glt

[Log in to get rid of this advertisement]

Hi,

I have a honeypot mailbox that I want to turn
off the spamassassin engine for. I need to
stop spamassassin from doing any processing
of mail for this mailbox, so setting rule scores
is not the answer here. Spamassassin is invoked
system wide from procmail.

Here is the /etc/procmailrc file:
INCLUDERC=/etc/mail/spamassassin/spamassassin-default.rc

...and here's the included spamassassin-default.rc file
:0
* ^TO_honeypot
/var/spool/mail/honeypot

:0fw
| /usr/bin/spamassassin

If my recipes are, correct it should only run
spamassassin on mail not destined for the
honeypot account. But when I look at messages in
that mailbox I can see they still got processed
by spamassassin.

Can anyone tell me where I am going wrong?

We have procmail 3.22 and spamassassin 2.44 on
Redhat 9.

Cheers,
Geoff

unSpawn

Can anyone tell me where I am going wrong?
Best way to find out yourself is copy your procmailrc and set these:
VERBOSE=on
LOG=somelogfilename
then run some messages.

Could try
to explicitly exclude that address.

glt

Hi UnSpawn,

That wouldn't deliver mail to honeypot at all then... would it?
But I am a procmail newbie so I'm probaly wrong about that.

I'll try to turn on logs for a few seconds -this is a busy server.

Cheers,
Geoff.

unSpawn

That wouldn't deliver mail to honeypot at all then... would it?
Uh. I was focussing on not filtering for piping to spamassassin. Try reversing recipe order should do.


I'll try to turn on logs for a few seconds -this is a busy server.
Better not "play" on servers. If you have no development, staging or private box at least mimic your setup to test under an unprivileged account like I described here: http://www.linuxquestions.org/questi...80#post2166780. Note in your case you don't have to run the spamassassin command but only the second "cat spammsg001" line with your recipe file (the "-m spammsg001.rc" part).

glt

Hi unSpawn,

Thanks for the responses -I'm learning lots.

Now I understand why I was seeing mail messages
with spamassassin scores in the honeypot mailbox:
its because there are aliases that point to the
honeypot. I should have said that -sorry.

So, how do I get procmail to match not just on
the mailbox name, but on any aliases that also
point to it?

(I suspect its difficult since sendmail doesn't
put the expanded mailbox name into the headers;
just the alias).


Cheers,
Geoff

unSpawn

Now I understand why I was seeing mail messages with spamassassin scores in the honeypot mailbox: its because there are aliases that point to the honeypot. I should have said that -sorry.
Well, most important thing is you now have a *method* to debug / remember / find out...


So, how do I get procmail to match not just on the mailbox name, but on any aliases that also point to it?
(I suspect its difficult since sendmail doesn't put the expanded mailbox name into the headers; just the alias).
Pipe the alias through a Smrsh which executes Procmail which executes Spamassassin: http://reuben.budiardja.org/blog/ind...ser-table.html
I have used it only with delivery to a named mailbox.

glt

Hi Unspawn,

That link was the cat's meow.

For those following, here is the solution to my problem which was
subtley different from the one in the blog.

1) Create your honeypot user account
2) Create aliases in /etc/aliases file that point to the honeypot
E.g.:
sales: honeypot

3) Create an additional alias that delivers honeypot's mail to a
program. This must be symbolically linked to in /etc/smrsh and
(this bit me) *has at least chmod 555 permissions*. Run newaliases

4) In the script execute procmail with an argument that is the path
to a procmail recipe file. E.g.
exec procmail /some/path/recipe_rc

5) In the recipe file add:
0:
/var/spool/mail/honeypot


Now any mail for honyepot, whether sent to the account, or any of its
aliases, is not processed by spamassassin. So now my mail server won't
get hammered by spamassassin when honeypot fills up with spam (to mix
rather a large number of metaphors!).

Thanks Unspawn, -this is perfect.
Cheers,
Geoff