pax_global_header00006660000000000000000000000064147255670250014527gustar00rootroot0000000000000052 comment=e8540c2214ab542936d072b207591d7825ea753b spampd-2.62/000077500000000000000000000000001472556702500127445ustar00rootroot00000000000000spampd-2.62/.gitignore000066400000000000000000000000661472556702500147360ustar00rootroot00000000000000release .project settings.xml .settings Thumbs.db spampd-2.62/LICENSE.txt000066400000000000000000001045131472556702500145730ustar00rootroot00000000000000 GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007 Copyright (C) 2007 Free Software Foundation, Inc. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The GNU General Public License is a free, copyleft license for software and other kinds of works. The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free software for all its users. We, the Free Software Foundation, use the GNU General Public License for most of our software; it applies also to any other work released this way by its authors. You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs, and that you know you can do these things. To protect your rights, we need to prevent others from denying you these rights or asking you to surrender the rights. Therefore, you have certain responsibilities if you distribute copies of the software, or if you modify it: responsibilities to respect the freedom of others. For example, if you distribute copies of such a program, whether gratis or for a fee, you must pass on to the recipients the same freedoms that you received. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. Developers that use the GNU GPL protect your rights with two steps: (1) assert copyright on the software, and (2) offer you this License giving you legal permission to copy, distribute and/or modify it. For the developers' and authors' protection, the GPL clearly explains that there is no warranty for this free software. For both users' and authors' sake, the GPL requires that modified versions be marked as changed, so that their problems will not be attributed erroneously to authors of previous versions. Some devices are designed to deny users access to install or run modified versions of the software inside them, although the manufacturer can do so. This is fundamentally incompatible with the aim of protecting users' freedom to change the software. The systematic pattern of such abuse occurs in the area of products for individuals to use, which is precisely where it is most unacceptable. Therefore, we have designed this version of the GPL to prohibit the practice for those products. If such problems arise substantially in other domains, we stand ready to extend this provision to those domains in future versions of the GPL, as needed to protect the freedom of users. Finally, every program is threatened constantly by software patents. States should not allow patents to restrict development and use of software on general-purpose computers, but in those that do, we wish to avoid the special danger that patents applied to a free program could make it effectively proprietary. To prevent this, the GPL assures that patents cannot be used to render the program non-free. The precise terms and conditions for copying, distribution and modification follow. TERMS AND CONDITIONS 0. Definitions. "This License" refers to version 3 of the GNU General Public License. "Copyright" also means copyright-like laws that apply to other kinds of works, such as semiconductor masks. "The Program" refers to any copyrightable work licensed under this License. Each licensee is addressed as "you". "Licensees" and "recipients" may be individuals or organizations. To "modify" a work means to copy from or adapt all or part of the work in a fashion requiring copyright permission, other than the making of an exact copy. The resulting work is called a "modified version" of the earlier work or a work "based on" the earlier work. A "covered work" means either the unmodified Program or a work based on the Program. To "propagate" a work means to do anything with it that, without permission, would make you directly or secondarily liable for infringement under applicable copyright law, except executing it on a computer or modifying a private copy. Propagation includes copying, distribution (with or without modification), making available to the public, and in some countries other activities as well. To "convey" a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying. An interactive user interface displays "Appropriate Legal Notices" to the extent that it includes a convenient and prominently visible feature that (1) displays an appropriate copyright notice, and (2) tells the user that there is no warranty for the work (except to the extent that warranties are provided), that licensees may convey the work under this License, and how to view a copy of this License. If the interface presents a list of user commands or options, such as a menu, a prominent item in the list meets this criterion. 1. Source Code. The "source code" for a work means the preferred form of the work for making modifications to it. "Object code" means any non-source form of a work. A "Standard Interface" means an interface that either is an official standard defined by a recognized standards body, or, in the case of interfaces specified for a particular programming language, one that is widely used among developers working in that language. The "System Libraries" of an executable work include anything, other than the work as a whole, that (a) is included in the normal form of packaging a Major Component, but which is not part of that Major Component, and (b) serves only to enable use of the work with that Major Component, or to implement a Standard Interface for which an implementation is available to the public in source code form. A "Major Component", in this context, means a major essential component (kernel, window system, and so on) of the specific operating system (if any) on which the executable work runs, or a compiler used to produce the work, or an object code interpreter used to run it. The "Corresponding Source" for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. However, it does not include the work's System Libraries, or general-purpose tools or generally available free programs which are used unmodified in performing those activities but which are not part of the work. For example, Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those subprograms and other parts of the work. The Corresponding Source need not include anything that users can regenerate automatically from other parts of the Corresponding Source. The Corresponding Source for a work in source code form is that same work. 2. Basic Permissions. All rights granted under this License are granted for the term of copyright on the Program, and are irrevocable provided the stated conditions are met. This License explicitly affirms your unlimited permission to run the unmodified Program. The output from running a covered work is covered by this License only if the output, given its content, constitutes a covered work. This License acknowledges your rights of fair use or other equivalent, as provided by copyright law. You may make, run and propagate covered works that you do not convey, without conditions so long as your license otherwise remains in force. You may convey covered works to others for the sole purpose of having them make modifications exclusively for you, or provide you with facilities for running those works, provided that you comply with the terms of this License in conveying all material for which you do not control copyright. Those thus making or running the covered works for you must do so exclusively on your behalf, under your direction and control, on terms that prohibit them from making any copies of your copyrighted material outside their relationship with you. Conveying under any other circumstances is permitted solely under the conditions stated below. Sublicensing is not allowed; section 10 makes it unnecessary. 3. Protecting Users' Legal Rights From Anti-Circumvention Law. No covered work shall be deemed part of an effective technological measure under any applicable law fulfilling obligations under article 11 of the WIPO copyright treaty adopted on 20 December 1996, or similar laws prohibiting or restricting circumvention of such measures. When you convey a covered work, you waive any legal power to forbid circumvention of technological measures to the extent such circumvention is effected by exercising rights under this License with respect to the covered work, and you disclaim any intention to limit operation or modification of the work as a means of enforcing, against the work's users, your or third parties' legal rights to forbid circumvention of technological measures. 4. Conveying Verbatim Copies. You may convey verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice; keep intact all notices stating that this License and any non-permissive terms added in accord with section 7 apply to the code; keep intact all notices of the absence of any warranty; and give all recipients a copy of this License along with the Program. You may charge any price or no price for each copy that you convey, and you may offer support or warranty protection for a fee. 5. Conveying Modified Source Versions. You may convey a work based on the Program, or the modifications to produce it from the Program, in the form of source code under the terms of section 4, provided that you also meet all of these conditions: a) The work must carry prominent notices stating that you modified it, and giving a relevant date. b) The work must carry prominent notices stating that it is released under this License and any conditions added under section 7. This requirement modifies the requirement in section 4 to "keep intact all notices". c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy. This License will therefore apply, along with any applicable section 7 additional terms, to the whole of the work, and all its parts, regardless of how they are packaged. This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it. d) If the work has interactive user interfaces, each must display Appropriate Legal Notices; however, if the Program has interactive interfaces that do not display Appropriate Legal Notices, your work need not make them do so. A compilation of a covered work with other separate and independent works, which are not by their nature extensions of the covered work, and which are not combined with it such as to form a larger program, in or on a volume of a storage or distribution medium, is called an "aggregate" if the compilation and its resulting copyright are not used to limit the access or legal rights of the compilation's users beyond what the individual works permit. Inclusion of a covered work in an aggregate does not cause this License to apply to the other parts of the aggregate. 6. Conveying Non-Source Forms. You may convey a covered work in object code form under the terms of sections 4 and 5, provided that you also convey the machine-readable Corresponding Source under the terms of this License, in one of these ways: a) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by the Corresponding Source fixed on a durable physical medium customarily used for software interchange. b) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by a written offer, valid for at least three years and valid for as long as you offer spare parts or customer support for that product model, to give anyone who possesses the object code either (1) a copy of the Corresponding Source for all the software in the product that is covered by this License, on a durable physical medium customarily used for software interchange, for a price no more than your reasonable cost of physically performing this conveying of source, or (2) access to copy the Corresponding Source from a network server at no charge. c) Convey individual copies of the object code with a copy of the written offer to provide the Corresponding Source. This alternative is allowed only occasionally and noncommercially, and only if you received the object code with such an offer, in accord with subsection 6b. d) Convey the object code by offering access from a designated place (gratis or for a charge), and offer equivalent access to the Corresponding Source in the same way through the same place at no further charge. You need not require recipients to copy the Corresponding Source along with the object code. If the place to copy the object code is a network server, the Corresponding Source may be on a different server (operated by you or a third party) that supports equivalent copying facilities, provided you maintain clear directions next to the object code saying where to find the Corresponding Source. Regardless of what server hosts the Corresponding Source, you remain obligated to ensure that it is available for as long as needed to satisfy these requirements. e) Convey the object code using peer-to-peer transmission, provided you inform other peers where the object code and Corresponding Source of the work are being offered to the general public at no charge under subsection 6d. A separable portion of the object code, whose source code is excluded from the Corresponding Source as a System Library, need not be included in conveying the object code work. A "User Product" is either (1) a "consumer product", which means any tangible personal property which is normally used for personal, family, or household purposes, or (2) anything designed or sold for incorporation into a dwelling. In determining whether a product is a consumer product, doubtful cases shall be resolved in favor of coverage. For a particular product received by a particular user, "normally used" refers to a typical or common use of that class of product, regardless of the status of the particular user or of the way in which the particular user actually uses, or expects or is expected to use, the product. A product is a consumer product regardless of whether the product has substantial commercial, industrial or non-consumer uses, unless such uses represent the only significant mode of use of the product. "Installation Information" for a User Product means any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in that User Product from a modified version of its Corresponding Source. The information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made. If you convey an object code work under this section in, or with, or specifically for use in, a User Product, and the conveying occurs as part of a transaction in which the right of possession and use of the User Product is transferred to the recipient in perpetuity or for a fixed term (regardless of how the transaction is characterized), the Corresponding Source conveyed under this section must be accompanied by the Installation Information. But this requirement does not apply if neither you nor any third party retains the ability to install modified object code on the User Product (for example, the work has been installed in ROM). The requirement to provide Installation Information does not include a requirement to continue to provide support service, warranty, or updates for a work that has been modified or installed by the recipient, or for the User Product in which it has been modified or installed. Access to a network may be denied when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network. Corresponding Source conveyed, and Installation Information provided, in accord with this section must be in a format that is publicly documented (and with an implementation available to the public in source code form), and must require no special password or key for unpacking, reading or copying. 7. Additional Terms. "Additional permissions" are terms that supplement the terms of this License by making exceptions from one or more of its conditions. Additional permissions that are applicable to the entire Program shall be treated as though they were included in this License, to the extent that they are valid under applicable law. If additional permissions apply only to part of the Program, that part may be used separately under those permissions, but the entire Program remains governed by this License without regard to the additional permissions. When you convey a copy of a covered work, you may at your option remove any additional permissions from that copy, or from any part of it. (Additional permissions may be written to require their own removal in certain cases when you modify the work.) You may place additional permissions on material, added by you to a covered work, for which you have or can give appropriate copyright permission. Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms: a) Disclaiming warranty or limiting liability differently from the terms of sections 15 and 16 of this License; or b) Requiring preservation of specified reasonable legal notices or author attributions in that material or in the Appropriate Legal Notices displayed by works containing it; or c) Prohibiting misrepresentation of the origin of that material, or requiring that modified versions of such material be marked in reasonable ways as different from the original version; or d) Limiting the use for publicity purposes of names of licensors or authors of the material; or e) Declining to grant rights under trademark law for use of some trade names, trademarks, or service marks; or f) Requiring indemnification of licensors and authors of that material by anyone who conveys the material (or modified versions of it) with contractual assumptions of liability to the recipient, for any liability that these contractual assumptions directly impose on those licensors and authors. All other non-permissive additional terms are considered "further restrictions" within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term. If a license document contains a further restriction but permits relicensing or conveying under this License, you may add to a covered work material governed by the terms of that license document, provided that the further restriction does not survive such relicensing or conveying. If you add terms to a covered work in accord with this section, you must place, in the relevant source files, a statement of the additional terms that apply to those files, or a notice indicating where to find the applicable terms. Additional terms, permissive or non-permissive, may be stated in the form of a separately written license, or stated as exceptions; the above requirements apply either way. 8. Termination. You may not propagate or modify a covered work except as expressly provided under this License. Any attempt otherwise to propagate or modify it is void, and will automatically terminate your rights under this License (including any patent licenses granted under the third paragraph of section 11). However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation. Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice. Termination of your rights under this section does not terminate the licenses of parties who have received copies or rights from you under this License. If your rights have been terminated and not permanently reinstated, you do not qualify to receive new licenses for the same material under section 10. 9. Acceptance Not Required for Having Copies. You are not required to accept this License in order to receive or run a copy of the Program. Ancillary propagation of a covered work occurring solely as a consequence of using peer-to-peer transmission to receive a copy likewise does not require acceptance. However, nothing other than this License grants you permission to propagate or modify any covered work. These actions infringe copyright if you do not accept this License. Therefore, by modifying or propagating a covered work, you indicate your acceptance of this License to do so. 10. Automatic Licensing of Downstream Recipients. Each time you convey a covered work, the recipient automatically receives a license from the original licensors, to run, modify and propagate that work, subject to this License. You are not responsible for enforcing compliance by third parties with this License. An "entity transaction" is a transaction transferring control of an organization, or substantially all assets of one, or subdividing an organization, or merging organizations. If propagation of a covered work results from an entity transaction, each party to that transaction who receives a copy of the work also receives whatever licenses to the work the party's predecessor in interest had or could give under the previous paragraph, plus a right to possession of the Corresponding Source of the work from the predecessor in interest, if the predecessor has it or can get it with reasonable efforts. You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License. For example, you may not impose a license fee, royalty, or other charge for exercise of rights granted under this License, and you may not initiate litigation (including a cross-claim or counterclaim in a lawsuit) alleging that any patent claim is infringed by making, using, selling, offering for sale, or importing the Program or any portion of it. 11. Patents. A "contributor" is a copyright holder who authorizes use under this License of the Program or a work on which the Program is based. The work thus licensed is called the contributor's "contributor version". A contributor's "essential patent claims" are all patent claims owned or controlled by the contributor, whether already acquired or hereafter acquired, that would be infringed by some manner, permitted by this License, of making, using, or selling its contributor version, but do not include claims that would be infringed only as a consequence of further modification of the contributor version. For purposes of this definition, "control" includes the right to grant patent sublicenses in a manner consistent with the requirements of this License. Each contributor grants you a non-exclusive, worldwide, royalty-free patent license under the contributor's essential patent claims, to make, use, sell, offer for sale, import and otherwise run, modify and propagate the contents of its contributor version. In the following three paragraphs, a "patent license" is any express agreement or commitment, however denominated, not to enforce a patent (such as an express permission to practice a patent or covenant not to sue for patent infringement). To "grant" such a patent license to a party means to make such an agreement or commitment not to enforce a patent against the party. If you convey a covered work, knowingly relying on a patent license, and the Corresponding Source of the work is not available for anyone to copy, free of charge and under the terms of this License, through a publicly available network server or other readily accessible means, then you must either (1) cause the Corresponding Source to be so available, or (2) arrange to deprive yourself of the benefit of the patent license for this particular work, or (3) arrange, in a manner consistent with the requirements of this License, to extend the patent license to downstream recipients. "Knowingly relying" means you have actual knowledge that, but for the patent license, your conveying the covered work in a country, or your recipient's use of the covered work in a country, would infringe one or more identifiable patents in that country that you have reason to believe are valid. If, pursuant to or in connection with a single transaction or arrangement, you convey, or propagate by procuring conveyance of, a covered work, and grant a patent license to some of the parties receiving the covered work authorizing them to use, propagate, modify or convey a specific copy of the covered work, then the patent license you grant is automatically extended to all recipients of the covered work and works based on it. A patent license is "discriminatory" if it does not include within the scope of its coverage, prohibits the exercise of, or is conditioned on the non-exercise of one or more of the rights that are specifically granted under this License. You may not convey a covered work if you are a party to an arrangement with a third party that is in the business of distributing software, under which you make payment to the third party based on the extent of your activity of conveying the work, and under which the third party grants, to any of the parties who would receive the covered work from you, a discriminatory patent license (a) in connection with copies of the covered work conveyed by you (or copies made from those copies), or (b) primarily for and in connection with specific products or compilations that contain the covered work, unless you entered into that arrangement, or that patent license was granted, prior to 28 March 2007. Nothing in this License shall be construed as excluding or limiting any implied license or other defenses to infringement that may otherwise be available to you under applicable patent law. 12. No Surrender of Others' Freedom. If conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot convey a covered work so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not convey it at all. For example, if you agree to terms that obligate you to collect a royalty for further conveying from those to whom you convey the Program, the only way you could satisfy both those terms and this License would be to refrain entirely from conveying the Program. 13. Use with the GNU Affero General Public License. Notwithstanding any other provision of this License, you have permission to link or combine any covered work with a work licensed under version 3 of the GNU Affero General Public License into a single combined work, and to convey the resulting work. The terms of this License will continue to apply to the part which is the covered work, but the special requirements of the GNU Affero General Public License, section 13, concerning interaction through a network will apply to the combination as such. 14. Revised Versions of this License. The Free Software Foundation may publish revised and/or new versions of the GNU General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies that a certain numbered version of the GNU General Public License "or any later version" applies to it, you have the option of following the terms and conditions either of that numbered version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the GNU General Public License, you may choose any version ever published by the Free Software Foundation. If the Program specifies that a proxy can decide which future versions of the GNU General Public License can be used, that proxy's public statement of acceptance of a version permanently authorizes you to choose that version for the Program. Later license versions may give you additional or different permissions. However, no additional obligations are imposed on any author or copyright holder as a result of your choosing to follow a later version. 15. Disclaimer of Warranty. THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 16. Limitation of Liability. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 17. Interpretation of Sections 15 and 16. If the disclaimer of warranty and limitation of liability provided above cannot be given local legal effect according to their terms, reviewing courts shall apply local law that most closely approximates an absolute waiver of all civil liability in connection with the Program, unless a warranty or assumption of liability accompanies a copy of the Program in return for a fee. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively state the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . Also add information on how to contact you by electronic and paper mail. If the program does terminal interaction, make it output a short notice like this when it starts in an interactive mode: Copyright (C) This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, your program's commands might be different; for a GUI interface, you would use an "about box". You should also get your employer (if you work as a programmer) or school, if any, to sign a "copyright disclaimer" for the program, if necessary. For more information on this, and how to apply and follow the GNU GPL, see . The GNU General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. But first, please read . spampd-2.62/changelog.txt000066400000000000000000000346241472556702500154450ustar00rootroot00000000000000SpamPD Change Log ----------------- Legend (used since v2.60): + : new feature/function * : bug/deficiency fix ~ : enhancement/non-breaking change ! : important change, change of default behavior, etc. ----------------------------------------------------------- 2.62 (9-Dec-24) * Fixed that SpamPD shares the same socket to `redist` between children. Report: https://github.com/mpaperno/spampd/issues/44 Fix: https://github.com/mpaperno/spampd/pull/45 (thanks @catap !) * Fix option names in configuration parameter validation methods (https://github.com/mpaperno/spampd/commit/29752f8) ~ Do not set up logging if only showing debug info (https://github.com/mpaperno/spampd/commit/641e6571). --- 2.61 (6-Aug-21) Bug fixes, new features, and some optimization. Thanks to Simon Matter for reporting, suggestions, and testing! * Restore syslog as default logging destination (https://github.com/mpaperno/spampd/issues/31) * Fix issues with older Perl versions (https://github.com/mpaperno/spampd/issues/30) ~ Optimize initial header processing when building message line array in process_message(). ~ Slight optimization to LMTP multi-recipient handling in process_request(). ~ Optimize how rewritten (tagged) message is saved back to temp file. + Add detection and logging of "RULESVERSION" tag with SA >= v3.4.0. + Add tracking of some per-child runtime statistics which by default are now shown in the child process names. + Add ability to provide a custom child process name template string (or not modify the child name at all). Template format documented in POD. (https://github.com/mpaperno/spampd/issues/32) + Add _SPAMPDVERSION_ as a "template tag" (macro), eg. for use in SA add_header directives. --- 2.60 (26-Jul-21) This version brings quite a few changes, though the base functionality and compatibility is unchanged (minor exceptions noted below). Testing/close observation of this new version is recommended! ~ Performance and diagnostic improvements, quicker startups, and a lot of documentation updates. + Add support for configuration files (examples included in /misc folder and in POD). + Add optional "scalable mode" using Net::Server::PreFork module (16-year TODO!). More info in POD. + Add --logfile option to control logging destination(s) (syslog, stderr, and/or file/device). + Add --logident, --logfacility options for syslog. + Add multiple levels of help, including full "man" output with optional HTML formatting. + Add --show argument for printing default option values and other debug. * Fix SpamAssassin debug logging with versions 3.1+ (output was going to stderr/wrong syslog/null). * Fix for IPv6 addresses being used on --host and --relayhost options (was not possible due to ":" check). ! SIGHUP will now reload SpamAssassin and SpamPD configuration files (and all module code), still with graceful child process shutdown. ! Use SpamAssassin::Logger module (with SA 3.1+) for all logging. This now inits logging much earlier. ! Log to stderr by default if running non-daemonized (with --nodetach). ! Child processes are now renamed to "spampd child" to distinguish them from the parent in task lists. ! Now requires Net::Server v0.89+ (though latest 2.009 is recommended). ! The --auto-whitelist option is no longer allowed with SpamAssassin v3+. ~ Improve --debug option, adding ability to specify SpamAssassin (v3.1+) debug areas (aka channels/facilities). ~ All boolean options can take 0/1 argument and be negated with "no-" prefix. ~ The --children (-c) option is now more formally named --max-servers (-mxs), but still accepted. ~ IO::Socket::UNIX and ::IP are only required if actually needed for --relaysocket / --relayhost options. ~ SpamPD can now be loaded w/out executing eg. for unit tests or other uses. Much more modular code in general. ######## 2.53 (25-Feb-19) - Fix LMTP delivery with multiple recipients (https://github.com/mpaperno/spampd/issues/23 & https://github.com/mail-in-a-box/mailinabox/issues/1523) - Fix Warning for "Use of uninitialized value in string" (https://github.com/mpaperno/spampd/issues/22) 2.52 (10-Nov-18) - Override Net::Server's HUP handling, just restart children (https://github.com/mpaperno/spampd/pull/20). - Add --version option to print information about SpamPD, Net::Server, SpamAssassin, and Perl. - Add warnings about using deprecated options. - Documentation updates and code cosmetics. 2.51 (01-May-18) - Fix listening to IP address, broken in 2.50 "Unix ports" feature. (https://github.com/mpaperno/spampd/pull/18) - Add --setsid option to start server with setsid if running in background (https://github.com/mpaperno/spampd/pull/18) 2.50 (30-Apr-18) - Replace IO::Socket::INET with IO::Socket::IP for IPv6 support (https://github.com/mpaperno/spampd/pull/9). - Unix ports (ability to listen on UNIX sockets) (https://github.com/mpaperno/spampd/pull/13). - Add X-Envelope-* headers before Received (https://github.com/mpaperno/spampd/pull/14). - Add /usr/local/bin and /usr/local/sbin to PATH (https://github.com/mpaperno/spampd/pull/17). Please refer to commit notes at (https://github.com/mpaperno/spampd/compare/2.42...2.50) for details and credits. ######## 2.42 (08-Dec-13) (experimental) - Untaint some params for compatibility with Perl 5.18. 2.41 (11-Aug-10) (experimental) - Added setting of user name at SA init time. 2.40 (10-Jan-09) (experimental) - New config option to load a specific configuration file after the default local.cf file, thereby overriding any settings therein. The new option is --saconfig=filename. Thanks to Sven Mueller for code and Bernd Zeimetz for bringing it up. (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=344373) - Integrated code by Alexander Wirt to introduce a parameter which sets a proper home directory (--homedir=path) and also cleans up the environment before backgrounding. (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=421100) * NOTE: * default homedir is /var/spool/spamassassin/spampd which needs to be writable by the user spampd is running as. Previously, some files like the auto-whitelist were written to the .spamassassin folder inside the users home directory who started spampd, typically root. - Integrated fix from Vladislav Kurz for LMTP multi-line response after DATA is sent. (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=395355) - Yet another fix for older Net::Server versions (<= 0.87) dying when logging a % character to Sys::Syslog. This also fixes the bug in 2.30 that logs "%s" instead of the actual messages on some system. - Fixed bug with temp files sticking around until spampd child exists, introduced when SA 3.0 was released (https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5444). Thanks to Simon Matter for bringing this to my attention. ######## 2.30 (31-Oct-05) - Another, hopefully final, fix for the Sys::Syslog issue of % signs in the log string. Fixes possible DoS vulnerability. Thanks to Sven Mueller and Florian Weimer for the solution. - Added new options for adding X-Envelope-From and (optionally) X-Envelope-To headers to messages before SA processing. The idea is to help SA process any blacklist/whitelist to/from directives on the actual sender/recipients instead of the possibly bogus envelope headers. Use --seh or --set-envelope-headers to enable setting both headers, or use --sef or --set-envelope-from to enable only X-Envelope-From. If added, spampd attempts to remove the X-Envelope-To header after SA processing to preserve BCC recipient anonymity, but enabling this header may still expose recipient information. See man page for more details. This patch was originally submitted by Sven Mueller, was slightly modified, and the --sef option was added. ######## 2.21 (23-Oct-05) (unreleased) - fixed SA version check on alphanumeric version strings. Stops the annoying Perl warning messages in the mail log. Thanks to Sven Mueller for the fix. ######## 2.20 (05-Oct-04) - added support for SpamAssassin version 3. spampd should now support all SA versions (tested with 2.6.3 and 3.0.0). - removed --add-sc-header feature. It is now redundant with SA v2.6 ability to (almost fully) customize headers, which v3 improves on. If anyone really needs this feature, please let me know. - added --nodetach option to prevent daemon process backgrounding. Patch provided by Urban Petry. Can be useful for win32/cygwin. - if --debug is specified, Net::Server log level is increased to 4 (debug) to provide some more info in the log (can be useful for diagnosing user/permission issues). Thanks to Urban Petry for idea. - the message sender (From header) is now included in the log along with message ID, recipient, and scoring info. Thanks to Roland Koeckel for the patch. ######## 2.13 (24-Nov-03) - SA debug messages redirected from STDERR (warn) to syslog. Thanks to Roland Koeckel for the suggestion. ######## 2.12 (15-Nov-03) - fixed bug related to Sys::Syslog where we needed to escape % signs in Message IDs. Thanks to Jeffrey W. Collyer and Yann Grossel for the bug reports. - minor performance improvement in SpamPD::Client using buffered write to send message data. Thanks to Sam Horrocks for the tip. - fixed error condition when an error response ([4|5]xx) was returned after a DATA command was sent. Thanks to Rodrigo Ventura for bug reports about this. ######## 2.11 (15-Jul-03): - fix for occasional corrupted message headers which caused blank messages (seemed to have only affected certain malformed spam mail). - added --logsock option for syslog socket. Defaults to 'unix' except for HP-UX and SunOS (Solaris) which I'm told prefer 'inet'. ######## 2.10 (01-Jul-03): - added optional 'X-Spam-Checked-By: {hostname}' header, where {hostname} is, theoretically, the name of the machine doing the message scanning. New options --add-sc-header and --hostname=name control this behavior. ######## 2.00 (10-Jun-03): - major rewrite of how mail is handled internally. spampd now takes no responsibility for the mail at any point, instead acting as a transparent proxy between the originating and the destination servers. That is, the servers speak to each other through spampd so final mail delivery occurs only when the destination server acknowledges receipt of the data. Idea based on smtpprox by Bennett Todd (http://bent.latency.net/smtpprox/). Unfortunately this breaks the ability to redirect the mail based on spam score, since scoring happens after all recipients have been specified and accepted. But, it is much cleaner and safer than the previous method. - new architecture doesn't store the mail data in memory any more. Message is still written to memory before scanning by SpamAssassin, but messages larger than the --maxsize to be scanned won't eat up a bunch of memory. From smtpprox documentation by Bennet Todd: "it [spampd] stores the body of the message in an unlinked file under /tmp, which should be a tmpfs; this prevents the allocation overhead associated with large strings (often 2-3x) and ensures that space will be returned to the OS as soon as it's not needed." - as a bonus feature, LMTP is now supported by virtue of spampd's transparency. - added a timeout check around the socket operations as suggested in the Net::Server docs. Added new parameter to control this: --childtimeout=n where n is number of seconds. - added a timeout check around the message processing (spam checking) routines to guard against a SpamAssassin hang. Added new parameter to control this: --satimeout=n where n is number of seconds. If a timeout (or error) occurs while processing, the mail is still passed on unless the new --dose (die-on-sa-errors) paramater is given. - added --children=n parameter to specify how many child servers to spawn and maintain. Default is 5 children (plus one parent). - now uses Net::Server::PreForkSimple instead of PreFork. (Tried utilizing the advanced children pool features of PreFork but either couldn't figure it out or they're kinda broken. If anyone has experience here, please let me know.) - improved logging including the Message-ID, recipients, 100ths precision on spam score, processing time, and file size. Logging format now better resembles that of spamd (which hopefully means spamd log analysis tools can be made to work with spampd easily). - removed dependencies on Net::SMTP, Net::SMTP::Server::Client, and Error modules. - host/port and relay host/port can both be specified as xx.xx.xx.xx:nn in the --host and --relayhost parameters, or as individual parameters (--host, --port, --relayhost, --relayport). # The next 3 items are ideas/patches by # Kurt Andersen, # Agilent Technologies Postmaster # Global Messaging Team, Agilent Technologies - added optional support for Time::HiRes for more accurate processing time reporting in the log (automatically loaded if Time::HiRes is available). - added optional logging of which SA rules matched a message. New option is --log-rules-hit or --rh for short. - Added auto HPUX OS detection for syslog loggging "(for some reason HPUX chokes on using the 'unix' socket type)." # Thanks Kurt! - added much more verbose spampd logging when using the --debug option. - 3 parameters are now deprecated but accepted for backwards compatability: --dead-letters, --heloname, and --stop-at-threshold - added shorthand choice for some options: --aw for --auto-whitelist; --L for --local-only; --a for --tagall --u for --user; --g for --group; --p for --pid --d for --debug; --h for --help; - documentation updates - licensing change due to use of Bennet Todd's code (to GNU GPL from Perl Artistic). ######## 1.0.2 (13-Apr-03): - added 'local-only' parameter to pass on to SA which turns off all network-based tests (DNS, Razor, etc). ######## 1.0.1 (3-Feb-03): - fixed minor but substantial bug preventing child processes from exiting properly since the counter wasn't being incremented (d'oh!). Thanks to Mark Blackman for pointing this out. - fixed typo in pod docs (Thx to James Sizemore for pointing out) ######## Changes to assassind (1.0.0 initial release of spampd - May 2002): A different message rewriting method (using Mail::SpamAssassin::NoMailAudit instead of Dave Carrigan's custom headers and Mail::Audit); Adding more options for message handling, network/protocol options, some options to pass on to SpamAssassin (such as whitelist usage); More orientation to being used as a content filter for the Postfix MTA, mostly by changing some default values; Documentation changes; ## EOF ## spampd-2.62/misc/000077500000000000000000000000001472556702500136775ustar00rootroot00000000000000spampd-2.62/misc/spampd-rh-rc-script.sh000066400000000000000000000022541472556702500200350ustar00rootroot00000000000000#!/bin/sh # # This script starts and stops the spampd daemon # #### NOTE ##### # This is a very old and outdated example!!! # Recommend checking the Debian version of spampd.init script, # in the /debian branch of the source repository # (https://github.com/mpaperno/spampd/tree/debian). # # chkconfig: 2345 80 30 # # description: spampd is a daemon process which uses SpamAssassin to check # email messages for SPAM. # Source function library. . /etc/rc.d/init.d/functions # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. [ ${NETWORKING} = "no" ] && exit 0 [ -f /usr/bin/spampd -o -f /usr/local/bin/spampd ] || exit 0 PATH=$PATH:/usr/bin:/usr/local/bin # See how we were called. case "$1" in start) # Start daemon. echo -n "Starting spampd: " daemon spampd --port=10025 --relayhost=127.0.0.1:25 --tagall --auto-whitelist RETVAL=$? touch /var/lock/spampd echo ;; stop) # Stop daemons. echo -n "Shutting down spampd: " killproc spampd RETVAL=$? rm -f /var/lock/spampd echo ;; restart) $0 stop $0 start ;; status) status spampd ;; *) echo "Usage: $0 {start|stop|restart|status}" exit 1 esac exit 0 spampd-2.62/misc/spampd-sm.cfg000066400000000000000000000015661472556702500162710ustar00rootroot00000000000000# Configuration file example for SpamPD in "scalable mode" (see documentation for details). # The options here are meant to be in addition to/override options set in a # "main" SpamPD config file, such as the "spampd.cfg" example in this folder. # This file can simply be appended to the main one using the command line, e.g.: # spampd --config /etc/spampd.cfg --config /etc/spampd-sm.cfg # The minimum number of servers to keep running min-servers 5 # The minimum number of servers to have waiting min-spare 2 # The maximum number of servers to have waiting max-spare 10 # The maximum number of child servers to start. max-servers 20 # Passthrough tuning arguments for Net::Server::PreFork could go here. # Be sure to also uncomment the "--" if using any. # -- # check_for_dead 30 # check_for_waiting 10 # check_for_spawn 30 # min_child_ttl 10 spampd-2.62/misc/spampd.cfg000066400000000000000000000056561472556702500156600ustar00rootroot00000000000000# Configuration file example for SpamPD v2.6+ # One option per line. Comments (start with # or ;) and blank lines are skipped. # Using a "-" or "--" prefix on the argument names is optional. # Name/value separators can be one or more of space, tab, or = sign. # See main SpamPD documentation for full options list, file syntax, and other details. # User and Group ID to run as. SpamPD's default is "mail:mail" but typical Debian install uses "spampd:spampd". user spampd group spampd # Where to write the PID file (SpamPD user must have r/w access) pid /var/run/spampd/spampd.pid # Home directory for the SpamAssassin process (SpamPD user must have r/w access) homedir /var/cache/spampd # The IP and port to listen on host 127.0.0.1 port 10025 # Listen on a unix socket instead # socket /var/run/spampd/spampd.socket # socket-perms 700 # The host and port to forward the connection to relayhost 127.0.0.1 relayport 10026 # Relay using a socket instead # relaysocket /var/run/dovecot/lmtp # How many checks can be done in parallel. # (note: this option was named "children" in SpamPD versions before 2.60; "children" is also still valid.) max-servers 3 # Whether or not to tag all messages, even non-spam (0/1) tagall 1 # Whether or not to do only local checks (disables any network checks like DNS blacklisting) (0/1) local-only 1 # Logging destination, could be syslog (default), stderr, or a filename. # logfile /var/log/spampd.log # Syslog socket type to use when logfile = syslog. Could be any type supported by syslog(1). # logsock inet # The syslog "identity" to use (typically included in the logged details). Default is "spampd" # logident spampd # The syslog "facility" (typically the log file name in /var/log). Default is "mail" # logfacility mail # Use a spcific "user" config file to override parameters from the system-wide SpamAssassin configuration. # saconfig /etc/spampd.sa.cf # Enable logging of all SpamAssassin rules hit per scanned message. (0/1) # log-rules-hit 1 # Add X-Envelope-From header to messages (if not already present). (0/1) # set-envelope-from 1 # Debug logging options. The default value of 0 will disable it. # A value of 1 or "all" will enable very verbose logging from SpamAssassin and SpamPD. # A value of "spampd" will enable SpamPD debug only. # Other values correspond to SpamAssassin's logging categories and will also enable SpamPD debug. # debug 1 # debug spampd # debug config,rules # Passthrough arguments for Net::Server[::PreFork[Simple]] could go here (see documentation for details). # Be sure to also uncomment the "--" if using any. # -- # cidr_allow 127.0.0.1/32 # cidr_allow 192.168.1.0/24 # cidr_deny 192.168.1.4/30 # reverse_lookups 1 # allow localhost # check_for_dead 30 # chroot spampd-2.62/misc/spampd.service000066400000000000000000000010071472556702500165430ustar00rootroot00000000000000[Unit] Description=Spam Proxy Daemon After=syslog.target network.target [Service] ExecStart=/usr/sbin/spampd --config /etc/spampd.cfg --pid /run/spampd.pid --nodetach ExecReload=/usr/bin/kill -HUP $MAINPID KillMode=mixed KillSignal=SIGQUIT TimeoutStopSec=30 Restart=on-failure # To run as a forking server, uncomment below and remove the "--nodetach" option # from the command line above. You may need/want to add "--setsid" option instead. #Type=forking #PIDFile=/run/spampd.pid [Install] WantedBy=multi-user.target spampd-2.62/previous-versions/000077500000000000000000000000001472556702500164665ustar00rootroot00000000000000spampd-2.62/previous-versions/spampd-0.0.1.pl000066400000000000000000000372271472556702500207540ustar00rootroot00000000000000#!