Majordomo-Users: Re: How to filter on Spamassassin headers with Majordomo2 ...

Majordomo-Users
(September 2003)

Indexed By Thread: [Previous] [Next]

Subject:	Re: How to filter on Spamassassin headers with Majordomo2 ...
From:	Daniel Liston <dliston @ sonny . org>
Date:	Thu, 18 Sep 2003 13:55:21 -0500
To:	majordomo-users @ greatcircle . com
Cc:	brozen @ torah . org
In-reply-to:	<Pine.LNX.4.53.0309181815550.10690@rina.teamgenesis.com>
References:	<20030909170736.P57860@ganymede.hub.org> <Pine.LNX.4.53.0309092322240.3367@rina.teamgenesis.com> <20030910003939.J57860@ganymede.hub.org> <Pine.LNX.4.53.0309102048090.20033@rina.teamgenesis.com> <20030915010711.O82880@ganymede.hub.org> <Pine.LNX.4.53.0309181815550.10690@rina.teamgenesis.com>
User-agent:	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5b) Gecko/20030906

I assume majordomo2 has the same or similar dependencies on
unix $HOME, /etc/passswd, and /etc/mail/aliases files as the
original majordomo does.  If spamassassin is getting the
header information into the messages, and all you need is to
detect these headers before majordomo even sees the message.
Introduce procmail as a pre-processor to majordomo.  Here is
a usage reminder that I keep in my majordomo.aliases file for
majordomo-1.94.5.  Maybe they will also be useful for mjII.

#########################################################################
#
# Sample aliases using procmail as LDA with sendmail and majordomo.
# The sample recipe "helps" assure each message is addressed to the list.
# The recipe(s) MUST be owned by the same UID sendmail/procmail runs as.
# I set them 664 mail:majordomo
#
# LISTNAME: "|/usr/bin/procmail -f- /var/lib/majordomo/recipe/LISTNAME"
#
# LISTNAME is the alias for your list, piped to the fully qualified location
# of procmail.  -f- reads the location and name of the recipe to be used.
# This recipe in turn passes control back to the resend script.
#
# :0fhw
# * !^(To|Cc):.*LISTNAME(-digest)?@DOMAIN\.TLD
# | /usr/bin/formail -I "X-ApprovalRequired: true"
# :0
# | /usr/lib/majordomo/wrapper resend -l LISTNAME LISTNAME-outgoing,nobody
#
########################################################################
#
# Using procmail to demime (clean) messages into ASCII format since
# sendmail does not allow piping to "second" pipes or filters.
#
# LISTNAME: "|/usr/bin/procmail -f- /var/lib/majordomo/recipe/LISTNAME"
#
# :0fhw
# * !^(To|Cc):.*LISTNAME(-digest)?@DOMAIN\.TLD
# | /usr/bin/formail -I "X-ApprovalRequired: true"
# :0
# | /usr/lib/majordomo/wrapper demime - | /usr/lib/majordomo/wrapper resend -l LISTNAME LISTNAME-outgiong,nobody
#
########################################################################
#
# Note, using a global or per-list taboo filter on "X-ApprovalRequired:"
# will bounce Bcc:'d hostname qualified mail to the LISTNAME-approval address.
# /^X-ApprovalRequired:/i
# Alternative condition line so that BCC'd address is also accepted;
# * !^TO_LISTNAME(-digest)?@DOMAIN\.TLD
# where there is no space between TO_ and the LISTNAME. TO_ is case sensitive.
#
########################################################################

This can be adapted to the majordomo user or any LISTNAME-request
address that forwards to majordomo too.  I have not tested the
examples I am about to write.  Please do not use them without at
least testing them first.  The above are tested in linux and *BSD
environments using sendmail as the MTA and procmail as the LDA.

/etc/mail/aliases
First, the alias calls procmail, naming a recipe file as an argument.
If procmail is your LDA, you can comment out the majordomo alias and
use .procmailrc in the majordomo $HOME directory.
majordomo: "|/usr/bin/procmail -f- /var/lib/majordomo/recipe/majordomo

/var/lib/majordom/recipe/majordomo or /usr/lib/majordomo/.procmailrc
Next, the recipe does body/header checking and forwards the message
as spam to abuse, deletes it, or pipes it to the majordomo process.
The recipe method/location used, will determine file ownership.
# We don't want any spam. Forward it to local abuse address.
:0
* ^(X-Spam-Status: Yes|X-SBClass: Spam)
! abuse@DOMAIN.TLD
# Spambouncer also catches viruses.  Delete them.
:0
* ^X-SBClass: Virus
/dev/null
# We don't want cc'd or bcc'd mail to majordomo.  Think about it.
# The message can be Cc or Bcc anywhere but majordomo.
:0fhw
* !^To:.*(majordomo|(LIST1|LIST2|LISTx)-request)@DOMAIN\.TLD
| /usr/bin/formail -I "X-ApprovalRequired: true"
# Majordomo never gets "legitimate" mail without a command.
:0fbw
* !((un)?subscribe|help|lists|which|who|index|get|approve|passwd|(new)?info|(new|write)?config|mkdigest)
| /usr/bin/formail -I "X-ApprovalRequired: true"
# Everything else goes where the alias would have sent it.
:0
| /usr/lib/majordomo/wrapper majordomo

/etc/majordomo.cf
Last, we make sure we can handle the headers added by our recipe.
Under $global_taboo_headers, add this filter.
/^X-ApprovalRequired:/i

Dan Liston

Indexed By Date	Previous:	Re: Resend issues with sendmail From: Daniel Liston <dliston@sonny.org>
Indexed By Date	Next:	complete newbie needs some help From: tobias magerl <muab_ila@gmx.net>
Indexed By Thread	Previous:	Re: How to get bounced messages sent to sender and not just list From: Steve Rifkin <steve410@cs.jhu.edu>
Indexed By Thread	Next:	complete newbie needs some help From: tobias magerl <muab_ila@gmx.net>