Mailing List Archive

Michael Grant via users skrev den 2023-07-07 16:18:
> I'm using check_rbl with some paid lists for example invaluement. I
> don't want to put my license key into the rule or it ends up in the
> spamassassin X-Spam-Report header. On one server, I've configured
> bind9 with DNAME records to hide the key. But what do others do? Is
> there some easier way to do this?

this is imho a feature requst, what eval calls are used ?

example
https://github.com/spamhaus/spamassassin-dqs/blob/master/4.0.0%2B/sh_hbl.cf

will not reveal keys

if need to do rbl, make __foo eval:check rbl, and then make meta foo
__foo, this is a workaround

ask your data provider :)

On 7/7/23 16:18, Michael Grant via users wrote:
> I'm using check_rbl with some paid lists for example invaluement. I
> don't want to put my license key into the rule or it ends up in the
> spamassassin X-Spam-Report header. On one server, I've configured
> bind9 with DNAME records to hide the key. But what do others do? Is
> there some easier way to do this?
>
If you are using SpamAssassin 4.0 you can use the "nolog" feature like this:

ifplugin Mail::SpamAssassin::Plugin::URIDNSBL
urirhssub URIBL_IVMURI uri.XXX.invaluement.com. A 2
body URIBL_IVMURI eval:check_uridnsbl('URIBL_IVMURI')
describe URIBL_IVMURI listed on ivmURI found at invaluement.com
if can(Mail::SpamAssassin::Conf::has_tflags_nolog)
tflags URIBL_IVMURI net nolog
else
tflags URIBL_IVMURI net
endif
score URIBL_IVMURI 2.0
reuse URIBL_IVMURI
endif


Giovanni

On Fri, Jul 07, 2023 at 04:50:18PM +0200, giovanni@paclan.it wrote:
> if can(Mail::SpamAssassin::Conf::has_tflags_nolog)
> tflags URIBL_IVMURI net nolog
> else
> tflags URIBL_IVMURI net
> endif

and Benny Pedersen's idea of using a rule like:

header __FOO eval:check_rbl('ivmSIP-lastexternal', 'my_key.inv-sip.')
meta INVSIP __FOO
describe IVMSIP listed at dnsbl.invaluement.com/ivmsip,
score IVMSIP 5

Neither of these are ideal. I really need to see what ip address is
being looked up. Perhaps yes, I'll need to do a feature request.

Michael Grant via users skrev den 2023-07-07 17:41:
> On Fri, Jul 07, 2023 at 04:50:18PM +0200, giovanni@paclan.it wrote:
>> if can(Mail::SpamAssassin::Conf::has_tflags_nolog)
>> tflags URIBL_IVMURI net nolog
>> else
>> tflags URIBL_IVMURI net
>> endif
>
> and Benny Pedersen's idea of using a rule like:
>
> header __FOO eval:check_rbl('ivmSIP-lastexternal', 'my_key.inv-sip.')
> meta INVSIP __FOO
> describe IVMSIP listed at dnsbl.invaluement.com/ivmsip,
> score IVMSIP 5
>
> Neither of these are ideal. I really need to see what ip address is
> being looked up. Perhaps yes, I'll need to do a feature request.

header __RCVD_IN_AUTHBL eval:check_rbl('authbl','your_DQS_key.authbl.dq.spamhaus.net.')
tflags __RCVD_IN_AUTHBL net
meta RCVD_IN_AUTHBL __RCVD_IN_AUTHBL
describe RCVD_IN_AUTHBL Received via a relay in Spamhaus AuthBL

so maybe nolog and debug mode ?

feature request imho, it have never being supported without meta yet,
but why not use syslogs ?, this will not be in recipients mailbox that
way

maybe nolog, extended to syslog only ?

syslog __foo foo_ip 'metadata'

grep foo_ip /var/log/messages

thinking just load now :)