/usr/bin/perl -w ############################################################ # This code is a merging of spamd (copyright 2001 by Craig Hughes) # and spamproxyd by Ian R. Justman. # Like spamproxyd, it is written with Postfix "advanced" content # filtering in mind. See FILTER_README in the Postfix distribution # for more information on how to set this up. # # The primary difference between spamproxyd and spampd is that # spampd acutally tags the spams and sends them on, even making # use of the auto-whitelist feature (and soon the SQL lookups # based on the recipient email address, maybe). # # The primary difference between spamd and spampd is that spampd # talks SMTP protocol for its I/O stream (via Net::SMTP::Server # and Mail::SpamAssassin::SMTP::SmartHost). # # WARNING: Use at your own risk. Basically I have no idea what # I'm doing with the process forking stuff, I just copied it and # messed around until it worked (for me, YMMV). Also the demonizing # stuff seems screwy when you go to kill the daemon (at least via inet.d # script), but it does exit and clean up so no harm seems to be done. # # Development/production environment is RH Linux 7.x on various x86 hardware. # # BUG: for some reason the log and warn (if -D) messages don't print during # SIGTERM or when a child dies (after processing it's allotted # of msgs). # I have no idea why (see above) # # spampd is licensed for use under the terms of the Perl Artistic License # ############################################################ # use lib '../lib'; # added by jm for use inside the distro use strict; # use Socket; use Carp; use Net::SMTP::Server; use Net::SMTP::Server::Client; use Mail::SpamAssassin; use Mail::SpamAssassin::NoMailAudit; use Mail::SpamAssassin::SMTP::SmartHost; use Net::DNS; use Sys::Syslog qw(:DEFAULT setlogsock); use POSIX qw(setsid); use Getopt::Std; use POSIX ":sys_wait_h"; my %resphash = ( EX_OK => 0, # no problems EX_USAGE => 64, # command line usage error EX_DATAERR => 65, # data format error EX_NOINPUT => 66, # cannot open input EX_NOUSER => 67, # addressee unknown EX_NOHOST => 68, # host name unknown EX_UNAVAILABLE => 69, # service unavailable EX_SOFTWARE => 70, # internal software error EX_OSERR => 71, # system error (e.g., can't fork) EX_OSFILE => 72, # critical OS file missing EX_CANTCREAT => 73, # can't create (user) output file EX_IOERR => 74, # input/output error EX_TEMPFAIL => 75, # temp failure; user is invited to retry EX_PROTOCOL => 76, # remote error in protocol EX_NOPERM => 77, # permission denied EX_CONFIG => 78, # configuration error ); sub usage { warn <new({ dont_copy_prefs => $dontcopy, local_tests_only => $opt_L, debug => $opt_D, paranoid => ($opt_P || 0), }); $opt_w and eval { require Mail::SpamAssassin::DBBasedAddrList; # create a factory for the persistent address list my $addrlistfactory = Mail::SpamAssassin::DBBasedAddrList->new(); $spamtest->set_persistent_address_list_factory ($addrlistfactory); }; sub logmsg; # forward declaration setlogsock('unix'); # Use Net::SMTP::Server here to talk regular SMTP my $server = new Net::SMTP::Server($addr, $port) || die "Unable to create server: $! : $addr, $port\n"; # support non-root use (after we bind to the port) my $setuid_to_user = 0; if ($opt_u) { my $uuid = getpwnam($opt_u); if (!defined $uuid || $uuid == 0) { die "fatal: cannot run as nonexistent user or root with -u option\n"; } $> = $uuid; # effective uid $< = $uuid; # real uid. we now cannot setuid anymore if ($> != $uuid) { die "fatal: setuid to uid $uuid failed\n"; } } $spamtest->compile_now(); # ensure all modules etc. are loaded $/ = "\n"; # argh, Razor resets this! Bad Razor! $opt_d and daemonize(); my $current_user; if ($opt_D) { warn "server started on port $port\n"; warn "server pid: $$\n"; } logmsg "server started on $addr:$port; server pid: $$\n"; # Ian R. Justman writes in spamproxyd: # This is the preforking and option-parsiong section taken from the MSDW # smtpproxy code by Bennett Todd. Any comments from that code are not my # own comments (marked with "[MSDW]") unless otherwise noted. # # Depending on your platform, you may need his patch which uses # IPC/semaphores to get information which may be required to allow two # simultaneous instances to accept() a connection, which can be obtained at # http://bent.latency.net/smtpprox/smtpprox-semaphore-patch. It is best to # apply the patch to the original script, then port it to this one. # # --irj # [MSDW] # This should allow a kill on the parent to also blow away the # children, I hope my %children; use vars qw($please_die); $please_die = 0; $SIG{INT} = sub { $please_die = 1; }; $SIG{TERM} = sub { $please_die = 1; }; # logmsg "server killed by SIGTERM, shutting down"; # [MSDW] # This sets up the parent process PARENT: while (1) { while (scalar(keys %children) >= $children) { my $child = wait; delete $children{$child} if exists $children{$child}; if ($please_die) { kill 15, keys %children; exit 0; } } my $pid = fork; die "$0: fork failed: $!\n" unless defined $pid; last PARENT if $pid == 0; $children{$pid} = 1; select(undef, undef, undef, 0.1); if ($please_die) { kill 15, keys %children; exit 0; } } # [MSDW] # This block is a child service daemon. It inherited the bound # socket created by SMTP::Server->new, it will service a random # number of connection requests in [minperchild..maxperchild] then # exit my $lives = $minperchild + (rand($maxperchild - $minperchild)); while(my $conn = $server->accept()) { my $client = new Net::SMTP::Server::Client($conn) || next; my $start = time; # [MSDW] # Process the client. This command will block until # the connecting client completes the SMTP transaction. $client->process || next; # we'll have to revisit this later # if ($opt_q) { # handle_user_sql($1); # } my $resp = "EX_OK"; # Now read in message my $message = $client->{MSG}; my @msglines = split ("\r\n", $message); my $arraycont = @msglines; for(0..$arraycont) { $msglines[$_] .= "\r\n"; } # Audit the message my $mail = Mail::SpamAssassin::NoMailAudit->new ( data => \@msglines, add_From_line => $opt_F ); # Check spamminess and rewrite mail if high spam factor or option -a (tag All) my $status = $spamtest->check($mail); if ( $status->is_spam || $opt_a ) { $status->rewrite_mail; } # Build the message to send back my $msg_resp = join '',$mail->header,"\n",@{$mail->body}; # Relay the (rewritten) message through perl SmartHost module my $relay = new Mail::SpamAssassin::SMTP::SmartHost($client->{FROM}, $client->{TO}, $msg_resp, "$smarthost", "$myhelo"); # Log what we did, FWIW my $was_it_spam; if($status->is_spam) { $was_it_spam = 'identified spam'; } else { $was_it_spam = 'clean message'; } my $msg_score = int($status->get_hits); my $msg_threshold = int($status->get_required_hits); #$current_user ||= '(unknown)'; logmsg "$was_it_spam ($msg_score/$msg_threshold) in ". sprintf("%3d", time - $start) ." seconds.\n"; $status->finish(); # added by jm to allow GC'ing # Zap this instance if this child's processing limit has been reached. # --irj delete $server->{"s"}; if ($lives-- <= 0) { if ($opt_D) { warn "killing child process\n"; } exit 0; } } sub handle_user_sql { $current_user = shift; $spamtest->load_scoreonly_sql ($current_user); return 1; } sub logmsg { openlog('spamd','cons,pid',$log_facility); syslog('info',"@_"); if ($opt_D) { warn "logmsg: @_\n"; } } sub kill_handler { my ($sig) = @_; logmsg "server killed by SIG$sig, shutting down"; $please_die = 1; return 1; #close Server; #exit 0; } use POSIX 'setsid'; sub daemonize { chdir '/' or die "Can't chdir to '/': $!"; open STDIN,'/dev/null' or die "Can't read '/dev/null': $!"; open STDOUT,'>/dev/null' or die "Can't write '/dev/null': $!"; defined(my $pid=fork) or die "Can't fork: $!"; exit if $pid; setsid or die "Can't start new session: $!"; open STDERR,'>&STDOUT' or die "Can't duplicate stdout: $!"; } =head1 NAME spampd - daemonized version of spamassassin with SMTP IO interface =head1 SYNOPSIS spampd [options] =head1 OPTIONS =over =item B<-w> Use auto-whitelists. These will automatically create a list of senders whose messages are to be considered non-spam by monitoring the total number of received messages which weren't tagged as spam from that sender. Once a threshold is exceeded, further messages from that sender will be given a non-spam bonus (in case you correspond with people who occasionally swear in their emails). =item B<-a> Tag All messages with SpamAssassin X-Spam-Status header, even if non spam. Default is to tag spam only. =item B<-d> Detach from starting process and run in background (daemonize). =item B<-h> Print a brief help message, then exit without further action. =item B<-i> I Tells spamd to listen on the specified IP address [defaults to 127.0.0.1]. Use 0.0.0.0 to listen on all interfaces. =item B<-p> I Optionally specifies the port number for the server to listen on. =item B<-t> I Use specified IP address as relay (To) host (default: 127.0.0.1) =item B<-v> I Use specified port on the relay host specified with -t (default: 10026) =item B<-g> I Use specified hostname in the SMTP HELO greeting to the relay host (default: spamfilter.localdomain) =item B<-q> Turn on SQL lookups even when per-user config files have been disabled with B<-x>. this is useful for spamd hosts which don't have user's home directories but do want to load user preferences from an SQL database. =item B<-s> I Specify the syslog facility to use (default: mail). =item B<-u> I Run as the named user. The alternative, default behaviour is to setuid() to the user running C, if C is running as root. =item B<-D> Print debugging messages =item B<-C> Number of child processes to create (Default: 4) =item B<-m> Minumum number of connections to handle per child before exiting (Default: 5) =item B<-M> Maximum number of connections to handle per child before exiting (Default: 10) =item B<-L> Perform only local tests on all mail. In other words, skip DNS and other network tests. Works the same as the C<-L> flag to C. =item B<-P> Die on user errors (for the user passed from spamc) instead of falling back to user I and using the default configuration. =item B<-F> I<0 | 1> Ensure that the output email message either always starts with a 'From ' line (I<1>) for UNIX mbox format, or ensure that this line is stripped from the output (I<0>). (default: 1) =back =head1 DESCRIPTION The purpose of this program is to provide a daemonized version of the spamassassin executable. The goal is improving throughput performance for automated mail checking. This version uses SMTP as the I/O transport. It is inteded to be used as a Postfix content_filter or other transport agent. This code is a merging of spamd (copyright 2001 by Craig Hughes) and spamproxyd by Ian R. Justman. Like spamproxyd, it is written with Postfix "advanced" content filtering in mind. See FILTER_README in the Postfix distribution for more information on how to set this up. The primary difference between spamproxyd and spampd is that spampd acutally tags the spams and sends them on, even making use of the auto-whitelist feature (and soon the SQL lookups based on the recipient email address, maybe). The primary difference between spamd and spampd is that spampd talks SMTP protocol for its I/O stream (via Net::SMTP::Server and Mail::SpamAssassin::SMTP::SmartHost). WARNING: Use at your own risk. Basically I have no idea what I'm doing with the process forking stuff, I just copied it and messed around until it worked (for me, YMMV). Also the demonizing stuff seems screwy when you go to kill the daemon (at least via inet.d script), but it does exit and clean up so no harm seems to be done. Development/production environment is RH Linux 7.x on various x86 hardware. BUG: for some reason the log and warn (if -D) messages don't print during SIGTERM or when a child dies (after processing it's allotted # of msgs). I have no idea why (see above) =head1 SEE ALSO spamassassin(1) Mail::SpamAssassin(3) =head1 AUTHOR Maxim Paperno EMPaperno@worldDesign.comE =head1 CREDITS Justin Mason and Craig Hughes for B and B Ian R. Justman for his B implementation Habeeb J. "MacGyver" Dihu for his B code Bennett Todd for the perforking code and option-parsing code from his pacakge, smtpproxy (used via spamproxyd code) =head1 PREREQUISITES C C =cut spampd-2.62/previous-versions/spampd-0.0.5.pl000066400000000000000000000374011472556702500207520ustar00rootroot00000000000000#! /usr/bin/perl # $Id: assassind,v 1.1 2002/04/28 19:08:22 dave Exp $ # $Source: /var/cvs/src/assassind/assassind,v $ # Copyright (c) 2002 Dave Carrigan package Assassind; use strict; use Net::Server::PreFork; use Net::SMTP::Server::Client; use IO::File; use Getopt::Long; use Data::Dumper; use Mail::SpamAssassin; use Mail::SpamAssassin::NoMailAudit; #use Mail::Audit; use Net::SMTP; use Error qw(:try); our @ISA = qw(Net::Server::PreFork); our $VERSION = '1.0.1'; sub dead_letter { my($self, $client, $message) = @_; my $filename = join("/", $self->{assassind}->{dead_letters}, sprintf("assassind.%d.%d.%f.dead", time(), $$, rand)); my $dead = IO::File->new; unless ($dead->open(">$filename")) { $self->log(0, "Can't open dead letter file $filename: $!"); return; } chmod 0600, $filename; try { if (defined $message) { $dead->print($message, "\n") or throw Error -text => "Can't print to dead letter: $!"; } foreach (@{$client->{TO}}) { $dead->print("TO $_\n") or throw Error -text => "Can't print to dead letter: $!"; } $dead->print("FROM ", $client->{FROM}, "\n") or throw Error -text => "Can't print to dead letter: $!"; $dead->print($client->{MSG}) or throw Error -text => "Can't print to dead letter: $!"; } catch Error with { my $e = shift; $self->log(0, "Warning!!!! Couldn't print dead letter: " . $e->stringify); }; unless ($dead->close) { $self->log(0, "Warning!!!! Could not close the dead letter file: $!"); } } sub relay_message { my($self, $client) = @_; my $start = time; my $msg_resp; # Now read in message my $message = $client->{MSG}; # Skip processing message over 256K (need to make this an option) if ( length($message) < ($self->{assassind}->{maxsize} * 1024) ) { my @msglines = split (/\r?\n/, $message); my $arraycont = @msglines; for(0..$arraycont) { $msglines[$_] .= "\r\n"; } # Audit the message my $mail = Mail::SpamAssassin::NoMailAudit->new ( data => \@msglines, add_From_line => 0 ); my $assassin = $self->{assassind}->{assassin}; # Check spamminess and rewrite mail if high spam factor or option -a (tag All) my $status = $assassin->check($mail); if ( $status->is_spam || $self->{assassind}->{tagall} ) { $status->rewrite_mail; } # Build the message to send back $msg_resp = join '',$mail->header,"\n",@{$mail->body}; # Log what we did, FWIW my $was_it_spam; if($status->is_spam) { $was_it_spam = 'identified spam'; } else { $was_it_spam = 'clean message'; } my $msg_score = int($status->get_hits); my $msg_threshold = int($status->get_required_hits); #$current_user ||= '(unknown)'; $self->log(2, "$was_it_spam ($msg_score/$msg_threshold) in ". sprintf("%3d", time - $start) ." seconds."); $status->finish(); } else { $msg_resp = $message; $self->log(2, "Scanning skipped due to size (". length($message) .")"); } # my $message = [split(/\r?\n/, $client->{MSG})]; # my $auditor = Mail::Audit->new(data => $message); # my $assassin = $self->{assassind}->{assassin}; # my $status = $assassin->check($auditor); # my $score = $status->get_hits; # my $spam_color = 'red'; # foreach my $color (qw(green blue yellow orange)) { # if ($score <= $self->{assassind}->{$color}) { # $spam_color = $color; # last; # } # } # $auditor->put_header('X-Spam-Color', $spam_color); # my $is_spam =$status->is_spam? 'Yes' : 'No'; # $auditor->put_header('X-Spam-Status', # sprintf("%s, hits=%.2f required=%.2f tests=%s", # $is_spam, # $status->get_hits, # $status->get_required_hits, # $status->get_names_of_tests_hit)); # if ($spam_color ne 'green') { # foreach (split(/\n/, $status->get_report)) { # $auditor->put_header('X-Spam-Report', $_); # } # } # $status->finish; my $smtp = Net::SMTP->new($self->{assassind}->{relayhost}, Hello => $self->{assassind}->{heloname}); unless (defined $smtp) { $self->log(1, "Connection to SMTP server failed"); $self->dead_letter($client); return; } try { $smtp->mail($client->{FROM}); throw Error -text => sprintf("Relay failed; server said %s %s", $smtp->code, $smtp->message) unless $smtp->ok; foreach (@{$client->{TO}}) { $smtp->recipient($_); throw Error -text => sprintf("Relay failed; server said %s %s", $smtp->code, $smtp->message) unless $smtp->ok; } $smtp->data($msg_resp); # $smtp->data; throw Error -text => sprintf("Relay failed; server said %s %s", $smtp->code, $smtp->message) unless $smtp->ok; # $smtp->datasend($auditor->header); # $smtp->datasend("\n"); # foreach (@{$auditor->body}) { # $smtp->datasend($_ . "\r\n"); # } # $smtp->dataend; # throw Error -text => sprintf("Relay failed; server said %s %s", # $smtp->code, $smtp->message) unless $smtp->ok; $smtp->quit; throw Error -text => sprintf("Relay failed; server said %s %s", $smtp->code, $smtp->message) unless $smtp->ok; $self->log(4, "Message relayed successfully."); } catch Error with { my $e = shift; $self->dead_letter($client, $e->stringify); }; } sub process_request { my $self = shift; my $client = Net::SMTP::Server::Client->new($self->{server}->{client}); if ($client->process) { $self->log(4, "Received message"); $SIG{TERM} = sub { $self->dead_letter($client, "Process interrupted by SIGTERM"); }; $self->relay_message($client); $SIG{TERM} = sub { exit 0; }; } else { $self->log(1, "An error occurred while receiving message"); } $self->{assassind}->{instance} = 1 unless defined $self->{assassind}->{instance}; exit 0 if $self->{assassind}->{instance} > $self->{assassind}->{maxrequests}++; } my $relayhost = 'localhost'; my $host = 'localhost'; my $port = 2025; my $maxrequests = 20; my $dead_letters = '/var/tmp'; my $pidfile = '/var/run/assassind.pid'; my $user = 'mail'; my $group = 'mail'; my $tagall = 0; my $maxsize = 256; my $heloname = 'spamfilter.localdomain'; # my $auto_whitelist = 0; # my $stop_at_threshold = 0; my %options = (port => \$port, host => \$host, relayhost => \$relayhost, 'dead-letters' => \$dead_letters, pid => \$pidfile, user => \$user, group => \$group, maxrequests => \$maxrequests, tagall => \$tagall, maxsize => \$maxsize, heloname => \$heloname ); usage(1) unless GetOptions(\%options, 'port=i', 'host=s', 'relayhost=s', 'maxrequests=i', 'dead-letters=s', 'user=s', 'group=s', 'pid=s', 'tagall=i', 'maxsize=i', 'heloname=s', 'auto-whitelist', 'stop-at-threshold', 'debug', 'help'); usage(0) if $options{help}; my $assassin = Mail::SpamAssassin->new({ 'dont_copy_prefs' => 1, 'stop_at_threshold' => $options{'stop_at_threshold'} || 0, 'debug' => $options{'debug'} || 0 }); $options{'auto-whitelist'} and eval { require Mail::SpamAssassin::DBBasedAddrList; # create a factory for the persistent address list my $addrlistfactory = Mail::SpamAssassin::DBBasedAddrList->new(); $assassin->set_persistent_address_list_factory ($addrlistfactory); }; $assassin->compile_now(); $/ = "\n"; # argh, Razor resets this! Bad Razor! my $server = bless { server => {host => $host, port => [ $port ], log_file => 'Sys::Syslog', syslog_ident => 'spampd', syslog_facility => 'mail', background => 1, pid_file => $pidfile, user => $user, group => $group, }, assassind => {maxrequests => $maxrequests, relayhost => $relayhost, dead_letters => $dead_letters, tagall => $tagall, maxsize => $maxsize, assassin => $assassin, heloname => $heloname, }, }, 'Assassind'; $server->run; sub usage { print < [B<--port=n>] [B<--host=host>] [B<--relayhost=hostname[:port]>] [B<--user=username>] [B<--group=groupname>] [B<--maxrequests=n>] [B<--dead-letters=/path>] [B<--pid=filename>] [B<--tagall=n>] [B<--maxsize=n>] [B<--auto-whitelist>] [B<--stop-at-threshold>] [B<--debug>] [B<--heloname=hostname>] B B<--help> =head1 DESCRIPTION I is a relaying SMTP proxy that filters spam using SpamAssassin. The proxy is designed to be robust in the face of exceptional errors, and will (hopefully) never lose a message. I is meant to be used as a system-wide message processor, so the proxy does not make any changes to existing message contents or headers; instead choosing just to add three headers of its own, which end users can use to make decisions about filtering (or not filtering) their spam. The most important header that I adds is the B header. This header will have one of five values: I, I, I, I and I. Green messages are very unlikely to be spam, while red messages are almost guaranteed to be spam. You can use this header as the basis for your own message filtering rules, using any common message filtering system (procmail, sieve, etc.). I also adds a B filter. This header is the same as the header generated by the standard SpamAssassin message processor, and contains the message's SpamAssassin score and other information. Finally, I adds one or more B headers, which contain a plain-text report of the rules that SpamAssassin used to assign the message its score. I logs all aspects of its operation to syslog(8), using the mail syslog facility. =head1 OPERATION I is meant to operate as a mail relay that sits between the Internet and your internal mail system. The three most common configurations include =over 5 =item Running between firewall and internal mail server The firewall would be configured to forward all of its mail to the port that I listens on, and I would relay its messages to port 25 of your internal server. I could either run on its own host (and listen on any port) or it could run on the mail server (and listen on any port except port 25). This is I default mode of operation. =item Running on the firewall with an internal mail server I would accept messages on port 25 and forward them to the mail server that is also listening on port 25. Note that I does not do anything other than check for spam, so it is not suitable as an anti-relay system. If your current mail system is configured correctly for anti-relaying, it should continue to work correctly in this configuration, but you may want to verify this using one of the standard open-relay blackhole testing systems. =item Running on the mail server, which is not behind a firewall In this configuration I would listen on port 25, while your mail server would be configured to listen on some other port. =back OPTIONS =over 5 =item B<--port=n> Specifies what port I listens on. By default, it listens on port 2025. =item B<--relayhost=hostname[:port]> Specifies the hostname where I will relay all messages. Defaults to I. If the port is not provided, that defaults to 25. =item B<--user=username> =item B<--group=groupname> Specifies the user and group that the proxy will run as. Default is I/I. =item B<--maxrequests=n> I works by forking child servers to handle each message. The B parameter specifies how many requests will be handled before the child exits. Since a child never gives back memory, a large message can cause it to become quite bloated; the only way to reclaim the memory is for the child to exit. The default is 20. =item B<--dead-letters=/path> Specifies the directory where I will store any message that it fails to deliver. The default is F. You should periodically examine this directory to see if there are any messages that couldn't be delivered. B This path should not be on the same partition as your mail server's message spool, because if your mail server rejects a message because of a full disk, I will not be able to save the message, and it will be lost. =item B<--pid=filename> Specifies a filename where I will write its process ID so that it is easy to kill it later. The directory that will contain this file must be writable by the I user. The default is F. =item B<--green=n> =item B<--blue=n> =item B<--yellow=n> =item B<--orange=n> Specifies the spam score thresholds for each color. The defaults are 5, 6, 10 and 20. Anything over 20 will have a color of red. =back =head1 EXAMPLES =over 5 =item Running between firewall and internal mail server This is I's default configuration, where it listens on port 2025 on the same host as the mail server. assassind =item Running on the firewall with an internal mail server assassind --port=25 --relayhost=internal.serv.er =item Running on the mail server, which is not behind a firewall This scenario assumes that the real mail server is running on port 2025 of the same host. assassind --port=25 --relayhost=localhost:2025 =back =head1 AUTHOR Dave Carrigan, This program is Copyright © 2002, Dave Carrigan. All rights reserved. This program is free software; you can redistribute it and/or modify it under the same terms as Perl. This program is distributed "as is", without warranty of any kind, either expressed or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. The entire risk as to the quality and performance of the program is with you. Should the program prove defective, you assume the cost of all necessary servicing, repair or correction. =head1 SEE ALSO perl(1), Spam::Assassin(3), http://www.rudedog.org/assassind/ =head1 BUGS Due to the nature of Perl's SMTP::Server module, a SMTP message is stored completely in memory. However, as soon as the module receives its entire message data from the SMTP client, it returns a 250, signifying to the client that the message has been delivered. However, this means that there is a period of time where the message is vulnerable to being lost if the I process is killed before it has relayed or saved the message. Caveat Emptor! spampd-2.62/previous-versions/spampd-1.0.2.pl000066400000000000000000000450101472556702500207430ustar00rootroot00000000000000#! /usr/bin/perl # spampd - spam proxy daemon # # v1.0.2 - added 'local-only' (13-Apr-03) # v1.0.1 - minor bug fix (3-Feb-03) # v1.0.0 - initial release (May 2002) # # Original assassind code by and Copyright (c) 2002 Dave Carrigan #(see http://www.rudedog.org/assassind/) # Changed and renamed to spampd by Maxim Paperno (MPaperno@WorldDesign.com) # whose contributions are placed in the Public Domain. #(see http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm) # # 1.0.2 update: # - added 'local-only' parameter to pass on to SA which turns off all network-based tests (DNS, Razor, etc). # # 1.0.1 update: # - fixed minor but substantial bug preventing child processes # from exiting properly since the counter wasn't being incremented (d'oh!). # Thanks to Mark Blackman for pointing this out. # # - fixed typo in pod docs (Thx to James Sizemore for pointing out) # # Changes to assassind (1.0.0 initial release of spampd): # A different message rewriting method (using # Mail::SpamAssassin::NoMailAudit instead of Dave Carrigan's # custom headers and Mail::Audit); # Adding more options for message handling, network/protocol options, # some options to pass on to SpamAssassin (such as whitelist usage); # More orientation to being used as a content filter for the # Postfix MTA, mostly by changing some default values; # Documentation changes; # package SpamPD; use strict; use Net::Server::PreFork; use IO::File; use Getopt::Long; use Net::SMTP; use Net::SMTP::Server::Client; use Mail::SpamAssassin; use Mail::SpamAssassin::NoMailAudit; use Error qw(:try); our @ISA = qw(Net::Server::PreFork); our $VERSION = '1.0.1'; sub dead_letter { my($self, $client, $message) = @_; my $filename = join("/", $self->{spampd}->{dead_letters}, sprintf("spampd.%d.%d.%f.dead", time(), $$, rand)); my $dead = IO::File->new; unless ($dead->open(">$filename")) { $self->log(0, "Can't open dead letter file $filename: $!"); return; } chmod 0600, $filename; try { if (defined $message) { $dead->print($message, "\r\n") or throw Error -text => "Can't print to dead letter: $!"; } foreach (@{$client->{TO}}) { $dead->print("TO $_\r\n") or throw Error -text => "Can't print to dead letter: $!"; } $dead->print("FROM ", $client->{FROM}, "\r\n\r\n") or throw Error -text => "Can't print to dead letter: $!"; $dead->print($client->{MSG}) or throw Error -text => "Can't print to dead letter: $!"; } catch Error with { my $e = shift; $self->log(0, "Warning!!!! Couldn't print dead letter: " . $e->stringify); }; unless ($dead->close) { $self->log(0, "Warning!!!! Could not close the dead letter file: $!"); } } sub relay_message { my($self, $client) = @_; my $start = time; my $msg_resp; # Now read in message my $message = $client->{MSG}; # Skip processing message over n KB if ( length($message) < ($self->{spampd}->{maxsize} * 1024) ) { # prep the message (is this necessary?) my @msglines = split (/\r?\n/, $message); my $arraycont = @msglines; for(0..$arraycont) { $msglines[$_] .= "\r\n"; } # Audit the message my $mail = Mail::SpamAssassin::NoMailAudit->new ( data => \@msglines ); my $assassin = $self->{spampd}->{assassin}; # Check spamminess my $status = $assassin->check($mail); # Rewrite mail if high spam factor or option --tagall if ( $status->is_spam || $self->{spampd}->{tagall} ) { $status->rewrite_mail; } # Build the message to send back $msg_resp = join '',$mail->header,"\n",@{$mail->body}; # Log what we did, FWIW my $was_it_spam; if($status->is_spam) { $was_it_spam = 'identified spam'; } else { $was_it_spam = 'clean message'; } my $msg_score = int($status->get_hits); my $msg_threshold = int($status->get_required_hits); $self->log(2, "$was_it_spam ($msg_score/$msg_threshold) in ". sprintf("%3d", time - $start) ." seconds."); $status->finish(); } else { $msg_resp = $message; $self->log(2, "Scanning skipped due to size (". length($message) .")"); } my $smtp = Net::SMTP->new($self->{spampd}->{relayhost}, Hello => $self->{spampd}->{heloname}); unless (defined $smtp) { $self->log(1, "Connection to SMTP server failed"); $self->dead_letter($client); return; } try { $smtp->mail($client->{FROM}); throw Error -text => sprintf("Relay failed; server said %s %s", $smtp->code, $smtp->message) unless $smtp->ok; foreach (@{$client->{TO}}) { $smtp->recipient($_); throw Error -text => sprintf("Relay failed; server said %s %s", $smtp->code, $smtp->message) unless $smtp->ok; } $smtp->data($msg_resp); throw Error -text => sprintf("Relay failed; server said %s %s", $smtp->code, $smtp->message) unless $smtp->ok; $smtp->quit; throw Error -text => sprintf("Relay failed; server said %s %s", $smtp->code, $smtp->message) unless $smtp->ok; $self->log(4, "Message relayed successfully."); } catch Error with { my $e = shift; $self->dead_letter($client, $e->stringify); }; } sub process_request { my $self = shift; my $client = Net::SMTP::Server::Client->new($self->{server}->{client}); if ($client->process) { $self->log(2, "Received message from '".$client->{FROM}."'"); $SIG{TERM} = sub { $self->dead_letter($client, "Process interrupted by SIGTERM"); }; $self->relay_message($client); $SIG{TERM} = sub { exit 0; }; } else { $self->log(1, "An error occurred while receiving message"); } $self->{spampd}->{instance} = 1 unless defined $self->{spampd}->{instance}; exit 0 if $self->{spampd}->{instance}++ > $self->{spampd}->{maxrequests}; } my $relayhost = '127.0.0.1'; my $host = '127.0.0.1'; my $port = 10025; my $maxrequests = 20; my $dead_letters = '/var/tmp'; my $pidfile = '/var/run/spampd.pid'; my $user = 'mail'; my $group = 'mail'; my $tagall = 0; my $maxsize = 64; my $heloname = 'spampd.localdomain'; my %options = (port => \$port, host => \$host, relayhost => \$relayhost, 'dead-letters' => \$dead_letters, pid => \$pidfile, user => \$user, group => \$group, maxrequests => \$maxrequests, maxsize => \$maxsize, heloname => \$heloname ); usage(1) unless GetOptions(\%options, 'port=i', 'host=s', 'relayhost=s', 'maxrequests=i', 'dead-letters=s', 'user=s', 'group=s', 'pid=s', 'maxsize=i', 'heloname=s', 'tagall', 'auto-whitelist', 'stop-at-threshold', 'debug', 'help', 'local-only'); usage(0) if $options{help}; if ( $options{tagall} ) { $tagall = 1; } my $assassin = Mail::SpamAssassin->new({ 'dont_copy_prefs' => 1, 'stop_at_threshold' => $options{'stop_at_threshold'} || 0, 'debug' => $options{'debug'} || 0, 'local_tests_only' => $options{'local-only'} || 0 }); $options{'auto-whitelist'} and eval { require Mail::SpamAssassin::DBBasedAddrList; # create a factory for the persistent address list my $addrlistfactory = Mail::SpamAssassin::DBBasedAddrList->new(); $assassin->set_persistent_address_list_factory ($addrlistfactory); }; $assassin->compile_now(); $/ = "\n"; # argh, Razor resets this! Bad Razor! my $server = bless { server => {host => $host, port => [ $port ], log_file => 'Sys::Syslog', syslog_ident => 'spampd', syslog_facility => 'mail', background => 1, pid_file => $pidfile, user => $user, group => $group, }, spampd => {maxrequests => $maxrequests, relayhost => $relayhost, dead_letters => $dead_letters, tagall => $tagall, maxsize => $maxsize, assassin => $assassin, heloname => $heloname, }, }, 'SpamPD'; $server->run; sub usage { print < [B<--port=n>] [B<--host=host>] [B<--relayhost=hostname[:port]>] [B<--heloname=hostname>] [B<--user=username>] [B<--group=groupname>] [B<--maxrequests=n>] [B<--dead-letters=/path>] [B<--pid=filename>] [B<--maxsize=n>] [B<--tagall>] [B<--auto-whitelist>] [B<--stop-at-threshold>] [B<--local-only>] [B<--debug>] B B<--help> =head1 DESCRIPTION I is a relaying SMTP proxy that filters spam using SpamAssassin (http://www.SpamAssassin.org). The proxy is designed to be robust in the face of exceptional errors, and will (hopefully) never lose a message. I uses SpamAssassin to modify (tag) relayed messages based on their spam score, so all SA settings apply. This is described in the SA documentation. I will by default only tell SA to tag a message if it exceeds the spam threshold score, however you can have it rewrite all messages passing through by adding the --tagall option (see SA for how non-spam messages are tagged). I logs all aspects of its operation to syslog(8), using the mail syslog facility. =head1 REQUIRES Perl modules: B B B B =head1 OPERATION I is meant to operate as an SMTP mail relay which passes each message through SpamAssassin for analysis. Note that I does not do anything other than check for spam, so it is not suitable as an anti-relay system. It is meant to work in conjunction with your regular mail system. Typically one would pipe any messages they wanted scanned through I after initial acceptance by your MX host. This is especially useful for using Postfix's (http://www.postfix.org) advanced content filtering mechanism, although certainly not limited to that application. Please re-read the second sentence in the above paragraph. You should NOT enable I to listen on a public interface (IP address) unless you know exactly what you're doing! Here are some simple examples (square brackets in the "diagrams" indicate physical machines): =over 5 =item Running between firewall/gateway and internal mail server The firewall/gateway MTA would be configured to forward all of its mail to the port that I listens on, and I would relay its messages to port 25 of your internal server. I could either run on its own host (and listen on any port) or it could run on either mail server (and listen on any port except port 25). Internet -> [ MX gateway (@inter.net.host:25) -> I (@localhost:2025) ] -> Internal mail (@private.host.ip:25) =item Using Postfix advanced content filtering Please see the FILTER_README that came with the Postfix distribution. You need to have a version of Postfix which supports this. Internet -> [ I (@inter.net.host:25) -> I (@localhost:10025) -> I (@localhost:10026) ] -> final delivery =back Note that these examples only show incoming mail delivery. Since it is usually unnecessary to scan mail coming from your network (right?), it may be desirable to set up a separate outbound route which bypasses I. =head1 OPTIONS =over 5 =item B<--port=n> Specifies what port I listens on. By default, it listens on port 10025. =item B<--host=ip> Specifies what interface/IP I listens on. By default, it listens on 127.0.0.1 (localhost). B You should NOT enable I to listen on a public interface (IP address) unless you know exactly what you're doing! =item B<--relayhost=hostname[:port]> Specifies the hostname where I will relay all messages. Defaults to 127.0.0.1. If the port is not provided, that defaults to 25. =item B<--heloname=hostname> Hostname to use in HELO command when sending mail. Default is 'spampd.localdomain'. The HELO name may show up in the Received headers of any processed message, depending on your setup. =item B<--user=username> =item B<--group=groupname> Specifies the user and group that the proxy will run as. Default is I/I. =item B<--maxrequests=n> I works by forking child servers to handle each message. The B parameter specifies how many requests will be handled before the child exits. Since a child never gives back memory, a large message can cause it to become quite bloated; the only way to reclaim the memory is for the child to exit. The default is 20. =item B<--dead-letters=/path> Specifies the directory where I will store any message that it fails to deliver. The default is F. You should periodically examine this directory to see if there are any messages that couldn't be delivered. B This path should not be on the same partition as your mail server's message spool, because if your mail server rejects a message because of a full disk, I will not be able to save the message, and it will be lost. =item B<--pid=filename> Specifies a filename where I will write its process ID so that it is easy to kill it later. The directory that will contain this file must be writable by the I user. The default is F. =item B<--tagall> Tells I to have SpamAssassin add headers to all scanned mail, not just spam. By default I will only rewrite messages which exceed the spam threshold score (as defined in the SA settings). =item B<--maxsize=n> The maximum message size to send to SpamAssassin, in KB. By default messages over 64KB are not scanned at all, and an appropriate message is logged indicating this. This includes headers. =item B<--auto-whitelist> Turns on the SpamAssassin global whitelist feature. See the SA docs. Note that per-user whitelists are not available. =item B<--stop-at-threshold> Turns on the SpamAssassin (v2.20 and up) "stop at threshold" feature which stops any further scanning of a message once the minimum spam score is reached. See the SA docs for more info. =item B<--local-only> Turn off all SA network-based tests (DNS, Razor, etc). =item B<--debug> Turns on SpamAssassin debug messages. =item B<--help> Prints usage information. =back =head1 EXAMPLES =over 5 =item Running between firewall/gateway and internal mail server I listens on port 10025 on the same host as the internal mail server. spampd --host=192.168.1.10 Same as above but I runs on port 10025 of the same host as the firewall/gateway and passes messages on to the internal mail server on another host. spampd --relayhost=192.168.1.10 =item Using Postfix advanced content filtering example and the SA auto-whitelist feature spampd --port=10025 --relayhost=127.0.0.1:10026 --auto-whitelist =back =head1 AUTHORS Based on I by Dave Carrigan, see http://www.rudedog.org/assassind/ Modified and renamed to I (to avoid confusion) by Maxim Paperno, . My modifications are mostly based on code included with the SpamAssassin distribution, namely spamd and spamproxy. =head1 COPYRIGHT AND DISCLAIMER Portions of this program are Copyright © 2002, Dave Carrigan, all rights reserved. Other contributions can be considered Public Domain property. This program is free software; you can redistribute it and/or modify it under the same terms as Perl. This program is distributed "as is", without warranty of any kind, either expressed or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. The entire risk as to the quality and performance of the program is with you. Should the program prove defective, you assume the cost of all necessary servicing, repair or correction. =head1 BUGS Due to the nature of Perl's SMTP::Server module, an SMTP message is stored completely in memory. However, as soon as the module receives its entire message data from the SMTP client, it returns a 250, signifying to the client that the message has been delivered. This means that there is a period of time where the message is vulnerable to being lost if the I process is killed before it has relayed or saved the message. Caveat Emptor! No message loop protection. Net::SMTP::Server::Client has a "problem" with spaces in email addresses. For example during the SMTP dialog, if a mail is FROM:<"some spammer"@some.dom.ain> the address gets truncated after the first space to just '<"some' . This causes a problem when relaying the message to the receiving server, because the sender address is now in an illegal format. The mail is then rejected, and it ends up in the dead-letters directory. I have actually seen this happen several times, and of course they were bogus messages each time. I don't believe there are any legitimate envelope email addresses with spaces in them, so don't see this as much of an issue (except that it's un elegant). =head1 TO DO Add option for extracting recipient address(es) and using SpamAssassin's SQL lookup capability check for user-specific preferences. Deal with above bugs. =head1 SEE ALSO perl(1), Spam::Assassin(3), http://www.spamassassin.org/, http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm, http://www.rudedog.org/assassind/ spampd-2.62/previous-versions/spampd-2.00.pl000066400000000000000000001023211472556702500206630ustar00rootroot00000000000000#! /usr/bin/perl ###################### # SpamPD - spam proxy daemon # # v2.00 - 8-June-03 # v1.0.2 - 13-Apr-03 # v1.0.1 - 3-Feb-03 # v1.0.0 - May 2002 # # spampd is Copyright (c) 2002 by World Design Group and Maxim Paperno # (see http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm) # # Written and maintained by Maxim Paperno (MPaperno@WorldDesign.com) # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # The GNU GPL can be found at http://www.fsf.org/copyleft/gpl.html # # spampd v2 uses two Perl modules by Bennett Todd and Copyright (C) 2001 Morgan # Stanley Dean Witter. These are also distributed under the GNU GPL (see # module code for more details). Both modules have been slightly modified # from the originals and are included in this file under new names. # # spampd v1 was based on code by Dave Carrigan named assassind. Trace amounts # of his code or documentation may still remain. Thanks to him for the # original inspiration and code. (see http://www.rudedog.org/assassind/) # ###################### ################################################################################ package SpamPD::Server; # Originally known as MSDW::SMTP::Server # # This code is Copyright (C) 2001 Morgan Stanley Dean Witter, and # is distributed according to the terms of the GNU Public License # as found at . # # Modified for use in SpamPD by Maxim Paperno (June, 2003) # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # Written by Bennett Todd # =item DESCRIPTION # # This server simply gathers the SMTP acquired information (envelope # sender and recipient, and data) into unparsed memory buffers (or a # file for the data), and returns control to the caller to explicitly # acknowlege each command or request. Since acknowlegement or failure # are driven explicitly from the caller, this module can be used to # create a robust SMTP content scanning proxy, transparent or not as # desired. # # =cut use strict; use IO::File; #use IO::Socket; # =item new(interface => $interface, port => $port); # The #interface and port to listen on must be specified. The interface # must be a valid numeric IP address (0.0.0.0 to listen on all # interfaces, as usual); the port must be numeric. If this call # succeeds, it returns a server structure with an open # IO::Socket::INET in it, ready to listen on. If it fails it dies, so # if you want anything other than an exit with an explanatory error # message, wrap the constructor call in an eval block and pull the # error out of $@ as usual. This is also the case for all other # methods; they succeed or they die. # # =cut sub new { # This now emulates Net::SMTP::Server::Client for use with Net::Server which # passes an already open socket. my($this, $socket) = @_; my $class = ref($this) || $this; my $self = {}; $self->{sock} = $socket; bless($self, $class); die "$0: socket bind failure: $!\n" unless defined $self->{sock}; $self->{state} = 'just bound'; return $self; # Original code, removed by MP for spampd use # # my ($this, @opts) = @_; # my $class = ref($this) || $this; # my $self = bless { @opts }, $class; # $self->{sock} = IO::Socket::INET->new( # LocalAddr => $self->{interface}, # LocalPort => $self->{port}, # Proto => 'tcp', # Type => SOCK_STREAM, # Listen => 65536, # Reuse => 1, # ); # die "$0: socket bind failure: $!\n" unless defined $self->{sock}; # $self->{state} = 'just bound', # return $self; } # =item accept([debug => FD]); # # accept takes optional args and returns nothing. If an error occurs # it dies, otherwise it returns when a client connects to this server. # This is factored out as a separate entry point to allow preforking # (e.g. Apache-style) or fork-per-client strategies to be implemented # on the common protocol core. If a filehandle is passed for debugging # it will receive a complete trace of the entire SMTP dialogue, data # and all. Note that nothing in this module sends anything to the # client, including the initial login banner; all such backtalk must # come from the calling program. # # =cut # sub accept { # my ($self, @opts) = @_; # %$self = (%$self, @opts); # #($self->{"s"}, $self->{peeraddr}) = $self->{sock}->accept # $self->{"s"} = $self->{sock} # or die "$0: accept failure: $!\n"; # $self->{state} = ' accepted'; # } # =item chat; # # The chat method carries the SMTP dialogue up to the point where any # acknowlegement must be made. If chat returns true, then its return # value is the previous SMTP command. If the return value begins with # 'mail' (case insensitive), then the attribute 'from' has been filled # in, and may be checked; if the return value begins with 'rcpt' then # both from and to have been been filled in with scalars, and should # be checked, then either 'ok' or 'fail' should be called to accept # or reject the given sender/recipient pair. If the return value is # 'data', then the attributes from and to are populated; in this case, # the 'to' attribute is a reference to an anonymous array containing # all the recipients for this data. If the return value is '.', then # the 'data' attribute (which may be pre-populated in the "new" or # "accept" methods if desired) is a reference to a filehandle; if it's # created automatically by this module it will point to an unlinked # tmp file in /tmp. If chat returns false, the SMTP dialogue has been # completed and the socket closed; this server is ready to exit or to # accept again, as appropriate for the server style. # # The return value from chat is also remembered inside the server # structure in the "state" attribute. # # =cut sub chat { my ($self) = @_; local(*_); if ($self->{state} !~ /^data/i) { return 0 unless defined($_ = $self->_getline); s/[\r\n]*$//; $self->{state} = $_; if (s/^helo\s+//i) { s/\s*$//;s/\s+/ /g; $self->{helo} = $_; } elsif (s/^rset\s*//i) { delete $self->{to}; delete $self->{data}; delete $self->{recipients}; } elsif (s/^mail\s+from:\s*//i) { delete $self->{to}; delete $self->{data}; delete $self->{recipients}; s/\s*$//; $self->{from} = $_; } elsif (s/^rcpt\s+to:\s*//i) { s/\s*$//; s/\s+/ /g; $self->{to} = $_; push @{$self->{recipients}}, $_; } elsif (/^data/i) { $self->{to} = $self->{recipients}; } } else { if (defined($self->{data})) { $self->{data}->seek(0, 0); $self->{data}->truncate(0); # $self->{data} = undef; } else { $self->{data} = IO::File->new_tmpfile; # $self->{data} = undef; } while (defined($_ = $self->_getline)) { if ($_ eq ".\r\n") { $self->{data}->seek(0,0); return $self->{state} = '.'; } s/^\.\./\./; $self->{data}->print($_) or die "$0: write error saving data\n"; # $self->{data} .= $_; } return(0); } return $self->{state}; } # =item ok([message]); # # Approves of the data given to date, either the recipient or the # data, in the context of the sender [and, for data, recipients] # already given and available as attributes. If a message is given, it # will be sent instead of the internal default. # # =cut sub ok { my ($self, @msg) = @_; @msg = ("250 ok.") unless @msg; $self->_print("@msg\r\n") or die "$0: write error acknowledging $self->{state}: $!\n"; } # =item fail([message]); # # Rejects the current info; if processing from, rejects the sender; if # processing 'to', rejects the current recipient; if processing data, # rejects the entire message. If a message is specified it means the # exact same thing as "ok" --- simply send that message to the sender. # # =cut sub fail { my ($self, @msg) = @_; @msg = ("550 no.") unless @msg; $self->_print("@msg\r\n") or die "$0: write error acknowledging $self->{state}: $!\n"; } # utility functions sub _getline { my ($self) = @_; local ($/) = "\r\n"; my $tmp = $self->{sock}->getline; if ( defined $self->{debug} ) { $self->{debug}->print($tmp) if ($tmp); } return $tmp; } sub _print { my ($self, @msg) = @_; $self->{debug}->print(@msg) if defined $self->{debug}; $self->{sock}->print(@msg); } 1; ################################################################################ package SpamPD::Client; # Originally known as MSDW::SMTP::Client # # This code is Copyright (C) 2001 Morgan Stanley Dean Witter, and # is distributed according to the terms of the GNU Public License # as found at . # # Modified for use in SpamPD by Maxim Paperno (June, 2003) # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # Written by Bennett Todd # =head1 DESCRIPTION # # MSDW::SMTP::Client provides a very lean SMTP client implementation; # the only protocol-specific knowlege it has is the structure of SMTP # multiline responses. All specifics lie in the hands of the calling # program; this makes it appropriate for a semi-transparent SMTP # proxy, passing commands between a talker and a listener. # # =cut use strict; use IO::Socket; # =item new(interface => $interface, port => $port[, timeout = 300]); # # The interface and port to talk to must be specified. The interface # must be a valid numeric IP address; the port must be numeric. If # this call succeeds, it returns a client structure with an open # IO::Socket::INET in it, ready to talk to. If it fails it dies, # so if you want anything other than an exit with an explanatory # error message, wrap the constructor call in an eval block and pull # the error out of $@ as usual. This is also the case for all other # methods; they succeed or they die. The timeout parameter is passed # on into the IO::Socket::INET constructor. # # =cut sub new { my ($this, @opts) = @_; my $class = ref($this) || $this; my $self = bless { timeout => 300, @opts }, $class; $self->{sock} = IO::Socket::INET->new( PeerAddr => $self->{interface}, PeerPort => $self->{port}, Timeout => $self->{timeout}, Proto => 'tcp', Type => SOCK_STREAM, ); die "$0: socket connect failure: $!\n" unless defined $self->{sock}; return $self; } # =item hear # # hear collects a complete SMTP response and returns it with trailing # CRLF removed; for multi-line responses, intermediate CRLFs are left # intact. Returns undef if EOF is seen before a complete reply is # collected. # # =cut sub hear { my ($self) = @_; my ($tmp, $reply); return undef unless $tmp = $self->{sock}->getline; while ($tmp =~ /^\d{3}-/) { $reply .= $tmp; return undef unless $tmp = $self->{sock}->getline; } $reply .= $tmp; $reply =~ s/\r\n$//; return $reply; } # =item say("command text") # # say sends an SMTP command, appending CRLF. # # =cut sub say { my ($self, @msg) = @_; return unless @msg; $self->{sock}->print("@msg", "\r\n") or die "$0: write error: $!"; } # =item yammer(FILEHANDLE) # # yammer takes a filehandle (which should be positioned at the # beginning of the file, remember to $fh->seek(0,0) if you've just # written it) and sends its contents as the contents of DATA. This # should only be invoked after a $client->say("data") and a # $client->hear to collect the reply to the data command. It will send # the trailing "." as well. It will perform leading-dot-doubling in # accordance with the SMTP protocol spec, where "leading dot" is # defined in terms of CR-LF terminated lines --- i.e. the data should # contain CR-LF data without the leading-dot-quoting. The filehandle # will be left at EOF. # # =cut sub yammer { my ($self, $fh) = (@_); local (*_); local ($/) = "\r\n"; while (<$fh>) { s/^\./../; $self->{sock}->print($_) or die "$0: write error: $!