anomy-list

Problem with Anomy/Postfix/SpamAssassin

From: Lucas Peet (63120@xyz.molar.is)
Date: Wed 06 Nov 2002 - 05:12:39 GMT

  • Next message: Lucas Peet: "Re: Problem with Anomy/Postfix/SpamAssassin"

    Hello,

    I've been trying to get AnomySanitizer, SpamAssassin, and Postfix to all
    work together.

    I believe I have everything configured properly - and it seems to work,
    unless I'm sending attachments of any kind. When I do, I get the
    message bounced back saying "service unavailable. Command output:
    Message Content rejected". I'm using Ximian Evolution 1.0.8 as my email
    client. This is also the latest version of Anomy.

    It seems to be something in the filter.sh script - it dies after running
    through (what seems to be a successful) sanitize. I commented out the
    line in filter.sh that removes the temp files. The out.$$ files look
    like they have the mail message in them (with the modified content!),
    but it never seems to get sent?

    Any ideas?

    Thanks,

    -Lucas

    Below is a maillog excerpt:

    Nov 5 22:18:39 riodo postfix/qmgr[7455]: 42B742F300:
    from=<63120@xyz.molar.is>, size=890, nrcpt=1 (queue active)
    Nov 5 22:18:39 riodo postfix/smtpd[7501]: disconnect from
    unknown[10.0.0.2]
    Nov 5 22:18:40 riodo postfix/pipe[7472]: 42B742F300:
    to=<63205@xyz.molar.is>,
    relay=filter, delay=1, status=bounced (service unavailable. Command
    output: Message content rejected )
    Nov 5 22:18:40 riodo postfix/cleanup[7489]: 0F7D52F303:
    message-id=<63244@xyz.molar.is>
    Nov 5 22:18:40 riodo postfix/qmgr[7455]: 0F7D52F303: from=<>,
    size=2501, nrcpt=1 (queue active)
    Nov 5 22:18:40 riodo postfix/local[7510]: 0F7D52F303:
    to=<63120@xyz.molar.is>, relay=local, delay=0, status=sent (maildir)

    Here is the script that is running the filter:

    #!/bin/sh
    #
    # filter.sh
    #
    # Simple filter to plug Anomy Sanitizer and SpamAssassin
    # into the Postfix MTA
    #
    # From http://advosys.ca/papers/postfix-filtering.html
    # Advosys Consulting Inc., Ottawa
    #
    # For use with:
    # Postfix 20010228 or later
    # Anomy Sanitizer revision 1.49 or later
    # SpamAssassin 2.42 or later
    #
    # Note: Modify the file locations to match your particular
    # server and installation of SpamAssassin.

    # File locations:
    # (CHANGE AS REQUIRED TO MATCH YOUR SERVER)
    INSPECT_DIR=/var/spool/mailfilter
    SENDMAIL=/usr/sbin/sendmail
    ANOMY=/usr/local/anomy
    ANOMY_CONF=/usr/local/anomy/anomy.conf
    SPAMASSASSIN=/usr/bin/spamassassin

    export ANOMY

    # Exit codes from <sysexits.h>
    EX_TEMPFAIL=75
    EX_UNAVAILABLE=69

    cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit
    $EX_TEMPFAIL; }

    # Clean up when done or when aborting.
    #trap "rm -f in.$$; rm -f out.$$" 0 1 2 3 15

    cat | $SPAMASSASSIN -x | $ANOMY/bin/sanitizer.pl \
       $ANOMY_CONF 2>>/tmp/anomy.log > out.$$ || \
       { echo Message content rejected; exit $EX_UNAVAILABLE; }

    $SENDMAIL "$@" < out.$$

    exit $?

