.
>
> So the trust is processes out of rules (correct approach imho).
>
> I set SA only to trust authentication server on my machine and I'm
> watching
> the results.
>
> --
> Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> He who laughs last thinks slowest.
>

Re: AuthRes plugin test rules [ In reply to ]

uhlar at fantomas

Mar 18, 2023, 8:26 AM

Post #8 of 8 (285 views)

On 18.03.23 09:34, Alex wrote:
>I'm trying to use it with amavis but there's a warning/error:
>
>Mar 18 09:30:12 iceman amavis[2970427]: (2970427-10) _WARN: Use of
>uninitialized value $result in string eq at
>/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/AuthRes.pm line
>302.

there were few patches published for this plugin, available in trunk

the discussion was on this list juat 2 weeks ago:

https://marc.info/?t=167766107800001&r=1&w=2

>Mar 18 09:31:50.577 [2987252] dbg: plugin: loading
>Mail::SpamAssassin::Plugin::AuthRes from @INC
>
>This is from SA 4.0.0:
>
> 298 if ($wanted_result eq 'missing') {
> 299 return !defined($result) ? 1 : 0;
> 300 }
> 301
> 302 return ($wanted_result eq $result);
> 303 }
> 304
> 305 sub parsed_metadata {
> 306 my ($self, $opts) = @_;
> 307
>
>Any idea how to troubleshoot this?

>On Sun, Mar 12, 2023 at 11:41?AM Matus UHLAR - fantomas <uhlar@fantomas.sk>
>wrote:
>
>> >>>Matus UHLAR - fantomas skrev den 2023-03-12 10:15:
>> >>>>I have also commited patch to bug 6918 to handle "arc.chain="
>> >>>>results.
>> >>>>Let's see how these will go.
>>
>> >>On 12.03.23 14:20, Benny Pedersen wrote:
>> >>>miss ARC rules imho
>>
>> >Matus UHLAR - fantomas skrev den 2023-03-12 14:38:
>> >>Or, so you mean something else than my patch?
>>
>> On 12.03.23 15:34, Benny Pedersen wrote:
>> >your posted rules have arc testing, but it miss testing for untrusted
>> >/ trusted authserv-id's
>>
>> in such case it would be great to remove what you are NOT commenting about
>> and keep what your comments are related to, not vice versa.
>>
>> rules I posted use only what AuthRes plugin found.
>>
>> The plugin has options which headers to handle (internal/trusted/all, the
>> default is "internal"), and trusted authentication servers (default: none)
>> - you must configure at least one server.
>>
>> So the trust is processes out of rules (correct approach imho).
>>
>> I set SA only to trust authentication server on my machine and I'm
>> watching
>> the results.

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Fucking windows! Bring Bill Gates! (Southpark the movie)