\n"; } $self->{sock}->print(".\r\n") or die "$0: write error: $!\n"; } 1; ################################################################################ package SpamPD; use strict; use Net::Server::PreFork; use IO::File; use Getopt::Long; # use Net::SMTP; # use Net::SMTP::Server::Client; use Mail::SpamAssassin; use Mail::SpamAssassin::NoMailAudit; # use Error qw(:try); BEGIN { import SpamPD::Server; import SpamPD::Client; } use vars qw(@ISA $VERSION); our @ISA = qw(Net::Server::PreFork); our $VERSION = '2.00'; sub process_message { my ($self, $fh) = @_; my $start = time; # this gets info about the message file (my $dev,my $ino,my $mode,my $nlink,my $uid, my $gid,my $rdev,my $size, my $atime,my $mtime,my $ctime, my $blksize,my $blocks) = $fh->stat or die "Can't stat mail file: $!"; # Only process message under --maxsize KB if ( $size < ($self->{spampd}->{maxsize} * 1024) ) { # read message into array of lines to feed to SA # notes in the SA::NoMailAudit code indicate it should take a # filehandle... but that doesn't seem to work my(@msglines); $fh->seek(0,0) or die "Can't rewind message file: $!"; while (<$fh>) { push(@msglines,$_); } # Audit the message my $mail = Mail::SpamAssassin::NoMailAudit->new ( data => \@msglines ); # use the assassin object created during startup my $assassin = $self->{spampd}->{assassin}; # Check spamminess my $status = $assassin->check($mail); # Rewrite mail if high spam factor or option --tagall if ( $status->is_spam || $self->{spampd}->{tagall} ) { $status->rewrite_mail; # Build the new message to relay my $msg_resp = join '',$mail->header,"\r\n",@{$mail->body}; my @resplines = split(/\r?\n/, $msg_resp); my $arraycont = @resplines; $fh->seek(0,0) or die "Can't rewind message file: $!"; $fh->truncate(0) or die "Can't truncate message file: $!"; for (0..$arraycont) { $fh->print($resplines[$_] . "\r\n"); } } # Log what we did my $was_it_spam = 'clean message'; if($status->is_spam) { $was_it_spam = 'identified spam'; } my $msg_score = sprintf("%.1f",$status->get_hits); my $msg_threshold = sprintf("%.1f",$status->get_required_hits); $self->log(2, "$was_it_spam ($msg_score/$msg_threshold) in ". sprintf("%.1f", time - $start) ." seconds."); $status->finish(); } else { $self->log(2, "Scanning skipped due to size (". $size / 1024 ."KB)"); } return 1; } sub process_request { my $self = shift; my $msg; eval { local $SIG{ALRM} = sub { die "Child server process timed out!\n" }; my $timeout = $self->{spampd}->{childtimeout}; # start a timeout alarm alarm($timeout); # start an smtp server my $smtp_server = SpamPD::Server->new($self->{server}->{client}); unless ( defined $smtp_server ) { die "WARNING!! Failed to create listening Server: $!"; } # start an smtp "client" (really a sending server) my $client = SpamPD::Client->new(interface => $self->{spampd}->{relayhost}, port => $self->{spampd}->{relayport}); unless ( defined $client ) { die "WARNING!! Failed to create sending Client: $!"; } # pass on initial client response $smtp_server->ok($client->hear) or die "WARNING!! Error in initial server->ok(client->hear): $!"; # while loop over incoming data from the server while ( my $what = $smtp_server->chat ) { # until end of DATA is sent, just pass the commands on transparently if ($what ne '.') { $client->say($what) or die "WARNING!! Failure in client->say(what): $!"; # but once the data is sent now we want to process it } else { # spam checking routine - message might be rewritten here $self->process_message($smtp_server->{data}) or die "WARNING!! Error processing message (process_message(data)): $!"; # $self->log(0, $smtp_server->{data}); #debug # need to give the client a rewound file $smtp_server->{data}->seek(0,0) or die "WARNING!! Can't rewind mail file: $!"; # now send the data on through the client $client->yammer($smtp_server->{data}) or die "WARNING!! Failure in client->yammer(smtp_server->{data}): $!"; #close the file $smtp_server->{data}->close or die "WARNING!! Couldn't close smtp_server->{data} temp file: $!"; } # pass on whatever the relayhost said in response $smtp_server->ok($client->hear) or die "WARNING!! Error in server->ok(client->hear): $!"; # restart the timeout alarm alarm($timeout); } # server ends connection # close connections $client->{sock}->close or die "WARNING!! Couldn't close client->{sock}: $!"; $smtp_server->{sock}->close or die "WARNING!! Couldn't close smtp_server->{sock}: $!"; }; # end eval block alarm(0); # stop the timer # check for error in eval block if ($@ ne '') { chomp($@); $msg = "WARNING!! Error in process_request eval block: $@"; $self->log(0, $msg); die ($msg . "\n"); } $self->{spampd}->{instance} = 1 unless defined $self->{spampd}->{instance}; exit 0 if $self->{spampd}->{instance}++ > $self->{spampd}->{maxrequests}; } my $relayhost = '127.0.0.1'; # relay to ip my $relayport = 25; # relay to port my $host = '127.0.0.1'; # listen on ip my $port = 10025; # listen on port my $maxrequests = 20; # max requests handled by child b4 dying my $childtimeout = 5*60; # child process per-command timeout in seconds my $pidfile = '/var/run/spampd.pid'; # write pid to file my $user = 'mail'; # user to run as my $group = 'mail'; # group to run as my $tagall = 0; # mark-up all msgs with SA, not just spam my $maxsize = 64; # max. msg size to scan with SA, in KB. # the following are deprecated as of v.2 my $heloname = ''; my $dead_letters = ''; my %options = (port => \$port, host => \$host, relayhost => \$relayhost, relayport => \$relayport, 'dead-letters' => \$dead_letters, pid => \$pidfile, user => \$user, group => \$group, maxrequests => \$maxrequests, maxsize => \$maxsize, heloname => \$heloname, childtimeout => \$childtimeout ); usage(1) unless GetOptions(\%options, 'port=i', 'host=s', 'relayhost=s', 'relayport=i', 'maxrequests=i', 'dead-letters=s', 'user=s', 'group=s', 'pid=s', 'maxsize=i', 'heloname=s', 'tagall', 'auto-whitelist', 'stop-at-threshold', 'debug', 'help', 'local-only', 'childtimeout=i'); usage(0) if $options{help}; if ( $options{tagall} ) { $tagall = 1; } my @tmp = split (/:/, $relayhost); $relayhost = $tmp[0]; if ( $tmp[1] ) { $relayport = $tmp[1]; } @tmp = split (/:/, $host); $host = $tmp[0]; if ( $tmp[1] ) { $port = $tmp[1]; } my $assassin = Mail::SpamAssassin->new({ 'dont_copy_prefs' => 1, 'debug' => $options{'debug'} || 0, 'local_tests_only' => $options{'local-only'} || 0 }); # 'stop_at_threshold' => $options{'stop_at_threshold'} || 0, $options{'auto-whitelist'} and eval { require Mail::SpamAssassin::DBBasedAddrList; # create a factory for the persistent address list my $addrlistfactory = Mail::SpamAssassin::DBBasedAddrList->new(); $assassin->set_persistent_address_list_factory ($addrlistfactory); }; $assassin->compile_now(); my $server = bless { server => {host => $host, port => [ $port ], log_file => 'Sys::Syslog', syslog_ident => 'spampd', syslog_facility => 'mail', background => 1, pid_file => $pidfile, user => $user, group => $group, }, spampd => { maxrequests => $maxrequests, relayhost => $relayhost, relayport => $relayport, tagall => $tagall, maxsize => $maxsize, assassin => $assassin, childtimeout => $childtimeout }, }, 'SpamPD'; # call Net::Server to do the rest $server->run; exit 1; # shouldn't need this sub usage { print < [B<--host=host[:port]>] [B<--relayhost=hostname[:port]>] [B<--user=username>] [B<--group=groupname>] [B<--maxrequests=n>] [B<--childtimeout=n>] [B<--pid=filename>] [B<--maxsize=n>] [B<--tagall>] [B<--auto-whitelist>] [B<--local-only>] [B<--debug>] B B<--help> =head1 Description I is a relaying SMTP proxy that filters spam using SpamAssassin (http://www.SpamAssassin.org). The proxy is designed to be robust in the face of exceptional errors, and will (hopefully) never lose a message. I uses SpamAssassin to modify (tag) relayed messages based on their spam score, so all SA settings apply. This is described in the SA documentation. I will by default only tell SA to tag a message if it exceeds the spam threshold score, however you can have it rewrite all messages passing through by adding the --tagall option (see SA for how non-spam messages are tagged). I logs all aspects of its operation to syslog(8), using the mail syslog facility. The latest version can be found at http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm =head1 Requires =over 5 Perl modules: =item B =item B =item B =item B =back =head1 Operation I is meant to operate as an SMTP mail proxy which passes each message through SpamAssassin for analysis. Note that I does not do anything other than check for spam, so it is not suitable as an anti-relay system. It is meant to work in conjunction with your regular mail system. Typically one would pipe any messages they wanted scanned through I after initial acceptance by your MX host. This is especially useful for using Postfix's (http://www.postfix.org) advanced content filtering mechanism, although certainly not limited to that application. Please re-read the second sentence in the above paragraph. You should NOT enable I to listen on a public interface (IP address) unless you know exactly what you're doing! It is very easy to set up an open relay this way. Note that I U I from the I distribution in function. You do not need to run I in order for I to function. Here are some simple examples (square brackets in the "diagrams" indicate physical machines): B =over 3 The firewall/gateway MTA would be configured to forward all of its mail to the port that I listens on, and I would relay its messages to port 25 of your internal server. I could either run on its own host (and listen on any port) or it could run on either mail server (and listen on any port except port 25). Internet -> [ MX gateway (@inter.net.host:25) -> I (@localhost:2025) ] -> Internal mail (@private.host.ip:25) =back B =over 3 Please see the FILTER_README that came with the Postfix distribution. You need to have a version of Postfix which supports this. Internet -> [ I (@inter.net.host:25) -> I (@localhost:10025) -> I (@localhost:10026) ] -> final delivery =back Note that these examples only show incoming mail delivery. Since it is usually unnecessary to scan mail coming from your network (right?), it may be desirable to set up a separate outbound route which bypasses I. =head1 Installation I can be run directly from the command prompt if desired. This is useful for testing purposes, but for long term use you probably want to put it somewhere like /usr/bin or /usr/local/bin and execute it at system startup. For example on Red Hat-style Linux system one can use a script in /etc/rc.d/init.d to start I (a sample script is available on the I Web page @ http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm). Note that I B I from the I distribution in function. You do not need to run I in order for I to function. This has apparently been the source of some confusion, so now you know. =head2 Postfix-specific Notes Here is a typical setup for Postfix "advanced" content filtering as described in the FILTER_README that came with the Postfix distribution: F: smtp inet n - y - - smtpd -o content_filter=smtp:localhost:10025 -o myhostname=mx.example.com localhost:10026 inet n - n - 10 smtpd -o content_filter= -o myhostname=mx-int.example.com The first entry is the main public-facing MTA which uses localhost:10025 as the content filter for all mail. The second entry receives mail from the content filter and does final delivery. Both smtpd instances use the same Postfix F file. I is the process that listens on localhost:10025 and then connects to the Postfix listener on localhost:10026. Note that the C options must be different between the two instances, otherwise Postfix will think it's talking to itself and abort sending. For the above example you can simply start I like this: spampd --host=localhost:10025 --relayhost=localhost:10026 =head1 Options =over 5 =item B<--host=ip or hostname[:port]> Specifies what hostname/IP and port I listens on. By default, it listens on 127.0.0.1 (localhost) on port 10025. B You should NOT enable I to listen on a public interface (IP address) unless you know exactly what you're doing! =item B<--port=n> Specifies what port I listens on. By default, it listens on port 10025. This is an alternate to using the above --host=ip:port notation. =item B<--relayhost=ip or hostname[:port]> Specifies the hostname where I will relay all messages. Defaults to 127.0.0.1. If the port is not provided, that defaults to 25. =item B<--relayport=n> Specifies what port I will relay to. Default is 35. This is an alternate to using the above --relayhost=ip:port notation. =item B<--user=username> =item B<--group=groupname> Specifies the user and group that the proxy will run as. Default is I/I. =item B<--maxrequests=n> I works by forking child servers to handle each message. The B parameter specifies how many requests will be handled before the child exits. Since a child never gives back memory, a large message can cause it to become quite bloated; the only way to reclaim the memory is for the child to exit. The default is 20. =item B<--childtimeout=n> This is the number of seconds to allow each child server before it times out a transaction. In an SMTP transaction the timer is reset for every command. This timeout includes time it would take to send the message data, so it should not be too short. Default is 300 seconds (5 minutes). =item B<--pid=filename> Specifies a filename where I will write its process ID so that it is easy to kill it later. The directory that will contain this file must be writable by the I user. The default is F. =item B<--tagall> Tells I to have SpamAssassin add headers to all scanned mail, not just spam. By default I will only rewrite messages which exceed the spam threshold score (as defined in the SA settings). =item B<--maxsize=n> The maximum message size to send to SpamAssassin, in KB. By default messages over 64KB are not scanned at all, and an appropriate message is logged indicating this. This includes headers. =item B<--auto-whitelist> Turns on the SpamAssassin global whitelist feature. See the SA docs. Note that per-user whitelists are not available. =item B<--local-only> Turn off all SA network-based tests (DNS, Razor, etc). =item B<--debug> Turns on SpamAssassin debug messages. =item B<--help> Prints usage information. =back =head2 Deprecated Options =over 5 The following options are no longer used but still accepted for backwards compatibility with I v1: =item B<--dead-letters> =item B<--heloname> =item B<--stop-at-threshold> =back =head1 Examples =over 5 =item Running between firewall/gateway and internal mail server I listens on port 10025 on the same host as the internal mail server. spampd --host=192.168.1.10 Same as above but I runs on port 10025 of the same host as the firewall/gateway and passes messages on to the internal mail server on another host. spampd --relayhost=192.168.1.10 =item Using Postfix advanced content filtering example and the SA auto-whitelist feature spampd --port=10025 --relayhost=127.0.0.1:10026 --auto-whitelist =back =head1 Credits I is written and maintained by Maxim Paperno . See http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm for latest info. I v2 uses two Perl modules by Bennett Todd and Copyright (C) 2001 Morgan Stanley Dean Witter. These are distributed under the GNU GPL (see module code for more details). Both modules have been slightly modified from the originals and are included in this file under new names. Also thanks to Bennet Todd for the example smtpproxy script which helped create this version of I. See http://bent.latency.net/smtpprox/ . I v1 was based on code by Dave Carrigan named assassind. Trace amounts of his code or documentation may still remain. Thanks to him for the original inspiration and code. See http://www.rudedog.org/assassind/ . Also thanks to I (included with SpamAssassin) and I (http://www.ijs.si/software/amavisd/) for some tricks. =head1 Copyright and Disclaimer I is Copyright (c) 2002 by World Design Group and Maxim Paperno Portions are Copyright (C) 2001 Morgan Stanley Dean Witter as mentioned above in the CREDITS section. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. The GNU GPL can be found at http://www.fsf.org/copyleft/gpl.html =head1 Bugs None known. Please report any to MPaperno@WorldDesign.com. =head1 To Do Add configurable option for rejecting mail outright based on spam score. It would be nice to make this program safe enough to sit in front of a mail server such as Postfix and be able to reject mail before it enters our systems. The only real problem is that Postfix will see localhost as the connecting client, so that disables any client-based checks Postfix can do and creates a possible relay hole if localhost is trusted. Make it handle LMTP protocol. =head1 See Also perl(1), Spam::Assassin(3), L, L spampd-2.62/previous-versions/spampd-2.10.pl000066400000000000000000001351371472556702500206770ustar00rootroot00000000000000#! /usr/bin/perl -T ###################### # SpamPD - spam proxy daemon # # v2.10 - 01-Jul-03 # v2.00 - 10-Jun-03 # v1.0.2 - 13-Apr-03 # v1.0.1 - 03-Feb-03 # v1.0.0 - May 2002 # # spampd is Copyright (c) 2002 by World Design Group and Maxim Paperno # (see http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm) # # Written and maintained by Maxim Paperno (MPaperno@WorldDesign.com) # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # The GNU GPL can be found at http://www.fsf.org/copyleft/gpl.html # # spampd v2 uses two Perl modules by Bennett Todd and Copyright (C) 2001 Morgan # Stanley Dean Witter. These are also distributed under the GNU GPL (see # module code for more details). Both modules have been slightly modified # from the originals and are included in this file under new names. # # spampd v1 was based on code by Dave Carrigan named assassind. Trace amounts # of his code or documentation may still remain. Thanks to him for the # original inspiration and code. (see http://www.rudedog.org/assassind/) # ###################### ################################################################################ package SpamPD::Server; # Originally known as MSDW::SMTP::Server # # This code is Copyright (C) 2001 Morgan Stanley Dean Witter, and # is distributed according to the terms of the GNU Public License # as found at . # # Modified for use in SpamPD by Maxim Paperno (June, 2003) # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # Written by Bennett Todd # =item DESCRIPTION # # This server simply gathers the SMTP acquired information (envelope # sender and recipient, and data) into unparsed memory buffers (or a # file for the data), and returns control to the caller to explicitly # acknowlege each command or request. Since acknowlegement or failure # are driven explicitly from the caller, this module can be used to # create a robust SMTP content scanning proxy, transparent or not as # desired. # # =cut use strict; use IO::File; #use IO::Socket; # =item new(interface => $interface, port => $port); # The #interface and port to listen on must be specified. The interface # must be a valid numeric IP address (0.0.0.0 to listen on all # interfaces, as usual); the port must be numeric. If this call # succeeds, it returns a server structure with an open # IO::Socket::INET in it, ready to listen on. If it fails it dies, so # if you want anything other than an exit with an explanatory error # message, wrap the constructor call in an eval block and pull the # error out of $@ as usual. This is also the case for all other # methods; they succeed or they die. # # =cut sub new { # This now emulates Net::SMTP::Server::Client for use with Net::Server which # passes an already open socket. my($this, $socket) = @_; my $class = ref($this) || $this; my $self = {}; $self->{sock} = $socket; bless($self, $class); die "$0: socket bind failure: $!\n" unless defined $self->{sock}; $self->{state} = 'started'; return $self; # Original code, removed by MP for spampd use # # my ($this, @opts) = @_; # my $class = ref($this) || $this; # my $self = bless { @opts }, $class; # $self->{sock} = IO::Socket::INET->new( # LocalAddr => $self->{interface}, # LocalPort => $self->{port}, # Proto => 'tcp', # Type => SOCK_STREAM, # Listen => 65536, # Reuse => 1, # ); # die "$0: socket bind failure: $!\n" unless defined $self->{sock}; # $self->{state} = 'just bound', # return $self; } # sub accept { } # # Removed by MP; not needed for spampd use # # =item chat; # # The chat method carries the SMTP dialogue up to the point where any # acknowlegement must be made. If chat returns true, then its return # value is the previous SMTP command. If the return value begins with # 'mail' (case insensitive), then the attribute 'from' has been filled # in, and may be checked; if the return value begins with 'rcpt' then # both from and to have been been filled in with scalars, and should # be checked, then either 'ok' or 'fail' should be called to accept # or reject the given sender/recipient pair. If the return value is # 'data', then the attributes from and to are populated; in this case, # the 'to' attribute is a reference to an anonymous array containing # all the recipients for this data. If the return value is '.', then # the 'data' attribute (which may be pre-populated in the "new" or # "accept" methods if desired) is a reference to a filehandle; if it's # created automatically by this module it will point to an unlinked # tmp file in /tmp. If chat returns false, the SMTP dialogue has been # completed and the socket closed; this server is ready to exit or to # accept again, as appropriate for the server style. # # The return value from chat is also remembered inside the server # structure in the "state" attribute. # # =cut sub chat { my ($self) = @_; local(*_); if ($self->{state} !~ /^data/i) { return 0 unless defined($_ = $self->_getline); s/[\r\n]*$//; $self->{state} = $_; if (s/^.?he?lo\s+//i) { # mp: find helo|ehlo|lhlo # mp: determine protocol (for future use) if ( /^L/i ) { $self->{proto} = "lmtp"; } elsif ( /^E/i ) { $self->{proto} = "esmtp"; } else { $self->{proto} = "smtp"; } s/\s*$//; s/\s+/ /g; $self->{helo} = $_; } elsif (s/^rset\s*//i) { delete $self->{to}; delete $self->{data}; delete $self->{recipients}; } elsif (s/^mail\s+from:\s*//i) { delete $self->{to}; delete $self->{data}; delete $self->{recipients}; s/\s*$//; $self->{from} = $_; } elsif (s/^rcpt\s+to:\s*//i) { s/\s*$//; s/\s+/ /g; $self->{to} = $_; push @{$self->{recipients}}, $_; } elsif (/^data/i) { $self->{to} = $self->{recipients}; } } else { if (defined($self->{data})) { $self->{data}->seek(0, 0); $self->{data}->truncate(0); } else { $self->{data} = IO::File->new_tmpfile; } while (defined($_ = $self->_getline)) { if ($_ eq ".\r\n") { $self->{data}->seek(0,0); return $self->{state} = '.'; } s/^\.\./\./; $self->{data}->print($_) or die "$0: write error saving data\n"; } return(0); } return $self->{state}; } # =item ok([message]); # # Approves of the data given to date, either the recipient or the # data, in the context of the sender [and, for data, recipients] # already given and available as attributes. If a message is given, it # will be sent instead of the internal default. # # =cut sub ok { my ($self, @msg) = @_; @msg = ("250 ok.") unless @msg; $self->_print("@msg\r\n") or die "$0: write error acknowledging $self->{state}: $!\n"; } # =item fail([message]); # # Rejects the current info; if processing from, rejects the sender; if # processing 'to', rejects the current recipient; if processing data, # rejects the entire message. If a message is specified it means the # exact same thing as "ok" --- simply send that message to the sender. # # =cut sub fail { my ($self, @msg) = @_; @msg = ("550 no.") unless @msg; $self->_print("@msg\r\n") or die "$0: write error acknowledging $self->{state}: $!\n"; } # utility functions sub _getline { my ($self) = @_; local ($/) = "\r\n"; my $tmp = $self->{sock}->getline; if ( defined $self->{debug} ) { $self->{debug}->print($tmp) if ($tmp); } return $tmp; } sub _print { my ($self, @msg) = @_; $self->{debug}->print(@msg) if defined $self->{debug}; $self->{sock}->print(@msg); } 1; ################################################################################ package SpamPD::Client; # Originally known as MSDW::SMTP::Client # # This code is Copyright (C) 2001 Morgan Stanley Dean Witter, and # is distributed according to the terms of the GNU Public License # as found at . # # Modified for use in SpamPD by Maxim Paperno (June, 2003) # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # Written by Bennett Todd # =head1 DESCRIPTION # # MSDW::SMTP::Client provides a very lean SMTP client implementation; # the only protocol-specific knowlege it has is the structure of SMTP # multiline responses. All specifics lie in the hands of the calling # program; this makes it appropriate for a semi-transparent SMTP # proxy, passing commands between a talker and a listener. # # =cut use strict; use IO::Socket; # =item new(interface => $interface, port => $port[, timeout = 300]); # # The interface and port to talk to must be specified. The interface # must be a valid numeric IP address; the port must be numeric. If # this call succeeds, it returns a client structure with an open # IO::Socket::INET in it, ready to talk to. If it fails it dies, # so if you want anything other than an exit with an explanatory # error message, wrap the constructor call in an eval block and pull # the error out of $@ as usual. This is also the case for all other # methods; they succeed or they die. The timeout parameter is passed # on into the IO::Socket::INET constructor. # # =cut sub new { my ($this, @opts) = @_; my $class = ref($this) || $this; my $self = bless { timeout => 300, @opts }, $class; $self->{sock} = IO::Socket::INET->new( PeerAddr => $self->{interface}, PeerPort => $self->{port}, Timeout => $self->{timeout}, Proto => 'tcp', Type => SOCK_STREAM, ); die "$0: socket connect failure: $!\n" unless defined $self->{sock}; return $self; } # =item hear # # hear collects a complete SMTP response and returns it with trailing # CRLF removed; for multi-line responses, intermediate CRLFs are left # intact. Returns undef if EOF is seen before a complete reply is # collected. # # =cut sub hear { my ($self) = @_; my ($tmp, $reply); return undef unless $tmp = $self->{sock}->getline; while ($tmp =~ /^\d{3}-/) { $reply .= $tmp; return undef unless $tmp = $self->{sock}->getline; } $reply .= $tmp; $reply =~ s/\r\n$//; return $reply; } # =item say("command text") # # say sends an SMTP command, appending CRLF. # # =cut sub say { my ($self, @msg) = @_; return unless @msg; $self->{sock}->print("@msg", "\r\n") or die "$0: write error: $!"; } # =item yammer(FILEHANDLE) # # yammer takes a filehandle (which should be positioned at the # beginning of the file, remember to $fh->seek(0,0) if you've just # written it) and sends its contents as the contents of DATA. This # should only be invoked after a $client->say("data") and a # $client->hear to collect the reply to the data command. It will send # the trailing "." as well. It will perform leading-dot-doubling in # accordance with the SMTP protocol spec, where "leading dot" is # defined in terms of CR-LF terminated lines --- i.e. the data should # contain CR-LF data without the leading-dot-quoting. The filehandle # will be left at EOF. # # =cut sub yammer { my ($self, $fh) = (@_); local (*_); local ($/) = "\r\n"; while (<$fh>) { s/^\./../; $self->{sock}->print($_) or die "$0: write error: $!\n"; } $self->{sock}->print(".\r\n") or die "$0: write error: $!\n"; } 1; ################################################################################ package SpamPD; use strict; use Net::Server::PreForkSimple; use IO::File; use Getopt::Long; use Mail::SpamAssassin; use Mail::SpamAssassin::NoMailAudit; BEGIN { # Load Time::HiRes if it's available eval { require Time::HiRes }; Time::HiRes->import( qw(time) ) unless $@; # use included modules import SpamPD::Server; import SpamPD::Client; } use vars qw(@ISA $VERSION); our @ISA = qw(Net::Server::PreForkSimple); our $VERSION = '2.00'; sub process_message { my ($self, $fh) = @_; # output lists with a , delimeter by default local ($") = ","; # start a timer my $start = time; # use the assassin object created during startup my $assassin = $self->{spampd}->{assassin}; # this gets info about the message temp file (my $dev,my $ino,my $mode,my $nlink,my $uid, my $gid,my $rdev,my $size, my $atime,my $mtime,my $ctime, my $blksize,my $blocks) = $fh->stat or die "Can't stat mail file: $!"; # Only process message under --maxsize KB if ( $size < ($self->{spampd}->{maxsize} * 1024) ) { # read message into array of lines to feed to SA # notes in the SA::NoMailAudit code indicate it should take a # filehandle... but that doesn't seem to work my (@msglines, $msgid, $tmp); $fh->seek(0,0) or die "Can't rewind message file: $!"; # loop over headers first (we may want info from them) while (<$fh>) { # if last line # if (/^\r?\n$/) { # if ( $self->{spampd}->{addheader} && length($self->{spampd}->{myhostname}) ) { # $tmp = "X-Spam-Scanned-By: $self->{spampd}->{myhostname}\n"; # push(@msglines, $tmp); # } # } push(@msglines, $_); # find the Message-ID for logging (code is from spamd) if (/^Message-Id:\s+(.*?)\s*$/i) { $msgid = $1; while($msgid =~ s/\([^\(\)]*\)//) {}; # remove comments and $msgid =~ s/^\s+|\s+$//g; # leading and trailing spaces $msgid =~ s/\s.*$//; # keep only the first token } last if (/^\r?\n$/); } # finish loop over rest of body while (<$fh>) { push(@msglines, $_); } # my @resplines = @msglines; my $recips = "@{$self->{smtp_server}->{to}}"; $msgid ||= "(unknown)"; $recips ||= "(unknown)"; $self->log(2, "processing message $msgid for ". $recips); eval { local $SIG{ALRM} = sub { die "Timed out!\n" }; # save previous timer and start new my $previous_alarm = alarm($self->{spampd}->{satimeout}); # Audit the message my $mail = Mail::SpamAssassin::NoMailAudit->new ( data => \@msglines ); # Check spamminess my $status = $assassin->check($mail); if ( $self->{spampd}->{debug} ) { $self->log(2, "Returned from checking by SpamAssassin"); } if ( $self->{spampd}->{addheader} && length($self->{spampd}->{myhostname}) ) { $mail->put_header("X-Spam-Checked-By", $self->{spampd}->{myhostname}); } # Rewrite mail if high spam factor or options --tagall or --add-sc-header if ( $status->is_spam || $self->{spampd}->{tagall} || $self->{spampd}->{addheader} ) { # if spam or --tagall, rewrite using SA if ( $status->is_spam || $self->{spampd}->{tagall} ) { if ( $self->{spampd}->{debug} ) { $self->log(2, "Rewriting mail using SpamAssassin"); } $status->rewrite_mail; } my $msg_resp = join '',$mail->header,"\r\n",@{$mail->body}; my @resplines = split(/\r?\n/, $msg_resp); # Build the new message to relay # pause the timeout alarm while we do this (no point in timing # out here and leaving a half-written file). my $pause_alarm = alarm(0); $fh->seek(0,0) or die "Can't rewind message file: $!"; $fh->truncate(0) or die "Can't truncate message file: $!"; for (@resplines) { $fh->print($_ . "\r\n") or die "Can't print to message file: $!"; } #restart the alarm alarm($pause_alarm); } # Log what we did my $was_it_spam = 'clean message'; if ($status->is_spam) { $was_it_spam = 'identified spam'; } my $msg_score = sprintf("%.2f",$status->get_hits); my $msg_threshold = sprintf("%.2f",$status->get_required_hits); my $proc_time = sprintf("%.2f", time - $start); $self->log(2, "$was_it_spam $msgid ($msg_score/$msg_threshold) for ". "$recips in $proc_time seconds, $size bytes."); # thanks to Kurt Andersen for this idea if ( $self->{spampd}->{rh} ) { $self->log(2, "rules hit for $msgid: " . $status->get_names_of_tests_hit); } $status->finish(); # set the timeout alarm back to wherever it was at alarm($previous_alarm); }; if ( $@ ne '' ) { $self->log(1, "WARNING!! SpamAssassin error on message $msgid: $@"); return 0; } } else { $self->log(2, "skipped large message (". $size / 1024 ."KB)"); } return 1; } sub process_request { my $self = shift; my $msg; eval { local $SIG{ALRM} = sub { die "Child server process timed out!\n" }; my $timeout = $self->{spampd}->{childtimeout}; # start a timeout alarm alarm($timeout); # start an smtp server my $smtp_server = SpamPD::Server->new($self->{server}->{client}); unless ( defined $smtp_server ) { die "Failed to create listening Server: $!"; } $self->{smtp_server} = $smtp_server; if ( $self->{spampd}->{debug} ) { $self->log(2, "Initiated Server"); } # start an smtp "client" (really a sending server) my $client = SpamPD::Client->new(interface => $self->{spampd}->{relayhost}, port => $self->{spampd}->{relayport}); unless ( defined $client ) { die "Failed to create sending Client: $!"; } if ( $self->{spampd}->{debug} ) { $self->log(2, "Initiated Client"); } # pass on initial client response # $client->hear can handle multiline responses so no need to loop $smtp_server->ok($client->hear) or die "Error in initial server->ok(client->hear): $!"; if ( $self->{spampd}->{debug} ) { $self->log(2, "smtp_server state: '" . $smtp_server->{state} . "'"); } # while loop over incoming data from the server while ( my $what = $smtp_server->chat ) { if ( $self->{spampd}->{debug} ) { $self->log(2, "smtp_server state: '" . $smtp_server->{state} . "'"); } # until end of DATA is sent, just pass the commands on transparently if ($what ne '.') { $client->say($what) or die "Failure in client->say(what): $!"; # but once the data is sent now we want to process it } else { # spam checking routine - message might be rewritten here my $pmrescode = $self->process_message($smtp_server->{data}); # pass on the messsage if exit code <> 0 or die-on-sa-errors flag is off if ( $pmrescode or !$self->{spampd}->{dose} ) { # need to give the client a rewound file $smtp_server->{data}->seek(0,0) or die "Can't rewind mail file: $!"; # now send the data on through the client $client->yammer($smtp_server->{data}) or die "Failure in client->yammer(smtp_server->{data}): $!"; } else { $smtp_server->ok("450 Temporary failure processing message, please try again later"); last; } #close the temp file $smtp_server->{data}->close or $self->log(1, "WARNING!! Couldn't close smtp_server->{data} temp file: $!"); if ( $self->{spampd}->{debug} ) { $self->log(2, "Finished sending DATA"); } } # pass on whatever the relayhost said in response # $client->hear can handle multiline responses so no need to loop my $destresp = $client->hear; $smtp_server->ok($destresp) or die "Error in server->ok(client->hear): $!"; if ( $self->{spampd}->{debug} ) { $self->log(2, "Destination response: '" . $destresp . "'"); } # restart the timeout alarm alarm($timeout); } # server ends connection # close connections $client->{sock}->close or die "Couldn't close client->{sock}: $!"; $smtp_server->{sock}->close or die "Couldn't close smtp_server->{sock}: $!"; if ( $self->{spampd}->{debug} ) { $self->log(2, "Closed connections"); } }; # end eval block alarm(0); # stop the timer # check for error in eval block if ($@ ne '') { chomp($@); $msg = "WARNING!! Error in process_request eval block: $@"; $self->log(0, $msg); die ($msg . "\n"); } $self->{spampd}->{instance}++; # if ( $self->{spampd}->{instance}++ > $self->{spampd}->{maxrequests} ) { # if ( $self->{spampd}->{debug} ) { # $self->log(2, "Exiting child process after handling ". # $self->{spampd}->{maxrequests} ." requests"); } # exit 0; # }; } # Net::Server hook # about to exit child process sub child_finish_hook { my($self) = shift; if ( $self->{spampd}->{debug} ) { $self->log(2, "Exiting child process after handling ". $self->{spampd}->{instance} ." requests"); } } my $relayhost = '127.0.0.1'; # relay to ip my $relayport = 25; # relay to port my $host = '127.0.0.1'; # listen on ip my $port = 10025; # listen on port my $children = 5; # number of child processes (servers) to spawn at start # my $maxchildren = $children; # max. number of child processes (servers) to spawn my $maxrequests = 20; # max requests handled by child b4 dying my $childtimeout = 6*60; # child process per-command timeout in seconds my $satimeout = 285; # SpamAssassin timeout in seconds (15s less than Postfix # default for smtp_data_done_timeout) my $pidfile = '/var/run/spampd.pid'; # write pid to file my $user = 'mail'; # user to run as my $group = 'mail'; # group to run as my $tagall = 0; # mark-up all msgs with SA, not just spam my $maxsize = 64; # max. msg size to scan with SA, in KB. my $rh = 0; # log which rules were hit my $debug = 0; # debug flag my $dose = 0; # die-on-sa-errors flag my $addheader = 0; # add X-Spam-Checked-By header to all messages # hostname to use in X-Spam-Checked-By header: my $myhostname = ( length($ENV{HOSTNAME}) ) ? $ENV{HOSTNAME} : "localhost"; # the following are deprecated as of v.2 my $heloname = ''; my $dead_letters = ''; my %options = (port => \$port, host => \$host, relayhost => \$relayhost, relayport => \$relayport, 'dead-letters' => \$dead_letters, pid => \$pidfile, user => \$user, group => \$group, maxrequests => \$maxrequests, maxsize => \$maxsize, heloname => \$heloname, childtimeout => \$childtimeout, satimeout => \$satimeout, children => \$children, # maxchildren => \$maxchildren, hostname => \$myhostname ); usage(1) unless GetOptions(\%options, 'port=i', 'host=s', 'relayhost=s', 'relayport=i', 'children|c=i', # 'maxchildren|mc=i', 'maxrequests|mr=i', 'childtimeout=i', 'satimeout=i', 'dead-letters=s', 'user|u=s', 'group|g=s', 'pid|p=s', 'maxsize=i', 'heloname=s', 'tagall|a', 'auto-whitelist|aw', 'stop-at-threshold', 'debug|d', 'help|h', 'local-only|l', 'log-rules-hit|rh', 'dose', 'add-sc-header|ash', 'hostname=s' ); usage(0) if $options{help}; if ( $options{tagall} ) { $tagall = 1; } if ( $options{'log-rules-hit'} ) { $rh = 1; } if ( $options{debug} ) { $debug = 1; } if ( $options{dose} ) { $dose = 1; } if ( $options{'add-sc-header'} ) { $addheader = 1; } # if ( !$options{maxchildren} or $maxchildren < $children ) { $maxchildren = $children; } if ( $children < 1 ) { print "Option --children must be greater than zero!\n"; exit shift; } # my $min_spare_servers = ($children == $maxchildren) ? 0 : 1; # my $max_spare_servers = ($min_spare_servers == 0) ? 0 : $maxchildren-1; my @tmp = split (/:/, $relayhost); $relayhost = $tmp[0]; if ( $tmp[1] ) { $relayport = $tmp[1]; } @tmp = split (/:/, $host); $host = $tmp[0]; if ( $tmp[1] ) { $port = $tmp[1]; } my $assassin = Mail::SpamAssassin->new({ 'dont_copy_prefs' => 1, 'debug' => $debug, 'local_tests_only' => $options{'local-only'} || 0 }); # 'stop_at_threshold' => $options{'stop_at_threshold'} || 0, $options{'auto-whitelist'} and eval { require Mail::SpamAssassin::DBBasedAddrList; # create a factory for the persistent address list my $addrlistfactory = Mail::SpamAssassin::DBBasedAddrList->new(); $assassin->set_persistent_address_list_factory ($addrlistfactory); }; $assassin->compile_now(); # thanks to Kurt Andersen for this fix for HPUX my $logsock = "unix"; eval { if (`uname -s` =~ 'HP-UX') { $logsock = "inet"; } }; my $server = bless { server => {host => $host, port => [ $port ], log_file => 'Sys::Syslog', syslog_logsock => $logsock, syslog_ident => 'spampd', syslog_facility => 'mail', background => 1, # setsid => 1, pid_file => $pidfile, user => $user, group => $group, max_servers => $children, max_requests => $maxrequests, # min_servers => $children, # max_servers => $maxchildren, # min_spare_servers => $min_spare_servers, # max_spare_servers => $max_spare_servers, }, spampd => { relayhost => $relayhost, relayport => $relayport, tagall => $tagall, maxsize => $maxsize, assassin => $assassin, childtimeout => $childtimeout, satimeout => $satimeout, rh => $rh, debug => $debug, dose => $dose, addheader => $addheader, myhostname => $myhostname, instance => 0, }, }, 'SpamPD'; # call Net::Server to start up the daemon inside $server->run; exit 1; # shouldn't get here sub usage { print < or B<--mc=n> C<(new in v2)> # # Maximum number of children to spawn if needed (where n >= --children). When # I starts it will spawn a number of child servers as specified by # --children. If all those servers become busy, a new child is spawned up to the # number specified in --maxchildren. Default is to have --maxchildren equal to # --children so extra child processes aren't started. Also see the --children # option, above. You may want to set your origination mail server to limit the # number of concurrent connections to I to match this setting (for # Postfix this is the C setting where # 'xxxx' is the transport being used, usually 'smtp', and the default is 100). # # Note that extra servers after the initial --children will only spawn on very # busy systems. This is because the check to see if a new server is needed (ie. # all current ones are busy) is only done around once per minute (this is # controlled by the Net::Server::PreFork module, in case you want to # hack at it :). It can still be useful as an "overflow valve," and is # especially nice since the extra child servers will die off once they're not # needed. =pod =head1 NAME SpamPD - Spam Proxy Daemon (version 2.10) =head1 Synopsis B [B<--host=host[:port]>] [B<--relayhost=hostname[:port]>] [B<--user|u=username>] [B<--group|g=groupname>] [B<--children|c=n>] #[B<--maxchildren|mc=n>] [B<--maxrequests=n>] [B<--childtimeout=n>] [B<--satimeout=n>] [B<--pid|p=filename>] [B<--maxsize=n>] [B<--dose>] [B<--tagall|a>] [B<--log-rules-hit|rh>] [B<--auto-whitelist|aw>] [B<--local-only|L>] [B<--debug|d>] B B<--help> =head1 Description I is an SMTP/LMTP proxy that marks (or tags) spam using SpamAssassin (http://www.SpamAssassin.org/). The proxy is designed to be transparent to the sending and receiving mail servers and at no point takes responsibility for the message itself. If a failure occurs within I (or SpamAssassin) then the mail servers will disconnect and the sending server is still responsible for retrying the message for as long as it is configured to do so. I uses SpamAssassin to modify (tag) relayed messages based on their spam score, so all SA settings apply. This is described in the SA documentation. I will by default only tell SA to tag a message if it exceeds the spam threshold score, however you can have it rewrite all messages passing through by adding the --tagall option (see SA for how non-spam messages are tagged). I logs all aspects of its operation to syslog(8), using the mail syslog facility. The latest version can be found at L. =head1 Requires =over 5 Perl modules: =item B =item B =item B =item B =item B (not actually required but recommended) =back =head1 Operation I is meant to operate as an S/LMTP mail proxy which passes each message through SpamAssassin for analysis. Note that I does not do anything other than check for spam, so it is not suitable as an anti-relay system. It is meant to work in conjunction with your regular mail system. Typically one would pipe any messages they wanted scanned through I after initial acceptance by your MX host. This is especially useful for using Postfix's (http://www.postfix.org) advanced content filtering mechanism, although certainly not limited to that application. Please re-read the second sentence in the above paragraph. You should NOT enable I to listen on a public interface (IP address) unless you know exactly what you're doing! It is very easy to set up an open relay this way. Here are some simple examples (square brackets in the "diagrams" indicate physical machines): B =over 3 The firewall/gateway MTA would be configured to forward all of its mail to the port that I listens on, and I would relay its messages to port 25 of your internal server. I could either run on its own host (and listen on any port) or it could run on either mail server (and listen on any port except port 25). Internet -> [ MX gateway (@inter.net.host:25) -> spampd (@localhost:2025) ] -> Internal mail (@private.host.ip:25) =back B =over 3 Please see the F that came with the Postfix distribution. You need to have a version of Postfix which supports this (ideally v.2 and up). Internet -> [ Postfix (@inter.net.host:25) -> spampd (@localhost:10025) -> Postfix (@localhost:10026) ] -> final delivery =back Note that these examples only show incoming mail delivery. Since it is usually unnecessary to scan mail coming from your network (right?), it may be desirable to set up a separate outbound route which bypasses I. =head1 Upgrading Upgrading from version 1 simply involves replacing the F program file with the latest one. Note that the I folder is no longer being used and the --dead-letters option is no longer needed (though no errors are thrown if it's present). Check the L<"Options"> list below for a full list of new and deprecated options. Also be sure to check out the change log. =head1 Installation I can be run directly from the command prompt if desired. This is useful for testing purposes, but for long term use you probably want to put it somewhere like /usr/bin or /usr/local/bin and execute it at system startup. For example on Red Hat-style Linux system one can use a script in /etc/rc.d/init.d to start I (a sample script is available on the I Web page @ http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm). The options all have reasonable defaults, especially for a Postfix-centric installation. You may want to specify the --children option if you have an especially beefy or weak server box because I is a memory-hungry program. Check the L<"Options"> for details on this and all other parameters. Note that I B I from the I distribution in function. You do not need to run I in order for I to work. This has apparently been the source of some confusion, so now you know. =head2 Postfix-specific Notes Here is a typical setup for Postfix "advanced" content filtering as described in the F that came with the Postfix distribution (which you really need to read): F: smtp inet n - y - - smtpd -o content_filter=smtp:localhost:10025 -o myhostname=mx.example.com localhost:10026 inet n - n - 10 smtpd -o content_filter= -o myhostname=mx-int.example.com The first entry is the main public-facing MTA which uses localhost:10025 as the content filter for all mail. The second entry receives mail from the content filter and does final delivery. Both smtpd instances use the same Postfix F file. I is the process that listens on localhost:10025 and then connects to the Postfix listener on localhost:10026. Note that the C options must be different between the two instances, otherwise Postfix will think it's talking to itself and abort sending. For the above example you can simply start I like this: spampd --host=localhost:10025 --relayhost=localhost:10026 F from the Postfix distro has more details and examples of various setups, including how to skip the content filter for outbound mail. Another tip for Postfix when considering what timeout values to use for --childtimout and --satimeout options is the following command: C<# postconf | grep timeout> This will return a list of useful timeout settings and their values. For explanations see the relevant C page (smtp, smtpd, lmtp). By default I is set up for the default Postfix timeout values. =head1 Options =over 5 =item B<--host=ip[:port] or hostname[:port]> C<(changed in v2)> Specifies what hostname/IP and port I listens on. By default, it listens on 127.0.0.1 (localhost) on port 10025. B You should NOT enable I to listen on a public interface (IP address) unless you know exactly what you're doing! =item B<--port=n> Specifies what port I listens on. By default, it listens on port 10025. This is an alternate to using the above --host=ip:port notation. =item B<--relayhost=ip[:port] or hostname[:port]> Specifies the hostname/IP where I will relay all messages. Defaults to 127.0.0.1 (localhost). If the port is not provided, that defaults to 25. =item B<--relayport=n> C<(new in v2)> Specifies what port I will relay to. Default is 25. This is an alternate to using the above --relayhost=ip:port notation. =item B<--user=username> or B<--u=username> =item B<--group=groupname> or B<--g=groupname> Specifies the user and group that the proxy will run as. Default is I/I. =item B<--children=n> or B<--c=n> C<(new in v2)> Number of child servers to start and maintain (where n > 0). Each child will process up to --maxrequests (below) before exiting and being replaced by another child. Keep this number low on systems w/out a lot of memory. Default is 5 (which seems OK on a 512MB lightly loaded system). Note that there is always a parent process running, so if you specify 5 children you will actually have 6 I processes running. You may want to set your origination mail server to limit the number of concurrent connections to I to match this setting (for Postfix this is the C setting where 'xxxx' is the transport being used, usually 'smtp', and the default is 100). =item B<--maxrequests=n> I works by forking child servers to handle each message. The B parameter specifies how many requests will be handled before the child exits. Since a child never gives back memory, a large message can cause it to become quite bloated; the only way to reclaim the memory is for the child to exit. The default is 20. =item B<--childtimeout=n> C<(new in v2)> This is the number of seconds to allow each child server before it times out a transaction. In an S/LMTP transaction the timer is reset for every command. This timeout includes time it would take to send the message data, so it should not be too short. Note that it's more likely the origination or destination mail servers will timeout first, which is fine. This is just a "sane" failsafe. Default is 360 seconds (6 minutes). =item B<--satimeout=n> C<(new in v2)> This is the number of seconds to allow for processing a message with SpamAssassin (including feeding it the message, analyzing it, and adding the headers/report if necessary). This should be less than your origination and destination servers' timeout settings for the DATA command. For Postfix the default is 300 seconds in both cases (smtp_data_done_timeout and smtpd_timeout). In the event of timeout while processing the message, the problem is logged and the message is passed on anyway (w/out spam tagging, obviously). To fail the message with a temp 450 error, see the --dose (die-on-sa-errors) option, below. Default is 285 seconds. =item B<--pid=filename> or B<--p=filename> Specifies a filename where I will write its process ID so that it is easy to kill it later. The directory that will contain this file must be writable by the I user. The default is F. =item B<--maxsize=n> The maximum message size to send to SpamAssassin, in KBytes. By default messages over 64KB are not scanned at all, and an appropriate message is logged indicating this. The size includes headers and attachments (if any). =item B<--dose> C<(new in v2)> Acronym for (d)ie (o)n (s)pamAssassin (e)rrors. By default if I encounters a problem with processing the message through Spam Assassin (timeout or other error), it will still pass the mail on to the destination server. If you specify this option however, the mail is instead rejected with a temporary error (code 450, which means the origination server should keep retrying to send it). See the related --satimeout option, above. =item B<--tagall> or B<--a> Tells I to have SpamAssassin add headers to all scanned mail, not just spam. By default I will only rewrite messages which exceed the spam threshold score (as defined in the SA settings). Note that for this option to work as of SA-2.50, the I and/or I settings in your SpamAssassin F need to be set to 1/true. =item B<--log-rules-hit> or B<--rh> C<(new in v2)> Logs the names of each SpamAssassin rule which matched the message being processed. This list is returned by SA. =item B<--add-sc-header> or B<--ash> C<(new in v2.1)> Add a 'X-Spam-Checked-By: {hostname}' header to each scanned message. By default no such header is added. This can be useful in tracking which server in a pool did the scanning. See below for how to specify a hostname. =item B<--hostname=hostname> C<(new in v2.1)> Hostname to use in the X-Spam-Checked-By header. By default the value of the environmental variable $HOSTNAME is used, or if that is undefined/blank then 'localhost' is used as the hostname. Only relevant if the --add-sc-header option is specified. =item B<--auto-whitelist> or B<--aw> Turns on the SpamAssassin global whitelist feature. See the SA docs. Note that per-user whitelists are not available. =item B<--local-only> or B<--L> C<(new in v2)> Turn off all SA network-based tests (DNS, Razor, etc). =item B<--debug> or B<--d> C<(changed in v2)> Turns on SpamAssassin debug messages which print to STDERR (usually the console). Also turns on more verbose logging of what spampd is doing (new in v2). =item B<--help> or B<--h> Prints usage information. =back =head2 Deprecated Options =over 5 The following options are no longer used but still accepted for backwards compatibility with I v1: =item B<--dead-letters> =item B<--heloname> =item B<--stop-at-threshold> =back =head1 Examples =over 5 =item Running between firewall/gateway and internal mail server I listens on port 10025 on the same host as the internal mail server. spampd --host=192.168.1.10 Same as above but I runs on port 10025 of the same host as the firewall/gateway and passes messages on to the internal mail server on another host. spampd --relayhost=192.168.1.10 =item Using Postfix advanced content filtering example and the SA auto-whitelist feature spampd --port=10025 --relayhost=127.0.0.1:10026 --auto-whitelist =back =head1 Credits I is written and maintained by Maxim Paperno . See http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm for latest info. I v2 uses two Perl modules by Bennett Todd and Copyright (C) 2001 Morgan Stanley Dean Witter. These are distributed under the GNU GPL (see module code for more details). Both modules have been slightly modified from the originals and are included in this file under new names. Also thanks to Bennet Todd for the example smtpproxy script which helped create this version of I. See http://bent.latency.net/smtpprox/ . I v1 was based on code by Dave Carrigan named I. Trace amounts of his code or documentation may still remain. Thanks to him for the original inspiration and code. See http://www.rudedog.org/assassind/ . Also thanks to I (included with SpamAssassin) and I (http://www.ijs.si/software/amavisd/) for some tricks. =head1 Copyright, License, and Disclaimer I is Copyright (c) 2002 by World Design Group and Maxim Paperno. Portions are Copyright (C) 2001 Morgan Stanley Dean Witter as mentioned above in the Credits section. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. The GNU GPL can be found at http://www.fsf.org/copyleft/gpl.html =head1 Bugs None known. Please report any to MPaperno@WorldDesign.com. =head1 To Do Figure out how to use Net::Server::PreFork because it has cool potential for load management. I tried but either I'm missing something or PreFork is somewhat broken in how it works. If anyone has experience here, please let me know. Add configurable option for rejecting mail outright based on spam score. It would be nice to make this program safe enough to sit in front of a mail server such as Postfix and be able to reject mail before it enters our systems. The only real problem is that Postfix will see localhost as the connecting client, so that disables any client-based checks Postfix can do and creates a possible relay hole if localhost is trusted. Per-user preferences: The jury is still out on this one. I'm thinking more and more that most per-user prefs should be specified on the final mailbox server. Why? Because SMTP isn't designed with per-user preferences in mind. On a relay server, the same message body can go to multiple recipients who may have wildly different preferences when it comes to handilng junk mail. The exception here might be the use of LMTP protocol, which bears further investigation. =head1 See Also perl(1), Spam::Assassin(3), L, L spampd-2.62/previous-versions/spampd-2.11.pl000066400000000000000000001360621472556702500206760ustar00rootroot00000000000000#! /usr/bin/perl -T ###################### # SpamPD - spam proxy daemon # # v2.11 - 15-Jul-03 # v2.10 - 01-Jul-03 # v2.00 - 10-Jun-03 # v1.0.2 - 13-Apr-03 # v1.0.1 - 03-Feb-03 # v1.0.0 - May 2002 # # spampd is Copyright (c) 2002 by World Design Group and Maxim Paperno # (see http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm) # # Written and maintained by Maxim Paperno (MPaperno@WorldDesign.com) # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # The GNU GPL can be found at http://www.fsf.org/copyleft/gpl.html # # spampd v2 uses two Perl modules by Bennett Todd and Copyright (C) 2001 Morgan # Stanley Dean Witter. These are also distributed under the GNU GPL (see # module code for more details). Both modules have been slightly modified # from the originals and are included in this file under new names. # # spampd v1 was based on code by Dave Carrigan named assassind. Trace amounts # of his code or documentation may still remain. Thanks to him for the # original inspiration and code. (see http://www.rudedog.org/assassind/) # ###################### ################################################################################ package SpamPD::Server; # Originally known as MSDW::SMTP::Server # # This code is Copyright (C) 2001 Morgan Stanley Dean Witter, and # is distributed according to the terms of the GNU Public License # as found at . # # Modified for use in SpamPD by Maxim Paperno (June, 2003) # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # Written by Bennett Todd # =item DESCRIPTION # # This server simply gathers the SMTP acquired information (envelope # sender and recipient, and data) into unparsed memory buffers (or a # file for the data), and returns control to the caller to explicitly # acknowlege each command or request. Since acknowlegement or failure # are driven explicitly from the caller, this module can be used to # create a robust SMTP content scanning proxy, transparent or not as # desired. # # =cut use strict; use IO::File; #use IO::Socket; # =item new(interface => $interface, port => $port); # The #interface and port to listen on must be specified. The interface # must be a valid numeric IP address (0.0.0.0 to listen on all # interfaces, as usual); the port must be numeric. If this call # succeeds, it returns a server structure with an open # IO::Socket::INET in it, ready to listen on. If it fails it dies, so # if you want anything other than an exit with an explanatory error # message, wrap the constructor call in an eval block and pull the # error out of $@ as usual. This is also the case for all other # methods; they succeed or they die. # # =cut sub new { # This now emulates Net::SMTP::Server::Client for use with Net::Server which # passes an already open socket. my($this, $socket) = @_; my $class = ref($this) || $this; my $self = {}; $self->{sock} = $socket; bless($self, $class); die "$0: socket bind failure: $!\n" unless defined $self->{sock}; $self->{state} = 'started'; return $self; # Original code, removed by MP for spampd use # # my ($this, @opts) = @_; # my $class = ref($this) || $this; # my $self = bless { @opts }, $class; # $self->{sock} = IO::Socket::INET->new( # LocalAddr => $self->{interface}, # LocalPort => $self->{port}, # Proto => 'tcp', # Type => SOCK_STREAM, # Listen => 65536, # Reuse => 1, # ); # die "$0: socket bind failure: $!\n" unless defined $self->{sock}; # $self->{state} = 'just bound', # return $self; } # sub accept { } # # Removed by MP; not needed for spampd use # # =item chat; # # The chat method carries the SMTP dialogue up to the point where any # acknowlegement must be made. If chat returns true, then its return # value is the previous SMTP command. If the return value begins with # 'mail' (case insensitive), then the attribute 'from' has been filled # in, and may be checked; if the return value begins with 'rcpt' then # both from and to have been been filled in with scalars, and should # be checked, then either 'ok' or 'fail' should be called to accept # or reject the given sender/recipient pair. If the return value is # 'data', then the attributes from and to are populated; in this case, # the 'to' attribute is a reference to an anonymous array containing # all the recipients for this data. If the return value is '.', then # the 'data' attribute (which may be pre-populated in the "new" or # "accept" methods if desired) is a reference to a filehandle; if it's # created automatically by this module it will point to an unlinked # tmp file in /tmp. If chat returns false, the SMTP dialogue has been # completed and the socket closed; this server is ready to exit or to # accept again, as appropriate for the server style. # # The return value from chat is also remembered inside the server # structure in the "state" attribute. # # =cut sub chat { my ($self) = @_; local(*_); if ($self->{state} !~ /^data/i) { return 0 unless defined($_ = $self->_getline); s/[\r\n]*$//; $self->{state} = $_; if (s/^.?he?lo\s+//i) { # mp: find helo|ehlo|lhlo # mp: determine protocol (for future use) if ( /^L/i ) { $self->{proto} = "lmtp"; } elsif ( /^E/i ) { $self->{proto} = "esmtp"; } else { $self->{proto} = "smtp"; } s/\s*$//; s/\s+/ /g; $self->{helo} = $_; } elsif (s/^rset\s*//i) { delete $self->{to}; delete $self->{data}; delete $self->{recipients}; } elsif (s/^mail\s+from:\s*//i) { delete $self->{to}; delete $self->{data}; delete $self->{recipients}; s/\s*$//; $self->{from} = $_; } elsif (s/^rcpt\s+to:\s*//i) { s/\s*$//; s/\s+/ /g; $self->{to} = $_; push @{$self->{recipients}}, $_; } elsif (/^data/i) { $self->{to} = $self->{recipients}; } } else { if (defined($self->{data})) { $self->{data}->seek(0, 0); $self->{data}->truncate(0); } else { $self->{data} = IO::File->new_tmpfile; } while (defined($_ = $self->_getline)) { if ($_ eq ".\r\n") { $self->{data}->seek(0,0); return $self->{state} = '.'; } s/^\.\./\./; $self->{data}->print($_) or die "$0: write error saving data\n"; } return(0); } return $self->{state}; } # =item ok([message]); # # Approves of the data given to date, either the recipient or the # data, in the context of the sender [and, for data, recipients] # already given and available as attributes. If a message is given, it # will be sent instead of the internal default. # # =cut sub ok { my ($self, @msg) = @_; @msg = ("250 ok.") unless @msg; $self->_print("@msg\r\n") or die "$0: write error acknowledging $self->{state}: $!\n"; } # =item fail([message]); # # Rejects the current info; if processing from, rejects the sender; if # processing 'to', rejects the current recipient; if processing data, # rejects the entire message. If a message is specified it means the # exact same thing as "ok" --- simply send that message to the sender. # # =cut sub fail { my ($self, @msg) = @_; @msg = ("550 no.") unless @msg; $self->_print("@msg\r\n") or die "$0: write error acknowledging $self->{state}: $!\n"; } # utility functions sub _getline { my ($self) = @_; local ($/) = "\r\n"; my $tmp = $self->{sock}->getline; if ( defined $self->{debug} ) { $self->{debug}->print($tmp) if ($tmp); } return $tmp; } sub _print { my ($self, @msg) = @_; $self->{debug}->print(@msg) if defined $self->{debug}; $self->{sock}->print(@msg); } 1; ################################################################################ package SpamPD::Client; # Originally known as MSDW::SMTP::Client # # This code is Copyright (C) 2001 Morgan Stanley Dean Witter, and # is distributed according to the terms of the GNU Public License # as found at . # # Modified for use in SpamPD by Maxim Paperno (June, 2003) # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # Written by Bennett Todd # =head1 DESCRIPTION # # MSDW::SMTP::Client provides a very lean SMTP client implementation; # the only protocol-specific knowlege it has is the structure of SMTP # multiline responses. All specifics lie in the hands of the calling # program; this makes it appropriate for a semi-transparent SMTP # proxy, passing commands between a talker and a listener. # # =cut use strict; use IO::Socket; # =item new(interface => $interface, port => $port[, timeout = 300]); # # The interface and port to talk to must be specified. The interface # must be a valid numeric IP address; the port must be numeric. If # this call succeeds, it returns a client structure with an open # IO::Socket::INET in it, ready to talk to. If it fails it dies, # so if you want anything other than an exit with an explanatory # error message, wrap the constructor call in an eval block and pull # the error out of $@ as usual. This is also the case for all other # methods; they succeed or they die. The timeout parameter is passed # on into the IO::Socket::INET constructor. # # =cut sub new { my ($this, @opts) = @_; my $class = ref($this) || $this; my $self = bless { timeout => 300, @opts }, $class; $self->{sock} = IO::Socket::INET->new( PeerAddr => $self->{interface}, PeerPort => $self->{port}, Timeout => $self->{timeout}, Proto => 'tcp', Type => SOCK_STREAM, ); die "$0: socket connect failure: $!\n" unless defined $self->{sock}; return $self; } # =item hear # # hear collects a complete SMTP response and returns it with trailing # CRLF removed; for multi-line responses, intermediate CRLFs are left # intact. Returns undef if EOF is seen before a complete reply is # collected. # # =cut sub hear { my ($self) = @_; my ($tmp, $reply); return undef unless $tmp = $self->{sock}->getline; while ($tmp =~ /^\d{3}-/) { $reply .= $tmp; return undef unless $tmp = $self->{sock}->getline; } $reply .= $tmp; $reply =~ s/\r\n$//; return $reply; } # =item say("command text") # # say sends an SMTP command, appending CRLF. # # =cut sub say { my ($self, @msg) = @_; return unless @msg; $self->{sock}->print("@msg", "\r\n") or die "$0: write error: $!"; } # =item yammer(FILEHANDLE) # # yammer takes a filehandle (which should be positioned at the # beginning of the file, remember to $fh->seek(0,0) if you've just # written it) and sends its contents as the contents of DATA. This # should only be invoked after a $client->say("data") and a # $client->hear to collect the reply to the data command. It will send # the trailing "." as well. It will perform leading-dot-doubling in # accordance with the SMTP protocol spec, where "leading dot" is # defined in terms of CR-LF terminated lines --- i.e. the data should # contain CR-LF data without the leading-dot-quoting. The filehandle # will be left at EOF. # # =cut sub yammer { my ($self, $fh) = (@_); local (*_); local ($/) = "\r\n"; while (<$fh>) { s/^\./../; $self->{sock}->print($_) or die "$0: write error: $!\n"; } $self->{sock}->print(".\r\n") or die "$0: write error: $!\n"; } 1; ################################################################################ package SpamPD; use strict; use Net::Server::PreForkSimple; use IO::File; use Getopt::Long; use Mail::SpamAssassin; use Mail::SpamAssassin::NoMailAudit; BEGIN { # Load Time::HiRes if it's available eval { require Time::HiRes }; Time::HiRes->import( qw(time) ) unless $@; # use included modules import SpamPD::Server; import SpamPD::Client; } use vars qw(@ISA $VERSION); our @ISA = qw(Net::Server::PreForkSimple); our $VERSION = '2.11'; sub process_message { my ($self, $fh) = @_; # output lists with a , delimeter by default local ($") = ","; # start a timer my $start = time; # use the assassin object created during startup my $assassin = $self->{spampd}->{assassin}; # this gets info about the message temp file (my $dev,my $ino,my $mode,my $nlink,my $uid, my $gid,my $rdev,my $size, my $atime,my $mtime,my $ctime, my $blksize,my $blocks) = $fh->stat or die "Can't stat mail file: $!"; # Only process message under --maxsize KB if ( $size < ($self->{spampd}->{maxsize} * 1024) ) { # read message into array of lines to feed to SA # notes in the SA::NoMailAudit code indicate it should take a # filehandle... but that doesn't seem to work :-/ my (@msglines, $msgid, $tmp); my $inhdr=1; $fh->seek(0,0) or die "Can't rewind message file: $!"; while (<$fh>) { push(@msglines, $_); $inhdr = 0 if (/^\r?\n$/); # outside of msg header after first blank line # find the Message-ID for logging (code is from spamd) if ( $inhdr && /^Message-Id:\s+(.*?)\s*$/i ) { $msgid = $1; while($msgid =~ s/\([^\(\)]*\)//) {}; # remove comments and $msgid =~ s/^\s+|\s+$//g; # leading and trailing spaces $msgid =~ s/\s.*$//; # keep only the first token } } my $recips = "@{$self->{smtp_server}->{to}}"; $msgid ||= "(unknown)"; $recips ||= "(unknown)"; $self->log(2, "processing message $msgid for ". $recips); eval { local $SIG{ALRM} = sub { die "Timed out!\n" }; # save previous timer and start new my $previous_alarm = alarm($self->{spampd}->{satimeout}); # Audit the message my $mail = Mail::SpamAssassin::NoMailAudit->new ( data => \@msglines ); # Check spamminess my $status = $assassin->check($mail); if ( $self->{spampd}->{debug} ) { $self->log(2, "Returned from checking by SpamAssassin"); } my $addingHeader = 0; if ( $self->{spampd}->{addheader} && length($self->{spampd}->{myhostname}) ) { $mail->put_header("X-Spam-Checked-By", $self->{spampd}->{myhostname}); $addingHeader = 1; } # Rewrite mail if high spam factor or options --tagall or --add-sc-header if ( $status->is_spam || $self->{spampd}->{tagall} || $addingHeader ) { # if spam or --tagall, have SA put in its report/headers. if ( $status->is_spam || $self->{spampd}->{tagall} ) { if ( $self->{spampd}->{debug} ) { $self->log(2, "Rewriting mail using SpamAssassin"); } $status->rewrite_mail; } my $msg_resp = join '', $mail->header, "\r\n", @{$mail->body}; my @resplines = split(/\r?\n/, $msg_resp); # Build the new message to relay # pause the timeout alarm while we do this (no point in timing # out here and leaving a half-written file). my $pause_alarm = alarm(0); $fh->seek(0,0) or die "Can't rewind message file: $!"; $fh->truncate(0) or die "Can't truncate message file: $!"; my $arraycont = @resplines; for ( 0..$arraycont ) { $fh->print($resplines[$_] . "\r\n") or die "Can't print to message file: $!"; } #restart the alarm alarm($pause_alarm); } # Log what we did my $was_it_spam = 'clean message'; if ($status->is_spam) { $was_it_spam = 'identified spam'; } my $msg_score = sprintf("%.2f",$status->get_hits); my $msg_threshold = sprintf("%.2f",$status->get_required_hits); my $proc_time = sprintf("%.2f", time - $start); $self->log(2, "$was_it_spam $msgid ($msg_score/$msg_threshold) for ". "$recips in $proc_time seconds, $size bytes."); # thanks to Kurt Andersen for this idea if ( $self->{spampd}->{rh} ) { $self->log(2, "rules hit for $msgid: " . $status->get_names_of_tests_hit); } $status->finish(); # set the timeout alarm back to wherever it was at alarm($previous_alarm); }; if ( $@ ne '' ) { $self->log(1, "WARNING!! SpamAssassin error on message $msgid: $@"); return 0; } } else { $self->log(2, "skipped large message (". $size / 1024 ."KB)"); } return 1; } sub process_request { my $self = shift; my $msg; eval { local $SIG{ALRM} = sub { die "Child server process timed out!\n" }; my $timeout = $self->{spampd}->{childtimeout}; # start a timeout alarm alarm($timeout); # start an smtp server my $smtp_server = SpamPD::Server->new($self->{server}->{client}); unless ( defined $smtp_server ) { die "Failed to create listening Server: $!"; } $self->{smtp_server} = $smtp_server; if ( $self->{spampd}->{debug} ) { $self->log(2, "Initiated Server"); } # start an smtp "client" (really a sending server) my $client = SpamPD::Client->new(interface => $self->{spampd}->{relayhost}, port => $self->{spampd}->{relayport}); unless ( defined $client ) { die "Failed to create sending Client: $!"; } if ( $self->{spampd}->{debug} ) { $self->log(2, "Initiated Client"); } # pass on initial client response # $client->hear can handle multiline responses so no need to loop $smtp_server->ok($client->hear) or die "Error in initial server->ok(client->hear): $!"; if ( $self->{spampd}->{debug} ) { $self->log(2, "smtp_server state: '" . $smtp_server->{state} . "'"); } # while loop over incoming data from the server while ( my $what = $smtp_server->chat ) { if ( $self->{spampd}->{debug} ) { $self->log(2, "smtp_server state: '" . $smtp_server->{state} . "'"); } # until end of DATA is sent, just pass the commands on transparently if ($what ne '.') { $client->say($what) or die "Failure in client->say(what): $!"; # but once the data is sent now we want to process it } else { # spam checking routine - message might be rewritten here my $pmrescode = $self->process_message($smtp_server->{data}); # pass on the messsage if exit code <> 0 or die-on-sa-errors flag is off if ( $pmrescode or !$self->{spampd}->{dose} ) { # need to give the client a rewound file $smtp_server->{data}->seek(0,0) or die "Can't rewind mail file: $!"; # now send the data on through the client $client->yammer($smtp_server->{data}) or die "Failure in client->yammer(smtp_server->{data}): $!"; } else { $smtp_server->ok("450 Temporary failure processing message, please try again later"); last; } #close the temp file $smtp_server->{data}->close or $self->log(1, "WARNING!! Couldn't close smtp_server->{data} temp file: $!"); if ( $self->{spampd}->{debug} ) { $self->log(2, "Finished sending DATA"); } } # pass on whatever the relayhost said in response # $client->hear can handle multiline responses so no need to loop my $destresp = $client->hear; $smtp_server->ok($destresp) or die "Error in server->ok(client->hear): $!"; if ( $self->{spampd}->{debug} ) { $self->log(2, "Destination response: '" . $destresp . "'"); } # restart the timeout alarm alarm($timeout); } # server ends connection # close connections $client->{sock}->close or die "Couldn't close client->{sock}: $!"; $smtp_server->{sock}->close or die "Couldn't close smtp_server->{sock}: $!"; if ( $self->{spampd}->{debug} ) { $self->log(2, "Closed connections"); } }; # end eval block alarm(0); # stop the timer # check for error in eval block if ($@ ne '') { chomp($@); $msg = "WARNING!! Error in process_request eval block: $@"; $self->log(0, $msg); die ($msg . "\n"); } $self->{spampd}->{instance}++; # if ( $self->{spampd}->{instance}++ > $self->{spampd}->{maxrequests} ) { # if ( $self->{spampd}->{debug} ) { # $self->log(2, "Exiting child process after handling ". # $self->{spampd}->{maxrequests} ." requests"); } # exit 0; # }; } # Net::Server hook # about to exit child process sub child_finish_hook { my($self) = shift; if ( $self->{spampd}->{debug} ) { $self->log(2, "Exiting child process after handling ". $self->{spampd}->{instance} ." requests"); } } my $relayhost = '127.0.0.1'; # relay to ip my $relayport = 25; # relay to port my $host = '127.0.0.1'; # listen on ip my $port = 10025; # listen on port my $children = 5; # number of child processes (servers) to spawn at start # my $maxchildren = $children; # max. number of child processes (servers) to spawn my $maxrequests = 20; # max requests handled by child b4 dying my $childtimeout = 6*60; # child process per-command timeout in seconds my $satimeout = 285; # SpamAssassin timeout in seconds (15s less than Postfix # default for smtp_data_done_timeout) my $pidfile = '/var/run/spampd.pid'; # write pid to file my $user = 'mail'; # user to run as my $group = 'mail'; # group to run as my $tagall = 0; # mark-up all msgs with SA, not just spam my $maxsize = 64; # max. msg size to scan with SA, in KB. my $rh = 0; # log which rules were hit my $debug = 0; # debug flag my $dose = 0; # die-on-sa-errors flag my $addheader = 0; # add X-Spam-Checked-By header to all messages # hostname to use in X-Spam-Checked-By header: my $myhostname = ( length($ENV{HOSTNAME}) ) ? $ENV{HOSTNAME} : "localhost"; my $logsock = "unix"; # default log socket (some systems like 'inet') # the following are deprecated as of v.2 my $heloname = ''; my $dead_letters = ''; my %options = (port => \$port, host => \$host, relayhost => \$relayhost, relayport => \$relayport, 'dead-letters' => \$dead_letters, pid => \$pidfile, user => \$user, group => \$group, maxrequests => \$maxrequests, maxsize => \$maxsize, heloname => \$heloname, childtimeout => \$childtimeout, satimeout => \$satimeout, children => \$children, # maxchildren => \$maxchildren, hostname => \$myhostname, logsock => \$logsock ); usage(1) unless GetOptions(\%options, 'port=i', 'host=s', 'relayhost=s', 'relayport=i', 'children|c=i', # 'maxchildren|mc=i', 'maxrequests|mr=i', 'childtimeout=i', 'satimeout=i', 'dead-letters=s', 'user|u=s', 'group|g=s', 'pid|p=s', 'maxsize=i', 'heloname=s', 'tagall|a', 'auto-whitelist|aw', 'stop-at-threshold', 'debug|d', 'help|h', 'local-only|l', 'log-rules-hit|rh', 'dose', 'add-sc-header|ash', 'hostname=s', 'logsock=s' ); usage(0) if $options{help}; if ( $logsock !~ /^(unix|inet)$/ ) { print "--logsock parameter needs to be either unix or inet\n\n"; usage(0); } if ( $options{tagall} ) { $tagall = 1; } if ( $options{'log-rules-hit'} ) { $rh = 1; } if ( $options{debug} ) { $debug = 1; } if ( $options{dose} ) { $dose = 1; } if ( $options{'add-sc-header'} ) { $addheader = 1; } # if ( !$options{maxchildren} or $maxchildren < $children ) { $maxchildren = $children; } if ( $children < 1 ) { print "Option --children must be greater than zero!\n"; exit shift; } # my $min_spare_servers = ($children == $maxchildren) ? 0 : 1; # my $max_spare_servers = ($min_spare_servers == 0) ? 0 : $maxchildren-1; my @tmp = split (/:/, $relayhost); $relayhost = $tmp[0]; if ( $tmp[1] ) { $relayport = $tmp[1]; } @tmp = split (/:/, $host); $host = $tmp[0]; if ( $tmp[1] ) { $port = $tmp[1]; } my $assassin = Mail::SpamAssassin->new({ 'dont_copy_prefs' => 1, 'debug' => $debug, 'local_tests_only' => $options{'local-only'} || 0 }); # 'stop_at_threshold' => $options{'stop_at_threshold'} || 0, $options{'auto-whitelist'} and eval { require Mail::SpamAssassin::DBBasedAddrList; # create a factory for the persistent address list my $addrlistfactory = Mail::SpamAssassin::DBBasedAddrList->new(); $assassin->set_persistent_address_list_factory ($addrlistfactory); }; $assassin->compile_now(); # thanks to Kurt Andersen for the 'uname -s' fix if ( !$options{logsock} ) { eval { my $osname = `uname -s`; if (($osname =~ 'HP-UX') || ($osname =~ 'SunOS')) { $logsock = "inet"; } }; } my $server = bless { server => {host => $host, port => [ $port ], log_file => 'Sys::Syslog', syslog_logsock => $logsock, syslog_ident => 'spampd', syslog_facility => 'mail', background => 1, # setsid => 1, pid_file => $pidfile, user => $user, group => $group, max_servers => $children, max_requests => $maxrequests, # min_servers => $children, # max_servers => $maxchildren, # min_spare_servers => $min_spare_servers, # max_spare_servers => $max_spare_servers, }, spampd => { relayhost => $relayhost, relayport => $relayport, tagall => $tagall, maxsize => $maxsize, assassin => $assassin, childtimeout => $childtimeout, satimeout => $satimeout, rh => $rh, debug => $debug, dose => $dose, addheader => $addheader, myhostname => $myhostname, instance => 0, }, }, 'SpamPD'; # call Net::Server to start up the daemon inside $server->run; exit 1; # shouldn't get here sub usage { print < or B<--mc=n> C<(new in v2)> # # Maximum number of children to spawn if needed (where n >= --children). When # I starts it will spawn a number of child servers as specified by # --children. If all those servers become busy, a new child is spawned up to the # number specified in --maxchildren. Default is to have --maxchildren equal to # --children so extra child processes aren't started. Also see the --children # option, above. You may want to set your origination mail server to limit the # number of concurrent connections to I to match this setting (for # Postfix this is the C setting where # 'xxxx' is the transport being used, usually 'smtp', and the default is 100). # # Note that extra servers after the initial --children will only spawn on very # busy systems. This is because the check to see if a new server is needed (ie. # all current ones are busy) is only done around once per minute (this is # controlled by the Net::Server::PreFork module, in case you want to # hack at it :). It can still be useful as an "overflow valve," and is # especially nice since the extra child servers will die off once they're not # needed. =pod =head1 NAME SpamPD - Spam Proxy Daemon (version 2.11) =head1 Synopsis B [B<--host=host[:port]>] [B<--relayhost=hostname[:port]>] [B<--user|u=username>] [B<--group|g=groupname>] [B<--children|c=n>] #[B<--maxchildren|mc=n>] [B<--maxrequests=n>] [B<--childtimeout=n>] [B<--satimeout=n>] [B<--pid|p=filename>] [B<--logsock=inet|unix>] [B<--maxsize=n>] [B<--dose>] [B<--tagall|a>] [B<--log-rules-hit|rh>] [B<--auto-whitelist|aw>] [B<--local-only|L>] [B<--debug|d>] B B<--help> =head1 Description I is an SMTP/LMTP proxy that marks (or tags) spam using SpamAssassin (http://www.SpamAssassin.org/). The proxy is designed to be transparent to the sending and receiving mail servers and at no point takes responsibility for the message itself. If a failure occurs within I (or SpamAssassin) then the mail servers will disconnect and the sending server is still responsible for retrying the message for as long as it is configured to do so. I uses SpamAssassin to modify (tag) relayed messages based on their spam score, so all SA settings apply. This is described in the SA documentation. I will by default only tell SA to tag a message if it exceeds the spam threshold score, however you can have it rewrite all messages passing through by adding the --tagall option (see SA for how non-spam messages are tagged). I logs all aspects of its operation to syslog(8), using the mail syslog facility. The latest version can be found at L. =head1 Requires =over 5 Perl modules: =item B =item B =item B =item B =item B (not actually required but recommended) =back =head1 Operation I is meant to operate as an S/LMTP mail proxy which passes each message through SpamAssassin for analysis. Note that I does not do anything other than check for spam, so it is not suitable as an anti-relay system. It is meant to work in conjunction with your regular mail system. Typically one would pipe any messages they wanted scanned through I after initial acceptance by your MX host. This is especially useful for using Postfix's (http://www.postfix.org) advanced content filtering mechanism, although certainly not limited to that application. Please re-read the second sentence in the above paragraph. You should NOT enable I to listen on a public interface (IP address) unless you know exactly what you're doing! It is very easy to set up an open relay this way. Here are some simple examples (square brackets in the "diagrams" indicate physical machines): B =over 3 The firewall/gateway MTA would be configured to forward all of its mail to the port that I listens on, and I would relay its messages to port 25 of your internal server. I could either run on its own host (and listen on any port) or it could run on either mail server (and listen on any port except port 25). Internet -> [ MX gateway (@inter.net.host:25) -> spampd (@localhost:2025) ] -> Internal mail (@private.host.ip:25) =back B =over 3 Please see the F that came with the Postfix distribution. You need to have a version of Postfix which supports this (ideally v.2 and up). Internet -> [ Postfix (@inter.net.host:25) -> spampd (@localhost:10025) -> Postfix (@localhost:10026) ] -> final delivery =back Note that these examples only show incoming mail delivery. Since it is usually unnecessary to scan mail coming from your network (right?), it may be desirable to set up a separate outbound route which bypasses I. =head1 Upgrading Upgrading from version 1 simply involves replacing the F program file with the latest one. Note that the I folder is no longer being used and the --dead-letters option is no longer needed (though no errors are thrown if it's present). Check the L<"Options"> list below for a full list of new and deprecated options. Also be sure to check out the change log. =head1 Installation I can be run directly from the command prompt if desired. This is useful for testing purposes, but for long term use you probably want to put it somewhere like /usr/bin or /usr/local/bin and execute it at system startup. For example on Red Hat-style Linux system one can use a script in /etc/rc.d/init.d to start I (a sample script is available on the I Web page @ http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm). The options all have reasonable defaults, especially for a Postfix-centric installation. You may want to specify the --children option if you have an especially beefy or weak server box because I is a memory-hungry program. Check the L<"Options"> for details on this and all other parameters. Note that I B I from the I distribution in function. You do not need to run I in order for I to work. This has apparently been the source of some confusion, so now you know. =head2 Postfix-specific Notes Here is a typical setup for Postfix "advanced" content filtering as described in the F that came with the Postfix distribution (which you really need to read): F: smtp inet n - y - - smtpd -o content_filter=smtp:localhost:10025 -o myhostname=mx.example.com localhost:10026 inet n - n - 10 smtpd -o content_filter= -o myhostname=mx-int.example.com The first entry is the main public-facing MTA which uses localhost:10025 as the content filter for all mail. The second entry receives mail from the content filter and does final delivery. Both smtpd instances use the same Postfix F file. I is the process that listens on localhost:10025 and then connects to the Postfix listener on localhost:10026. Note that the C options must be different between the two instances, otherwise Postfix will think it's talking to itself and abort sending. For the above example you can simply start I like this: spampd --host=localhost:10025 --relayhost=localhost:10026 F from the Postfix distro has more details and examples of various setups, including how to skip the content filter for outbound mail. Another tip for Postfix when considering what timeout values to use for --childtimout and --satimeout options is the following command: C<# postconf | grep timeout> This will return a list of useful timeout settings and their values. For explanations see the relevant C page (smtp, smtpd, lmtp). By default I is set up for the default Postfix timeout values. =head1 Options =over 5 =item B<--host=ip[:port] or hostname[:port]> C<(changed in v2)> Specifies what hostname/IP and port I listens on. By default, it listens on 127.0.0.1 (localhost) on port 10025. B You should NOT enable I to listen on a public interface (IP address) unless you know exactly what you're doing! =item B<--port=n> Specifies what port I listens on. By default, it listens on port 10025. This is an alternate to using the above --host=ip:port notation. =item B<--relayhost=ip[:port] or hostname[:port]> Specifies the hostname/IP where I will relay all messages. Defaults to 127.0.0.1 (localhost). If the port is not provided, that defaults to 25. =item B<--relayport=n> C<(new in v2)> Specifies what port I will relay to. Default is 25. This is an alternate to using the above --relayhost=ip:port notation. =item B<--user=username> or B<--u=username> =item B<--group=groupname> or B<--g=groupname> Specifies the user and group that the proxy will run as. Default is I/I. =item B<--children=n> or B<--c=n> C<(new in v2)> Number of child servers to start and maintain (where n > 0). Each child will process up to --maxrequests (below) before exiting and being replaced by another child. Keep this number low on systems w/out a lot of memory. Default is 5 (which seems OK on a 512MB lightly loaded system). Note that there is always a parent process running, so if you specify 5 children you will actually have 6 I processes running. You may want to set your origination mail server to limit the number of concurrent connections to I to match this setting (for Postfix this is the C setting where 'xxxx' is the transport being used, usually 'smtp', and the default is 100). =item B<--maxrequests=n> I works by forking child servers to handle each message. The B parameter specifies how many requests will be handled before the child exits. Since a child never gives back memory, a large message can cause it to become quite bloated; the only way to reclaim the memory is for the child to exit. The default is 20. =item B<--childtimeout=n> C<(new in v2)> This is the number of seconds to allow each child server before it times out a transaction. In an S/LMTP transaction the timer is reset for every command. This timeout includes time it would take to send the message data, so it should not be too short. Note that it's more likely the origination or destination mail servers will timeout first, which is fine. This is just a "sane" failsafe. Default is 360 seconds (6 minutes). =item B<--satimeout=n> C<(new in v2)> This is the number of seconds to allow for processing a message with SpamAssassin (including feeding it the message, analyzing it, and adding the headers/report if necessary). This should be less than your origination and destination servers' timeout settings for the DATA command. For Postfix the default is 300 seconds in both cases (smtp_data_done_timeout and smtpd_timeout). In the event of timeout while processing the message, the problem is logged and the message is passed on anyway (w/out spam tagging, obviously). To fail the message with a temp 450 error, see the --dose (die-on-sa-errors) option, below. Default is 285 seconds. =item B<--pid=filename> or B<--p=filename> Specifies a filename where I will write its process ID so that it is easy to kill it later. The directory that will contain this file must be writable by the I user. The default is F. =item B<--logsock=unix or inet> C<(new in v2.2)> Syslog socket to use. May be either "unix" of "inet". Default is "unix" except on HP-UX and SunOS (Solaris) systems which seem to prefer "inet". =item B<--maxsize=n> The maximum message size to send to SpamAssassin, in KBytes. By default messages over 64KB are not scanned at all, and an appropriate message is logged indicating this. The size includes headers and attachments (if any). =item B<--dose> C<(new in v2)> Acronym for (d)ie (o)n (s)pamAssassin (e)rrors. By default if I encounters a problem with processing the message through Spam Assassin (timeout or other error), it will still pass the mail on to the destination server. If you specify this option however, the mail is instead rejected with a temporary error (code 450, which means the origination server should keep retrying to send it). See the related --satimeout option, above. =item B<--tagall> or B<--a> Tells I to have SpamAssassin add headers to all scanned mail, not just spam. By default I will only rewrite messages which exceed the spam threshold score (as defined in the SA settings). Note that for this option to work as of SA-2.50, the I and/or I settings in your SpamAssassin F need to be set to 1/true. =item B<--log-rules-hit> or B<--rh> C<(new in v2)> Logs the names of each SpamAssassin rule which matched the message being processed. This list is returned by SA. =item B<--add-sc-header> or B<--ash> C<(new in v2.1)> Add a 'X-Spam-Checked-By: {hostname}' header to each scanned message. By default no such header is added. This can be useful in tracking which server in a pool did the scanning. See below for how to specify a hostname. =item B<--hostname=hostname> C<(new in v2.1)> Hostname to use in the X-Spam-Checked-By header. By default the value of the environmental variable $HOSTNAME is used, or if that is undefined/blank then 'localhost' is used as the hostname. Only relevant if the --add-sc-header option is specified. =item B<--auto-whitelist> or B<--aw> Turns on the SpamAssassin global whitelist feature. See the SA docs. Note that per-user whitelists are not available. =item B<--local-only> or B<--L> C<(new in v2)> Turn off all SA network-based tests (DNS, Razor, etc). =item B<--debug> or B<--d> C<(changed in v2)> Turns on SpamAssassin debug messages which print to STDERR (usually the console). Also turns on more verbose logging of what spampd is doing (new in v2). =item B<--help> or B<--h> Prints usage information. =back =head2 Deprecated Options =over 5 The following options are no longer used but still accepted for backwards compatibility with I v1: =item B<--dead-letters> =item B<--heloname> =item B<--stop-at-threshold> =back =head1 Examples =over 5 =item Running between firewall/gateway and internal mail server I listens on port 10025 on the same host as the internal mail server. spampd --host=192.168.1.10 Same as above but I runs on port 10025 of the same host as the firewall/gateway and passes messages on to the internal mail server on another host. spampd --relayhost=192.168.1.10 =item Using Postfix advanced content filtering example and the SA auto-whitelist feature spampd --port=10025 --relayhost=127.0.0.1:10026 --auto-whitelist =back =head1 Credits I is written and maintained by Maxim Paperno . See http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm for latest info. I v2 uses two Perl modules by Bennett Todd and Copyright (C) 2001 Morgan Stanley Dean Witter. These are distributed under the GNU GPL (see module code for more details). Both modules have been slightly modified from the originals and are included in this file under new names. Also thanks to Bennett Todd for the example smtpproxy script which helped create this version of I. See http://bent.latency.net/smtpprox/ . I v1 was based on code by Dave Carrigan named I. Trace amounts of his code or documentation may still remain. Thanks to him for the original inspiration and code. See http://www.rudedog.org/assassind/ . Also thanks to I (included with SpamAssassin) and I (http://www.ijs.si/software/amavisd/) for some tricks. =head1 Copyright, License, and Disclaimer I is Copyright (c) 2002 by World Design Group and Maxim Paperno. Portions are Copyright (C) 2001 Morgan Stanley Dean Witter as mentioned above in the Credits section. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. The GNU GPL can be found at http://www.fsf.org/copyleft/gpl.html =head1 Bugs None known. Please report any to MPaperno@WorldDesign.com. =head1 To Do Figure out how to use Net::Server::PreFork because it has cool potential for load management. I tried but either I'm missing something or PreFork is somewhat broken in how it works. If anyone has experience here, please let me know. Add configurable option for rejecting mail outright based on spam score. It would be nice to make this program safe enough to sit in front of a mail server such as Postfix and be able to reject mail before it enters our systems. The only real problem is that Postfix will see localhost as the connecting client, so that disables any client-based checks Postfix can do and creates a possible relay hole if localhost is trusted. Per-user preferences: The jury is still out on this one. I'm thinking more and more that most per-user prefs should be specified on the final mailbox server. Why? Because SMTP isn't designed with per-user preferences in mind. On a relay server, the same message body can go to multiple recipients who may have wildly different preferences when it comes to handilng junk mail. The exception here might be the use of LMTP protocol, which bears further investigation. =head1 See Also perl(1), Spam::Assassin(3), L, L spampd-2.62/previous-versions/spampd-2.12.pl000066400000000000000000001373251472556702500207020ustar00rootroot00000000000000#! /usr/bin/perl -T ###################### # SpamPD - spam proxy daemon # # v2.12 - 15-Nov-03 # v2.11 - 15-Jul-03 # v2.10 - 01-Jul-03 # v2.00 - 10-Jun-03 # v1.0.2 - 13-Apr-03 # v1.0.1 - 03-Feb-03 # v1.0.0 - May 2002 # # spampd is Copyright (c) 2002 by World Design Group and Maxim Paperno # (see http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm) # # Written and maintained by Maxim Paperno (MPaperno@WorldDesign.com) # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # The GNU GPL can be found at http://www.fsf.org/copyleft/gpl.html # # spampd v2 uses two Perl modules by Bennett Todd and Copyright (C) 2001 Morgan # Stanley Dean Witter. These are also distributed under the GNU GPL (see # module code for more details). Both modules have been slightly modified # from the originals and are included in this file under new names. # # spampd v1 was based on code by Dave Carrigan named assassind. Trace amounts # of his code or documentation may still remain. Thanks to him for the # original inspiration and code. (see http://www.rudedog.org/assassind/) # ###################### ################################################################################ package SpamPD::Server; # Originally known as MSDW::SMTP::Server # # This code is Copyright (C) 2001 Morgan Stanley Dean Witter, and # is distributed according to the terms of the GNU Public License # as found at . # # Modified for use in SpamPD by Maxim Paperno (June, 2003) # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # Written by Bennett Todd # =item DESCRIPTION # # This server simply gathers the SMTP acquired information (envelope # sender and recipient, and data) into unparsed memory buffers (or a # file for the data), and returns control to the caller to explicitly # acknowlege each command or request. Since acknowlegement or failure # are driven explicitly from the caller, this module can be used to # create a robust SMTP content scanning proxy, transparent or not as # desired. # # =cut use strict; use IO::File; #use IO::Socket; # =item new(interface => $interface, port => $port); # The #interface and port to listen on must be specified. The interface # must be a valid numeric IP address (0.0.0.0 to listen on all # interfaces, as usual); the port must be numeric. If this call # succeeds, it returns a server structure with an open # IO::Socket::INET in it, ready to listen on. If it fails it dies, so # if you want anything other than an exit with an explanatory error # message, wrap the constructor call in an eval block and pull the # error out of $@ as usual. This is also the case for all other # methods; they succeed or they die. # # =cut sub new { # This now emulates Net::SMTP::Server::Client for use with Net::Server which # passes an already open socket. my($this, $socket) = @_; my $class = ref($this) || $this; my $self = {}; $self->{sock} = $socket; bless($self, $class); die "$0: socket bind failure: $!\n" unless defined $self->{sock}; $self->{state} = 'started'; return $self; # Original code, removed by MP for spampd use # # my ($this, @opts) = @_; # my $class = ref($this) || $this; # my $self = bless { @opts }, $class; # $self->{sock} = IO::Socket::INET->new( # LocalAddr => $self->{interface}, # LocalPort => $self->{port}, # Proto => 'tcp', # Type => SOCK_STREAM, # Listen => 65536, # Reuse => 1, # ); # die "$0: socket bind failure: $!\n" unless defined $self->{sock}; # $self->{state} = 'just bound', # return $self; } # sub accept { } # # Removed by MP; not needed for spampd use # # =item chat; # # The chat method carries the SMTP dialogue up to the point where any # acknowlegement must be made. If chat returns true, then its return # value is the previous SMTP command. If the return value begins with # 'mail' (case insensitive), then the attribute 'from' has been filled # in, and may be checked; if the return value begins with 'rcpt' then # both from and to have been been filled in with scalars, and should # be checked, then either 'ok' or 'fail' should be called to accept # or reject the given sender/recipient pair. If the return value is # 'data', then the attributes from and to are populated; in this case, # the 'to' attribute is a reference to an anonymous array containing # all the recipients for this data. If the return value is '.', then # the 'data' attribute (which may be pre-populated in the "new" or # "accept" methods if desired) is a reference to a filehandle; if it's # created automatically by this module it will point to an unlinked # tmp file in /tmp. If chat returns false, the SMTP dialogue has been # completed and the socket closed; this server is ready to exit or to # accept again, as appropriate for the server style. # # The return value from chat is also remembered inside the server # structure in the "state" attribute. # # =cut sub chat { my ($self) = @_; local(*_); if ($self->{state} !~ /^data/i) { return 0 unless defined($_ = $self->_getline); s/[\r\n]*$//; $self->{state} = $_; if (s/^.?he?lo\s+//i) { # mp: find helo|ehlo|lhlo # mp: determine protocol (for future use) if ( /^L/i ) { $self->{proto} = "lmtp"; } elsif ( /^E/i ) { $self->{proto} = "esmtp"; } else { $self->{proto} = "smtp"; } s/\s*$//; s/\s+/ /g; $self->{helo} = $_; } elsif (s/^rset\s*//i) { delete $self->{to}; delete $self->{data}; delete $self->{recipients}; } elsif (s/^mail\s+from:\s*//i) { delete $self->{to}; delete $self->{data}; delete $self->{recipients}; s/\s*$//; $self->{from} = $_; } elsif (s/^rcpt\s+to:\s*//i) { s/\s*$//; s/\s+/ /g; $self->{to} = $_; push @{$self->{recipients}}, $_; } elsif (/^data/i) { $self->{to} = $self->{recipients}; } } else { if (defined($self->{data})) { $self->{data}->seek(0, 0); $self->{data}->truncate(0); } else { $self->{data} = IO::File->new_tmpfile; } while (defined($_ = $self->_getline)) { if ($_ eq ".\r\n") { $self->{data}->seek(0,0); return $self->{state} = '.'; } s/^\.