    And here are the lines from /etc/postfix/master.cf:

    smtp inet n - y - - smtpd -o
    content_filter=filter:
    ...
    ...
    filter unix - n n - - pipe
    user=filter argv=/usr/local/anomy/filter.sh -f ${sender} -- ${recipient}

    And finally, an excerpt from anomy.log:

    <Sanitizer start="1036544056">
      <ParseHeader>
        <reply-to value="Lucas Peet &lt;63120@xyz.molar.is&gt;">Using %value%
    as reply-to address.</reply-to>
        <errors-to value="Lucas Peet &lt;63120@xyz.molar.is&gt;">Using %value%
    as errors address.</errors-to>
        <mime boundary="=-JPal2HYY9rw1wJG8AY+k" charset="iso-8859-1"
    disposition="inline" encoding="8bit" type="multipart/mixed"
    undecoded-boundary="=-JPal2HYY9rw1wJG8AY+k">Got MIME info:
    %ATTRIBUTES%</mime>
      </ParseHeader>
      <parsed_header>Finished parsing message header.</parsed_header>
      <body DEFANGED_pos="578">Parsing body as multipart/*</body>
      <parser>CleanMultipart</parser>
      <parser>ParserUnclosedMultipart</parser>
      <Part pos="604">
        <ParseHeader>
          <mime boundary="" charset="iso-8859-1" disposition="inline"
    encoding="7bit" type="text/plain">Got MIME info: %ATTRIBUTES%</mime>
        </ParseHeader>
        <body DEFANGED_pos="58">Parsing body as text/*</body>
        <parser>CleanText</parser>
        <SanitizeFile filename="unnamed.txt" mimetype="text/plain">
          <Check_Rule file="unnamed.txt"
    list="(?i)(winmail.dat)|(\.(exe|com|vb[se]|dll|ocx|cmd|bat|pif|lnk|hlp|ms[ip]|reg|sct|inf|asd|cab|sh[sb]|scr|cpl|chm|ws[fhc]|hta|vcd|vcf|eml|nws))$" rule="1">Rule %rule%: %file% =~ %list%</Check_Rule>
          <Check_Rule file="unnamed.txt"
    list="(?i)\.(doc|dot|txt|rtf|pdf|ps|htm|[sp]?html?|xls|xlw|xlt|csv|wk[1-4]|ppt|pps|pot|jpe?g|gif|png|tiff?|bmp|psd|pcx|vsd|drw|cdr|swf|mp3|avi|mpe?g|mov|ram?|mid|ogg|zip|g?z|rar|tgz|bz2|tar|[ch](pp|\+\+)?|s|inc|asm|patch|java|php\d?|jsp|bas)" rule="2">Rule %rule%: %file% =~ %list%</Check_Rule>
          <Match rule="2">
            <policy name="accept">Enforced policy: %name%</policy>
          </Match>
        </SanitizeFile>
      </Part>
      <Part pos="729">
        <ParseHeader>
          <mime boundary="" charset="iso-8859-1" disposition="attachment"
    encoding="base64" filename="test.exe" name="test.exe"
    type="application/x-ms-dos-executable">Got MIME info:
    %ATTRIBUTES%</mime>
        </ParseHeader>
        <body DEFANGED_pos="147">Parsing body as DEFAULT.</body>
        <parser>CleanUnknown</parser>
        <SanitizeFile filename="test.exe"
    mimetype="application/x-ms-dos-executable">
          <Check_Rule file="test.exe"
    list="(?i)(winmail.dat)|(\.(exe|com|vb[se]|dll|ocx|cmd|bat|pif|lnk|hlp|ms[ip]|reg|sct|inf|asd|cab|sh[sb]|scr|cpl|chm|ws[fhc]|hta|vcd|vcf|eml|nws))$" rule="1">Rule %rule%: %file% =~ %list%</Check_Rule>
          <Match rule="1">
            <policy name="drop">Enforced policy: %name%</policy>
          </Match>
          <new-mimetype id="41220" value="text/plain">Replaced mime type
    with: %value%</new-mimetype>
          <new-filename id="41220" value="DEFANGED-41220.txt">Replaced file
    name with: %value%</new-filename>
        </SanitizeFile>
        <Writer pos="269">
          <mime boundary="" charset="iso-8859-1" disposition="inline"
    encoding="8bit" filename="DEFANGED-41220.txt" name="DEFANGED-41220.txt"
    type="text/plain">Set
    MIME info to: %ATTRIBUTES%</mime>
        </Writer>
        <parser>ParserCat</parser>
