Date: Wed, 21 Jan 2009 18:24:14 GMT From: Michael Scheidell <scheidell@secnap.net> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/130835: fix BIG backscatter problem in amavisd-new Message-ID: <200901211824.n0LIOEoe080950@www.freebsd.org> Resent-Message-ID: <200901211830.n0LIU7Rr079137@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 130835 >Category: ports >Synopsis: fix BIG backscatter problem in amavisd-new >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Jan 21 18:30:06 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Michael Scheidell >Release: all >Organization: SECNAP Network Security >Environment: all >Description: I think its serious! Without this patch, all email looks like a legitimate bounce, and using the (default from amavisd.conf-dist) bounce_killer_score setting of 100, all bounces will bypass spamassassin scoring and be let it if using sql logging. It a one line patch, so should be easy to verify. Also, removed (obsolete) dependency on io-stringy. >How-To-Repeat: use sql logging, you will see that all msgs.message_id values == 1. you will also see the bounce_killer_score in amavisd.conf is 100. you will notice log entries with scores 'Hits: -,' and users complaining about backscatter. This patch (from amavisd-new author) fixes this. documentation: http://www.usenet-forums.com/amavis-user/409614-re-amavis-user-bouncekiller-documentation-vs-config-files.html >Fix: diff -bBru /var/tmp/amavisd262/ ./ diff -bBru /var/tmp/amavisd262/Makefile ./Makefile --- /var/tmp/amavisd262/Makefile 2008-12-25 21:29:00.000000000 -0500 +++ ./Makefile 2009-01-21 13:14:10.000000000 -0500 @@ -8,6 +8,7 @@ PORTNAME= amavisd-new PORTVERSION= 2.6.2 +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= security MASTER_SITES= http://www.ijs.si/software/amavisd/ \ @@ -26,7 +27,6 @@ ${SITE_PERL}/Archive/Zip.pm:${PORTSDIR}/archivers/p5-Archive-Zip \ ${SITE_PERL}/${PERL_ARCH}/Digest/MD5.pm:${PORTSDIR}/security/p5-Digest-MD5 \ ${SITE_PERL}/${PERL_ARCH}/Time/HiRes.pm:${PORTSDIR}/devel/p5-Time-HiRes \ - ${SITE_PERL}/IO/Wrap.pm:${PORTSDIR}/devel/p5-IO-stringy \ ${SITE_PERL}/IO/Socket/INET6.pm:${PORTSDIR}/net/p5-IO-INET6 \ p5-Net-Server>=0.93:${PORTSDIR}/net/p5-Net-Server \ p5-Mail-DKIM>=0.31:${PORTSDIR}/mail/p5-Mail-DKIM diff -bBru /var/tmp/amavisd262/files/patch-amavisd ./files/patch-amavisd --- /var/tmp/amavisd262/files/patch-amavisd 2009-01-21 13:23:45.000000000 -0500 +++ ./files/patch-amavisd 2009-01-21 13:17:23.000000000 -0500 @@ -0,0 +1,10 @@ +--- amavisd.orig 2008-12-15 01:50:09.000000000 +0100 ++++ amavisd 2009-01-20 22:31:46.000000000 +0100 +@@ -19179,5 +19179,5 @@ + } + my($m_id) = $msginfo->get_header_field_body('message-id'); +- $m_id = parse_message_id($m_id) if $m_id ne ''; # strip CFWS, take #1 ++ $m_id = join(' ',parse_message_id($m_id)) if $m_id ne ''; # strip CFWS + my($subj) = $msginfo->get_header_field_body('subject'); + my($from) = $msginfo->get_header_field_body('from'); # raw full field + >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200901211824.n0LIOEoe080950>