\./\./; $self->{data}->print($_) or die "$0: write error saving data\n"; } return(0); } return $self->{state}; } # =item ok([message]); # # Approves of the data given to date, either the recipient or the # data, in the context of the sender [and, for data, recipients] # already given and available as attributes. If a message is given, it # will be sent instead of the internal default. # # =cut sub ok { my ($self, @msg) = @_; @msg = ("250 ok.") unless @msg; $self->_print("@msg\r\n") or die "$0: write error acknowledging $self->{state}: $!\n"; } # =item fail([message]); # # Rejects the current info; if processing from, rejects the sender; if # processing 'to', rejects the current recipient; if processing data, # rejects the entire message. If a message is specified it means the # exact same thing as "ok" --- simply send that message to the sender. # # =cut sub fail { my ($self, @msg) = @_; @msg = ("550 no.") unless @msg; $self->_print("@msg\r\n") or die "$0: write error acknowledging $self->{state}: $!\n"; } # utility functions sub _getline { my ($self) = @_; local ($/) = "\r\n"; my $tmp = $self->{sock}->getline; if ( defined $self->{debug} ) { $self->{debug}->print($tmp) if ($tmp); } return $tmp; } sub _print { my ($self, @msg) = @_; $self->{debug}->print(@msg) if defined $self->{debug}; $self->{sock}->print(@msg); } 1; ################################################################################ package SpamPD::Client; # Originally known as MSDW::SMTP::Client # # This code is Copyright (C) 2001 Morgan Stanley Dean Witter, and # is distributed according to the terms of the GNU Public License # as found at . # # Modified for use in SpamPD by Maxim Paperno (June, 2003) # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # Written by Bennett Todd # =head1 DESCRIPTION # # MSDW::SMTP::Client provides a very lean SMTP client implementation; # the only protocol-specific knowlege it has is the structure of SMTP # multiline responses. All specifics lie in the hands of the calling # program; this makes it appropriate for a semi-transparent SMTP # proxy, passing commands between a talker and a listener. # # =cut use strict; use IO::Socket; # =item new(interface => $interface, port => $port[, timeout = 300]); # # The interface and port to talk to must be specified. The interface # must be a valid numeric IP address; the port must be numeric. If # this call succeeds, it returns a client structure with an open # IO::Socket::INET in it, ready to talk to. If it fails it dies, # so if you want anything other than an exit with an explanatory # error message, wrap the constructor call in an eval block and pull # the error out of $@ as usual. This is also the case for all other # methods; they succeed or they die. The timeout parameter is passed # on into the IO::Socket::INET constructor. # # =cut sub new { my ($this, @opts) = @_; my $class = ref($this) || $this; my $self = bless { timeout => 300, @opts }, $class; $self->{sock} = IO::Socket::INET->new( PeerAddr => $self->{interface}, PeerPort => $self->{port}, Timeout => $self->{timeout}, Proto => 'tcp', Type => SOCK_STREAM, ); die "$0: socket connect failure: $!\n" unless defined $self->{sock}; return $self; } # =item hear # # hear collects a complete SMTP response and returns it with trailing # CRLF removed; for multi-line responses, intermediate CRLFs are left # intact. Returns undef if EOF is seen before a complete reply is # collected. # # =cut sub hear { my ($self) = @_; my ($tmp, $reply); return undef unless $tmp = $self->{sock}->getline; while ($tmp =~ /^\d{3}-/) { $reply .= $tmp; return undef unless $tmp = $self->{sock}->getline; } $reply .= $tmp; $reply =~ s/\r\n$//; return $reply; } # =item say("command text") # # say sends an SMTP command, appending CRLF. # # =cut sub say { my ($self, @msg) = @_; return unless @msg; $self->{sock}->print("@msg", "\r\n") or die "$0: write error: $!"; } # =item yammer(FILEHANDLE) # # yammer takes a filehandle (which should be positioned at the # beginning of the file, remember to $fh->seek(0,0) if you've just # written it) and sends its contents as the contents of DATA. This # should only be invoked after a $client->say("data") and a # $client->hear to collect the reply to the data command. It will send # the trailing "." as well. It will perform leading-dot-doubling in # accordance with the SMTP protocol spec, where "leading dot" is # defined in terms of CR-LF terminated lines --- i.e. the data should # contain CR-LF data without the leading-dot-quoting. The filehandle # will be left at EOF. # # =cut sub yammer { my ($self, $fh) = (@_); local (*_); local ($/) = "\r\n"; $self->{sock}->autoflush(0); # use less writes (thx to Sam Horrocks for the tip) while (<$fh>) { s/^\./../; $self->{sock}->print($_) or die "$0: write error: $!\n"; } $self->{sock}->autoflush(1); # restore unbuffered socket operation $self->{sock}->print(".\r\n") or die "$0: write error: $!\n"; } 1; ################################################################################ package SpamPD; use strict; use Net::Server::PreForkSimple; use IO::File; use Getopt::Long; use Mail::SpamAssassin; use Mail::SpamAssassin::NoMailAudit; BEGIN { # Load Time::HiRes if it's available eval { require Time::HiRes }; Time::HiRes->import( qw(time) ) unless $@; # use included modules import SpamPD::Server; import SpamPD::Client; } use vars qw(@ISA $VERSION); our @ISA = qw(Net::Server::PreForkSimple); our $VERSION = '2.12'; sub process_message { my ($self, $fh) = @_; # output lists with a , delimeter by default local ($") = ","; # start a timer my $start = time; # use the assassin object created during startup my $assassin = $self->{spampd}->{assassin}; # this gets info about the message temp file (my $dev,my $ino,my $mode,my $nlink,my $uid, my $gid,my $rdev,my $size, my $atime,my $mtime,my $ctime, my $blksize,my $blocks) = $fh->stat or die "Can't stat mail file: $!"; # Only process message under --maxsize KB if ( $size < ($self->{spampd}->{maxsize} * 1024) ) { # read message into array of lines to feed to SA # notes in the SA::NoMailAudit code indicate it should take a # filehandle... but that doesn't seem to work :-/ my (@msglines, $msgid, $tmp); my $inhdr=1; $fh->seek(0,0) or die "Can't rewind message file: $!"; while (<$fh>) { push(@msglines, $_); $inhdr = 0 if (/^\r?\n$/); # outside of msg header after first blank line # find the Message-ID for logging (code is from spamd) if ( $inhdr && /^Message-Id:\s+(.*?)\s*$/i ) { $msgid = $1; while($msgid =~ s/\([^\(\)]*\)//) {}; # remove comments and $msgid =~ s/^\s+|\s+$//g; # leading and trailing spaces $msgid =~ s/\s.*$//; # keep only the first token $msgid =~ s/%/%%/g; # escape % because Sys::Syslog uses sprintf() } } my $recips = "@{$self->{smtp_server}->{to}}"; $msgid ||= "(unknown)"; $recips ||= "(unknown)"; $self->log(2, "processing message $msgid for ". $recips); eval { local $SIG{ALRM} = sub { die "Timed out!\n" }; # save previous timer and start new my $previous_alarm = alarm($self->{spampd}->{satimeout}); # Audit the message my $mail = Mail::SpamAssassin::NoMailAudit->new ( data => \@msglines ); # Check spamminess my $status = $assassin->check($mail); if ( $self->{spampd}->{debug} ) { $self->log(2, "Returned from checking by SpamAssassin"); } my $addingHeader = 0; if ( $self->{spampd}->{addheader} && length($self->{spampd}->{myhostname}) ) { $mail->put_header("X-Spam-Checked-By", $self->{spampd}->{myhostname}); $addingHeader = 1; } # Rewrite mail if high spam factor or options --tagall or --add-sc-header if ( $status->is_spam || $self->{spampd}->{tagall} || $addingHeader ) { # if spam or --tagall, have SA put in its report/headers. if ( $status->is_spam || $self->{spampd}->{tagall} ) { if ( $self->{spampd}->{debug} ) { $self->log(2, "Rewriting mail using SpamAssassin"); } $status->rewrite_mail; } my $msg_resp = join '', $mail->header, "\r\n", @{$mail->body}; my @resplines = split(/\r?\n/, $msg_resp); # Build the new message to relay # pause the timeout alarm while we do this (no point in timing # out here and leaving a half-written file). my $pause_alarm = alarm(0); $fh->seek(0,0) or die "Can't rewind message file: $!"; $fh->truncate(0) or die "Can't truncate message file: $!"; my $arraycont = @resplines; for ( 0..$arraycont ) { $fh->print($resplines[$_] . "\r\n") or die "Can't print to message file: $!"; } #restart the alarm alarm($pause_alarm); } # Log what we did my $was_it_spam = 'clean message'; if ($status->is_spam) { $was_it_spam = 'identified spam'; } my $msg_score = sprintf("%.2f",$status->get_hits); my $msg_threshold = sprintf("%.2f",$status->get_required_hits); my $proc_time = sprintf("%.2f", time - $start); $self->log(2, "$was_it_spam $msgid ($msg_score/$msg_threshold) for ". "$recips in $proc_time seconds, $size bytes."); # thanks to Kurt Andersen for this idea if ( $self->{spampd}->{rh} ) { $self->log(2, "rules hit for $msgid: " . $status->get_names_of_tests_hit); } $status->finish(); # set the timeout alarm back to wherever it was at alarm($previous_alarm); }; if ( $@ ne '' ) { $self->log(1, "WARNING!! SpamAssassin error on message $msgid: $@"); return 0; } } else { $self->log(2, "skipped large message (". $size / 1024 ."KB)"); } return 1; } sub process_request { my $self = shift; my $msg; eval { local $SIG{ALRM} = sub { die "Child server process timed out!\n" }; my $timeout = $self->{spampd}->{childtimeout}; # start a timeout alarm alarm($timeout); # start an smtp server my $smtp_server = SpamPD::Server->new($self->{server}->{client}); unless ( defined $smtp_server ) { die "Failed to create listening Server: $!"; } $self->{smtp_server} = $smtp_server; if ( $self->{spampd}->{debug} ) { $self->log(2, "Initiated Server"); } # start an smtp "client" (really a sending server) my $client = SpamPD::Client->new(interface => $self->{spampd}->{relayhost}, port => $self->{spampd}->{relayport}); unless ( defined $client ) { die "Failed to create sending Client: $!"; } if ( $self->{spampd}->{debug} ) { $self->log(2, "Initiated Client"); } # pass on initial client response # $client->hear can handle multiline responses so no need to loop $smtp_server->ok($client->hear) or die "Error in initial server->ok(client->hear): $!"; if ( $self->{spampd}->{debug} ) { $self->log(2, "smtp_server state: '" . $smtp_server->{state} . "'"); } # while loop over incoming data from the server while ( my $what = $smtp_server->chat ) { if ( $self->{spampd}->{debug} ) { $self->log(2, "smtp_server state: '" . $smtp_server->{state} . "'"); } # until end of DATA is sent, just pass the commands on transparently if ($what ne '.') { $client->say($what) or die "Failure in client->say(what): $!"; # but once the data is sent now we want to process it } else { # spam checking routine - message might be rewritten here my $pmrescode = $self->process_message($smtp_server->{data}); # pass on the messsage if exit code <> 0 or die-on-sa-errors flag is off if ( $pmrescode or !$self->{spampd}->{dose} ) { # need to give the client a rewound file $smtp_server->{data}->seek(0,0) or die "Can't rewind mail file: $!"; # now send the data on through the client $client->yammer($smtp_server->{data}) or die "Failure in client->yammer(smtp_server->{data}): $!"; } else { $smtp_server->ok("450 Temporary failure processing message, please try again later"); last; } #close the temp file $smtp_server->{data}->close or $self->log(1, "WARNING!! Couldn't close smtp_server->{data} temp file: $!"); if ( $self->{spampd}->{debug} ) { $self->log(2, "Finished sending DATA"); } } # pass on whatever the relayhost said in response # $client->hear can handle multiline responses so no need to loop my $destresp = $client->hear; $smtp_server->ok($destresp) or die "Error in server->ok(client->hear): $!"; if ( $self->{spampd}->{debug} ) { $self->log(2, "Destination response: '" . $destresp . "'"); } # if we're in data state but the response is an error, exit data state. # Shold not normally occur, but can happen. Thanks to Rodrigo Ventura for bug reports. if ( $smtp_server->{state} =~ /^data/i and $destresp =~ /^[45]\d{2} / ) { $smtp_server->{state} = "err_after_data"; if ( $self->{spampd}->{debug} ) { $self->log(2, "Destination response indicates error after DATA command"); } } # restart the timeout alarm alarm($timeout); } # server ends connection # close connections $client->{sock}->close or die "Couldn't close client->{sock}: $!"; $smtp_server->{sock}->close or die "Couldn't close smtp_server->{sock}: $!"; if ( $self->{spampd}->{debug} ) { $self->log(2, "Closed connections"); } }; # end eval block alarm(0); # stop the timer # check for error in eval block if ($@ ne '') { chomp($@); $msg = "WARNING!! Error in process_request eval block: $@"; $self->log(0, $msg); die ($msg . "\n"); } $self->{spampd}->{instance}++; # if ( $self->{spampd}->{instance}++ > $self->{spampd}->{maxrequests} ) { # if ( $self->{spampd}->{debug} ) { # $self->log(2, "Exiting child process after handling ". # $self->{spampd}->{maxrequests} ." requests"); } # exit 0; # }; } # Net::Server hook # about to exit child process sub child_finish_hook { my($self) = shift; if ( $self->{spampd}->{debug} ) { $self->log(2, "Exiting child process after handling ". $self->{spampd}->{instance} ." requests"); } } my $relayhost = '127.0.0.1'; # relay to ip my $relayport = 25; # relay to port my $host = '127.0.0.1'; # listen on ip my $port = 10025; # listen on port my $children = 5; # number of child processes (servers) to spawn at start # my $maxchildren = $children; # max. number of child processes (servers) to spawn my $maxrequests = 20; # max requests handled by child b4 dying my $childtimeout = 6*60; # child process per-command timeout in seconds my $satimeout = 285; # SpamAssassin timeout in seconds (15s less than Postfix # default for smtp_data_done_timeout) my $pidfile = '/var/run/spampd.pid'; # write pid to file my $user = 'mail'; # user to run as my $group = 'mail'; # group to run as my $tagall = 0; # mark-up all msgs with SA, not just spam my $maxsize = 64; # max. msg size to scan with SA, in KB. my $rh = 0; # log which rules were hit my $debug = 0; # debug flag my $dose = 0; # die-on-sa-errors flag my $addheader = 0; # add X-Spam-Checked-By header to all messages # hostname to use in X-Spam-Checked-By header: my $myhostname = ( length($ENV{HOSTNAME}) ) ? $ENV{HOSTNAME} : "localhost"; my $logsock = "unix"; # default log socket (some systems like 'inet') # the following are deprecated as of v.2 my $heloname = ''; my $dead_letters = ''; my %options = (port => \$port, host => \$host, relayhost => \$relayhost, relayport => \$relayport, 'dead-letters' => \$dead_letters, pid => \$pidfile, user => \$user, group => \$group, maxrequests => \$maxrequests, maxsize => \$maxsize, heloname => \$heloname, childtimeout => \$childtimeout, satimeout => \$satimeout, children => \$children, # maxchildren => \$maxchildren, hostname => \$myhostname, logsock => \$logsock ); usage(1) unless GetOptions(\%options, 'port=i', 'host=s', 'relayhost=s', 'relayport=i', 'children|c=i', # 'maxchildren|mc=i', 'maxrequests|mr=i', 'childtimeout=i', 'satimeout=i', 'dead-letters=s', 'user|u=s', 'group|g=s', 'pid|p=s', 'maxsize=i', 'heloname=s', 'tagall|a', 'auto-whitelist|aw', 'stop-at-threshold', 'debug|d', 'help|h', 'local-only|l', 'log-rules-hit|rh', 'dose', 'add-sc-header|ash', 'hostname=s', 'logsock=s' ); usage(0) if $options{help}; if ( $logsock !~ /^(unix|inet)$/ ) { print "--logsock parameter needs to be either unix or inet\n\n"; usage(0); } if ( $options{tagall} ) { $tagall = 1; } if ( $options{'log-rules-hit'} ) { $rh = 1; } if ( $options{debug} ) { $debug = 1; } if ( $options{dose} ) { $dose = 1; } if ( $options{'add-sc-header'} ) { $addheader = 1; } # if ( !$options{maxchildren} or $maxchildren < $children ) { $maxchildren = $children; } if ( $children < 1 ) { print "Option --children must be greater than zero!\n"; exit shift; } # my $min_spare_servers = ($children == $maxchildren) ? 0 : 1; # my $max_spare_servers = ($min_spare_servers == 0) ? 0 : $maxchildren-1; my @tmp = split (/:/, $relayhost); $relayhost = $tmp[0]; if ( $tmp[1] ) { $relayport = $tmp[1]; } @tmp = split (/:/, $host); $host = $tmp[0]; if ( $tmp[1] ) { $port = $tmp[1]; } my $assassin = Mail::SpamAssassin->new({ 'dont_copy_prefs' => 1, 'debug' => $debug, 'local_tests_only' => $options{'local-only'} || 0 }); # 'stop_at_threshold' => $options{'stop_at_threshold'} || 0, $options{'auto-whitelist'} and eval { require Mail::SpamAssassin::DBBasedAddrList; # create a factory for the persistent address list my $addrlistfactory = Mail::SpamAssassin::DBBasedAddrList->new(); $assassin->set_persistent_address_list_factory ($addrlistfactory); }; $assassin->compile_now(); # thanks to Kurt Andersen for the 'uname -s' fix if ( !$options{logsock} ) { eval { my $osname = `uname -s`; if (($osname =~ 'HP-UX') || ($osname =~ 'SunOS')) { $logsock = "inet"; } }; } my $server = bless { server => {host => $host, port => [ $port ], log_file => 'Sys::Syslog', syslog_logsock => $logsock, syslog_ident => 'spampd', syslog_facility => 'mail', background => 1, # setsid => 1, pid_file => $pidfile, user => $user, group => $group, max_servers => $children, max_requests => $maxrequests, # min_servers => $children, # max_servers => $maxchildren, # min_spare_servers => $min_spare_servers, # max_spare_servers => $max_spare_servers, }, spampd => { relayhost => $relayhost, relayport => $relayport, tagall => $tagall, maxsize => $maxsize, assassin => $assassin, childtimeout => $childtimeout, satimeout => $satimeout, rh => $rh, debug => $debug, dose => $dose, addheader => $addheader, myhostname => $myhostname, instance => 0, }, }, 'SpamPD'; # call Net::Server to start up the daemon inside $server->run; exit 1; # shouldn't get here sub usage { print < or B<--mc=n> C<(new in v2)> # # Maximum number of children to spawn if needed (where n >= --children). When # I starts it will spawn a number of child servers as specified by # --children. If all those servers become busy, a new child is spawned up to the # number specified in --maxchildren. Default is to have --maxchildren equal to # --children so extra child processes aren't started. Also see the --children # option, above. You may want to set your origination mail server to limit the # number of concurrent connections to I to match this setting (for # Postfix this is the C setting where # 'xxxx' is the transport being used, usually 'smtp', and the default is 100). # # Note that extra servers after the initial --children will only spawn on very # busy systems. This is because the check to see if a new server is needed (ie. # all current ones are busy) is only done around once per minute (this is # controlled by the Net::Server::PreFork module, in case you want to # hack at it :). It can still be useful as an "overflow valve," and is # especially nice since the extra child servers will die off once they're not # needed. =pod =head1 NAME SpamPD - Spam Proxy Daemon (version 2.11) =head1 Synopsis B [B<--host=host[:port]>] [B<--relayhost=hostname[:port]>] [B<--user|u=username>] [B<--group|g=groupname>] [B<--children|c=n>] #[B<--maxchildren|mc=n>] [B<--maxrequests=n>] [B<--childtimeout=n>] [B<--satimeout=n>] [B<--pid|p=filename>] [B<--logsock=inet|unix>] [B<--maxsize=n>] [B<--dose>] [B<--tagall|a>] [B<--log-rules-hit|rh>] [B<--auto-whitelist|aw>] [B<--local-only|L>] [B<--debug|d>] B B<--help> =head1 Description I is an SMTP/LMTP proxy that marks (or tags) spam using SpamAssassin (http://www.SpamAssassin.org/). The proxy is designed to be transparent to the sending and receiving mail servers and at no point takes responsibility for the message itself. If a failure occurs within I (or SpamAssassin) then the mail servers will disconnect and the sending server is still responsible for retrying the message for as long as it is configured to do so. I uses SpamAssassin to modify (tag) relayed messages based on their spam score, so all SA settings apply. This is described in the SA documentation. I will by default only tell SA to tag a message if it exceeds the spam threshold score, however you can have it rewrite all messages passing through by adding the --tagall option (see SA for how non-spam messages are tagged). I logs all aspects of its operation to syslog(8), using the mail syslog facility. The latest version can be found at L. =head1 Requires =over 5 Perl modules: =item B =item B =item B =item B =item B (not actually required but recommended) =back =head1 Operation I is meant to operate as an S/LMTP mail proxy which passes each message through SpamAssassin for analysis. Note that I does not do anything other than check for spam, so it is not suitable as an anti-relay system. It is meant to work in conjunction with your regular mail system. Typically one would pipe any messages they wanted scanned through I after initial acceptance by your MX host. This is especially useful for using Postfix's (http://www.postfix.org) advanced content filtering mechanism, although certainly not limited to that application. Please re-read the second sentence in the above paragraph. You should NOT enable I to listen on a public interface (IP address) unless you know exactly what you're doing! It is very easy to set up an open relay this way. Here are some simple examples (square brackets in the "diagrams" indicate physical machines): B =over 3 The firewall/gateway MTA would be configured to forward all of its mail to the port that I listens on, and I would relay its messages to port 25 of your internal server. I could either run on its own host (and listen on any port) or it could run on either mail server (and listen on any port except port 25). Internet -> [ MX gateway (@inter.net.host:25) -> spampd (@localhost:2025) ] -> Internal mail (@private.host.ip:25) =back B =over 3 Please see the F that came with the Postfix distribution. You need to have a version of Postfix which supports this (ideally v.2 and up). Internet -> [ Postfix (@inter.net.host:25) -> spampd (@localhost:10025) -> Postfix (@localhost:10026) ] -> final delivery =back Note that these examples only show incoming mail delivery. Since it is usually unnecessary to scan mail coming from your network (right?), it may be desirable to set up a separate outbound route which bypasses I. =head1 Upgrading Upgrading from version 1 simply involves replacing the F program file with the latest one. Note that the I folder is no longer being used and the --dead-letters option is no longer needed (though no errors are thrown if it's present). Check the L<"Options"> list below for a full list of new and deprecated options. Also be sure to check out the change log. =head1 Installation I can be run directly from the command prompt if desired. This is useful for testing purposes, but for long term use you probably want to put it somewhere like /usr/bin or /usr/local/bin and execute it at system startup. For example on Red Hat-style Linux system one can use a script in /etc/rc.d/init.d to start I (a sample script is available on the I Web page @ http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm). The options all have reasonable defaults, especially for a Postfix-centric installation. You may want to specify the --children option if you have an especially beefy or weak server box because I is a memory-hungry program. Check the L<"Options"> for details on this and all other parameters. Note that I B I from the I distribution in function. You do not need to run I in order for I to work. This has apparently been the source of some confusion, so now you know. =head2 Postfix-specific Notes Here is a typical setup for Postfix "advanced" content filtering as described in the F that came with the Postfix distribution (which you really need to read): F: smtp inet n - y - - smtpd -o content_filter=smtp:localhost:10025 -o myhostname=mx.example.com localhost:10026 inet n - n - 10 smtpd -o content_filter= -o myhostname=mx-int.example.com The first entry is the main public-facing MTA which uses localhost:10025 as the content filter for all mail. The second entry receives mail from the content filter and does final delivery. Both smtpd instances use the same Postfix F file. I is the process that listens on localhost:10025 and then connects to the Postfix listener on localhost:10026. Note that the C options must be different between the two instances, otherwise Postfix will think it's talking to itself and abort sending. For the above example you can simply start I like this: spampd --host=localhost:10025 --relayhost=localhost:10026 F from the Postfix distro has more details and examples of various setups, including how to skip the content filter for outbound mail. Another tip for Postfix when considering what timeout values to use for --childtimout and --satimeout options is the following command: C<# postconf | grep timeout> This will return a list of useful timeout settings and their values. For explanations see the relevant C page (smtp, smtpd, lmtp). By default I is set up for the default Postfix timeout values. =head1 Options =over 5 =item B<--host=ip[:port] or hostname[:port]> C<(changed in v2)> Specifies what hostname/IP and port I listens on. By default, it listens on 127.0.0.1 (localhost) on port 10025. B You should NOT enable I to listen on a public interface (IP address) unless you know exactly what you're doing! =item B<--port=n> Specifies what port I listens on. By default, it listens on port 10025. This is an alternate to using the above --host=ip:port notation. =item B<--relayhost=ip[:port] or hostname[:port]> Specifies the hostname/IP where I will relay all messages. Defaults to 127.0.0.1 (localhost). If the port is not provided, that defaults to 25. =item B<--relayport=n> C<(new in v2)> Specifies what port I will relay to. Default is 25. This is an alternate to using the above --relayhost=ip:port notation. =item B<--user=username> or B<--u=username> =item B<--group=groupname> or B<--g=groupname> Specifies the user and group that the proxy will run as. Default is I/I. =item B<--children=n> or B<--c=n> C<(new in v2)> Number of child servers to start and maintain (where n > 0). Each child will process up to --maxrequests (below) before exiting and being replaced by another child. Keep this number low on systems w/out a lot of memory. Default is 5 (which seems OK on a 512MB lightly loaded system). Note that there is always a parent process running, so if you specify 5 children you will actually have 6 I processes running. You may want to set your origination mail server to limit the number of concurrent connections to I to match this setting (for Postfix this is the C setting where 'xxxx' is the transport being used, usually 'smtp', and the default is 100). =item B<--maxrequests=n> I works by forking child servers to handle each message. The B parameter specifies how many requests will be handled before the child exits. Since a child never gives back memory, a large message can cause it to become quite bloated; the only way to reclaim the memory is for the child to exit. The default is 20. =item B<--childtimeout=n> C<(new in v2)> This is the number of seconds to allow each child server before it times out a transaction. In an S/LMTP transaction the timer is reset for every command. This timeout includes time it would take to send the message data, so it should not be too short. Note that it's more likely the origination or destination mail servers will timeout first, which is fine. This is just a "sane" failsafe. Default is 360 seconds (6 minutes). =item B<--satimeout=n> C<(new in v2)> This is the number of seconds to allow for processing a message with SpamAssassin (including feeding it the message, analyzing it, and adding the headers/report if necessary). This should be less than your origination and destination servers' timeout settings for the DATA command. For Postfix the default is 300 seconds in both cases (smtp_data_done_timeout and smtpd_timeout). In the event of timeout while processing the message, the problem is logged and the message is passed on anyway (w/out spam tagging, obviously). To fail the message with a temp 450 error, see the --dose (die-on-sa-errors) option, below. Default is 285 seconds. =item B<--pid=filename> or B<--p=filename> Specifies a filename where I will write its process ID so that it is easy to kill it later. The directory that will contain this file must be writable by the I user. The default is F. =item B<--logsock=unix or inet> C<(new in v2.2)> Syslog socket to use. May be either "unix" of "inet". Default is "unix" except on HP-UX and SunOS (Solaris) systems which seem to prefer "inet". =item B<--maxsize=n> The maximum message size to send to SpamAssassin, in KBytes. By default messages over 64KB are not scanned at all, and an appropriate message is logged indicating this. The size includes headers and attachments (if any). =item B<--dose> C<(new in v2)> Acronym for (d)ie (o)n (s)pamAssassin (e)rrors. By default if I encounters a problem with processing the message through Spam Assassin (timeout or other error), it will still pass the mail on to the destination server. If you specify this option however, the mail is instead rejected with a temporary error (code 450, which means the origination server should keep retrying to send it). See the related --satimeout option, above. =item B<--tagall> or B<--a> Tells I to have SpamAssassin add headers to all scanned mail, not just spam. By default I will only rewrite messages which exceed the spam threshold score (as defined in the SA settings). Note that for this option to work as of SA-2.50, the I and/or I settings in your SpamAssassin F need to be set to 1/true. =item B<--log-rules-hit> or B<--rh> C<(new in v2)> Logs the names of each SpamAssassin rule which matched the message being processed. This list is returned by SA. =item B<--add-sc-header> or B<--ash> C<(new in v2.1)> Add a 'X-Spam-Checked-By: {hostname}' header to each scanned message. By default no such header is added. This can be useful in tracking which server in a pool did the scanning. See below for how to specify a hostname. =item B<--hostname=hostname> C<(new in v2.1)> Hostname to use in the X-Spam-Checked-By header. By default the value of the environmental variable $HOSTNAME is used, or if that is undefined/blank then 'localhost' is used as the hostname. Only relevant if the --add-sc-header option is specified. =item B<--auto-whitelist> or B<--aw> Turns on the SpamAssassin global whitelist feature. See the SA docs. Note that per-user whitelists are not available. =item B<--local-only> or B<--L> C<(new in v2)> Turn off all SA network-based tests (DNS, Razor, etc). =item B<--debug> or B<--d> C<(changed in v2)> Turns on SpamAssassin debug messages which print to STDERR (usually the console). Also turns on more verbose logging of what spampd is doing (new in v2). =item B<--help> or B<--h> Prints usage information. =back =head2 Deprecated Options =over 5 The following options are no longer used but still accepted for backwards compatibility with I v1: =item B<--dead-letters> =item B<--heloname> =item B<--stop-at-threshold> =back =head1 Examples =over 5 =item Running between firewall/gateway and internal mail server I listens on port 10025 on the same host as the internal mail server. spampd --host=192.168.1.10 Same as above but I runs on port 10025 of the same host as the firewall/gateway and passes messages on to the internal mail server on another host. spampd --relayhost=192.168.1.10 =item Using Postfix advanced content filtering example and the SA auto-whitelist feature spampd --port=10025 --relayhost=127.0.0.1:10026 --auto-whitelist =back =head1 Credits I is written and maintained by Maxim Paperno . See http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm for latest info. I v2 uses two Perl modules by Bennett Todd and Copyright (C) 2001 Morgan Stanley Dean Witter. These are distributed under the GNU GPL (see module code for more details). Both modules have been slightly modified from the originals and are included in this file under new names. Also thanks to Bennett Todd for the example smtpproxy script which helped create this version of I. See http://bent.latency.net/smtpprox/ . I v1 was based on code by Dave Carrigan named I. Trace amounts of his code or documentation may still remain. Thanks to him for the original inspiration and code. See http://www.rudedog.org/assassind/ . Also thanks to I (included with SpamAssassin) and I (http://www.ijs.si/software/amavisd/) for some tricks. =head1 Copyright, License, and Disclaimer I is Copyright (c) 2002 by World Design Group and Maxim Paperno. Portions are Copyright (C) 2001 Morgan Stanley Dean Witter as mentioned above in the Credits section. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. The GNU GPL can be found at http://www.fsf.org/copyleft/gpl.html =head1 Bugs None known. Please report any to MPaperno@WorldDesign.com. =head1 To Do Figure out how to use Net::Server::PreFork because it has cool potential for load management. I tried but either I'm missing something or PreFork is somewhat broken in how it works. If anyone has experience here, please let me know. Add configurable option for rejecting mail outright based on spam score. It would be nice to make this program safe enough to sit in front of a mail server such as Postfix and be able to reject mail before it enters our systems. The only real problem is that Postfix will see localhost as the connecting client, so that disables any client-based checks Postfix can do and creates a possible relay hole if localhost is trusted. Per-user preferences: The jury is still out on this one. I'm thinking more and more that most per-user prefs should be specified on the final mailbox server. Why? Because SMTP isn't designed with per-user preferences in mind. On a relay server, the same message body can go to multiple recipients who may have wildly different preferences when it comes to handilng junk mail. The exception here might be the use of LMTP protocol, which bears further investigation. =head1 See Also perl(1), Spam::Assassin(3), L, L spampd-2.62/previous-versions/spampd-2.13.pl000066400000000000000000001375051472556702500207030ustar00rootroot00000000000000#! /usr/bin/perl -T ###################### # SpamPD - spam proxy daemon # # v2.13 - 24-Nov-03 # v2.12 - 15-Nov-03 # v2.11 - 15-Jul-03 # v2.10 - 01-Jul-03 # v2.00 - 10-Jun-03 # v1.0.2 - 13-Apr-03 # v1.0.1 - 03-Feb-03 # v1.0.0 - May 2002 # # spampd is Copyright (c) 2002 by World Design Group and Maxim Paperno # (see http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm) # # Written and maintained by Maxim Paperno (MPaperno@WorldDesign.com) # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # The GNU GPL can be found at http://www.fsf.org/copyleft/gpl.html # # spampd v2 uses two Perl modules by Bennett Todd and Copyright (C) 2001 Morgan # Stanley Dean Witter. These are also distributed under the GNU GPL (see # module code for more details). Both modules have been slightly modified # from the originals and are included in this file under new names. # # spampd v1 was based on code by Dave Carrigan named assassind. Trace amounts # of his code or documentation may still remain. Thanks to him for the # original inspiration and code. (see http://www.rudedog.org/assassind/) # ###################### ################################################################################ package SpamPD::Server; # Originally known as MSDW::SMTP::Server # # This code is Copyright (C) 2001 Morgan Stanley Dean Witter, and # is distributed according to the terms of the GNU Public License # as found at . # # Modified for use in SpamPD by Maxim Paperno (June, 2003) # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # Written by Bennett Todd # =item DESCRIPTION # # This server simply gathers the SMTP acquired information (envelope # sender and recipient, and data) into unparsed memory buffers (or a # file for the data), and returns control to the caller to explicitly # acknowlege each command or request. Since acknowlegement or failure # are driven explicitly from the caller, this module can be used to # create a robust SMTP content scanning proxy, transparent or not as # desired. # # =cut use strict; use IO::File; #use IO::Socket; # =item new(interface => $interface, port => $port); # The #interface and port to listen on must be specified. The interface # must be a valid numeric IP address (0.0.0.0 to listen on all # interfaces, as usual); the port must be numeric. If this call # succeeds, it returns a server structure with an open # IO::Socket::INET in it, ready to listen on. If it fails it dies, so # if you want anything other than an exit with an explanatory error # message, wrap the constructor call in an eval block and pull the # error out of $@ as usual. This is also the case for all other # methods; they succeed or they die. # # =cut sub new { # This now emulates Net::SMTP::Server::Client for use with Net::Server which # passes an already open socket. my($this, $socket) = @_; my $class = ref($this) || $this; my $self = {}; $self->{sock} = $socket; bless($self, $class); die "$0: socket bind failure: $!\n" unless defined $self->{sock}; $self->{state} = 'started'; return $self; # Original code, removed by MP for spampd use # # my ($this, @opts) = @_; # my $class = ref($this) || $this; # my $self = bless { @opts }, $class; # $self->{sock} = IO::Socket::INET->new( # LocalAddr => $self->{interface}, # LocalPort => $self->{port}, # Proto => 'tcp', # Type => SOCK_STREAM, # Listen => 65536, # Reuse => 1, # ); # die "$0: socket bind failure: $!\n" unless defined $self->{sock}; # $self->{state} = 'just bound', # return $self; } # sub accept { } # # Removed by MP; not needed for spampd use # # =item chat; # # The chat method carries the SMTP dialogue up to the point where any # acknowlegement must be made. If chat returns true, then its return # value is the previous SMTP command. If the return value begins with # 'mail' (case insensitive), then the attribute 'from' has been filled # in, and may be checked; if the return value begins with 'rcpt' then # both from and to have been been filled in with scalars, and should # be checked, then either 'ok' or 'fail' should be called to accept # or reject the given sender/recipient pair. If the return value is # 'data', then the attributes from and to are populated; in this case, # the 'to' attribute is a reference to an anonymous array containing # all the recipients for this data. If the return value is '.', then # the 'data' attribute (which may be pre-populated in the "new" or # "accept" methods if desired) is a reference to a filehandle; if it's # created automatically by this module it will point to an unlinked # tmp file in /tmp. If chat returns false, the SMTP dialogue has been # completed and the socket closed; this server is ready to exit or to # accept again, as appropriate for the server style. # # The return value from chat is also remembered inside the server # structure in the "state" attribute. # # =cut sub chat { my ($self) = @_; local(*_); if ($self->{state} !~ /^data/i) { return 0 unless defined($_ = $self->_getline); s/[\r\n]*$//; $self->{state} = $_; if (s/^.?he?lo\s+//i) { # mp: find helo|ehlo|lhlo # mp: determine protocol (for future use) if ( /^L/i ) { $self->{proto} = "lmtp"; } elsif ( /^E/i ) { $self->{proto} = "esmtp"; } else { $self->{proto} = "smtp"; } s/\s*$//; s/\s+/ /g; $self->{helo} = $_; } elsif (s/^rset\s*//i) { delete $self->{to}; delete $self->{data}; delete $self->{recipients}; } elsif (s/^mail\s+from:\s*//i) { delete $self->{to}; delete $self->{data}; delete $self->{recipients}; s/\s*$//; $self->{from} = $_; } elsif (s/^rcpt\s+to:\s*//i) { s/\s*$//; s/\s+/ /g; $self->{to} = $_; push @{$self->{recipients}}, $_; } elsif (/^data/i) { $self->{to} = $self->{recipients}; } } else { if (defined($self->{data})) { $self->{data}->seek(0, 0); $self->{data}->truncate(0); } else { $self->{data} = IO::File->new_tmpfile; } while (defined($_ = $self->_getline)) { if ($_ eq ".\r\n") { $self->{data}->seek(0,0); return $self->{state} = '.'; } s/^\.\./\./; $self->{data}->print($_) or die "$0: write error saving data\n"; } return(0); } return $self->{state}; } # =item ok([message]); # # Approves of the data given to date, either the recipient or the # data, in the context of the sender [and, for data, recipients] # already given and available as attributes. If a message is given, it # will be sent instead of the internal default. # # =cut sub ok { my ($self, @msg) = @_; @msg = ("250 ok.") unless @msg; $self->_print("@msg\r\n") or die "$0: write error acknowledging $self->{state}: $!\n"; } # =item fail([message]); # # Rejects the current info; if processing from, rejects the sender; if # processing 'to', rejects the current recipient; if processing data, # rejects the entire message. If a message is specified it means the # exact same thing as "ok" --- simply send that message to the sender. # # =cut sub fail { my ($self, @msg) = @_; @msg = ("550 no.") unless @msg; $self->_print("@msg\r\n") or die "$0: write error acknowledging $self->{state}: $!\n"; } # utility functions sub _getline { my ($self) = @_; local ($/) = "\r\n"; my $tmp = $self->{sock}->getline; if ( defined $self->{debug} ) { $self->{debug}->print($tmp) if ($tmp); } return $tmp; } sub _print { my ($self, @msg) = @_; $self->{debug}->print(@msg) if defined $self->{debug}; $self->{sock}->print(@msg); } 1; ################################################################################ package SpamPD::Client; # Originally known as MSDW::SMTP::Client # # This code is Copyright (C) 2001 Morgan Stanley Dean Witter, and # is distributed according to the terms of the GNU Public License # as found at . # # Modified for use in SpamPD by Maxim Paperno (June, 2003) # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # Written by Bennett Todd # =head1 DESCRIPTION # # MSDW::SMTP::Client provides a very lean SMTP client implementation; # the only protocol-specific knowlege it has is the structure of SMTP # multiline responses. All specifics lie in the hands of the calling # program; this makes it appropriate for a semi-transparent SMTP # proxy, passing commands between a talker and a listener. # # =cut use strict; use IO::Socket; # =item new(interface => $interface, port => $port[, timeout = 300]); # # The interface and port to talk to must be specified. The interface # must be a valid numeric IP address; the port must be numeric. If # this call succeeds, it returns a client structure with an open # IO::Socket::INET in it, ready to talk to. If it fails it dies, # so if you want anything other than an exit with an explanatory # error message, wrap the constructor call in an eval block and pull # the error out of $@ as usual. This is also the case for all other # methods; they succeed or they die. The timeout parameter is passed # on into the IO::Socket::INET constructor. # # =cut sub new { my ($this, @opts) = @_; my $class = ref($this) || $this; my $self = bless { timeout => 300, @opts }, $class; $self->{sock} = IO::Socket::INET->new( PeerAddr => $self->{interface}, PeerPort => $self->{port}, Timeout => $self->{timeout}, Proto => 'tcp', Type => SOCK_STREAM, ); die "$0: socket connect failure: $!\n" unless defined $self->{sock}; return $self; } # =item hear # # hear collects a complete SMTP response and returns it with trailing # CRLF removed; for multi-line responses, intermediate CRLFs are left # intact. Returns undef if EOF is seen before a complete reply is # collected. # # =cut sub hear { my ($self) = @_; my ($tmp, $reply); return undef unless $tmp = $self->{sock}->getline; while ($tmp =~ /^\d{3}-/) { $reply .= $tmp; return undef unless $tmp = $self->{sock}->getline; } $reply .= $tmp; $reply =~ s/\r\n$//; return $reply; } # =item say("command text") # # say sends an SMTP command, appending CRLF. # # =cut sub say { my ($self, @msg) = @_; return unless @msg; $self->{sock}->print("@msg", "\r\n") or die "$0: write error: $!"; } # =item yammer(FILEHANDLE) # # yammer takes a filehandle (which should be positioned at the # beginning of the file, remember to $fh->seek(0,0) if you've just # written it) and sends its contents as the contents of DATA. This # should only be invoked after a $client->say("data") and a # $client->hear to collect the reply to the data command. It will send # the trailing "." as well. It will perform leading-dot-doubling in # accordance with the SMTP protocol spec, where "leading dot" is # defined in terms of CR-LF terminated lines --- i.e. the data should # contain CR-LF data without the leading-dot-quoting. The filehandle # will be left at EOF. # # =cut sub yammer { my ($self, $fh) = (@_); local (*_); local ($/) = "\r\n"; $self->{sock}->autoflush(0); # use less writes (thx to Sam Horrocks for the tip) while (<$fh>) { s/^\./../; $self->{sock}->print($_) or die "$0: write error: $!\n"; } $self->{sock}->autoflush(1); # restore unbuffered socket operation $self->{sock}->print(".\r\n") or die "$0: write error: $!\n"; } 1; ################################################################################ package SpamPD; use strict; use Net::Server::PreForkSimple; use IO::File; use Getopt::Long; use Mail::SpamAssassin; use Mail::SpamAssassin::NoMailAudit; BEGIN { # Load Time::HiRes if it's available eval { require Time::HiRes }; Time::HiRes->import( qw(time) ) unless $@; # use included modules import SpamPD::Server; import SpamPD::Client; } use vars qw(@ISA $VERSION); our @ISA = qw(Net::Server::PreForkSimple); our $VERSION = '2.12'; sub process_message { my ($self, $fh) = @_; # output lists with a , delimeter by default local ($") = ","; # start a timer my $start = time; # use the assassin object created during startup my $assassin = $self->{spampd}->{assassin}; # this gets info about the message temp file (my $dev,my $ino,my $mode,my $nlink,my $uid, my $gid,my $rdev,my $size, my $atime,my $mtime,my $ctime, my $blksize,my $blocks) = $fh->stat or die "Can't stat mail file: $!"; # Only process message under --maxsize KB if ( $size < ($self->{spampd}->{maxsize} * 1024) ) { # read message into array of lines to feed to SA # notes in the SA::NoMailAudit code indicate it should take a # filehandle... but that doesn't seem to work :-/ my (@msglines, $msgid, $tmp); my $inhdr=1; $fh->seek(0,0) or die "Can't rewind message file: $!"; while (<$fh>) { push(@msglines, $_); $inhdr = 0 if (/^\r?\n$/); # outside of msg header after first blank line # find the Message-ID for logging (code is from spamd) if ( $inhdr && /^Message-Id:\s+(.*?)\s*$/i ) { $msgid = $1; while($msgid =~ s/\([^\(\)]*\)//) {}; # remove comments and $msgid =~ s/^\s+|\s+$//g; # leading and trailing spaces $msgid =~ s/\s.*$//; # keep only the first token $msgid =~ s/%/%%/g; # escape % because Sys::Syslog uses sprintf() } } my $recips = "@{$self->{smtp_server}->{to}}"; $msgid ||= "(unknown)"; $recips ||= "(unknown)"; $self->log(2, "processing message $msgid for ". $recips); eval { local $SIG{ALRM} = sub { die "Timed out!\n" }; # save previous timer and start new my $previous_alarm = alarm($self->{spampd}->{satimeout}); # Audit the message my $mail = Mail::SpamAssassin::NoMailAudit->new ( data => \@msglines ); # Check spamminess my $status = $assassin->check($mail); if ( $self->{spampd}->{debug} ) { $self->log(2, "Returned from checking by SpamAssassin"); } my $addingHeader = 0; if ( $self->{spampd}->{addheader} && length($self->{spampd}->{myhostname}) ) { $mail->put_header("X-Spam-Checked-By", $self->{spampd}->{myhostname}); $addingHeader = 1; } # Rewrite mail if high spam factor or options --tagall or --add-sc-header if ( $status->is_spam || $self->{spampd}->{tagall} || $addingHeader ) { # if spam or --tagall, have SA put in its report/headers. if ( $status->is_spam || $self->{spampd}->{tagall} ) { if ( $self->{spampd}->{debug} ) { $self->log(2, "Rewriting mail using SpamAssassin"); } $status->rewrite_mail; } my $msg_resp = join '', $mail->header, "\r\n", @{$mail->body}; my @resplines = split(/\r?\n/, $msg_resp); # Build the new message to relay # pause the timeout alarm while we do this (no point in timing # out here and leaving a half-written file). my $pause_alarm = alarm(0); $fh->seek(0,0) or die "Can't rewind message file: $!"; $fh->truncate(0) or die "Can't truncate message file: $!"; my $arraycont = @resplines; for ( 0..$arraycont ) { $fh->print($resplines[$_] . "\r\n") or die "Can't print to message file: $!"; } #restart the alarm alarm($pause_alarm); } # Log what we did my $was_it_spam = 'clean message'; if ($status->is_spam) { $was_it_spam = 'identified spam'; } my $msg_score = sprintf("%.2f",$status->get_hits); my $msg_threshold = sprintf("%.2f",$status->get_required_hits); my $proc_time = sprintf("%.2f", time - $start); $self->log(2, "$was_it_spam $msgid ($msg_score/$msg_threshold) for ". "$recips in $proc_time seconds, $size bytes."); # thanks to Kurt Andersen for this idea if ( $self->{spampd}->{rh} ) { $self->log(2, "rules hit for $msgid: " . $status->get_names_of_tests_hit); } $status->finish(); # set the timeout alarm back to wherever it was at alarm($previous_alarm); }; if ( $@ ne '' ) { $self->log(1, "WARNING!! SpamAssassin error on message $msgid: $@"); return 0; } } else { $self->log(2, "skipped large message (". $size / 1024 ."KB)"); } return 1; } sub process_request { my $self = shift; my $msg; eval { local $SIG{ALRM} = sub { die "Child server process timed out!\n" }; my $timeout = $self->{spampd}->{childtimeout}; # start a timeout alarm alarm($timeout); # start an smtp server my $smtp_server = SpamPD::Server->new($self->{server}->{client}); unless ( defined $smtp_server ) { die "Failed to create listening Server: $!"; } $self->{smtp_server} = $smtp_server; if ( $self->{spampd}->{debug} ) { $self->log(2, "Initiated Server"); } # start an smtp "client" (really a sending server) my $client = SpamPD::Client->new(interface => $self->{spampd}->{relayhost}, port => $self->{spampd}->{relayport}); unless ( defined $client ) { die "Failed to create sending Client: $!"; } if ( $self->{spampd}->{debug} ) { $self->log(2, "Initiated Client"); } # pass on initial client response # $client->hear can handle multiline responses so no need to loop $smtp_server->ok($client->hear) or die "Error in initial server->ok(client->hear): $!"; if ( $self->{spampd}->{debug} ) { $self->log(2, "smtp_server state: '" . $smtp_server->{state} . "'"); } # while loop over incoming data from the server while ( my $what = $smtp_server->chat ) { if ( $self->{spampd}->{debug} ) { $self->log(2, "smtp_server state: '" . $smtp_server->{state} . "'"); } # until end of DATA is sent, just pass the commands on transparently if ($what ne '.') { $client->say($what) or die "Failure in client->say(what): $!"; # but once the data is sent now we want to process it } else { # spam checking routine - message might be rewritten here my $pmrescode = $self->process_message($smtp_server->{data}); # pass on the messsage if exit code <> 0 or die-on-sa-errors flag is off if ( $pmrescode or !