      </Part>
    </Sanitizer>
    <modifications base="41220" end="41221" total="1">Total modifications so
    far: %total%</modifications>
    <Sanitizer start="1036544206">
      <ParseHeader>
        <reply-to value="Lucas Peet &lt;63120@xyz.molar.is&gt;">Using %value%
    as reply-to address.</reply-to>
        <errors-to value="Lucas Peet &lt;63120@xyz.molar.is&gt;">Using %value%
    as errors address.</errors-to>
        <mime boundary="=-bAaLd4oTdaSpyPWqZonu" charset="iso-8859-1"
    disposition="inline" encoding="8bit" type="multipart/mixed"
    undecoded-boundary="=-bAaLd4oTdaSpyPWqZonu">Got MIME info:
    %ATTRIBUTES%</mime>
      </ParseHeader>
      <parsed_header>Finished parsing message header.</parsed_header>
      <body DEFANGED_pos="570">Parsing body as multipart/*</body>
      <parser>CleanMultipart</parser>
      <parser>ParserUnclosedMultipart</parser>
      <Part pos="596">
        <ParseHeader>
          <mime boundary="" charset="iso-8859-1" disposition="inline"
    encoding="7bit" type="text/plain">Got MIME info: %ATTRIBUTES%</mime>
        </ParseHeader>
        <body DEFANGED_pos="58">Parsing body as text/*</body>
        <parser>CleanText</parser>
        <SanitizeFile filename="unnamed.txt" mimetype="text/plain">
          <Check_Rule file="unnamed.txt"
    list="(?i)(winmail.dat)|(\.(exe|com|vb[se]|dll|ocx|cmd|bat|pif|lnk|hlp|ms[ip]|reg|sct|inf|asd|cab|sh[sb]|scr|cpl|chm|ws[fhc]|hta|vcd|vcf|eml|nws))$" rule="1">Rule %rule%: %file% =~ %list%</Check_Rule>
          <Check_Rule file="unnamed.txt"
    list="(?i)\.(doc|dot|txt|rtf|pdf|ps|htm|[sp]?html?|xls|xlw|xlt|csv|wk[1-4]|ppt|pps|pot|jpe?g|gif|png|tiff?|bmp|psd|pcx|vsd|drw|cdr|swf|mp3|avi|mpe?g|mov|ram?|mid|ogg|zip|g?z|rar|tgz|bz2|tar|[ch](pp|\+\+)?|s|inc|asm|patch|java|php\d?|jsp|bas)" rule="2">Rule %rule%: %file% =~ %list%</Check_Rule>
          <Match rule="2">
            <policy name="accept">Enforced policy: %name%</policy>
          </Match>
        </SanitizeFile>
      </Part>
      <Part pos="707">
        <ParseHeader>
          <mime boundary="" charset="iso-8859-1" disposition="attachment"
    encoding="base64" filename="test.exe" name="test.exe"
    type="application/x-ms-dos-executable">Got MIME info:
    %ATTRIBUTES%</mime>
        </ParseHeader>
        <body DEFANGED_pos="147">Parsing body as DEFAULT.</body>
        <parser>CleanUnknown</parser>
        <SanitizeFile filename="test.exe"
    mimetype="application/x-ms-dos-executable">
          <Check_Rule file="test.exe"
    list="(?i)(winmail.dat)|(\.(exe|com|vb[se]|dll|ocx|cmd|bat|pif|lnk|hlp|ms[ip]|reg|sct|inf|asd|cab|sh[sb]|scr|cpl|chm|ws[fhc]|hta|vcd|vcf|eml|nws))$" rule="1">Rule %rule%: %file% =~ %list%</Check_Rule>
          <Match rule="1">
            <policy name="drop">Enforced policy: %name%</policy>
          </Match>
          <new-mimetype id="195" value="text/plain">Replaced mime type with:
    %value%</new-mimetype>
          <new-filename id="195" value="DEFANGED-195.txt">Replaced file name
    with: %value%</new-filename>
        </SanitizeFile>
        <Writer pos="269">
          <mime boundary="" charset="iso-8859-1" disposition="inline"
    encoding="8bit" filename="DEFANGED-195.txt" name="DEFANGED-195.txt"
    type="text/plain">Set MIME info to: %ATTRIBUTES%</mime>
        </Writer>
        <parser>ParserCat</parser>
      </Part>
    </Sanitizer>
    <modifications base="195" end="196" total="1">Total modifications so
    far: %total%</modifications>



    hosted by molar.is