amavis-user September 2010 archive
Main Archive Page > Month Archives  > amavis-user archives
amavis-user: Re: [AMaViS-user] bounce killer feature with pen pa

Re: [AMaViS-user] bounce killer feature with pen pals disabled

From: Mark Martinec <Mark.Martinec+amavis_at_nospam>
Date: Tue Sep 07 2010 - 18:50:39 GMT
To: amavis-user@lists.sourceforge.net

Stefan,

> I don't use pen pals, means sql lookups are not configured, but the bounce
> killer feature is enabled ($bounce_killer_score = 100).
> I received a misdirected bounce message and saw the following lines in my
> logfile (amavisd-new 2.6.4):
>
> amavis[23652]: (23652-01) bounce rescued by: pen pals disabled (DSN), <> ->
> <stefan@localside.net>, date: Tue, 7 Sep 2010 12:35:30 +0200 (CEST), from:
> stefan@localside.net, message-id: <20100907103530.0822A28089@example.com>,
> return-path: <stefan@localside.net>
> amavis[23652]: (23652-01) SPAM-TAG, <> -> <stefan@localside.net>, No,
> score=x tagged_above=0 required=5 tests=[] autolearn=unavailable
> amavis[23652]: (23652-01) Passed CLEAN, [AAA.BBB.CCC.DDD] [AAA.BBB.CCC.DDD]
> <> -> <stefan@localside.net>, Message-ID:
> <20100907103530.203BD28088@example.com>, mail_id: cU0RlDKJmh1U, Hits: -,
> size: 3425, queued_as: 15A694B70116, 497 ms
>
> Then I received a real bounce:
>
> amavis[23652]: (23652-02) bounce rescued by domain (DSN), <> ->
> <stefan@localside.net>, date: Tue, 07 Sep 2010 12:41:14 +0200, from:
> "Stefan Jakobs" <stefan@localside.net>, message-id:
> <0000086861@valaskjalf.localside.net>, return-path: <stefan@localside.net>
> amavis[23652]: (23652-02) Passed CLEAN, [AAA.BBB.CCC.DDD] [AAA.BBB.CCC.DDD]
> <> -> <stefan@localside.net>, Message-ID:
> <20100907104129.115272807F@example.com>, mail_id: kSxqYc-Mtpyq, Hits: -1.9,
> size: 4154, queued_as: 11B554B70116, 11516 ms

> Now there are two things which are odd:

> 1) If the bounce is misdirect (the domain part of the message-id doesn't
> match with one of the local domains) and a sql/pen pals check is not
> possible because it isn't configured then I would aspect amavis to
> classify the bounce as misdirected and add the $bounce_killer_score. For
> the reason that the message-id doesn't match which the local domains and
> there that there is no reference in the sql table that such a message was
> send.

You are right in principle. The catch here is that some outgoing mail
is generated by MUAs which do not specify a fully qualified domain name
in the Message-ID they generate, or provide some foreign domain.
By using pen pals such cases are still recognized and handled correctly
(i.e. a bounce to such valid but crippled outgoing message will not be
killed). In the absence of pen pals, I decided to rather play safe
and not kill such bounces right away (i.e. just let them be subject
to normal a spam scan).

> 2) Why does amavis bypass the spamassassin check if the domain part of the
> message-id doesn't match one of the local domains (1st log example)?
> On the other hand it will check the message if the bounce is rescued, 2nd
> log example. I would assume that amavis should check the message in both
> cases.

A bug. Such messages should still be eligible to spam checking.
Please apply the patch below to amavisd-new-2.6.4. (will be included
in 2.7.0-pre8)

--- amavisd~ 2009-06-25 14:39:01.000000000 +0200
+++ amavisd 2010-09-07 20:40:02.846462931 +0200
@@ -10715,9 +10715,15 @@
       # not a bounce
     } elsif ($msginfo->originating) {
- # rescued by originating
- } elsif (defined($bounce_msgid) && $bounce_msgid =~ /(\@[^\@>]+)>?\z/ &&
+ # will be rescued from bounce killing by the originating flag
+ } elsif (defined($bounce_msgid) &&
+ $bounce_msgid =~ /(\@[^\@>() \t][^\@>]*?)[ \t]*>?\z/ &&
              lookup2(0,$1, ca('local_domains_maps'))) {
- # rescued by a local domain in referenced Message-ID
+ # will be rescued from bounce killing by a local domain
+ # in referenced Message-ID
+ } elsif (!defined($sql_storage) ||
+ c('penpals_bonus_score') <= 0 || c('penpals_halflife') <= 0) {
+ # will be rescued from bounce killing by pen pals disabled
     } elsif (c('bounce_killer_score') > 20) {
+ # is a bounce and is eligible to bounce killing, no need for spam scan
       $bypass_spam_checks_by_bounce_killer = 1;
     }

Mark

------------------------------------------------------------------------------
This SF.net Dev2Dev email is sponsored by:

Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
 Please visit http://www.ijs.si/software/amavisd/ regularly
 For administrativa requests please send email to rainer at openantivirus dot org