$self->{spampd}->{dose} ) { # need to give the client a rewound file $smtp_server->{data}->seek(0,0) or die "Can't rewind mail file: $!"; # now send the data on through the client $client->yammer($smtp_server->{data}) or die "Failure in client->yammer(smtp_server->{data}): $!"; } else { $smtp_server->ok("450 Temporary failure processing message, please try again later"); last; } #close the temp file $smtp_server->{data}->close or $self->log(1, "WARNING!! Couldn't close smtp_server->{data} temp file: $!"); if ( $self->{spampd}->{debug} ) { $self->log(2, "Finished sending DATA"); } } # pass on whatever the relayhost said in response # $client->hear can handle multiline responses so no need to loop my $destresp = $client->hear; $smtp_server->ok($destresp) or die "Error in server->ok(client->hear): $!"; if ( $self->{spampd}->{debug} ) { $self->log(2, "Destination response: '" . $destresp . "'"); } # if we're in data state but the response is an error, exit data state. # Shold not normally occur, but can happen. Thanks to Rodrigo Ventura for bug reports. if ( $smtp_server->{state} =~ /^data/i and $destresp =~ /^[45]\d{2} / ) { $smtp_server->{state} = "err_after_data"; if ( $self->{spampd}->{debug} ) { $self->log(2, "Destination response indicates error after DATA command"); } } # restart the timeout alarm alarm($timeout); } # server ends connection # close connections $client->{sock}->close or die "Couldn't close client->{sock}: $!"; $smtp_server->{sock}->close or die "Couldn't close smtp_server->{sock}: $!"; if ( $self->{spampd}->{debug} ) { $self->log(2, "Closed connections"); } }; # end eval block alarm(0); # stop the timer # check for error in eval block if ($@ ne '') { chomp($@); $msg = "WARNING!! Error in process_request eval block: $@"; $self->log(0, $msg); die ($msg . "\n"); } $self->{spampd}->{instance}++; # if ( $self->{spampd}->{instance}++ > $self->{spampd}->{maxrequests} ) { # if ( $self->{spampd}->{debug} ) { # $self->log(2, "Exiting child process after handling ". # $self->{spampd}->{maxrequests} ." requests"); } # exit 0; # }; } # Net::Server hook # about to exit child process sub child_finish_hook { my($self) = shift; if ( $self->{spampd}->{debug} ) { $self->log(2, "Exiting child process after handling ". $self->{spampd}->{instance} ." requests"); } } my $relayhost = '127.0.0.1'; # relay to ip my $relayport = 25; # relay to port my $host = '127.0.0.1'; # listen on ip my $port = 10025; # listen on port my $children = 5; # number of child processes (servers) to spawn at start # my $maxchildren = $children; # max. number of child processes (servers) to spawn my $maxrequests = 20; # max requests handled by child b4 dying my $childtimeout = 6*60; # child process per-command timeout in seconds my $satimeout = 285; # SpamAssassin timeout in seconds (15s less than Postfix # default for smtp_data_done_timeout) my $pidfile = '/var/run/spampd.pid'; # write pid to file my $user = 'mail'; # user to run as my $group = 'mail'; # group to run as my $tagall = 0; # mark-up all msgs with SA, not just spam my $maxsize = 64; # max. msg size to scan with SA, in KB. my $rh = 0; # log which rules were hit my $debug = 0; # debug flag my $dose = 0; # die-on-sa-errors flag my $addheader = 0; # add X-Spam-Checked-By header to all messages # hostname to use in X-Spam-Checked-By header: my $myhostname = ( length($ENV{HOSTNAME}) ) ? $ENV{HOSTNAME} : "localhost"; my $logsock = "unix"; # default log socket (some systems like 'inet') # the following are deprecated as of v.2 my $heloname = ''; my $dead_letters = ''; my %options = (port => \$port, host => \$host, relayhost => \$relayhost, relayport => \$relayport, 'dead-letters' => \$dead_letters, pid => \$pidfile, user => \$user, group => \$group, maxrequests => \$maxrequests, maxsize => \$maxsize, heloname => \$heloname, childtimeout => \$childtimeout, satimeout => \$satimeout, children => \$children, # maxchildren => \$maxchildren, hostname => \$myhostname, logsock => \$logsock ); usage(1) unless GetOptions(\%options, 'port=i', 'host=s', 'relayhost=s', 'relayport=i', 'children|c=i', # 'maxchildren|mc=i', 'maxrequests|mr=i', 'childtimeout=i', 'satimeout=i', 'dead-letters=s', 'user|u=s', 'group|g=s', 'pid|p=s', 'maxsize=i', 'heloname=s', 'tagall|a', 'auto-whitelist|aw', 'stop-at-threshold', 'debug|d', 'help|h', 'local-only|l', 'log-rules-hit|rh', 'dose', 'add-sc-header|ash', 'hostname=s', 'logsock=s' ); usage(0) if $options{help}; if ( $logsock !~ /^(unix|inet)$/ ) { print "--logsock parameter needs to be either unix or inet\n\n"; usage(0); } if ( $options{tagall} ) { $tagall = 1; } if ( $options{'log-rules-hit'} ) { $rh = 1; } if ( $options{debug} ) { $debug = 1; } if ( $options{dose} ) { $dose = 1; } if ( $options{'add-sc-header'} ) { $addheader = 1; } # if ( !$options{maxchildren} or $maxchildren < $children ) { $maxchildren = $children; } if ( $children < 1 ) { print "Option --children must be greater than zero!\n"; exit shift; } # my $min_spare_servers = ($children == $maxchildren) ? 0 : 1; # my $max_spare_servers = ($min_spare_servers == 0) ? 0 : $maxchildren-1; my @tmp = split (/:/, $relayhost); $relayhost = $tmp[0]; if ( $tmp[1] ) { $relayport = $tmp[1]; } @tmp = split (/:/, $host); $host = $tmp[0]; if ( $tmp[1] ) { $port = $tmp[1]; } my $assassin = Mail::SpamAssassin->new({ 'dont_copy_prefs' => 1, 'debug' => $debug, 'local_tests_only' => $options{'local-only'} || 0 }); # 'stop_at_threshold' => $options{'stop_at_threshold'} || 0, $options{'auto-whitelist'} and eval { require Mail::SpamAssassin::DBBasedAddrList; # create a factory for the persistent address list my $addrlistfactory = Mail::SpamAssassin::DBBasedAddrList->new(); $assassin->set_persistent_address_list_factory ($addrlistfactory); }; $assassin->compile_now(); # thanks to Kurt Andersen for the 'uname -s' fix if ( !$options{logsock} ) { eval { my $osname = `uname -s`; if (($osname =~ 'HP-UX') || ($osname =~ 'SunOS')) { $logsock = "inet"; } }; } my $server = bless { server => {host => $host, port => [ $port ], log_file => 'Sys::Syslog', syslog_logsock => $logsock, syslog_ident => 'spampd', syslog_facility => 'mail', background => 1, # setsid => 1, pid_file => $pidfile, user => $user, group => $group, max_servers => $children, max_requests => $maxrequests, # min_servers => $children, # max_servers => $maxchildren, # min_spare_servers => $min_spare_servers, # max_spare_servers => $max_spare_servers, }, spampd => { relayhost => $relayhost, relayport => $relayport, tagall => $tagall, maxsize => $maxsize, assassin => $assassin, childtimeout => $childtimeout, satimeout => $satimeout, rh => $rh, debug => $debug, dose => $dose, addheader => $addheader, myhostname => $myhostname, instance => 0, }, }, 'SpamPD'; # Redirect all warnings to Server::log $SIG{__WARN__} = sub { $server->log (2, $_[0]); }; # call Net::Server to start up the daemon inside $server->run; exit 1; # shouldn't get here sub usage { print < or B<--mc=n> C<(new in v2)> # # Maximum number of children to spawn if needed (where n >= --children). When # I starts it will spawn a number of child servers as specified by # --children. If all those servers become busy, a new child is spawned up to the # number specified in --maxchildren. Default is to have --maxchildren equal to # --children so extra child processes aren't started. Also see the --children # option, above. You may want to set your origination mail server to limit the # number of concurrent connections to I to match this setting (for # Postfix this is the C setting where # 'xxxx' is the transport being used, usually 'smtp', and the default is 100). # # Note that extra servers after the initial --children will only spawn on very # busy systems. This is because the check to see if a new server is needed (ie. # all current ones are busy) is only done around once per minute (this is # controlled by the Net::Server::PreFork module, in case you want to # hack at it :). It can still be useful as an "overflow valve," and is # especially nice since the extra child servers will die off once they're not # needed. =pod =head1 NAME SpamPD - Spam Proxy Daemon (version 2.11) =head1 Synopsis B [B<--host=host[:port]>] [B<--relayhost=hostname[:port]>] [B<--user|u=username>] [B<--group|g=groupname>] [B<--children|c=n>] #[B<--maxchildren|mc=n>] [B<--maxrequests=n>] [B<--childtimeout=n>] [B<--satimeout=n>] [B<--pid|p=filename>] [B<--logsock=inet|unix>] [B<--maxsize=n>] [B<--dose>] [B<--tagall|a>] [B<--log-rules-hit|rh>] [B<--auto-whitelist|aw>] [B<--local-only|L>] [B<--debug|d>] B B<--help> =head1 Description I is an SMTP/LMTP proxy that marks (or tags) spam using SpamAssassin (http://www.SpamAssassin.org/). The proxy is designed to be transparent to the sending and receiving mail servers and at no point takes responsibility for the message itself. If a failure occurs within I (or SpamAssassin) then the mail servers will disconnect and the sending server is still responsible for retrying the message for as long as it is configured to do so. I uses SpamAssassin to modify (tag) relayed messages based on their spam score, so all SA settings apply. This is described in the SA documentation. I will by default only tell SA to tag a message if it exceeds the spam threshold score, however you can have it rewrite all messages passing through by adding the --tagall option (see SA for how non-spam messages are tagged). I logs all aspects of its operation to syslog(8), using the mail syslog facility. The latest version can be found at L. =head1 Requires =over 5 Perl modules: =item B =item B =item B =item B =item B (not actually required but recommended) =back =head1 Operation I is meant to operate as an S/LMTP mail proxy which passes each message through SpamAssassin for analysis. Note that I does not do anything other than check for spam, so it is not suitable as an anti-relay system. It is meant to work in conjunction with your regular mail system. Typically one would pipe any messages they wanted scanned through I after initial acceptance by your MX host. This is especially useful for using Postfix's (http://www.postfix.org) advanced content filtering mechanism, although certainly not limited to that application. Please re-read the second sentence in the above paragraph. You should NOT enable I to listen on a public interface (IP address) unless you know exactly what you're doing! It is very easy to set up an open relay this way. Here are some simple examples (square brackets in the "diagrams" indicate physical machines): B =over 3 The firewall/gateway MTA would be configured to forward all of its mail to the port that I listens on, and I would relay its messages to port 25 of your internal server. I could either run on its own host (and listen on any port) or it could run on either mail server (and listen on any port except port 25). Internet -> [ MX gateway (@inter.net.host:25) -> spampd (@localhost:2025) ] -> Internal mail (@private.host.ip:25) =back B =over 3 Please see the F that came with the Postfix distribution. You need to have a version of Postfix which supports this (ideally v.2 and up). Internet -> [ Postfix (@inter.net.host:25) -> spampd (@localhost:10025) -> Postfix (@localhost:10026) ] -> final delivery =back Note that these examples only show incoming mail delivery. Since it is usually unnecessary to scan mail coming from your network (right?), it may be desirable to set up a separate outbound route which bypasses I. =head1 Upgrading Upgrading from version 1 simply involves replacing the F program file with the latest one. Note that the I folder is no longer being used and the --dead-letters option is no longer needed (though no errors are thrown if it's present). Check the L<"Options"> list below for a full list of new and deprecated options. Also be sure to check out the change log. =head1 Installation I can be run directly from the command prompt if desired. This is useful for testing purposes, but for long term use you probably want to put it somewhere like /usr/bin or /usr/local/bin and execute it at system startup. For example on Red Hat-style Linux system one can use a script in /etc/rc.d/init.d to start I (a sample script is available on the I Web page @ http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm). The options all have reasonable defaults, especially for a Postfix-centric installation. You may want to specify the --children option if you have an especially beefy or weak server box because I is a memory-hungry program. Check the L<"Options"> for details on this and all other parameters. Note that I B I from the I distribution in function. You do not need to run I in order for I to work. This has apparently been the source of some confusion, so now you know. =head2 Postfix-specific Notes Here is a typical setup for Postfix "advanced" content filtering as described in the F that came with the Postfix distribution (which you really need to read): F: smtp inet n - y - - smtpd -o content_filter=smtp:localhost:10025 -o myhostname=mx.example.com localhost:10026 inet n - n - 10 smtpd -o content_filter= -o myhostname=mx-int.example.com The first entry is the main public-facing MTA which uses localhost:10025 as the content filter for all mail. The second entry receives mail from the content filter and does final delivery. Both smtpd instances use the same Postfix F file. I is the process that listens on localhost:10025 and then connects to the Postfix listener on localhost:10026. Note that the C options must be different between the two instances, otherwise Postfix will think it's talking to itself and abort sending. For the above example you can simply start I like this: spampd --host=localhost:10025 --relayhost=localhost:10026 F from the Postfix distro has more details and examples of various setups, including how to skip the content filter for outbound mail. Another tip for Postfix when considering what timeout values to use for --childtimout and --satimeout options is the following command: C<# postconf | grep timeout> This will return a list of useful timeout settings and their values. For explanations see the relevant C page (smtp, smtpd, lmtp). By default I is set up for the default Postfix timeout values. =head1 Options =over 5 =item B<--host=ip[:port] or hostname[:port]> C<(changed in v2)> Specifies what hostname/IP and port I listens on. By default, it listens on 127.0.0.1 (localhost) on port 10025. B You should NOT enable I to listen on a public interface (IP address) unless you know exactly what you're doing! =item B<--port=n> Specifies what port I listens on. By default, it listens on port 10025. This is an alternate to using the above --host=ip:port notation. =item B<--relayhost=ip[:port] or hostname[:port]> Specifies the hostname/IP where I will relay all messages. Defaults to 127.0.0.1 (localhost). If the port is not provided, that defaults to 25. =item B<--relayport=n> C<(new in v2)> Specifies what port I will relay to. Default is 25. This is an alternate to using the above --relayhost=ip:port notation. =item B<--user=username> or B<--u=username> =item B<--group=groupname> or B<--g=groupname> Specifies the user and group that the proxy will run as. Default is I/I. =item B<--children=n> or B<--c=n> C<(new in v2)> Number of child servers to start and maintain (where n > 0). Each child will process up to --maxrequests (below) before exiting and being replaced by another child. Keep this number low on systems w/out a lot of memory. Default is 5 (which seems OK on a 512MB lightly loaded system). Note that there is always a parent process running, so if you specify 5 children you will actually have 6 I processes running. You may want to set your origination mail server to limit the number of concurrent connections to I to match this setting (for Postfix this is the C setting where 'xxxx' is the transport being used, usually 'smtp', and the default is 100). =item B<--maxrequests=n> I works by forking child servers to handle each message. The B parameter specifies how many requests will be handled before the child exits. Since a child never gives back memory, a large message can cause it to become quite bloated; the only way to reclaim the memory is for the child to exit. The default is 20. =item B<--childtimeout=n> C<(new in v2)> This is the number of seconds to allow each child server before it times out a transaction. In an S/LMTP transaction the timer is reset for every command. This timeout includes time it would take to send the message data, so it should not be too short. Note that it's more likely the origination or destination mail servers will timeout first, which is fine. This is just a "sane" failsafe. Default is 360 seconds (6 minutes). =item B<--satimeout=n> C<(new in v2)> This is the number of seconds to allow for processing a message with SpamAssassin (including feeding it the message, analyzing it, and adding the headers/report if necessary). This should be less than your origination and destination servers' timeout settings for the DATA command. For Postfix the default is 300 seconds in both cases (smtp_data_done_timeout and smtpd_timeout). In the event of timeout while processing the message, the problem is logged and the message is passed on anyway (w/out spam tagging, obviously). To fail the message with a temp 450 error, see the --dose (die-on-sa-errors) option, below. Default is 285 seconds. =item B<--pid=filename> or B<--p=filename> Specifies a filename where I will write its process ID so that it is easy to kill it later. The directory that will contain this file must be writable by the I user. The default is F. =item B<--logsock=unix or inet> C<(new in v2.2)> Syslog socket to use. May be either "unix" of "inet". Default is "unix" except on HP-UX and SunOS (Solaris) systems which seem to prefer "inet". =item B<--maxsize=n> The maximum message size to send to SpamAssassin, in KBytes. By default messages over 64KB are not scanned at all, and an appropriate message is logged indicating this. The size includes headers and attachments (if any). =item B<--dose> C<(new in v2)> Acronym for (d)ie (o)n (s)pamAssassin (e)rrors. By default if I encounters a problem with processing the message through Spam Assassin (timeout or other error), it will still pass the mail on to the destination server. If you specify this option however, the mail is instead rejected with a temporary error (code 450, which means the origination server should keep retrying to send it). See the related --satimeout option, above. =item B<--tagall> or B<--a> Tells I to have SpamAssassin add headers to all scanned mail, not just spam. By default I will only rewrite messages which exceed the spam threshold score (as defined in the SA settings). Note that for this option to work as of SA-2.50, the I and/or I settings in your SpamAssassin F need to be set to 1/true. =item B<--log-rules-hit> or B<--rh> C<(new in v2)> Logs the names of each SpamAssassin rule which matched the message being processed. This list is returned by SA. =item B<--add-sc-header> or B<--ash> C<(new in v2.1)> Add a 'X-Spam-Checked-By: {hostname}' header to each scanned message. By default no such header is added. This can be useful in tracking which server in a pool did the scanning. See below for how to specify a hostname. =item B<--hostname=hostname> C<(new in v2.1)> Hostname to use in the X-Spam-Checked-By header. By default the value of the environmental variable $HOSTNAME is used, or if that is undefined/blank then 'localhost' is used as the hostname. Only relevant if the --add-sc-header option is specified. =item B<--auto-whitelist> or B<--aw> Turns on the SpamAssassin global whitelist feature. See the SA docs. Note that per-user whitelists are not available. =item B<--local-only> or B<--L> C<(new in v2)> Turn off all SA network-based tests (DNS, Razor, etc). =item B<--debug> or B<--d> C<(changed in v2)> Turns on SpamAssassin debug messages which print to STDERR (usually the console). Also turns on more verbose logging of what spampd is doing (new in v2). =item B<--help> or B<--h> Prints usage information. =back =head2 Deprecated Options =over 5 The following options are no longer used but still accepted for backwards compatibility with I v1: =item B<--dead-letters> =item B<--heloname> =item B<--stop-at-threshold> =back =head1 Examples =over 5 =item Running between firewall/gateway and internal mail server I listens on port 10025 on the same host as the internal mail server. spampd --host=192.168.1.10 Same as above but I runs on port 10025 of the same host as the firewall/gateway and passes messages on to the internal mail server on another host. spampd --relayhost=192.168.1.10 =item Using Postfix advanced content filtering example and the SA auto-whitelist feature spampd --port=10025 --relayhost=127.0.0.1:10026 --auto-whitelist =back =head1 Credits I is written and maintained by Maxim Paperno . See http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm for latest info. I v2 uses two Perl modules by Bennett Todd and Copyright (C) 2001 Morgan Stanley Dean Witter. These are distributed under the GNU GPL (see module code for more details). Both modules have been slightly modified from the originals and are included in this file under new names. Also thanks to Bennett Todd for the example smtpproxy script which helped create this version of I. See http://bent.latency.net/smtpprox/ . I v1 was based on code by Dave Carrigan named I. Trace amounts of his code or documentation may still remain. Thanks to him for the original inspiration and code. See http://www.rudedog.org/assassind/ . Also thanks to I (included with SpamAssassin) and I (http://www.ijs.si/software/amavisd/) for some tricks. =head1 Copyright, License, and Disclaimer I is Copyright (c) 2002 by World Design Group and Maxim Paperno. Portions are Copyright (C) 2001 Morgan Stanley Dean Witter as mentioned above in the Credits section. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. The GNU GPL can be found at http://www.fsf.org/copyleft/gpl.html =head1 Bugs None known. Please report any to MPaperno@WorldDesign.com. =head1 To Do Figure out how to use Net::Server::PreFork because it has cool potential for load management. I tried but either I'm missing something or PreFork is somewhat broken in how it works. If anyone has experience here, please let me know. Add configurable option for rejecting mail outright based on spam score. It would be nice to make this program safe enough to sit in front of a mail server such as Postfix and be able to reject mail before it enters our systems. The only real problem is that Postfix will see localhost as the connecting client, so that disables any client-based checks Postfix can do and creates a possible relay hole if localhost is trusted. Per-user preferences: The jury is still out on this one. I'm thinking more and more that most per-user prefs should be specified on the final mailbox server. Why? Because SMTP isn't designed with per-user preferences in mind. On a relay server, the same message body can go to multiple recipients who may have wildly different preferences when it comes to handilng junk mail. The exception here might be the use of LMTP protocol, which bears further investigation. =head1 See Also perl(1), Spam::Assassin(3), L, L spampd-2.62/previous-versions/spampd-2.20.pl000066400000000000000000001403071472556702500206730ustar00rootroot00000000000000#! /usr/bin/perl -T ###################### # SpamPD - spam proxy daemon # # v2.20 - 05-Oct-04 # v2.13 - 24-Nov-03 # v2.12 - 15-Nov-03 # v2.11 - 15-Jul-03 # v2.10 - 01-Jul-03 # v2.00 - 10-Jun-03 # v1.0.2 - 13-Apr-03 # v1.0.1 - 03-Feb-03 # v1.0.0 - May 2002 # # spampd is Copyright (c) 2002 by World Design Group and Maxim Paperno # (see http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm) # # Written and maintained by Maxim Paperno (MPaperno@WorldDesign.com) # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # The GNU GPL can be found at http://www.fsf.org/copyleft/gpl.html # # spampd v2 uses two Perl modules by Bennett Todd and Copyright (C) 2001 Morgan # Stanley Dean Witter. These are also distributed under the GNU GPL (see # module code for more details). Both modules have been slightly modified # from the originals and are included in this file under new names. # # spampd v1 was based on code by Dave Carrigan named assassind. Trace amounts # of his code or documentation may still remain. Thanks to him for the # original inspiration and code. (see http://www.rudedog.org/assassind/) # ###################### ################################################################################ package SpamPD::Server; # Originally known as MSDW::SMTP::Server # # This code is Copyright (C) 2001 Morgan Stanley Dean Witter, and # is distributed according to the terms of the GNU Public License # as found at . # # Modified for use in SpamPD by Maxim Paperno (June, 2003) # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # Written by Bennett Todd # =item DESCRIPTION # # This server simply gathers the SMTP acquired information (envelope # sender and recipient, and data) into unparsed memory buffers (or a # file for the data), and returns control to the caller to explicitly # acknowlege each command or request. Since acknowlegement or failure # are driven explicitly from the caller, this module can be used to # create a robust SMTP content scanning proxy, transparent or not as # desired. # # =cut use strict; use IO::File; #use IO::Socket; # =item new(interface => $interface, port => $port); # The #interface and port to listen on must be specified. The interface # must be a valid numeric IP address (0.0.0.0 to listen on all # interfaces, as usual); the port must be numeric. If this call # succeeds, it returns a server structure with an open # IO::Socket::INET in it, ready to listen on. If it fails it dies, so # if you want anything other than an exit with an explanatory error # message, wrap the constructor call in an eval block and pull the # error out of $@ as usual. This is also the case for all other # methods; they succeed or they die. # # =cut sub new { # This now emulates Net::SMTP::Server::Client for use with Net::Server which # passes an already open socket. my($this, $socket) = @_; my $class = ref($this) || $this; my $self = {}; $self->{sock} = $socket; bless($self, $class); die "$0: socket bind failure: $!\n" unless defined $self->{sock}; $self->{state} = 'started'; return $self; # Original code, removed by MP for spampd use # # my ($this, @opts) = @_; # my $class = ref($this) || $this; # my $self = bless { @opts }, $class; # $self->{sock} = IO::Socket::INET->new( # LocalAddr => $self->{interface}, # LocalPort => $self->{port}, # Proto => 'tcp', # Type => SOCK_STREAM, # Listen => 65536, # Reuse => 1, # ); # die "$0: socket bind failure: $!\n" unless defined $self->{sock}; # $self->{state} = 'just bound', # return $self; } # sub accept { } # # Removed by MP; not needed for spampd use # # =item chat; # # The chat method carries the SMTP dialogue up to the point where any # acknowlegement must be made. If chat returns true, then its return # value is the previous SMTP command. If the return value begins with # 'mail' (case insensitive), then the attribute 'from' has been filled # in, and may be checked; if the return value begins with 'rcpt' then # both from and to have been been filled in with scalars, and should # be checked, then either 'ok' or 'fail' should be called to accept # or reject the given sender/recipient pair. If the return value is # 'data', then the attributes from and to are populated; in this case, # the 'to' attribute is a reference to an anonymous array containing # all the recipients for this data. If the return value is '.', then # the 'data' attribute (which may be pre-populated in the "new" or # "accept" methods if desired) is a reference to a filehandle; if it's # created automatically by this module it will point to an unlinked # tmp file in /tmp. If chat returns false, the SMTP dialogue has been # completed and the socket closed; this server is ready to exit or to # accept again, as appropriate for the server style. # # The return value from chat is also remembered inside the server # structure in the "state" attribute. # # =cut sub chat { my ($self) = @_; local(*_); if ($self->{state} !~ /^data/i) { return 0 unless defined($_ = $self->_getline); s/[\r\n]*$//; $self->{state} = $_; if (s/^.?he?lo\s+//i) { # mp: find helo|ehlo|lhlo # mp: determine protocol (for future use) if ( /^L/i ) { $self->{proto} = "lmtp"; } elsif ( /^E/i ) { $self->{proto} = "esmtp"; } else { $self->{proto} = "smtp"; } s/\s*$//; s/\s+/ /g; $self->{helo} = $_; } elsif (s/^rset\s*//i) { delete $self->{to}; delete $self->{data}; delete $self->{recipients}; } elsif (s/^mail\s+from:\s*//i) { delete $self->{to}; delete $self->{data}; delete $self->{recipients}; s/\s*$//; $self->{from} = $_; } elsif (s/^rcpt\s+to:\s*//i) { s/\s*$//; s/\s+/ /g; $self->{to} = $_; push @{$self->{recipients}}, $_; } elsif (/^data/i) { $self->{to} = $self->{recipients}; } } else { if (defined($self->{data})) { $self->{data}->seek(0, 0); $self->{data}->truncate(0); } else { $self->{data} = IO::File->new_tmpfile; } while (defined($_ = $self->_getline)) { if ($_ eq ".\r\n") { $self->{data}->seek(0,0); return $self->{state} = '.'; } s/^\.\./\./; $self->{data}->print($_) or die "$0: write error saving data\n"; } return(0); } return $self->{state}; } # =item ok([message]); # # Approves of the data given to date, either the recipient or the # data, in the context of the sender [and, for data, recipients] # already given and available as attributes. If a message is given, it # will be sent instead of the internal default. # # =cut sub ok { my ($self, @msg) = @_; @msg = ("250 ok.") unless @msg; $self->_print("@msg\r\n") or die "$0: write error acknowledging $self->{state}: $!\n"; } # =item fail([message]); # # Rejects the current info; if processing from, rejects the sender; if # processing 'to', rejects the current recipient; if processing data, # rejects the entire message. If a message is specified it means the # exact same thing as "ok" --- simply send that message to the sender. # # =cut sub fail { my ($self, @msg) = @_; @msg = ("550 no.") unless @msg; $self->_print("@msg\r\n") or die "$0: write error acknowledging $self->{state}: $!\n"; } # utility functions sub _getline { my ($self) = @_; local ($/) = "\r\n"; my $tmp = $self->{sock}->getline; if ( defined $self->{debug} ) { $self->{debug}->print($tmp) if ($tmp); } return $tmp; } sub _print { my ($self, @msg) = @_; $self->{debug}->print(@msg) if defined $self->{debug}; $self->{sock}->print(@msg); } 1; ################################################################################ package SpamPD::Client; # Originally known as MSDW::SMTP::Client # # This code is Copyright (C) 2001 Morgan Stanley Dean Witter, and # is distributed according to the terms of the GNU Public License # as found at . # # Modified for use in SpamPD by Maxim Paperno (June, 2003) # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # Written by Bennett Todd # =head1 DESCRIPTION # # MSDW::SMTP::Client provides a very lean SMTP client implementation; # the only protocol-specific knowlege it has is the structure of SMTP # multiline responses. All specifics lie in the hands of the calling # program; this makes it appropriate for a semi-transparent SMTP # proxy, passing commands between a talker and a listener. # # =cut use strict; use IO::Socket; # =item new(interface => $interface, port => $port[, timeout = 300]); # # The interface and port to talk to must be specified. The interface # must be a valid numeric IP address; the port must be numeric. If # this call succeeds, it returns a client structure with an open # IO::Socket::INET in it, ready to talk to. If it fails it dies, # so if you want anything other than an exit with an explanatory # error message, wrap the constructor call in an eval block and pull # the error out of $@ as usual. This is also the case for all other # methods; they succeed or they die. The timeout parameter is passed # on into the IO::Socket::INET constructor. # # =cut sub new { my ($this, @opts) = @_; my $class = ref($this) || $this; my $self = bless { timeout => 300, @opts }, $class; $self->{sock} = IO::Socket::INET->new( PeerAddr => $self->{interface}, PeerPort => $self->{port}, Timeout => $self->{timeout}, Proto => 'tcp', Type => SOCK_STREAM, ); die "$0: socket connect failure: $!\n" unless defined $self->{sock}; return $self; } # =item hear # # hear collects a complete SMTP response and returns it with trailing # CRLF removed; for multi-line responses, intermediate CRLFs are left # intact. Returns undef if EOF is seen before a complete reply is # collected. # # =cut sub hear { my ($self) = @_; my ($tmp, $reply); return undef unless $tmp = $self->{sock}->getline; while ($tmp =~ /^\d{3}-/) { $reply .= $tmp; return undef unless $tmp = $self->{sock}->getline; } $reply .= $tmp; $reply =~ s/\r\n$//; return $reply; } # =item say("command text") # # say sends an SMTP command, appending CRLF. # # =cut sub say { my ($self, @msg) = @_; return unless @msg; $self->{sock}->print("@msg", "\r\n") or die "$0: write error: $!"; } # =item yammer(FILEHANDLE) # # yammer takes a filehandle (which should be positioned at the # beginning of the file, remember to $fh->seek(0,0) if you've just # written it) and sends its contents as the contents of DATA. This # should only be invoked after a $client->say("data") and a # $client->hear to collect the reply to the data command. It will send # the trailing "." as well. It will perform leading-dot-doubling in # accordance with the SMTP protocol spec, where "leading dot" is # defined in terms of CR-LF terminated lines --- i.e. the data should # contain CR-LF data without the leading-dot-quoting. The filehandle # will be left at EOF. # # =cut sub yammer { my ($self, $fh) = (@_); local (*_); local ($/) = "\r\n"; $self->{sock}->autoflush(0); # use less writes (thx to Sam Horrocks for the tip) while (<$fh>) { s/^\./../; $self->{sock}->print($_) or die "$0: write error: $!\n"; } $self->{sock}->autoflush(1); # restore unbuffered socket operation $self->{sock}->print(".\r\n") or die "$0: write error: $!\n"; } 1; ################################################################################ package SpamPD; use strict; use Net::Server::PreForkSimple; use IO::File; use Getopt::Long; use Mail::SpamAssassin; BEGIN { # Load Time::HiRes if it's available eval { require Time::HiRes }; Time::HiRes->import( qw(time) ) unless $@; # use included modules import SpamPD::Server; import SpamPD::Client; } use vars qw(@ISA $VERSION); our @ISA = qw(Net::Server::PreForkSimple); our $VERSION = '2.2'; sub process_message { my ($self, $fh) = @_; # output lists with a , delimeter by default local ($") = ","; # start a timer my $start = time; # use the assassin object created during startup my $assassin = $self->{spampd}->{assassin}; my $sa_version = Mail::SpamAssassin::Version(); # this gets info about the message temp file (my $dev,my $ino,my $mode,my $nlink,my $uid, my $gid,my $rdev,my $size, my $atime,my $mtime,my $ctime, my $blksize,my $blocks) = $fh->stat or die "Can't stat mail file: $!"; # Only process message under --maxsize KB if ( $size < ($self->{spampd}->{maxsize} * 1024) ) { my (@msglines, $msgid, $sender, $recips, $tmp, $mail, $msg_resp); ## read message into array of lines to feed to SA my $inhdr=1; $fh->seek(0,0) or die "Can't rewind message file: $!"; # loop over message file content while (<$fh>) { $inhdr = 0 if (/^\r?\n$/); # outside of msg header after first blank line push(@msglines, $_); # find the Message-ID for logging (code is mostly from spamd) if ( $inhdr && /^Message-Id:\s+(.*?)\s*$/i ) { $msgid = $1; while ( $msgid =~ s/\([^\(\)]*\)// ) { } # remove comments and $msgid =~ s/^\s+|\s+$//g; # leading and trailing spaces $msgid =~ s/\s+/ /g; # collapse whitespaces $msgid =~ s/^.*?<(.*?)>.*$/$1/; # keep only the id itself $msgid =~ s/[^\x21-\x7e]/?/g; # replace all weird chars $msgid =~ s/[<>]/?/g; # plus all dangling angle brackets $msgid =~ s/%/%%/g; # escape % because Sys::Syslog uses sprintf() $msgid =~ s/^(.+)$/<$1>/; # re-bracket the id (if not empty) } } $recips = "@{$self->{smtp_server}->{to}}"; if ("$self->{smtp_server}->{from}" =~ /(\<.*?\>)/ ) {$sender = $1;} $msgid ||= "(unknown)"; $recips ||= "(unknown)"; $sender ||= "(unknown)"; $self->log(2, "processing message $msgid for ". $recips); eval { local $SIG{ALRM} = sub { die "Timed out!\n" }; # save previous timer and start new my $previous_alarm = alarm($self->{spampd}->{satimeout}); # Audit the message if ($sa_version >= 3) { $mail = $assassin->parse(\@msglines, 0); undef @msglines; #clear some memory-- this screws up SA < v3 } elsif ($sa_version >= 2.70) { $mail = Mail::SpamAssassin::MsgParser->parse(\@msglines); } else { $mail = Mail::SpamAssassin::NoMailAudit->new ( data => \@msglines ); } # Check spamminess (returns Mail::SpamAssassin:PerMsgStatus object) my $status = $assassin->check($mail); if ( $self->{spampd}->{debug} ) { $self->log(2, "Returned from checking by SpamAssassin"); } # Rewrite mail if high spam factor or options --tagall if ( $status->is_spam || $self->{spampd}->{tagall} ) { if ( $self->{spampd}->{debug} ) { $self->log(2, "Rewriting mail using SpamAssassin"); } # use Mail::SpamAssassin:PerMsgStatus object to rewrite message if ( $sa_version >= 3 ) { $msg_resp = $status->rewrite_mail; } else { # SA versions prior to 3 need to get the response in a different manner $status->rewrite_mail; $msg_resp = join '', $mail->header, "\r\n", @{$mail->body}; } # Build the new message to relay # pause the timeout alarm while we do this (no point in timing # out here and leaving a half-written file). my @resplines = split(/\r?\n/, $msg_resp); my $pause_alarm = alarm(0); $fh->seek(0,0) or die "Can't rewind message file: $!"; $fh->truncate(0) or die "Can't truncate message file: $!"; my $arraycont = @resplines; for ( 0..$arraycont ) { $fh->print($resplines[$_] . "\r\n") or die "Can't print to message file: $!"; } #restart the alarm alarm($pause_alarm); } # Log what we did my $was_it_spam = 'clean message'; if ($status->is_spam) { $was_it_spam = 'identified spam'; } my $msg_score = sprintf("%.2f",$status->get_hits); my $msg_threshold = sprintf("%.2f",$status->get_required_hits); my $proc_time = sprintf("%.2f", time - $start); $self->log(2, "$was_it_spam $msgid ($msg_score/$msg_threshold) from $sender for ". "$recips in ". $proc_time . "s, $size bytes."); # thanks to Kurt Andersen for this idea if ( $self->{spampd}->{rh} ) { $self->log(2, "rules hit for $msgid: " . $status->get_names_of_tests_hit); } $status->finish(); # set the timeout alarm back to wherever it was at alarm($previous_alarm); }; if ( $@ ne '' ) { $self->log(1, "WARNING!! SpamAssassin error on message $msgid: $@"); return 0; } } else { $self->log(2, "skipped large message (". $size / 1024 ."KB)"); } return 1; } sub process_request { my $self = shift; my $msg; eval { local $SIG{ALRM} = sub { die "Child server process timed out!\n" }; my $timeout = $self->{spampd}->{childtimeout}; # start a timeout alarm alarm($timeout); # start an smtp server my $smtp_server = SpamPD::Server->new($self->{server}->{client}); unless ( defined $smtp_server ) { die "Failed to create listening Server: $!"; } $self->{smtp_server} = $smtp_server; if ( $self->{spampd}->{debug} ) { $self->log(2, "Initiated Server"); } # start an smtp "client" (really a sending server) my $client = SpamPD::Client->new(interface => $self->{spampd}->{relayhost}, port => $self->{spampd}->{relayport}); unless ( defined $client ) { die "Failed to create sending Client: $!"; } if ( $self->{spampd}->{debug} ) { $self->log(2, "Initiated Client"); } # pass on initial client response # $client->hear can handle multiline responses so no need to loop $smtp_server->ok($client->hear) or die "Error in initial server->ok(client->hear): $!"; if ( $self->{spampd}->{debug} ) { $self->log(2, "smtp_server state: '" . $smtp_server->{state} . "'"); } # while loop over incoming data from the server while ( my $what = $smtp_server->chat ) { if ( $self->{spampd}->{debug} ) { $self->log(2, "smtp_server state: '" . $smtp_server->{state} . "'"); } # until end of DATA is sent, just pass the commands on transparently if ($what ne '.') { $client->say($what) or die "Failure in client->say(what): $!"; # but once the data is sent now we want to process it } else { # spam checking routine - message might be rewritten here my $pmrescode = $self->process_message($smtp_server->{data}); # pass on the messsage if exit code <> 0 or die-on-sa-errors flag is off if ( $pmrescode or !$self->{spampd}->{dose} ) { # need to give the client a rewound file $smtp_server->{data}->seek(0,0) or die "Can't rewind mail file: $!"; # now send the data on through the client $client->yammer($smtp_server->{data}) or die "Failure in client->yammer(smtp_server->{data}): $!"; } else { $smtp_server->ok("450 Temporary failure processing message, please try again later"); last; } #close the temp file $smtp_server->{data}->close or $self->log(1, "WARNING!! Couldn't close smtp_server->{data} temp file: $!"); if ( $self->{spampd}->{debug} ) { $self->log(2, "Finished sending DATA"); } } # pass on whatever the relayhost said in response # $client->hear can handle multiline responses so no need to loop my $destresp = $client->hear; $smtp_server->ok($destresp) or die "Error in server->ok(client->hear): $!"; if ( $self->{spampd}->{debug} ) { $self->log(2, "Destination response: '" . $destresp . "'"); } # if we're in data state but the response is an error, exit data state. # Shold not normally occur, but can happen. Thanks to Rodrigo Ventura for bug reports. if ( $smtp_server->{state} =~ /^data/i and $destresp =~ /^[45]\d{2} / ) { $smtp_server->{state} = "err_after_data"; if ( $self->{spampd}->{debug} ) { $self->log(2, "Destination response indicates error after DATA command"); } } # restart the timeout alarm alarm($timeout); } # server ends connection # close connections $client->{sock}->close or die "Couldn't close client->{sock}: $!"; $smtp_server->{sock}->close or die "Couldn't close smtp_server->{sock}: $!"; if ( $self->{spampd}->{debug} ) { $self->log(2, "Closed connections"); } }; # end eval block alarm(0); # stop the timer # check for error in eval block if ($@ ne '') { chomp($@); $msg = "WARNING!! Error in process_request eval block: $@"; $self->log(0, $msg); die ($msg . "\n"); } $self->{spampd}->{instance}++; } # Net::Server hook # about to exit child process sub child_finish_hook { my($self) = shift; if ( $self->{spampd}->{debug} ) { $self->log(2, "Exiting child process after handling ". $self->{spampd}->{instance} ." requests"); } } my $relayhost = '127.0.0.1'; # relay to ip my $relayport = 25; # relay to port my $host = '127.0.0.1'; # listen on ip my $port = 10025; # listen on port my $children = 5; # number of child processes (servers) to spawn at start # my $maxchildren = $children; # max. number of child processes (servers) to spawn my $maxrequests = 20; # max requests handled by child b4 dying my $childtimeout = 6*60; # child process per-command timeout in seconds my $satimeout = 285; # SpamAssassin timeout in seconds (15s less than Postfix # default for smtp_data_done_timeout) my $pidfile = '/var/run/spampd.pid'; # write pid to file my $user = 'mail'; # user to run as my $group = 'mail'; # group to run as my $tagall = 0; # mark-up all msgs with SA, not just spam my $maxsize = 64; # max. msg size to scan with SA, in KB. my $rh = 0; # log which rules were hit my $debug = 0; # debug flag my $dose = 0; # die-on-sa-errors flag my $logsock = "unix"; # default log socket (some systems like 'inet') my $nsloglevel = 2; # default log level for Net::Server (in the range 0-4) my $background = 1; # specifies whether to 'daemonize' and fork into background; # apparently useful under Win32/cygwin to disable this via --nodetach option; my %options = (port => \$port, host => \$host, relayhost => \$relayhost, relayport => \$relayport, pid => \$pidfile, user => \$user, group => \$group, maxrequests => \$maxrequests, maxsize => \$maxsize, childtimeout => \$childtimeout, satimeout => \$satimeout, children => \$children, # maxchildren => \$maxchildren, logsock => \$logsock, ); usage(1) unless GetOptions(\%options, 'port=i', 'host=s', 'relayhost=s', 'relayport=i', 'children|c=i', # 'maxchildren|mc=i', 'maxrequests|mr=i', 'childtimeout=i', 'satimeout=i', 'dead-letters=s', # deprecated 'user|u=s', 'group|g=s', 'pid|p=s', 'maxsize=i', 'heloname=s', # deprecated 'tagall|a', 'auto-whitelist|aw', 'stop-at-threshold', # deprecated 'debug|d', 'help|h', 'local-only|l', 'log-rules-hit|rh', 'dose', 'add-sc-header|ash', # deprecated 'hostname=s', # deprecated 'logsock=s', 'nodetach' ); usage(0) if $options{help}; if ( $logsock !~ /^(unix|inet)$/ ) { print "--logsock parameter needs to be either unix or inet\n\n"; usage(0); } if ( $options{tagall} ) { $tagall = 1; } if ( $options{'log-rules-hit'} ) { $rh = 1; } if ( $options{debug} ) { $debug = 1; $nsloglevel = 4; } if ( $options{dose} ) { $dose = 1; } if ( $options{'nodetach'} ) { $background = undef; } # if ( !$options{maxchildren} or $maxchildren < $children ) { $maxchildren = $children; } if ( $children < 1 ) { print "Option --children must be greater than zero!\n"; exit shift; } # my $min_spare_servers = ($children == $maxchildren) ? 0 : 1; # my $max_spare_servers = ($min_spare_servers == 0) ? 0 : $maxchildren-1; my @tmp = split (/:/, $relayhost); $relayhost = $tmp[0]; if ( $tmp[1] ) { $relayport = $tmp[1]; } @tmp = split (/:/, $host); $host = $tmp[0]; if ( $tmp[1] ) { $port = $tmp[1]; } my $assassin = Mail::SpamAssassin->new({ 'dont_copy_prefs' => 1, 'debug' => $debug, 'local_tests_only' => $options{'local-only'} || 0 }); $options{'auto-whitelist'} and eval { require Mail::SpamAssassin::DBBasedAddrList; # create a factory for the persistent address list my $addrlistfactory = Mail::SpamAssassin::DBBasedAddrList->new(); $assassin->set_persistent_address_list_factory ($addrlistfactory); }; $assassin->compile_now(); # thanks to Kurt Andersen for the 'uname -s' fix if ( !$options{logsock} ) { eval { my $osname = `uname -s`; if (($osname =~ 'HP-UX') || ($osname =~ 'SunOS')) { $logsock = "inet"; } }; } my $server = bless { server => {host => $host, port => [ $port ], log_file => 'Sys::Syslog', log_level => $nsloglevel, syslog_logsock => $logsock, syslog_ident => 'spampd', syslog_facility => 'mail', background => $background, # setsid => 1, pid_file => $pidfile, user => $user, group => $group, max_servers => $children, max_requests => $maxrequests, # min_servers => $children, # max_servers => $maxchildren, # min_spare_servers => $min_spare_servers, # max_spare_servers => $max_spare_servers, }, spampd => { relayhost => $relayhost, relayport => $relayport, tagall => $tagall, maxsize => $maxsize, assassin => $assassin, childtimeout => $childtimeout, satimeout => $satimeout, rh => $rh, debug => $debug, dose => $dose, instance => 0, }, }, 'SpamPD'; # Redirect all warnings to Server::log $SIG{__WARN__} = sub { $server->log (2, $_[0]); }; # call Net::Server to start up the daemon inside $server->run; exit 1; # shouldn't get here sub usage { print < 3.0 now control this via local.cf). --local-only or -L Turn off all SA network-based tests (RBL, Razor, etc). --debug or -d Turn on SA debugging (sent to log file). --help or -h This message Deprecated Options (still accepted for backwards compatibility): --heloname=hostname No longer used in spampd v.2 --dead-letters=path No longer used in spampd v.2 --stop-at-threshold No longer implemented in SpamAssassin EOF # --maxchildren=n Maximum number of child processes (servers) to # run. Default is the value of --children. exit shift; } __END__ # Some commented-out documentation. POD doesn't have a way to comment # out sections!? This documents a feature which may be implemented later. # # =item B<--maxchildren=n> or B<--mc=n> C<(new in v2)> # # Maximum number of children to spawn if needed (where n >= --children). When # I starts it will spawn a number of child servers as specified by # --children. If all those servers become busy, a new child is spawned up to the # number specified in --maxchildren. Default is to have --maxchildren equal to # --children so extra child processes aren't started. Also see the --children # option, above. You may want to set your origination mail server to limit the # number of concurrent connections to I to match this setting (for # Postfix this is the C setting where # 'xxxx' is the transport being used, usually 'smtp', and the default is 100). # # Note that extra servers after the initial --children will only spawn on very # busy systems. This is because the check to see if a new server is needed (ie. # all current ones are busy) is only done around once per minute (this is # controlled by the Net::Server::PreFork module, in case you want to # hack at it :). It can still be useful as an "overflow valve," and is # especially nice since the extra child servers will die off once they're not # needed. =pod =head1 NAME SpamPD - Spam Proxy Daemon (version 2.2) =head1 Synopsis B [B<--host=host[:port]>] [B<--relayhost=hostname[:port]>] [B<--user|u=username>] [B<--group|g=groupname>] [B<--children|c=n>] #[B<--maxchildren|mc=n>] [B<--maxrequests=n>] [B<--childtimeout=n>] [B<--satimeout=n>] [B<--pid|p=filename>] [B<--nodetach>] [B<--logsock=inet|unix>] [B<--maxsize=n>] [B<--dose>] [B<--tagall|a>] [B<--log-rules-hit|rh>] [B<--auto-whitelist|aw>] [B<--local-only|L>] [B<--debug|d>] B B<--help> =head1 Description I is an SMTP/LMTP proxy that marks (or tags) spam using SpamAssassin (http://www.SpamAssassin.org/). The proxy is designed to be transparent to the sending and receiving mail servers and at no point takes responsibility for the message itself. If a failure occurs within I (or SpamAssassin) then the mail servers will disconnect and the sending server is still responsible for retrying the message for as long as it is configured to do so. I uses SpamAssassin to modify (tag) relayed messages based on their spam score, so all SA settings apply. This is described in the SA documentation. I will by default only tell SA to tag a message if it exceeds the spam threshold score, however you can have it rewrite all messages passing through by adding the --tagall option (see SA for how non-spam messages are tagged). I logs all aspects of its operation to syslog(8), using the mail syslog facility. The latest version can be found at L. =head1 Requires =over 5 Perl modules: =item B =item B =item B =item B =item B (not actually required but recommended) =back =head1 Operation I is meant to operate as an S/LMTP mail proxy which passes each message through SpamAssassin for analysis. Note that I does not do anything other than check for spam, so it is not suitable as an anti-relay system. It is meant to work in conjunction with your regular mail system. Typically one would pipe any messages they wanted scanned through I after initial acceptance by your MX host. This is especially useful for using Postfix's (http://www.postfix.org) advanced content filtering mechanism, although certainly not limited to that application. Please re-read the second sentence in the above paragraph. You should NOT enable I to listen on a public interface (IP address) unless you know exactly what you're doing! It is very easy to set up an open relay this way. Here are some simple examples (square brackets in the "diagrams" indicate physical machines): B =over 3 The firewall/gateway MTA would be configured to forward all of its mail to the port that I listens on, and I would relay its messages to port 25 of your internal server. I could either run on its own host (and listen on any port) or it could run on either mail server (and listen on any port except port 25). Internet -> [ MX gateway (@inter.net.host:25) -> spampd (@localhost:2025) ] -> Internal mail (@private.host.ip:25) =back B =over 3 Please see the F that came with the Postfix distribution. You need to have a version of Postfix which supports this (ideally v.2 and up). Internet -> [ Postfix (@inter.net.host:25) -> spampd (@localhost:10025) -> Postfix (@localhost:10026) ] -> final delivery =back Note that these examples only show incoming mail delivery. Since it is usually unnecessary to scan mail coming from your network (right?), it may be desirable to set up a separate outbound route which bypasses I. =head1 Upgrading If upgrading from a version prior to 2.2, please note that the --add-sc-header option is no longer supported. Use SAs built-in header manipulation features instead (as of SA v2.6). Upgrading from version 1 simply involves replacing the F program file with the latest one. Note that the I folder is no longer being used and the --dead-letters option is no longer needed (though no errors are thrown if it's present). Check the L<"Options"> list below for a full list of new and deprecated options. Also be sure to check out the change log. =head1 Installation I can be run directly from the command prompt if desired. This is useful for testing purposes, but for long term use you probably want to put it somewhere like /usr/bin or /usr/local/bin and execute it at system startup. For example on Red Hat-style Linux system one can use a script in /etc/rc.d/init.d to start I (a sample script is available on the I Web page @ http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm). The options all have reasonable defaults, especially for a Postfix-centric installation. You may want to specify the --children option if you have an especially beefy or weak server box because I is a memory-hungry program. Check the L<"Options"> for details on this and all other parameters. Note that I B I from the I distribution in function. You do not need to run I in order for I to work. This has apparently been the source of some confusion, so now you know. =head2 Postfix-specific Notes Here is a typical setup for Postfix "advanced" content filtering as described in the F that came with the Postfix distribution (which you really need to read): F: smtp inet n - y - - smtpd -o content_filter=smtp:localhost:10025 -o myhostname=mx.example.com localhost:10026 inet n - n - 10 smtpd -o content_filter= -o myhostname=mx-int.example.com The first entry is the main public-facing MTA which uses localhost:10025 as the content filter for all mail. The second entry receives mail from the content filter and does final delivery. Both smtpd instances use the same Postfix F file. I is the process that listens on localhost:10025 and then connects to the Postfix listener on localhost:10026. Note that the C options must be different between the two instances, otherwise Postfix will think it's talking to itself and abort sending. For the above example you can simply start I like this: spampd --host=localhost:10025 --relayhost=localhost:10026 F from the Postfix distro has more details and examples of various setups, including how to skip the content filter for outbound mail. Another tip for Postfix when considering what timeout values to use for --childtimout and --satimeout options is the following command: C<# postconf | grep timeout> This will return a list of useful timeout settings and their values. For explanations see the relevant C page (smtp, smtpd, lmtp). By default I is set up for the default Postfix timeout values. =head1 Options =over 5 =item B<--host=ip[:port] or hostname[:port]> C<(changed in v2)> Specifies what hostname/IP and port I listens on. By default, it listens on 127.0.0.1 (localhost) on port 10025. B You should NOT enable I to listen on a public interface (IP address) unless you know exactly what you're doing! =item B<--port=n> Specifies what port I listens on. By default, it listens on port 10025. This is an alternate to using the above --host=ip:port notation. =item B<--relayhost=ip[:port] or hostname[:port]> Specifies the hostname/IP where I will relay all messages. Defaults to 127.0.0.1 (localhost). If the port is not provided, that defaults to 25. =item B<--relayport=n> C<(new in v2)> Specifies what port I will relay to. Default is 25. This is an alternate to using the above --relayhost=ip:port notation. =item B<--user=username> or B<--u=username> =item B<--group=groupname> or B<--g=groupname> Specifies the user and group that the proxy will run as. Default is I/I. =item B<--children=n> or B<--c=n> C<(new in v2)> Number of child servers to start and maintain (where n > 0). Each child will process up to --maxrequests (below) before exiting and being replaced by another child. Keep this number low on systems w/out a lot of memory. Default is 5 (which seems OK on a 512MB lightly loaded system). Note that there is always a parent process running, so if you specify 5 children you will actually have 6 I processes running. You may want to set your origination mail server to limit the number of concurrent connections to I to match this setting (for Postfix this is the C setting where 'xxxx' is the transport being used, usually 'smtp', and the default is 100). =item B<--maxrequests=n> I works by forking child servers to handle each message. The B parameter specifies how many requests will be handled before the child exits. Since a child never gives back memory, a large message can cause it to become quite bloated; the only way to reclaim the memory is for the child to exit. The default is 20. =item B<--childtimeout=n> C<(new in v2)> This is the number of seconds to allow each child server before it times out a transaction. In an S/LMTP transaction the timer is reset for every command. This timeout includes time it would take to send the message data, so it should not be too short. Note that it's more likely the origination or destination mail servers will timeout first, which is fine. This is just a "sane" failsafe. Default is 360 seconds (6 minutes). =item B<--satimeout=n> C<(new in v2)> This is the number of seconds to allow for processing a message with SpamAssassin (including feeding it the message, analyzing it, and adding the headers/report if necessary). This should be less than your origination and destination servers' timeout settings for the DATA command. For Postfix the default is 300 seconds in both cases (smtp_data_done_timeout and smtpd_timeout). In the event of timeout while processing the message, the problem is logged and the message is passed on anyway (w/out spam tagging, obviously). To fail the message with a temp 450 error, see the --dose (die-on-sa-errors) option, below. Default is 285 seconds. =item B<--pid=filename> or B<--p=filename> Specifies a filename where I will write its process ID so that it is easy to kill it later. The directory that will contain this file must be writable by the I user. The default is F. =item B<--logsock=unix or inet> C<(new in v2.2)> Syslog socket to use. May be either "unix" of "inet". Default is "unix" except on HP-UX and SunOS (Solaris) systems which seem to prefer "inet". =item B<--nodetach> C<(new in v2.2)> If this option is given spampd won't detach from the console and fork into the background. This can be useful for running under control of some daemon management tools or when configured as a win32 service under cygrunsrv's control. =item B<--maxsize=n> The maximum message size to send to SpamAssassin, in KBytes. By default messages over 64KB are not scanned at all, and an appropriate message is logged indicating this. The size includes headers and attachments (if any). =item B<--dose> C<(new in v2)> Acronym for (d)ie (o)n (s)pamAssassin (e)rrors. By default if I encounters a problem with processing the message through Spam Assassin (timeout or other error), it will still pass the mail on to the destination server. If you specify this option however, the mail is instead rejected with a temporary error (code 450, which means the origination server should keep retrying to send it). See the related --satimeout option, above. =item B<--tagall> or B<--a> Tells I to have SpamAssassin add headers to all scanned mail, not just spam. By default I will only rewrite messages which exceed the spam threshold score (as defined in the SA settings). Note that for this option to work as of SA-2.50, the I and/or I settings in your SpamAssassin F need to be set to 1/true. =item B<--log-rules-hit> or B<--rh> C<(new in v2)> Logs the names of each SpamAssassin rule which matched the message being processed. This list is returned by SA. =item B<--auto-whitelist> or B<--aw> This option is no longer relevant with SA version 3.0 and above, which controls auto whitelist use via local.cf settings. For SA version < 3.0, turns on the SpamAssassin global whitelist feature. See the SA docs. Note that per-user whitelists are not available. =item B<--local-only> or B<--L> C<(new in v2)> Turn off all SA network-based tests (DNS, Razor, etc). =item B<--debug> or B<--d> C<(changed in v2)> Turns on SpamAssassin debug messages which print to the system mail log (same log as spampd will log to). Also turns on more verbose logging of what spampd is doing (new in v2). Also increases log level of Net::Server to 4 (debug), adding more yet info (but not too much) (new in v2.2). =item B<--help> or B<--h> Prints usage information. =back =head2 Deprecated Options =over 5 The following options are no longer used but still accepted for backwards compatibility with prevoius I versions: =item B<--dead-letters> =item B<--heloname> =item B<--stop-at-threshold> =item B<--add-sc-header> =item B<--hostname> =back =head1 Examples =over 5 =item Running between firewall/gateway and internal mail server I listens on port 10025 on the same host as the internal mail server. spampd --host=192.168.1.10 Same as above but I runs on port 10025 of the same host as the firewall/gateway and passes messages on to the internal mail server on another host. spampd --relayhost=192.168.1.10 =item Using Postfix advanced content filtering example and the SA auto-whitelist feature spampd --port=10025 --relayhost=127.0.0.1:10026 --auto-whitelist =back =head1 Credits I is written and maintained by Maxim Paperno . See http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm for latest info. I v2 uses two Perl modules by Bennett Todd and Copyright (C) 2001 Morgan Stanley Dean Witter. These are distributed under the GNU GPL (see module code for more details). Both modules have been slightly modified from the originals and are included in this file under new names. Also thanks to Bennett Todd for the example smtpproxy script which helped create this version of I. See http://bent.latency.net/smtpprox/ . I v1 was based on code by Dave Carrigan named I. Trace amounts of his code or documentation may still remain. Thanks to him for the original inspiration and code. See http://www.rudedog.org/assassind/ . Also thanks to I (included with SpamAssassin) and I (http://www.ijs.si/software/amavisd/) for some tricks. Various people have contributed patches, bug reports, and ideas, all of whom I would like to thank. I have tried to include credits in code comments and in the change log, as appropriate. =head1 Copyright, License, and Disclaimer I is Copyright (c) 2002 by World Design Group and Maxim Paperno. Portions are Copyright (C) 2001 Morgan Stanley Dean Witter as mentioned above in the Credits section. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. The GNU GPL can be found at http://www.fsf.org/copyleft/gpl.html =head1 Bugs None known. Please report any to MPaperno@WorldDesign.com. =head1 To Do Figure out how to use Net::Server::PreFork because it has cool potential for load management. I tried but either I'm missing something or PreFork is somewhat broken in how it works. If anyone has experience here, please let me know. Add configurable option for rejecting mail outright based on spam score. It would be nice to make this program safe enough to sit in front of a mail server such as Postfix and be able to reject mail before it enters our systems. The only real problem is that Postfix will see localhost as the connecting client, so that disables any client-based checks Postfix can do and creates a possible relay hole if localhost is trusted. Per-user preferences: The jury is still out on this one. I'm thinking more and more that most per-user prefs should be specified on the final mailbox server. Why? Because SMTP isn't designed with per-user preferences in mind. On a relay server, the same message body can go to multiple recipients who may have wildly different preferences when it comes to handilng junk mail. The exception here might be the use of LMTP protocol, which bears further investigation. =head1 See Also perl(1), Spam::Assassin(3), L, L spampd-2.62/previous-versions/spampd-2.30.pl000066400000000000000000001464611472556702500207030ustar00rootroot00000000000000#!/usr/bin/perl -T ###################### # SpamPD - spam proxy daemon # # v2.30 - 31-Oct-05 # v2.21 - 23-Oct-05 # v2.20 - 05-Oct-04 # v2.13 - 24-Nov-03 # v2.12 - 15-Nov-03 # v2.11 - 15-Jul-03 # v2.10 - 01-Jul-03 # v2.00 - 10-Jun-03 # v1.0.2 - 13-Apr-03 # v1.0.1 - 03-Feb-03 # v1.0.0 - May 2002 # # spampd is Copyright (c) 2002 by World Design Group and Maxim Paperno # (see http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm) # # Written and maintained by Maxim Paperno (MPaperno@WorldDesign.com) # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # The GNU GPL can be found at http://www.fsf.org/copyleft/gpl.html # # spampd v2 uses two Perl modules by Bennett Todd and Copyright (C) 2001 Morgan # Stanley Dean Witter. These are also distributed under the GNU GPL (see # module code for more details). Both modules have been slightly modified # from the originals and are included in this file under new names. # # spampd v1 was based on code by Dave Carrigan named assassind. Trace amounts # of his code or documentation may still remain. Thanks to him for the # original inspiration and code. (see http://www.rudedog.org/assassind/) # ###################### ################################################################################ package SpamPD::Server; # Originally known as MSDW::SMTP::Server # # This code is Copyright (C) 2001 Morgan Stanley Dean Witter, and # is distributed according to the terms of the GNU Public License # as found at . # # Modified for use in SpamPD by Maxim Paperno (June, 2003) # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # Written by Bennett Todd # =item DESCRIPTION # # This server simply gathers the SMTP acquired information (envelope # sender and recipient, and data) into unparsed memory buffers (or a # file for the data), and returns control to the caller to explicitly # acknowlege each command or request. Since acknowlegement or failure # are driven explicitly from the caller, this module can be used to # create a robust SMTP content scanning proxy, transparent or not as # desired. # # =cut use strict; use IO::File; #use IO::Socket; # =item new(interface => $interface, port => $port); # The #interface and port to listen on must be specified. The interface # must be a valid numeric IP address (0.0.0.0 to listen on all # interfaces, as usual); the port must be numeric. If this call # succeeds, it returns a server structure with an open # IO::Socket::INET in it, ready to listen on. If it fails it dies, so # if you want anything other than an exit with an explanatory error # message, wrap the constructor call in an eval block and pull the # error out of $@ as usual. This is also the case for all other # methods; they succeed or they die. # # =cut sub new { # This now emulates Net::SMTP::Server::Client for use with Net::Server which # passes an already open socket. my($this, $socket) = @_; my $class = ref($this) || $this; my $self = {}; $self->{sock} = $socket; bless($self, $class); die "$0: socket bind failure: $!\n" unless defined $self->{sock}; $self->{state} = 'started'; return $self; # Original code, removed by MP for spampd use # # my ($this, @opts) = @_; # my $class = ref($this) || $this; # my $self = bless { @opts }, $class; # $self->{sock} = IO::Socket::INET->new( # LocalAddr => $self->{interface}, # LocalPort => $self->{port}, # Proto => 'tcp', # Type => SOCK_STREAM, # Listen => 65536, # Reuse => 1, # ); # die "$0: socket bind failure: $!\n" unless defined $self->{sock}; # $self->{state} = 'just bound', # return $self; } # sub accept { } # # Removed by MP; not needed for spampd use # # =item chat; # # The chat method carries the SMTP dialogue up to the point where any # acknowlegement must be made. If chat returns true, then its return # value is the previous SMTP command. If the return value begins with # 'mail' (case insensitive), then the attribute 'from' has been filled # in, and may be checked; if the return value begins with 'rcpt' then # both from and to have been been filled in with scalars, and should # be checked, then either 'ok' or 'fail' should be called to accept # or reject the given sender/recipient pair. If the return value is # 'data', then the attributes from and to are populated; in this case, # the 'to' attribute is a reference to an anonymous array containing # all the recipients for this data. If the return value is '.', then # the 'data' attribute (which may be pre-populated in the "new" or # "accept" methods if desired) is a reference to a filehandle; if it's # created automatically by this module it will point to an unlinked # tmp file in /tmp. If chat returns false, the SMTP dialogue has been # completed and the socket closed; this server is ready to exit or to # accept again, as appropriate for the server style. # # The return value from chat is also remembered inside the server # structure in the "state" attribute. # # =cut sub chat { my ($self) = @_; local(*_); if ($self->{state} !~ /^data/i) { return 0 unless defined($_ = $self->_getline); s/[\r\n]*$//; $self->{state} = $_; if (s/^.?he?lo\s+//i) { # mp: find helo|ehlo|lhlo # mp: determine protocol (for future use) if ( /^L/i ) { $self->{proto} = "lmtp"; } elsif ( /^E/i ) { $self->{proto} = "esmtp"; } else { $self->{proto} = "smtp"; } s/\s*$//; s/\s+/ /g; $self->{helo} = $_; } elsif (s/^rset\s*//i) { delete $self->{to}; delete $self->{data}; delete $self->{recipients}; } elsif (s/^mail\s+from:\s*//i) { delete $self->{to}; delete $self->{data}; delete $self->{recipients}; s/\s*$//; $self->{from} = $_; } elsif (s/^rcpt\s+to:\s*//i) { s/\s*$//; s/\s+/ /g; $self->{to} = $_; push @{$self->{recipients}}, $_; } elsif (/^data/i) { $self->{to} = $self->{recipients}; } } else { if (defined($self->{data})) { $self->{data}->seek(0, 0); $self->{data}->truncate(0); } else { $self->{data} = IO::File->new_tmpfile; } while (defined($_ = $self->_getline)) { if ($_ eq ".\r\n") { $self->{data}->seek(0,0); return $self->{state} = '.'; } s/^\.\./\./; $self->{data}->print($_) or die "$0: write error saving data\n"; } return(0); } return $self->{state}; } # =item ok([message]); # # Approves of the data given to date, either the recipient or the # data, in the context of the sender [and, for data, recipients] # already given and available as attributes. If a message is given, it # will be sent instead of the internal default. # # =cut sub ok { my ($self, @msg) = @_; @msg = ("250 ok.") unless @msg; $self->_print("@msg\r\n") or die "$0: write error acknowledging $self->{state}: $!\n"; } # =item fail([message]); # # Rejects the current info; if processing from, rejects the sender; if # processing 'to', rejects the current recipient; if processing data, # rejects the entire message. If a message is specified it means the # exact same thing as "ok" --- simply send that message to the sender. # # =cut sub fail { my ($self, @msg) = @_; @msg = ("550 no.") unless @msg; $self->_print("@msg\r\n") or die "$0: write error acknowledging $self->{state}: $!\n"; } # utility functions sub _getline { my ($self) = @_; local ($/) = "\r\n"; my $tmp = $self->{sock}->getline; if ( defined $self->{debug} ) { $self->{debug}->print($tmp) if ($tmp); } return $tmp; } sub _print { my ($self, @msg) = @_; $self->{debug}->print(@msg) if defined $self->{debug}; $self->{sock}->print(@msg); } 1; ################################################################################ package SpamPD::Client; # Originally known as MSDW::SMTP::Client # # This code is Copyright (C) 2001 Morgan Stanley Dean Witter, and # is distributed according to the terms of the GNU Public License # as found at . # # Modified for use in SpamPD by Maxim Paperno (June, 2003) # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # Written by Bennett Todd # =head1 DESCRIPTION # # MSDW::SMTP::Client provides a very lean SMTP client implementation; # the only protocol-specific knowlege it has is the structure of SMTP # multiline responses. All specifics lie in the hands of the calling # program; this makes it appropriate for a semi-transparent SMTP # proxy, passing commands between a talker and a listener. # # =cut use strict; use IO::Socket; # =item new(interface => $interface, port => $port[, timeout = 300]); # # The interface and port to talk to must be specified. The interface # must be a valid numeric IP address; the port must be numeric. If # this call succeeds, it returns a client structure with an open # IO::Socket::INET in it, ready to talk to. If it fails it dies, # so if you want anything other than an exit with an explanatory # error message, wrap the constructor call in an eval block and pull # the error out of $@ as usual. This is also the case for all other # methods; they succeed or they die. The timeout parameter is passed # on into the IO::Socket::INET constructor. # # =cut sub new { my ($this, @opts) = @_; my $class = ref($this) || $this; my $self = bless { timeout => 300, @opts }, $class; $self->{sock} = IO::Socket::INET->new( PeerAddr => $self->{interface}, PeerPort => $self->{port}, Timeout => $self->{timeout}, Proto => 'tcp', Type => SOCK_STREAM, ); die "$0: socket connect failure: $!\n" unless defined $self->{sock}; return $self; } # =item hear # # hear collects a complete SMTP response and returns it with trailing # CRLF removed; for multi-line responses, intermediate CRLFs are left # intact. Returns undef if EOF is seen before a complete reply is # collected. # # =cut sub hear { my ($self) = @_; my ($tmp, $reply); return undef unless $tmp = $self->{sock}->getline; while ($tmp =~ /^\d{3}-/) { $reply .= $tmp; return undef unless $tmp = $self->{sock}->getline; } $reply .= $tmp; $reply =~ s/\r\n$//; return $reply; } # =item say("command text") # # say sends an SMTP command, appending CRLF. # # =cut sub say { my ($self, @msg) = @_; return unless @msg; $self->{sock}->print("@msg", "\r\n") or die "$0: write error: $!"; } # =item yammer(FILEHANDLE) # # yammer takes a filehandle (which should be positioned at the # beginning of the file, remember to $fh->seek(0,0) if you've just # written it) and sends its contents as the contents of DATA. This # should only be invoked after a $client->say("data") and a # $client->hear to collect the reply to the data command. It will send # the trailing "." as well. It will perform leading-dot-doubling in # accordance with the SMTP protocol spec, where "leading dot" is # defined in terms of CR-LF terminated lines --- i.e. the data should # contain CR-LF data without the leading-dot-quoting. The filehandle # will be left at EOF. # # =cut sub yammer { my ($self, $fh) = (@_); local (*_); local ($/) = "\r\n"; $self->{sock}->autoflush(0); # use less writes (thx to Sam Horrocks for the tip) while (<$fh>) { s/^\./../; $self->{sock}->print($_) or die "$0: write error: $!\n"; } $self->{sock}->autoflush(1); # restore unbuffered socket operation $self->{sock}->print(".\r\n") or die "$0: write error: $!\n"; } 1; ################################################################################ package SpamPD; use strict; use Net::Server::PreForkSimple; use IO::File; use Getopt::Long; use Mail::SpamAssassin; BEGIN { # Load Time::HiRes if it's available eval { require Time::HiRes }; Time::HiRes->import( qw(time) ) unless $@; # use included modules import SpamPD::Server; import SpamPD::Client; } use vars qw(@ISA $VERSION); our @ISA = qw(Net::Server::PreForkSimple); our $VERSION = '2.30'; sub process_message { my ($self, $fh) = @_; # output lists with a , delimeter by default local ($") = ","; # start a timer my $start = time; # use the assassin object created during startup my $assassin = $self->{spampd}->{assassin}; my $sa_version = Mail::SpamAssassin::Version(); # $sa_version can have a non-numeric value if version_tag is # set in local.cf. Only take first numeric value $sa_version =~ s/([0-9]*\.[0-9]*).*/$1/; # this gets info about the message temp file (my $dev,my $ino,my $mode,my $nlink,my $uid, my $gid,my $rdev,my $size, my $atime,my $mtime,my $ctime, my $blksize,my $blocks) = $fh->stat or die "Can't stat mail file: $!"; # Only process message under --maxsize KB if ( $size < ($self->{spampd}->{maxsize} * 1024) ) { my (@msglines, $msgid, $sender, $recips, $tmp, $mail, $msg_resp); my $inhdr = 1; my $envfrom = 0; my $envto = 0; my $addedenvto = 0; $recips = "@{$self->{smtp_server}->{to}}"; if ("$self->{smtp_server}->{from}" =~ /(\<.*?\>)/ ) {$sender = $1;} $recips ||= "(unknown)"; $sender ||= "(unknown)"; ## read message into array of lines to feed to SA # loop over message file content $fh->seek(0,0) or die "Can't rewind message file: $!"; while (<$fh>) { $envto = 1 if (/^(?:X-)?Envelope-To: /); $envfrom = 1 if (/^(?:X-)?Envelope-From: /); if ( (/^\r?\n$/) && ($inhdr ==1) ) { $inhdr = 0; # outside of msg header after first blank line if ( ( $self->{spampd}->{envelopeheaders} || $self->{spampd}->{setenvelopefrom} ) && $envfrom == 0 ) { push(@msglines, "X-Envelope-From: $sender\r\n"); if ( $self->{spampd}->{debug} ) { $self->log(2, "Added X-Envelope-From"); } } if ( $self->{spampd}->{envelopeheaders} && $envto == 0 ) { push(@msglines, "X-Envelope-To: $recips\r\n"); $addedenvto = 1; if ( $self->{spampd}->{debug} ) { $self->log(2, "Added X-Envelope-To"); } } } push(@msglines, $_); # find the Message-ID for logging (code is mostly from spamd) if ( $inhdr && /^Message-Id:\s+(.*?)\s*$/i ) { $msgid = $1; while ( $msgid =~ s/\([^\(\)]*\)// ) { } # remove comments and $msgid =~ s/^\s+|\s+$//g; # leading and trailing spaces $msgid =~ s/\s+/ /g; # collapse whitespaces $msgid =~ s/^.*?<(.*?)>.*$/$1/; # keep only the id itself $msgid =~ s/[^\x21-\x7e]/?/g; # replace all weird chars $msgid =~ s/[<>]/?/g; # plus all dangling angle brackets $msgid =~ s/^(.+)$/<$1>/; # re-bracket the id (if not empty) } } $msgid ||= "(unknown)"; $self->log(2, "%s", "processing message $msgid for ". $recips); eval { local $SIG{ALRM} = sub { die "Timed out!\n" }; # save previous timer and start new my $previous_alarm = alarm($self->{spampd}->{satimeout}); # Audit the message if ($sa_version >= 3) { $mail = $assassin->parse(\@msglines, 0); undef @msglines; #clear some memory-- this screws up SA < v3 } elsif ($sa_version >= 2.70) { $mail = Mail::SpamAssassin::MsgParser->parse(\@msglines); } else { $mail = Mail::SpamAssassin::NoMailAudit->new ( data => \@msglines ); } # Check spamminess (returns Mail::SpamAssassin:PerMsgStatus object) my $status = $assassin->check($mail); if ( $self->{spampd}->{debug} ) { $self->log(2, "Returned from checking by SpamAssassin"); } # Rewrite mail if high spam factor or options --tagall if ( $status->is_spam || $self->{spampd}->{tagall} ) { if ( $self->{spampd}->{debug} ) { $self->log(2, "Rewriting mail using SpamAssassin"); } # use Mail::SpamAssassin:PerMsgStatus object to rewrite message if ( $sa_version >= 3 ) { $msg_resp = $status->rewrite_mail; } else { # SA versions prior to 3 need to get the response in a different manner $status->rewrite_mail; $msg_resp = join '', $mail->header, "\r\n", @{$mail->body}; } # Build the new message to relay # pause the timeout alarm while we do this (no point in timing # out here and leaving a half-written file). my @resplines = split(/\r?\n/, $msg_resp); my $pause_alarm = alarm(0); my $inhdr = 1; my $skipline = 0; $fh->seek(0,0) or die "Can't rewind message file: $!"; $fh->truncate(0) or die "Can't truncate message file: $!"; my $arraycont = @resplines; for ( 0..($arraycont-1) ) { $inhdr=0 if ($resplines[$_] =~ m/^\r?\n$/); # if we are still in the header, skip over any # "X-Envelope-To: " line if we have previously added it. if ( $inhdr == 1 && $addedenvto == 1 && $resplines[$_] =~ m/^X-Envelope-To: .*$/) { $skipline = 1; if ( $self->{spampd}->{debug} ) { $self->log(2, "Removing X-Envelope-To"); } } if (! $skipline) { $fh->print($resplines[$_] . "\r\n") or die "Can't print to message file: $!"; } else { $skipline = 0; } } #restart the alarm alarm($pause_alarm); } # Log what we did my $was_it_spam = 'clean message'; if ($status->is_spam) { $was_it_spam = 'identified spam'; } my $msg_score = sprintf("%.2f",$status->get_hits); my $msg_threshold = sprintf("%.2f",$status->get_required_hits); my $proc_time = sprintf("%.2f", time - $start); $self->log(2, "%s", "$was_it_spam $msgid ($msg_score/$msg_threshold) from $sender for ". "$recips in ". $proc_time . "s, $size bytes."); # thanks to Kurt Andersen for this idea if ( $self->{spampd}->{rh} ) { $self->log(2, "%s", "rules hit for $msgid: " . $status->get_names_of_tests_hit); } $status->finish(); # set the timeout alarm back to wherever it was at alarm($previous_alarm); }; if ( $@ ne '' ) { $self->log(1, "%s", "WARNING!! SpamAssassin error on message $msgid: $@"); return 0; } } else { $self->log(2, "skipped large message (". $size / 1024 ."KB)"); } return 1; } sub process_request { my $self = shift; my $msg; eval { local $SIG{ALRM} = sub { die "Child server process timed out!\n" }; my $timeout = $self->{spampd}->{childtimeout}; # start a timeout alarm alarm($timeout); # start an smtp server my $smtp_server = SpamPD::Server->new($self->{server}->{client}); unless ( defined $smtp_server ) { die "Failed to create listening Server: $!"; } $self->{smtp_server} = $smtp_server; if ( $self->{spampd}->{debug} ) { $self->log(2, "Initiated Server"); } # start an smtp "client" (really a sending server) my $client = SpamPD::Client->new(interface => $self->{spampd}->{relayhost}, port => $self->{spampd}->{relayport}); unless ( defined $client ) { die "Failed to create sending Client: $!"; } if ( $self->{spampd}->{debug} ) { $self->log(2, "Initiated Client"); } # pass on initial client response # $client->hear can handle multiline responses so no need to loop $smtp_server->ok($client->hear) or die "Error in initial server->ok(client->hear): $!"; if ( $self->{spampd}->{debug} ) { $self->log(2, "smtp_server state: '" . $smtp_server->{state} . "'"); } # while loop over incoming data from the server while ( my $what = $smtp_server->chat ) { if ( $self->{spampd}->{debug} ) { $self->log(2, "smtp_server state: '" . $smtp_server->{state} . "'"); } # until end of DATA is sent, just pass the commands on transparently if ($what ne '.') { $client->say($what) or die "Failure in client->say(what): $!"; # but once the data is sent now we want to process it } else { # spam checking routine - message might be rewritten here my $pmrescode = $self->process_message($smtp_server->{data}); # pass on the messsage if exit code <> 0 or die-on-sa-errors flag is off if ( $pmrescode or !$self->{spampd}->{dose} ) { # need to give the client a rewound file $smtp_server->{data}->seek(0,0) or die "Can't rewind mail file: $!"; # now send the data on through the client $client->yammer($smtp_server->{data}) or die "Failure in client->yammer(smtp_server->{data}): $!"; } else { $smtp_server->ok("450 Temporary failure processing message, please try again later"); last; } #close the temp file $smtp_server->{data}->close or $self->log(1, "%s", "WARNING!! Couldn't close smtp_server->{data} temp file: $!"); if ( $self->{spampd}->{debug} ) { $self->log(2, "Finished sending DATA"); } } # pass on whatever the relayhost said in response # $client->hear can handle multiline responses so no need to loop my $destresp = $client->hear; $smtp_server->ok($destresp) or die "Error in server->ok(client->hear): $!"; if ( $self->{spampd}->{debug} ) { $self->log(2, "%s", "Destination response: '" . $destresp . "'"); } # if we're in data state but the response is an error, exit data state. # Shold not normally occur, but can happen. Thanks to Rodrigo Ventura for bug reports. if ( $smtp_server->{state} =~ /^data/i and $destresp =~ /^[45]\d{2} / ) { $smtp_server->{state} = "err_after_data"; if ( $self->{spampd}->{debug} ) { $self->log(2, "Destination response indicates error after DATA command"); } } # restart the timeout alarm alarm($timeout); } # server ends connection # close connections $client->{sock}->close or die "Couldn't close client->{sock}: $!"; $smtp_server->{sock}->close or die "Couldn't close smtp_server->{sock}: $!"; if ( $self->{spampd}->{debug} ) { $self->log(2, "Closed connections"); } }; # end eval block alarm(0); # stop the timer # check for error in eval block if ($@ ne '') { chomp($@); $msg = "WARNING!! Error in process_request eval block: $@"; $self->log(0, "%s", $msg); die ($msg . "\n"); } $self->{spampd}->{instance}++; } # Net::Server hook # about to exit child process sub child_finish_hook { my($self) = shift; if ( $self->{spampd}->{debug} ) { $self->log(2, "Exiting child process after handling ". $self->{spampd}->{instance} ." requests"); } } my $relayhost = '127.0.0.1'; # relay to ip my $relayport = 25; # relay to port my $host = '127.0.0.1'; # listen on ip my $port = 10025; # listen on port my $children = 5; # number of child processes (servers) to spawn at start # my $maxchildren = $children; # max. number of child processes (servers) to spawn my $maxrequests = 20; # max requests handled by child b4 dying my $childtimeout = 6*60; # child process per-command timeout in seconds my $satimeout = 285; # SpamAssassin timeout in seconds (15s less than Postfix # default for smtp_data_done_timeout) my $pidfile = '/var/run/spampd.pid'; # write pid to file my $user = 'mail'; # user to run as my $group = 'mail'; # group to run as my $tagall = 0; # mark-up all msgs with SA, not just spam my $maxsize = 64; # max. msg size to scan with SA, in KB. my $rh = 0; # log which rules were hit my $debug = 0; # debug flag my $dose = 0; # die-on-sa-errors flag my $logsock = "unix"; # default log socket (some systems like 'inet') my $nsloglevel = 2; # default log level for Net::Server (in the range 0-4) my $background = 1; # specifies whether to 'daemonize' and fork into background; # apparently useful under Win32/cygwin to disable this via --nodetach option; my $envelopeheaders = 0; # Set X-Envelope-To and X-Envelope-From headers in the mail before # passing it to spamassassin. Set to 1 to enable this my $setenvelopefrom = 0; # Set X-Envelope-From header only my %options = (port => \$port, host => \$host, relayhost => \$relayhost, relayport => \$relayport, pid => \$pidfile, user => \$user, group => \$group, maxrequests => \$maxrequests, maxsize => \$maxsize, childtimeout => \$childtimeout, satimeout => \$satimeout, children => \$children, # maxchildren => \$maxchildren, logsock => \$logsock, envelopeheaders => \$envelopeheaders, setenvelopefrom => \$setenvelopefrom, ); usage(1) unless GetOptions(\%options, 'port=i', 'host=s', 'relayhost=s', 'relayport=i', 'children|c=i', # 'maxchildren|mc=i', 'maxrequests|mr=i', 'childtimeout=i', 'satimeout=i', 'dead-letters=s', # deprecated 'user|u=s', 'group|g=s', 'pid|p=s', 'maxsize=i', 'heloname=s', # deprecated 'tagall|a', 'auto-whitelist|aw', 'stop-at-threshold', # deprecated 'debug|d', 'help|h|?', 'local-only|l', 'log-rules-hit|rh', 'dose', 'add-sc-header|ash', # deprecated 'hostname=s', # deprecated 'logsock=s', 'nodetach', 'set-envelope-headers|seh', 'set-envelope-from|sef', ); usage(0) if $options{help}; if ( $logsock !~ /^(unix|inet)$/ ) { print "--logsock parameter needs to be either unix or inet\n\n"; usage(0); } if ( $options{tagall} ) { $tagall = 1; } if ( $options{'log-rules-hit'} ) { $rh = 1; } if ( $options{debug} ) { $debug = 1; $nsloglevel = 4; } if ( $options{dose} ) { $dose = 1; } if ( $options{'nodetach'} ) { $background = undef; } if ( $options{'set-envelope-headers'} ) { $envelopeheaders = 1; } if ( $options{'set-envelope-from'} ) { $setenvelopefrom = 1; } # if ( !$options{maxchildren} or $maxchildren < $children ) { $maxchildren = $children; } if ( $children < 1 ) { print "Option --children must be greater than zero!\n"; exit shift; } # my $min_spare_servers = ($children == $maxchildren) ? 0 : 1; # my $max_spare_servers = ($min_spare_servers == 0) ? 0 : $maxchildren-1; my @tmp = split (/:/, $relayhost); $relayhost = $tmp[0]; if ( $tmp[1] ) { $relayport = $tmp[1]; } @tmp = split (/:/, $host); $host = $tmp[0]; if ( $tmp[1] ) { $port = $tmp[1]; } my $assassin = Mail::SpamAssassin->new({ 'dont_copy_prefs' => 1, 'debug' => $debug, 'local_tests_only' => $options{'local-only'} || 0 }); $options{'auto-whitelist'} and eval { require Mail::SpamAssassin::DBBasedAddrList; # create a factory for the persistent address list my $addrlistfactory = Mail::SpamAssassin::DBBasedAddrList->new(); $assassin->set_persistent_address_list_factory ($addrlistfactory); }; $assassin->compile_now(0); # thanks to Kurt Andersen for the 'uname -s' fix if ( !$options{logsock} ) { eval { my $osname = `uname -s`; if (($osname =~ 'HP-UX') || ($osname =~ 'SunOS')) { $logsock = "inet"; } }; } my $server = bless { server => {host => $host, port => [ $port ], log_file => 'Sys::Syslog', log_level => $nsloglevel, syslog_logsock => $logsock, syslog_ident => 'spampd', syslog_facility => 'mail', background => $background, # setsid => 1, pid_file => $pidfile, user => $user, group => $group, max_servers => $children, max_requests => $maxrequests, # min_servers => $children, # max_servers => $maxchildren, # min_spare_servers => $min_spare_servers, # max_spare_servers => $max_spare_servers, }, spampd => { relayhost => $relayhost, relayport => $relayport, tagall => $tagall, maxsize => $maxsize, assassin => $assassin, childtimeout => $childtimeout, satimeout => $satimeout, rh => $rh, debug => $debug, dose => $dose, instance => 0, envelopeheaders => $envelopeheaders, setenvelopefrom => $setenvelopefrom, }, }, 'SpamPD'; # Redirect all warnings to Server::log $SIG{__WARN__} = sub { $server->log (2, "%s", $_[0]); }; # call Net::Server to start up the daemon inside $server->run; exit 1; # shouldn't get here sub usage { print < 3.0 now control this via local.cf). --local-only or -L Turn off all SA network-based tests (RBL, Razor, etc). --debug or -d Turn on SA debugging (sent to log file). --help or -h or -? This message Deprecated Options (still accepted for backwards compatibility): --heloname=hostname No longer used in spampd v.2 --dead-letters=path No longer used in spampd v.2 --stop-at-threshold No longer implemented in SpamAssassin EOF # --maxchildren=n Maximum number of child processes (servers) to # run. Default is the value of --children. exit shift; } __END__ # Some commented-out documentation. POD doesn't have a way to comment # out sections!? This documents a feature which may be implemented later. # # =item B<--maxchildren=n> or B<--mc=n> # # Maximum number of children to spawn if needed (where n >= --children). When # I starts it will spawn a number of child servers as specified by # --children. If all those servers become busy, a new child is spawned up to the # number specified in --maxchildren. Default is to have --maxchildren equal to # --children so extra child processes aren't started. Also see the --children # option, above. You may want to set your origination mail server to limit the # number of concurrent connections to I to match this setting (for # Postfix this is the C setting where # 'xxxx' is the transport being used, usually 'smtp', and the default is 100). # # Note that extra servers after the initial --children will only spawn on very # busy systems. This is because the check to see if a new server is needed (ie. # all current ones are busy) is only done around once per minute (this is # controlled by the Net::Server::PreFork module, in case you want to # hack at it :). It can still be useful as an "overflow valve," and is # especially nice since the extra child servers will die off once they're not # needed. =pod =head1 NAME SpamPD - Spam Proxy Daemon (version 2.2) =head1 Synopsis B [B<--host=host[:port]>] [B<--relayhost=hostname[:port]>] [B<--user|u=username>] [B<--group|g=groupname>] [B<--children|c=n>] #[B<--maxchildren|mc=n>] [B<--maxrequests=n>] [B<--childtimeout=n>] [B<--satimeout=n>] [B<--pid|p=filename>] [B<--nodetach>] [B<--logsock=inet|unix>] [B<--maxsize=n>] [B<--dose>] [B<--tagall|a>] [B<--log-rules-hit|rh>] [B<--set-envelope-headers|seh>] [B<--set-envelope-from|sef>] [B<--auto-whitelist|aw>] [B<--local-only|L>] [B<--debug|d>] B B<--help> =head1 Description I is an SMTP/LMTP proxy that marks (or tags) spam using SpamAssassin (http://www.SpamAssassin.org/). The proxy is designed to be transparent to the sending and receiving mail servers and at no point takes responsibility for the message itself. If a failure occurs within I (or SpamAssassin) then the mail servers will disconnect and the sending server is still responsible for retrying the message for as long as it is configured to do so. I uses SpamAssassin to modify (tag) relayed messages based on their spam score, so all SA settings apply. This is described in the SA documentation. I will by default only tell SA to tag a message if it exceeds the spam threshold score, however you can have it rewrite all messages passing through by adding the --tagall option (see SA for how non-spam messages are tagged). I logs all aspects of its operation to syslog(8), using the mail syslog facility. The latest version can be found at L. =head1 Requires =over 5 Perl modules: =item B =item B =item B =item B =item B (not actually required but recommended) =back =head1 Operation I is meant to operate as an S/LMTP mail proxy which passes each message through SpamAssassin for analysis. Note that I does not do anything other than check for spam, so it is not suitable as an anti-relay system. It is meant to work in conjunction with your regular mail system. Typically one would pipe any messages they wanted scanned through I after initial acceptance by your MX host. This is especially useful for using Postfix's (http://www.postfix.org) advanced content filtering mechanism, although certainly not limited to that application. Please re-read the second sentence in the above paragraph. You should NOT enable I to listen on a public interface (IP address) unless you know exactly what you're doing! It is very easy to set up an open relay this way. Here are some simple examples (square brackets in the "diagrams" indicate physical machines): B =over 3 The firewall/gateway MTA would be configured to forward all of its mail to the port that I listens on, and I would relay its messages to port 25 of your internal server. I could either run on its own host (and listen on any port) or it could run on either mail server (and listen on any port except port 25). Internet -> [ MX gateway (@inter.net.host:25) -> spampd (@localhost:2025) ] -> Internal mail (@private.host.ip:25) =back B =over 3 Please see the F that came with the Postfix distribution. You need to have a version of Postfix which supports this (ideally v.2 and up). Internet -> [ Postfix (@inter.net.host:25) -> spampd (@localhost:10025) -> Postfix (@localhost:10026) ] -> final delivery =back Note that these examples only show incoming mail delivery. Since it is usually unnecessary to scan mail coming from your network (right?), it may be desirable to set up a separate outbound route which bypasses I. =head1 Upgrading If upgrading from a version prior to 2.2, please note that the --add-sc-header option is no longer supported. Use SAs built-in header manipulation features instead (as of SA v2.6). Upgrading from version 1 simply involves replacing the F program file with the latest one. Note that the I folder is no longer being used and the --dead-letters option is no longer needed (though no errors are thrown if it's present). Check the L<"Options"> list below for a full list of new and deprecated options. Also be sure to check out the change log. =head1 Installation I can be run directly from the command prompt if desired. This is useful for testing purposes, but for long term use you probably want to put it somewhere like /usr/bin or /usr/local/bin and execute it at system startup. For example on Red Hat-style Linux system one can use a script in /etc/rc.d/init.d to start I (a sample script is available on the I Web page @ http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm). The options all have reasonable defaults, especially for a Postfix-centric installation. You may want to specify the --children option if you have an especially beefy or weak server box because I is a memory-hungry program. Check the L<"Options"> for details on this and all other parameters. Note that I B I from the I distribution in function. You do not need to run I in order for I to work. This has apparently been the source of some confusion, so now you know. =head2 Postfix-specific Notes Here is a typical setup for Postfix "advanced" content filtering as described in the F that came with the Postfix distribution (which you really need to read): F: smtp inet n - y - - smtpd -o content_filter=smtp:localhost:10025 -o myhostname=mx.example.com localhost:10026 inet n - n - 10 smtpd -o content_filter= -o myhostname=mx-int.example.com The first entry is the main public-facing MTA which uses localhost:10025 as the content filter for all mail. The second entry receives mail from the content filter and does final delivery. Both smtpd instances use the same Postfix F file. I is the process that listens on localhost:10025 and then connects to the Postfix listener on localhost:10026. Note that the C options must be different between the two instances, otherwise Postfix will think it's talking to itself and abort sending. For the above example you can simply start I like this: spampd --host=localhost:10025 --relayhost=localhost:10026 F from the Postfix distro has more details and examples of various setups, including how to skip the content filter for outbound mail. Another tip for Postfix when considering what timeout values to use for --childtimout and --satimeout options is the following command: C<# postconf | grep timeout> This will return a list of useful timeout settings and their values. For explanations see the relevant C page (smtp, smtpd, lmtp). By default I is set up for the default Postfix timeout values. =head1 Options =over 5 =item B<--host=ip[:port] or hostname[:port]> Specifies what hostname/IP and port I listens on. By default, it listens on 127.0.0.1 (localhost) on port 10025. B You should NOT enable I to listen on a public interface (IP address) unless you know exactly what you're doing! =item B<--port=n> Specifies what port I listens on. By default, it listens on port 10025. This is an alternate to using the above --host=ip:port notation. =item B<--relayhost=ip[:port] or hostname[:port]> Specifies the hostname/IP where I will relay all messages. Defaults to 127.0.0.1 (localhost). If the port is not provided, that defaults to 25. =item B<--relayport=n> Specifies what port I will relay to. Default is 25. This is an alternate to using the above --relayhost=ip:port notation. =item B<--user=username> or B<--u=username> =item B<--group=groupname> or B<--g=groupname> Specifies the user and group that the proxy will run as. Default is I/I. =item B<--children=n> or B<--c=n> Number of child servers to start and maintain (where n > 0). Each child will process up to --maxrequests (below) before exiting and being replaced by another child. Keep this number low on systems w/out a lot of memory. Default is 5 (which seems OK on a 512MB lightly loaded system). Note that there is always a parent process running, so if you specify 5 children you will actually have 6 I processes running. You may want to set your origination mail server to limit the number of concurrent connections to I to match this setting (for Postfix this is the C setting where 'xxxx' is the transport being used, usually 'smtp', and the default is 100). =item B<--maxrequests=n> I works by forking child servers to handle each message. The B parameter specifies how many requests will be handled before the child exits. Since a child never gives back memory, a large message can cause it to become quite bloated; the only way to reclaim the memory is for the child to exit. The default is 20. =item B<--childtimeout=n> This is the number of seconds to allow each child server before it times out a transaction. In an S/LMTP transaction the timer is reset for every command. This timeout includes time it would take to send the message data, so it should not be too short. Note that it's more likely the origination or destination mail servers will timeout first, which is fine. This is just a "sane" failsafe. Default is 360 seconds (6 minutes). =item B<--satimeout=n> This is the number of seconds to allow for processing a message with SpamAssassin (including feeding it the message, analyzing it, and adding the headers/report if necessary). This should be less than your origination and destination servers' timeout settings for the DATA command. For Postfix the default is 300 seconds in both cases (smtp_data_done_timeout and smtpd_timeout). In the event of timeout while processing the message, the problem is logged and the message is passed on anyway (w/out spam tagging, obviously). To fail the message with a temp 450 error, see the --dose (die-on-sa-errors) option, below. Default is 285 seconds. =item B<--pid=filename> or B<--p=filename> Specifies a filename where I will write its process ID so that it is easy to kill it later. The directory that will contain this file must be writable by the I user. The default is F. =item B<--logsock=unix or inet> C<(new in v2.20)> Syslog socket to use. May be either "unix" of "inet". Default is "unix" except on HP-UX and SunOS (Solaris) systems which seem to prefer "inet". =item B<--nodetach> C<(new in v2.20)> If this option is given spampd won't detach from the console and fork into the background. This can be useful for running under control of some daemon management tools or when configured as a win32 service under cygrunsrv's control. =item B<--maxsize=n> The maximum message size to send to SpamAssassin, in KBytes. By default messages over 64KB are not scanned at all, and an appropriate message is logged indicating this. The size includes headers and attachments (if any). =item B<--dose> Acronym for (d)ie (o)n (s)pamAssassin (e)rrors. By default if I encounters a problem with processing the message through Spam Assassin (timeout or other error), it will still pass the mail on to the destination server. If you specify this option however, the mail is instead rejected with a temporary error (code 450, which means the origination server should keep retrying to send it). See the related --satimeout option, above. =item B<--tagall> or B<--a> Tells I to have SpamAssassin add headers to all scanned mail, not just spam. By default I will only rewrite messages which exceed the spam threshold score (as defined in the SA settings). Note that for this option to work as of SA-2.50, the I and/or I settings in your SpamAssassin F need to be set to 1/true. =item B<--log-rules-hit> or B<--rh> Logs the names of each SpamAssassin rule which matched the message being processed. This list is returned by SA. =item B<--set-envelope-headers> or B<--seh> C<(new in v2.30)> Turns on addition of X-Envelope-To and X-Envelope-From headers to the mail being scanned before it is passed to SpamAssassin. The idea is to help SA process any blacklist/whitelist to/from directives on the actual sender/recipients instead of the possibly bogus envelope headers. This potentially exposes the list of all recipients of that mail (even BCC'ed ones). Therefore usage of this option is discouraged. I: Even though spampd tries to prevent this leakage by removing the X-Envelope-To header after scanning, SpamAssassin itself might add headers itself which report one or more of the recipients which had been listed in this header. =item B<--set-envelope-from> or B<--sef> C<(new in v2.30)> Same as above option but only enables the addition of X-Envelope-From header. For those that don't feel comfortable with the possible information exposure of X-Envelope-To. The above option overrides this one. =item B<--auto-whitelist> or B<--aw> This option is no longer relevant with SA version 3.0 and above, which controls auto whitelist use via local.cf settings. For SA version < 3.0, turns on the SpamAssassin global whitelist feature. See the SA docs. Note that per-user whitelists are not available. =item B<--local-only> or B<--L> Turn off all SA network-based tests (DNS, Razor, etc). =item B<--debug> or B<--d> Turns on SpamAssassin debug messages which print to the system mail log (same log as spampd will log to). Also turns on more verbose logging of what spampd is doing (new in v2). Also increases log level of Net::Server to 4 (debug), adding yet more info (but not too much) (new in v2.2). =item B<--help> or B<--h> Prints usage information. =back =head2 Deprecated Options =over 5 The following options are no longer used but still accepted for backwards compatibility with prevoius I versions: =item B<--dead-letters> =item B<--heloname> =item B<--stop-at-threshold> =item B<--add-sc-header> =item B<--hostname> =back =head1 Examples =over 5 =item Running between firewall/gateway and internal mail server I listens on port 10025 on the same host as the internal mail server. spampd --host=192.168.1.10 Same as above but I runs on port 10025 of the same host as the firewall/gateway and passes messages on to the internal mail server on another host. spampd --relayhost=192.168.1.10 =item Using Postfix advanced content filtering example and the SA auto-whitelist feature spampd --port=10025 --relayhost=127.0.0.1:10026 --auto-whitelist =back =head1 Credits I is written and maintained by Maxim Paperno . See http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm for latest info. I v2 uses two Perl modules by Bennett Todd and Copyright (C) 2001 Morgan Stanley Dean Witter. These are distributed under the GNU GPL (see module code for more details). Both modules have been slightly modified from the originals and are included in this file under new names. Also thanks to Bennett Todd for the example smtpproxy script which helped create this version of I. See http://bent.latency.net/smtpprox/ . I v1 was based on code by Dave Carrigan named I. Trace amounts of his code or documentation may still remain. Thanks to him for the original inspiration and code. See http://www.rudedog.org/assassind/ . Also thanks to I (included with SpamAssassin) and I (http://www.ijs.si/software/amavisd/) for some tricks. Various people have contributed patches, bug reports, and ideas, all of whom I would like to thank. I have tried to include credits in code comments and in the change log, as appropriate. =head2 Code Contributors (in order of appearance): Kurt Andersen Roland Koeckel Urban Petry Sven Mueller =head1 Copyright, License, and Disclaimer I is Copyright (c) 2002 by World Design Group, Inc. and Maxim Paperno. Portions are Copyright (C) 2001 Morgan Stanley Dean Witter as mentioned above in the Credits section. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. The GNU GPL can be found at http://www.fsf.org/copyleft/gpl.html =head1 Bugs None known. Please report any to MPaperno@WorldDesign.com. =head1 To Do Figure out how to use Net::Server::PreFork because it has cool potential for load management. I tried but either I'm missing something or PreFork is somewhat broken in how it works. If anyone has experience here, please let me know. Add configurable option for rejecting mail outright based on spam score. It would be nice to make this program safe enough to sit in front of a mail server such as Postfix and be able to reject mail before it enters our systems. The only real problem is that Postfix will see localhost as the connecting client, so that disables any client-based checks Postfix can do and creates a possible relay hole if localhost is trusted. =head1 See Also perl(1), Spam::Assassin(3), L, L spampd-2.62/previous-versions/spampd-2.32.pl000066400000000000000000001522311472556702500206750ustar00rootroot00000000000000#!/usr/bin/perl -T ###################### # SpamPD - spam proxy daemon # # v2.32 - 02-Feb-06 # v2.30 - 31-Oct-05 # v2.21 - 23-Oct-05 # v2.20 - 05-Oct-04 # v2.13 - 24-Nov-03 # v2.12 - 15-Nov-03 # v2.11 - 15-Jul-03 # v2.10 - 01-Jul-03 # v2.00 - 10-Jun-03 # v1.0.2 - 13-Apr-03 # v1.0.1 - 03-Feb-03 # v1.0.0 - May 2002 # # spampd is Copyright (c) 2002 by World Design Group and Maxim Paperno # (see http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm) # # Written and maintained by Maxim Paperno (MPaperno@WorldDesign.com) # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # The GNU GPL can be found at http://www.fsf.org/copyleft/gpl.html # # spampd v2 uses two Perl modules by Bennett Todd and Copyright (C) 2001 Morgan # Stanley Dean Witter. These are also distributed under the GNU GPL (see # module code for more details). Both modules have been slightly modified # from the originals and are included in this file under new names. # # spampd v1 was based on code by Dave Carrigan named assassind. Trace amounts # of his code or documentation may still remain. Thanks to him for the # original inspiration and code. (see http://www.rudedog.org/assassind/) # ###################### ################################################################################ package SpamPD::Server; # Originally known as MSDW::SMTP::Server # # This code is Copyright (C) 2001 Morgan Stanley Dean Witter, and # is distributed according to the terms of the GNU Public License # as found at . # # Modified for use in SpamPD by Maxim Paperno (June, 2003) # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # Written by Bennett Todd # =item DESCRIPTION # # This server simply gathers the SMTP acquired information (envelope # sender and recipient, and data) into unparsed memory buffers (or a # file for the data), and returns control to the caller to explicitly # acknowlege each command or request. Since acknowlegement or failure # are driven explicitly from the caller, this module can be used to # create a robust SMTP content scanning proxy, transparent or not as # desired. # # =cut use strict; use IO::File; #use IO::Socket; # =item new(interface => $interface, port => $port); # The #interface and port to listen on must be specified. The interface # must be a valid numeric IP address (0.0.0.0 to listen on all # interfaces, as usual); the port must be numeric. If this call # succeeds, it returns a server structure with an open # IO::Socket::INET in it, ready to listen on. If it fails it dies, so # if you want anything other than an exit with an explanatory error # message, wrap the constructor call in an eval block and pull the # error out of $@ as usual. This is also the case for all other # methods; they succeed or they die. # # =cut sub new { # This now emulates Net::SMTP::Server::Client for use with Net::Server which # passes an already open socket. my($this, $socket) = @_; my $class = ref($this) || $this; my $self = {}; $self->{sock} = $socket; bless($self, $class); die "$0: socket bind failure: $!\n" unless defined $self->{sock}; $self->{state} = 'started'; return $self; # Original code, removed by MP for spampd use # # my ($this, @opts) = @_; # my $class = ref($this) || $this; # my $self = bless { @opts }, $class; # $self->{sock} = IO::Socket::INET->new( # LocalAddr => $self->{interface}, # LocalPort => $self->{port}, # Proto => 'tcp', # Type => SOCK_STREAM, # Listen => 65536, # Reuse => 1, # ); # die "$0: socket bind failure: $!\n" unless defined $self->{sock}; # $self->{state} = 'just bound', # return $self; } # sub accept { } # # Removed by MP; not needed for spampd use # # =item chat; # # The chat method carries the SMTP dialogue up to the point where any # acknowlegement must be made. If chat returns true, then its return # value is the previous SMTP command. If the return value begins with # 'mail' (case insensitive), then the attribute 'from' has been filled # in, and may be checked; if the return value begins with 'rcpt' then # both from and to have been been filled in with scalars, and should # be checked, then either 'ok' or 'fail' should be called to accept # or reject the given sender/recipient pair. If the return value is # 'data', then the attributes from and to are populated; in this case, # the 'to' attribute is a reference to an anonymous array containing # all the recipients for this data. If the return value is '.', then # the 'data' attribute (which may be pre-populated in the "new" or # "accept" methods if desired) is a reference to a filehandle; if it's # created automatically by this module it will point to an unlinked # tmp file in /tmp. If chat returns false, the SMTP dialogue has been # completed and the socket closed; this server is ready to exit or to # accept again, as appropriate for the server style. # # The return value from chat is also remembered inside the server # structure in the "state" attribute. # # =cut sub chat { my ($self) = @_; local(*_); if ($self->{state} !~ /^data/i) { return 0 unless defined($_ = $self->_getline); s/[\r\n]*$//; $self->{state} = $_; if (s/^.?he?lo\s+//i) { # mp: find helo|ehlo|lhlo # mp: determine protocol (for future use) if ( /^L/i ) { $self->{proto} = "lmtp"; } elsif ( /^E/i ) { $self->{proto} = "esmtp"; } else { $self->{proto} = "smtp"; } s/\s*$//; s/\s+/ /g; $self->{helo} = $_; } elsif (s/^rset\s*//i) { delete $self->{to}; delete $self->{data}; delete $self->{recipients}; } elsif (s/^mail\s+from:\s*//i) { delete $self->{to}; delete $self->{data}; delete $self->{recipients}; s/\s*$//; $self->{from} = $_; } elsif (s/^rcpt\s+to:\s*//i) { s/\s*$//; s/\s+/ /g; $self->{to} = $_; push @{$self->{recipients}}, $_; } elsif (/^data/i) { $self->{to} = $self->{recipients}; } } else { if (defined($self->{data})) { $self->{data}->seek(0, 0); $self->{data}->truncate(0); } else { $self->{data} = IO::File->new_tmpfile; } while (defined($_ = $self->_getline)) { if ($_ eq ".\r\n") { $self->{data}->seek(0,0); return $self->{state} = '.'; } s/^\.\./\./; $self->{data}->print($_) or die "$0: write error saving data\n"; } return(0); } return $self->{state}; } # =item ok([message]); # # Approves of the data given to date, either the recipient or the # data, in the context of the sender [and, for data, recipients] # already given and available as attributes. If a message is given, it # will be sent instead of the internal default. # # =cut sub ok { my ($self, @msg) = @_; @msg = ("250 ok.") unless @msg; $self->_print("@msg\r\n") or die "$0: write error acknowledging $self->{state}: $!\n"; } # =item fail([message]); # # Rejects the current info; if processing from, rejects the sender; if # processing 'to', rejects the current recipient; if processing data, # rejects the entire message. If a message is specified it means the # exact same thing as "ok" --- simply send that message to the sender. # # =cut sub fail { my ($self, @msg) = @_; @msg = ("550 no.") unless @msg; $self->_print("@msg\r\n") or die "$0: write error acknowledging $self->{state}: $!\n"; } # utility functions sub _getline { my ($self) = @_; local ($/) = "\r\n"; my $tmp = $self->{sock}->getline; if ( defined $self->{debug} ) { $self->{debug}->print($tmp) if ($tmp); } return $tmp; } sub _print { my ($self, @msg) = @_; $self->{debug}->print(@msg) if defined $self->{debug}; $self->{sock}->print(@msg); } 1; ################################################################################ package SpamPD::Client; # Originally known as MSDW::SMTP::Client # # This code is Copyright (C) 2001 Morgan Stanley Dean Witter, and # is distributed according to the terms of the GNU Public License # as found at . # # Modified for use in SpamPD by Maxim Paperno (June, 2003) # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # Written by Bennett Todd # =head1 DESCRIPTION # # MSDW::SMTP::Client provides a very lean SMTP client implementation; # the only protocol-specific knowlege it has is the structure of SMTP # multiline responses. All specifics lie in the hands of the calling # program; this makes it appropriate for a semi-transparent SMTP # proxy, passing commands between a talker and a listener. # # =cut use strict; use IO::Socket; # =item new(interface => $interface, port => $port[, timeout = 300]); # # The interface and port to talk to must be specified. The interface # must be a valid numeric IP address; the port must be numeric. If # this call succeeds, it returns a client structure with an open # IO::Socket::INET in it, ready to talk to. If it fails it dies, # so if you want anything other than an exit with an explanatory # error message, wrap the constructor call in an eval block and pull # the error out of $@ as usual. This is also the case for all other # methods; they succeed or they die. The timeout parameter is passed # on into the IO::Socket::INET constructor. # # =cut sub new { my ($this, @opts) = @_; my $class = ref($this) || $this; my $self = bless { timeout => 300, @opts }, $class; $self->{sock} = IO::Socket::INET->new( PeerAddr => $self->{interface}, PeerPort => $self->{port}, Timeout => $self->{timeout}, Proto => 'tcp', Type => SOCK_STREAM, ); die "$0: socket connect failure: $!\n" unless defined $self->{sock}; return $self; } # =item hear # # hear collects a complete SMTP response and returns it with trailing # CRLF removed; for multi-line responses, intermediate CRLFs are left # intact. Returns undef if EOF is seen before a complete reply is # collected. # # =cut sub hear { my ($self) = @_; my ($tmp, $reply); return undef unless $tmp = $self->{sock}->getline; while ($tmp =~ /^\d{3}-/) { $reply .= $tmp; return undef unless $tmp = $self->{sock}->getline; } $reply .= $tmp; $reply =~ s/\r\n$//; return $reply; } # =item say("command text") # # say sends an SMTP command, appending CRLF. # # =cut sub say { my ($self, @msg) = @_; return unless @msg; $self->{sock}->print("@msg", "\r\n") or die "$0: write error: $!"; } # =item yammer(FILEHANDLE) # # yammer takes a filehandle (which should be positioned at the # beginning of the file, remember to $fh->seek(0,0) if you've just # written it) and sends its contents as the contents of DATA. This # should only be invoked after a $client->say("data") and a # $client->hear to collect the reply to the data command. It will send # the trailing "." as well. It will perform leading-dot-doubling in # accordance with the SMTP protocol spec, where "leading dot" is # defined in terms of CR-LF terminated lines --- i.e. the data should # contain CR-LF data without the leading-dot-quoting. The filehandle # will be left at EOF. # # =cut sub yammer { my ($self, $fh) = (@_); local (*_); local ($/) = "\r\n"; $self->{sock}->autoflush(0); # use less writes (thx to Sam Horrocks for the tip) while (<$fh>) { s/^\./../; $self->{sock}->print($_) or die "$0: write error: $!\n"; } $self->{sock}->autoflush(1); # restore unbuffered socket operation $self->{sock}->print(".\r\n") or die "$0: write error: $!\n"; } 1; ################################################################################ package SpamPD; use strict; use Net::Server::PreForkSimple; use IO::File; use Getopt::Long; use Mail::SpamAssassin; BEGIN { # Load Time::HiRes if it's available eval { require Time::HiRes }; Time::HiRes->import( qw(time) ) unless $@; # use included modules import SpamPD::Server; import SpamPD::Client; } use vars qw(@ISA $VERSION); our @ISA = qw(Net::Server::PreForkSimple); our $VERSION = '2.30'; sub process_message { my ($self, $fh) = @_; # output lists with a , delimeter by default local ($") = ","; # start a timer my $start = time; # use the assassin object created during startup my $assassin = $self->{spampd}->{assassin}; my $sa_version = Mail::SpamAssassin::Version(); # $sa_version can have a non-numeric value if version_tag is # set in local.cf. Only take first numeric value $sa_version =~ s/([0-9]*\.[0-9]*).*/$1/; # this gets info about the message temp file my $size = ($fh->stat)[7] or die "Can't stat mail file: $!"; # Only process message under --maxsize KB if ( $size < ($self->{spampd}->{maxsize} * 1024) ) { my (@msglines, $msgid, $sender, $recips, $tmp, $mail, $msg_resp); my $inhdr = 1; my $envfrom = 0; my $envto = 0; my $addedenvto = 0; $recips = "@{$self->{smtp_server}->{to}}"; if ("$self->{smtp_server}->{from}" =~ /(\<.*?\>)/ ) {$sender = $1;} $recips ||= "(unknown)"; $sender ||= "(unknown)"; ## read message into array of lines to feed to SA # loop over message file content $fh->seek(0,0) or die "Can't rewind message file: $!"; while (<$fh>) { $envto = 1 if (/^(?:X-)?Envelope-To: /); $envfrom = 1 if (/^(?:X-)?Envelope-From: /); if ( (/^\r?\n$/) && ($inhdr ==1) ) { $inhdr = 0; # outside of msg header after first blank line if ( ( $self->{spampd}->{envelopeheaders} || $self->{spampd}->{setenvelopefrom} ) && $envfrom == 0 ) { push(@msglines, "X-Envelope-From: $sender\r\n"); if ( $self->{spampd}->{debug} ) { $self->mylog(2, "Added X-Envelope-From"); } } if ( $self->{spampd}->{envelopeheaders} && $envto == 0 ) { push(@msglines, "X-Envelope-To: $recips\r\n"); $addedenvto = 1; if ( $self->{spampd}->{debug} ) { $self->mylog(2, "Added X-Envelope-To"); } } } push(@msglines, $_); # find the Message-ID for logging (code is mostly from spamd) if ( $inhdr && /^Message-Id:\s+(.*?)\s*$/i ) { $msgid = $1; while ( $msgid =~ s/\([^\(\)]*\)// ) { } # remove comments and $msgid =~ s/^\s+|\s+$//g; # leading and trailing spaces $msgid =~ s/\s+/ /g; # collapse whitespaces $msgid =~ s/^.*?<(.*?)>.*$/$1/; # keep only the id itself $msgid =~ s/[^\x21-\x7e]/?/g; # replace all weird chars $msgid =~ s/[<>]/?/g; # plus all dangling angle brackets $msgid =~ s/^(.+)$/<$1>/; # re-bracket the id (if not empty) } } $msgid ||= "(unknown)"; $self->mylog(2, "processing message $msgid for ". $recips); eval { local $SIG{ALRM} = sub { die "Timed out!\n" }; # save previous timer and start new my $previous_alarm = alarm($self->{spampd}->{satimeout}); # Audit the message if ($sa_version >= 3) { $mail = $assassin->parse(\@msglines, 0); undef @msglines; #clear some memory-- this screws up SA < v3 } elsif ($sa_version >= 2.70) { $mail = Mail::SpamAssassin::MsgParser->parse(\@msglines); } else { $mail = Mail::SpamAssassin::NoMailAudit->new ( data => \@msglines ); } # Check spamminess (returns Mail::SpamAssassin:PerMsgStatus object) my $status = $assassin->check($mail); if ( $self->{spampd}->{debug} ) { $self->mylog(2, "Returned from checking by SpamAssassin"); } # Rewrite mail if high spam factor or options --tagall if ( $status->is_spam || $self->{spampd}->{tagall} ) { if ( $self->{spampd}->{debug} ) { $self->mylog(2, "Rewriting mail using SpamAssassin"); } # use Mail::SpamAssassin:PerMsgStatus object to rewrite message if ( $sa_version >= 3 ) { $msg_resp = $status->rewrite_mail; } else { # SA versions prior to 3 need to get the response in a different manner $status->rewrite_mail; $msg_resp = join '', $mail->header, "\r\n", @{$mail->body}; } # Build the new message to relay # pause the timeout alarm while we do this (no point in timing # out here and leaving a half-written file). my @resplines = split(/\r?\n/, $msg_resp); my $pause_alarm = alarm(0); my $inhdr = 1; my $skipline = 0; $fh->seek(0,0) or die "Can't rewind message file: $!"; $fh->truncate(0) or die "Can't truncate message file: $!"; my $arraycont = @resplines; for ( 0..($arraycont-1) ) { $inhdr=0 if ($resplines[$_] =~ m/^\r?\n$/); # if we are still in the header, skip over any # "X-Envelope-To: " line if we have previously added it. if ( $inhdr == 1 && $addedenvto == 1 && $resplines[$_] =~ m/^X-Envelope-To: .*$/) { $skipline = 1; if ( $self->{spampd}->{debug} ) { $self->mylog(2, "Removing X-Envelope-To"); } } if (! $skipline) { $fh->print($resplines[$_] . "\r\n") or die "Can't print to message file: $!"; } else { $skipline = 0; } } #restart the alarm alarm($pause_alarm); } # Log what we did my $was_it_spam = 'clean message'; if ($status->is_spam) { $was_it_spam = 'identified spam'; } my $msg_score = sprintf("%.2f",$status->get_hits); my $msg_threshold = sprintf("%.2f",$status->get_required_hits); my $proc_time = sprintf("%.2f", time - $start); $self->mylog(2, "$was_it_spam $msgid ($msg_score/$msg_threshold) from $sender for ". "$recips in ". $proc_time . "s, $size bytes."); # thanks to Kurt Andersen for this idea if ( $self->{spampd}->{rh} ) { $self->mylog(2, "rules hit for $msgid: " . $status->get_names_of_tests_hit); } $status->finish(); $mail->finish(); # set the timeout alarm back to wherever it was at alarm($previous_alarm); }; if ( $@ ne '' ) { $self->mylog(1, "WARNING!! SpamAssassin error on message $msgid: $@"); return 0; } } else { $self->mylog(2, "skipped large message (". $size / 1024 ."KB)"); } return 1; } sub process_request { my $self = shift; my $msg; eval { local $SIG{ALRM} = sub { die "Child server process timed out!\n" }; my $timeout = $self->{spampd}->{childtimeout}; # start a timeout alarm alarm($timeout); # start an smtp server my $smtp_server = SpamPD::Server->new($self->{server}->{client}); unless ( defined $smtp_server ) { die "Failed to create listening Server: $!"; } $self->{smtp_server} = $smtp_server; if ( $self->{spampd}->{debug} ) { $self->mylog(2, "Initiated Server"); } # start an smtp "client" (really a sending server) my $client = SpamPD::Client->new(interface => $self->{spampd}->{relayhost}, port => $self->{spampd}->{relayport}); unless ( defined $client ) { die "Failed to create sending Client: $!"; } if ( $self->{spampd}->{debug} ) { $self->mylog(2, "Initiated Client"); } # pass on initial client response # $client->hear can handle multiline responses so no need to loop $smtp_server->ok($client->hear) or die "Error in initial server->ok(client->hear): $!"; if ( $self->{spampd}->{debug} ) { $self->mylog(2, "smtp_server state: '" . $smtp_server->{state} . "'"); } # while loop over incoming data from the server while ( my $what = $smtp_server->chat ) { if ( $self->{spampd}->{debug} ) { $self->mylog(2, "smtp_server state: '" . $smtp_server->{state} . "'"); } # until end of DATA is sent, just pass the commands on transparently if ($what ne '.') { $client->say($what) or die "Failure in client->say(what): $!"; # but once the data is sent now we want to process it } else { # spam checking routine - message might be rewritten here my $pmrescode = $self->process_message($smtp_server->{data}); # pass on the messsage if exit code <> 0 or die-on-sa-errors flag is off if ( $pmrescode or !$self->{spampd}->{dose} ) { # need to give the client a rewound file $smtp_server->{data}->seek(0,0) or die "Can't rewind mail file: $!"; # now send the data on through the client $client->yammer($smtp_server->{data}) or die "Failure in client->yammer(smtp_server->{data}): $!"; } else { $smtp_server->ok("450 Temporary failure processing message, please try again later"); last; } #close the temp file $smtp_server->{data}->close or $self->mylog(1, "WARNING!! Couldn't close smtp_server->{data} temp file: $!"); if ( $self->{spampd}->{debug} ) { $self->mylog(2, "Finished sending DATA"); } } # pass on whatever the relayhost said in response # $client->hear can handle multiline responses so no need to loop my $destresp = $client->hear; $smtp_server->ok($destresp) or die "Error in server->ok(client->hear): $!"; if ( $self->{spampd}->{debug} ) { $self->mylog(2, "Destination response: '" . $destresp . "'"); } # if we're in data state but the response is an error, exit data state. # Shold not normally occur, but can happen. Thanks to Rodrigo Ventura for bug reports. if ( $smtp_server->{state} =~ /^data/i and $destresp =~ /^[45]\d{2} / ) { $smtp_server->{state} = "err_after_data"; if ( $self->{spampd}->{debug} ) { $self->mylog(2, "Destination response indicates error after DATA command"); } } # restart the timeout alarm alarm($timeout); } # server ends connection # close connections $client->{sock}->close or die "Couldn't close client->{sock}: $!"; $smtp_server->{sock}->close or die "Couldn't close smtp_server->{sock}: $!"; if ( $self->{spampd}->{debug} ) { $self->mylog(2, "Closed connections"); } }; # end eval block alarm(0); # stop the timer # check for error in eval block if ($@ ne '') { chomp($@); $msg = "WARNING!! Error in process_request eval block: $@"; $self->mylog(0, $msg); die ($msg . "\n"); } $self->{spampd}->{instance}++; } # Net::Server hook # about to exit child process sub child_finish_hook { my($self) = shift; if ( $self->{spampd}->{debug} ) { $self->mylog(2, "Exiting child process after handling ". $self->{spampd}->{instance} ." requests"); } } # older Net::Server versions (<= 0.87) die when logging a % character to Sys::Syslog sub mylog($$$) { my ($self, $level, $msg) = @_; $msg =~ s/\%/%%/g; $self->log($level, $msg); } ################## SETUP ###################### my $relayhost = '127.0.0.1'; # relay to ip my $relayport = 25; # relay to port my $host = '127.0.0.1'; # listen on ip my $port = 10025; # listen on port my $children = 5; # number of child processes (servers) to spawn at start # my $maxchildren = $children; # max. number of child processes (servers) to spawn my $maxrequests = 20; # max requests handled by child b4 dying my $childtimeout = 6*60; # child process per-command timeout in seconds my $satimeout = 285; # SpamAssassin timeout in seconds (15s less than Postfix # default for smtp_data_done_timeout) my $pidfile = '/var/run/spampd.pid'; # write pid to file my $user = 'mail'; # user to run as my $group = 'mail'; # group to run as my $tagall = 0; # mark-up all msgs with SA, not just spam my $maxsize = 64; # max. msg size to scan with SA, in KB. my $rh = 0; # log which rules were hit my $debug = 0; # debug flag my $dose = 0; # die-on-sa-errors flag my $logsock = "unix"; # default log socket (some systems like 'inet') my $nsloglevel = 2; # default log level for Net::Server (in the range 0-4) my $background = 1; # specifies whether to 'daemonize' and fork into background; # apparently useful under Win32/cygwin to disable this via # --nodetach option; my $envelopeheaders = 0; # Set X-Envelope-To and X-Envelope-From headers in the mail before # passing it to spamassassin. Set to 1 to enable this. my $setenvelopefrom = 0; # Set X-Envelope-From header only my $saconfigfile = ""; # use this config file for SA settings (blank uses default local.cf) my $home_dir = '/var/spool/spamassassin/spampd'; # home directory for SA files # (auto-whitelist, plugin helpers) my %options = (port => \$port, host => \$host, relayhost => \$relayhost, relayport => \$relayport, pid => \$pidfile, user => \$user, group => \$group, maxrequests => \$maxrequests, maxsize => \$maxsize, childtimeout => \$childtimeout, satimeout => \$satimeout, children => \$children, # maxchildren => \$maxchildren, logsock => \$logsock, envelopeheaders => \$envelopeheaders, setenvelopefrom => \$setenvelopefrom, saconfigfile => \$saconfigfile, homedir => \$homedir, ); usage(1) unless GetOptions(\%options, 'port=i', 'host=s', 'relayhost=s', 'relayport=i', 'children|c=i', # 'maxchildren|mc=i', 'maxrequests|mr=i', 'childtimeout=i', 'satimeout=i', 'dead-letters=s', # deprecated 'user|u=s', 'group|g=s', 'pid|p=s', 'maxsize=i', 'heloname=s', # deprecated 'tagall|a', 'auto-whitelist|aw', 'stop-at-threshold', # deprecated 'debug|d', 'help|h|?', 'local-only|l', 'log-rules-hit|rh', 'dose', 'add-sc-header|ash', # deprecated 'hostname=s', # deprecated 'logsock=s', 'nodetach', 'set-envelope-headers|seh', 'set-envelope-from|sef', 'saconfig=s', 'homedir=s', ); usage(0) if $options{help}; if ( $logsock !~ /^(unix|inet)$/ ) { print "--logsock parameter needs to be either unix or inet\n\n"; usage(0); } if ( $options{tagall} ) { $tagall = 1; } if ( $options{'log-rules-hit'} ) { $rh = 1; } if ( $options{debug} ) { $debug = 1; $nsloglevel = 4; } if ( $options{dose} ) { $dose = 1; } if ( $options{'nodetach'} ) { $background = undef; } if ( $options{'set-envelope-headers'} ) { $envelopeheaders = 1; } if ( $options{'set-envelope-from'} ) { $setenvelopefrom = 1; } if ( $options{'saconfig'} ) { $saconfigfile = $options{'saconfig'}; } if ( $options{'homedir'} ) { $homedir = $options{'homedir'}; } # if ( !$options{maxchildren} or $maxchildren < $children ) { $maxchildren = $children; } if ( $children < 1 ) { print "Option --children must be greater than zero!\n"; exit shift; } # my $min_spare_servers = ($children == $maxchildren) ? 0 : 1; # my $max_spare_servers = ($min_spare_servers == 0) ? 0 : $maxchildren-1; my @tmp = split (/:/, $relayhost); $relayhost = $tmp[0]; if ( $tmp[1] ) { $relayport = $tmp[1]; } @tmp = split (/:/, $host); $host = $tmp[0]; if ( $tmp[1] ) { $port = $tmp[1]; } my $sa_options = { 'dont_copy_prefs' => 1, 'debug' => $debug, 'local_tests_only' => $options{'local-only'} || 0, 'home_dir_for_helpers' => $home_dir, 'userstate_dir' => $home_dir }; my $use_user_prefs = 0; if ( $saconfigfile != "" ) { $sa_options->{ 'userprefs_filename' } = $saconfigfile; $use_user_prefs = 1; } #cleanup environment before starting SA (thanks to Alexander Wirt) $ENV{'PATH'} = '/bin:/usr/bin:/sbin:/usr/sbin'; delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV', 'HOME'}; my $assassin = Mail::SpamAssassin->new($sa_options); $options{'auto-whitelist'} and eval { require Mail::SpamAssassin::DBBasedAddrList; # create a factory for the persistent address list my $addrlistfactory = Mail::SpamAssassin::DBBasedAddrList->new(); $assassin->set_persistent_address_list_factory ($addrlistfactory); }; $assassin->compile_now($use_user_prefs); # thanks to Kurt Andersen for the 'uname -s' fix if ( !$options{logsock} ) { eval { my $osname = `uname -s`; if (($osname =~ 'HP-UX') || ($osname =~ 'SunOS')) { $logsock = "inet"; } }; } my $server = bless { server => {host => $host, port => [ $port ], log_file => 'Sys::Syslog', log_level => $nsloglevel, syslog_logsock => $logsock, syslog_ident => 'spampd', syslog_facility => 'mail', background => $background, # setsid => 1, pid_file => $pidfile, user => $user, group => $group, max_servers => $children, max_requests => $maxrequests, # min_servers => $children, # max_servers => $maxchildren, # min_spare_servers => $min_spare_servers, # max_spare_servers => $max_spare_servers, }, spampd => { relayhost => $relayhost, relayport => $relayport, tagall => $tagall, maxsize => $maxsize, assassin => $assassin, childtimeout => $childtimeout, satimeout => $satimeout, rh => $rh, debug => $debug, dose => $dose, instance => 0, envelopeheaders => $envelopeheaders, setenvelopefrom => $setenvelopefrom, }, }, 'SpamPD'; # Redirect all warnings to Server::log $SIG{__WARN__} = sub { $server->log (2, $_[0]); }; # call Net::Server to start up the daemon inside $server->run; exit 1; # shouldn't get here sub usage { print < 3.0 now control this via local.cf). --local-only or -L Turn off all SA network-based tests (RBL, Razor, etc). --homedir=path Use the specified directory as home directory for the SpamAssassin process. Default is /var/spool/spamassassin/spampd --saconfig=filename Use the specified file for loading SA configuration options after the default local.cf file. --debug or -d Turn on SA debugging (sent to log file). --help or -h or -? This message Deprecated Options (still accepted for backwards compatibility): --heloname=hostname No longer used in spampd v.2 --dead-letters=path No longer used in spampd v.2 --stop-at-threshold No longer implemented in SpamAssassin EOF # --maxchildren=n Maximum number of child processes (servers) to # run. Default is the value of --children. exit shift; } __END__ # Some commented-out documentation. POD doesn't have a way to comment # out sections!? This documents a feature which may be implemented later. # # =item B<--maxchildren=n> or B<--mc=n> # # Maximum number of children to spawn if needed (where n >= --children). When # I starts it will spawn a number of child servers as specified by # --children. If all those servers become busy, a new child is spawned up to the # number specified in --maxchildren. Default is to have --maxchildren equal to # --children so extra child processes aren't started. Also see the --children # option, above. You may want to set your origination mail server to limit the # number of concurrent connections to I to match this setting (for # Postfix this is the C setting where # 'xxxx' is the transport being used, usually 'smtp', and the default is 100). # # Note that extra servers after the initial --children will only spawn on very # busy systems. This is because the check to see if a new server is needed (ie. # all current ones are busy) is only done around once per minute (this is # controlled by the Net::Server::PreFork module, in case you want to # hack at it :). It can still be useful as an "overflow valve," and is # especially nice since the extra child servers will die off once they're not # needed. =pod =head1 NAME SpamPD - Spam Proxy Daemon (version 2.2) =head1 Synopsis B [B<--host=host[:port]>] [B<--relayhost=hostname[:port]>] [B<--user|u=username>] [B<--group|g=groupname>] [B<--children|c=n>] #[B<--maxchildren|mc=n>] [B<--maxrequests=n>] [B<--childtimeout=n>] [B<--satimeout=n>] [B<--pid|p=filename>] [B<--nodetach>] [B<--logsock=inet|unix>] [B<--maxsize=n>] [B<--dose>] [B<--tagall|a>] [B<--log-rules-hit|rh>] [B<--set-envelope-headers|seh>] [B<--set-envelope-from|sef>] [B<--auto-whitelist|aw>] [B<--local-only|L>] [B<--saconfig=filename>] [B<--debug|d>] B B<--help> =head1 Description I is an SMTP/LMTP proxy that marks (or tags) spam using SpamAssassin (http://www.SpamAssassin.org/). The proxy is designed to be transparent to the sending and receiving mail servers and at no point takes responsibility for the message itself. If a failure occurs within I (or SpamAssassin) then the mail servers will disconnect and the sending server is still responsible for retrying the message for as long as it is configured to do so. I uses SpamAssassin to modify (tag) relayed messages based on their spam score, so all SA settings apply. This is described in the SA documentation. I will by default only tell SA to tag a message if it exceeds the spam threshold score, however you can have it rewrite all messages passing through by adding the --tagall option (see SA for how non-spam messages are tagged). I logs all aspects of its operation to syslog(8), using the mail syslog facility. The latest version can be found at L. =head1 Requires =over 5 Perl modules: =item B =item B =item B =item B =item B (not actually required but recommended) =back =head1 Operation I is meant to operate as an S/LMTP mail proxy which passes each message through SpamAssassin for analysis. Note that I does not do anything other than check for spam, so it is not suitable as an anti-relay system. It is meant to work in conjunction with your regular mail system. Typically one would pipe any messages they wanted scanned through I after initial acceptance by your MX host. This is especially useful for using Postfix's (http://www.postfix.org) advanced content filtering mechanism, although certainly not limited to that application. Please re-read the second sentence in the above paragraph. You should NOT enable I to listen on a public interface (IP address) unless you know exactly what you're doing! It is very easy to set up an open relay this way. Here are some simple examples (square brackets in the "diagrams" indicate physical machines): B =over 3 The firewall/gateway MTA would be configured to forward all of its mail to the port that I listens on, and I would relay its messages to port 25 of your internal server. I could either run on its own host (and listen on any port) or it could run on either mail server (and listen on any port except port 25). Internet -> [ MX gateway (@inter.net.host:25) -> spampd (@localhost:2025) ] -> Internal mail (@private.host.ip:25) =back B =over 3 Please see the F that came with the Postfix distribution. You need to have a version of Postfix which supports this (ideally v.2 and up). Internet -> [ Postfix (@inter.net.host:25) -> spampd (@localhost:10025) -> Postfix (@localhost:10026) ] -> final delivery =back Note that these examples only show incoming mail delivery. Since it is usually unnecessary to scan mail coming from your network (right?), it may be desirable to set up a separate outbound route which bypasses I. =head1 Upgrading If upgrading from a version prior to 2.2, please note that the --add-sc-header option is no longer supported. Use SAs built-in header manipulation features instead (as of SA v2.6). Upgrading from version 1 simply involves replacing the F program file with the latest one. Note that the I folder is no longer being used and the --dead-letters option is no longer needed (though no errors are thrown if it's present). Check the L<"Options"> list below for a full list of new and deprecated options. Also be sure to check out the change log. =head1 Installation I can be run directly from the command prompt if desired. This is useful for testing purposes, but for long term use you probably want to put it somewhere like /usr/bin or /usr/local/bin and execute it at system startup. For example on Red Hat-style Linux system one can use a script in /etc/rc.d/init.d to start I (a sample script is available on the I Web page @ http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm). The options all have reasonable defaults, especially for a Postfix-centric installation. You may want to specify the --children option if you have an especially beefy or weak server box because I is a memory-hungry program. Check the L<"Options"> for details on this and all other parameters. Note that I B I from the I distribution in function. You do not need to run I in order for I to work. This has apparently been the source of some confusion, so now you know. =head2 Postfix-specific Notes Here is a typical setup for Postfix "advanced" content filtering as described in the F that came with the Postfix distribution (which you really need to read): F: smtp inet n - y - - smtpd -o content_filter=smtp:localhost:10025 -o myhostname=mx.example.com localhost:10026 inet n - n - 10 smtpd -o content_filter= -o myhostname=mx-int.example.com The first entry is the main public-facing MTA which uses localhost:10025 as the content filter for all mail. The second entry receives mail from the content filter and does final delivery. Both smtpd instances use the same Postfix F file. I is the process that listens on localhost:10025 and then connects to the Postfix listener on localhost:10026. Note that the C options must be different between the two instances, otherwise Postfix will think it's talking to itself and abort sending. For the above example you can simply start I like this: spampd --host=localhost:10025 --relayhost=localhost:10026 F from the Postfix distro has more details and examples of various setups, including how to skip the content filter for outbound mail. Another tip for Postfix when considering what timeout values to use for --childtimout and --satimeout options is the following command: C<# postconf | grep timeout> This will return a list of useful timeout settings and their values. For explanations see the relevant C page (smtp, smtpd, lmtp). By default I is set up for the default Postfix timeout values. =head1 Options =over 5 =item B<--host=ip[:port] or hostname[:port]> Specifies what hostname/IP and port I listens on. By default, it listens on 127.0.0.1 (localhost) on port 10025. B You should NOT enable I to listen on a public interface (IP address) unless you know exactly what you're doing! =item B<--port=n> Specifies what port I listens on. By default, it listens on port 10025. This is an alternate to using the above --host=ip:port notation. =item B<--relayhost=ip[:port] or hostname[:port]> Specifies the hostname/IP where I will relay all messages. Defaults to 127.0.0.1 (localhost). If the port is not provided, that defaults to 25. =item B<--relayport=n> Specifies what port I will relay to. Default is 25. This is an alternate to using the above --relayhost=ip:port notation. =item B<--user=username> or B<--u=username> =item B<--group=groupname> or B<--g=groupname> Specifies the user and group that the proxy will run as. Default is I/I. =item B<--children=n> or B<--c=n> Number of child servers to start and maintain (where n > 0). Each child will process up to --maxrequests (below) before exiting and being replaced by another child. Keep this number low on systems w/out a lot of memory. Default is 5 (which seems OK on a 512MB lightly loaded system). Note that there is always a parent process running, so if you specify 5 children you will actually have 6 I processes running. You may want to set your origination mail server to limit the number of concurrent connections to I to match this setting (for Postfix this is the C setting where 'xxxx' is the transport being used, usually 'smtp', and the default is 100). =item B<--maxrequests=n> I works by forking child servers to handle each message. The B parameter specifies how many requests will be handled before the child exits. Since a child never gives back memory, a large message can cause it to become quite bloated; the only way to reclaim the memory is for the child to exit. The default is 20. =item B<--childtimeout=n> This is the number of seconds to allow each child server before it times out a transaction. In an S/LMTP transaction the timer is reset for every command. This timeout includes time it would take to send the message data, so it should not be too short. Note that it's more likely the origination or destination mail servers will timeout first, which is fine. This is just a "sane" failsafe. Default is 360 seconds (6 minutes). =item B<--satimeout=n> This is the number of seconds to allow for processing a message with SpamAssassin (including feeding it the message, analyzing it, and adding the headers/report if necessary). This should be less than your origination and destination servers' timeout settings for the DATA command. For Postfix the default is 300 seconds in both cases (smtp_data_done_timeout and smtpd_timeout). In the event of timeout while processing the message, the problem is logged and the message is passed on anyway (w/out spam tagging, obviously). To fail the message with a temp 450 error, see the --dose (die-on-sa-errors) option, below. Default is 285 seconds. =item B<--pid=filename> or B<--p=filename> Specifies a filename where I will write its process ID so that it is easy to kill it later. The directory that will contain this file must be writable by the I user. The default is F. =item B<--logsock=unix or inet> C<(new in v2.20)> Syslog socket to use. May be either "unix" of "inet". Default is "unix" except on HP-UX and SunOS (Solaris) systems which seem to prefer "inet". =item B<--nodetach> C<(new in v2.20)> If this option is given spampd won't detach from the console and fork into the background. This can be useful for running under control of some daemon management tools or when configured as a win32 service under cygrunsrv's control. =item B<--maxsize=n> The maximum message size to send to SpamAssassin, in KBytes. By default messages over 64KB are not scanned at all, and an appropriate message is logged indicating this. The size includes headers and attachments (if any). =item B<--dose> Acronym for (d)ie (o)n (s)pamAssassin (e)rrors. By default if I encounters a problem with processing the message through Spam Assassin (timeout or other error), it will still pass the mail on to the destination server. If you specify this option however, the mail is instead rejected with a temporary error (code 450, which means the origination server should keep retrying to send it). See the related --satimeout option, above. =item B<--tagall> or B<--a> Tells I to have SpamAssassin add headers to all scanned mail, not just spam. By default I will only rewrite messages which exceed the spam threshold score (as defined in the SA settings). Note that for this option to work as of SA-2.50, the I and/or I settings in your SpamAssassin F need to be set to 1/true. =item B<--log-rules-hit> or B<--rh> Logs the names of each SpamAssassin rule which matched the message being processed. This list is returned by SA. =item B<--set-envelope-headers> or B<--seh> C<(new in v2.30)> Turns on addition of X-Envelope-To and X-Envelope-From headers to the mail being scanned before it is passed to SpamAssassin. The idea is to help SA process any blacklist/whitelist to/from directives on the actual sender/recipients instead of the possibly bogus envelope headers. This potentially exposes the list of all recipients of that mail (even BCC'ed ones). Therefore usage of this option is discouraged. I: Even though spampd tries to prevent this leakage by removing the X-Envelope-To header after scanning, SpamAssassin itself might add headers itself which report one or more of the recipients which had been listed in this header. =item B<--set-envelope-from> or B<--sef> C<(new in v2.30)> Same as above option but only enables the addition of X-Envelope-From header. For those that don't feel comfortable with the possible information exposure of X-Envelope-To. The above option overrides this one. =item B<--auto-whitelist> or B<--aw> This option is no longer relevant with SA version 3.0 and above, which controls auto whitelist use via local.cf settings. For SA version < 3.0, turns on the SpamAssassin global whitelist feature. See the SA docs. Note that per-user whitelists are not available. =item B<--local-only> or B<--L> Turn off all SA network-based tests (DNS, Razor, etc). =item B<--homedir=directory> Use the specified directory as home directory for the spamassassin process. Defaul is /var/spool/spamassassin/spampd. =item B<--saconfig=filename> Use the specified file for SpamAssassin configuration options in addition to the default local.cf file. Any options specified here will override the same option from local.cf. Default is to not use any additional configuration file. =item B<--debug> or B<--d> Turns on SpamAssassin debug messages which print to the system mail log (same log as spampd will log to). Also turns on more verbose logging of what spampd is doing (new in v2). Also increases log level of Net::Server to 4 (debug), adding yet more info (but not too much) (new in v2.2). =item B<--help> or B<--h> Prints usage information. =back =head2 Deprecated Options =over 5 The following options are no longer used but still accepted for backwards compatibility with prevoius I versions: =item B<--dead-letters> =item B<--heloname> =item B<--stop-at-threshold> =item B<--add-sc-header> =item B<--hostname> =back =head1 Examples =over 5 =item Running between firewall/gateway and internal mail server I listens on port 10025 on the same host as the internal mail server. spampd --host=192.168.1.10 Same as above but I runs on port 10025 of the same host as the firewall/gateway and passes messages on to the internal mail server on another host. spampd --relayhost=192.168.1.10 =item Using Postfix advanced content filtering example and the SA auto-whitelist feature spampd --port=10025 --relayhost=127.0.0.1:10026 --auto-whitelist =back =head1 Credits I is written and maintained by Maxim Paperno . See http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm for latest info. I v2 uses two Perl modules by Bennett Todd and Copyright (C) 2001 Morgan Stanley Dean Witter. These are distributed under the GNU GPL (see module code for more details). Both modules have been slightly modified from the originals and are included in this file under new names. Also thanks to Bennett Todd for the example smtpproxy script which helped create this version of I. See http://bent.latency.net/smtpprox/ . I v1 was based on code by Dave Carrigan named I. Trace amounts of his code or documentation may still remain. Thanks to him for the original inspiration and code. See http://www.rudedog.org/assassind/ . Also thanks to I (included with SpamAssassin) and I (http://www.ijs.si/software/amavisd/) for some tricks. Various people have contributed patches, bug reports, and ideas, all of whom I would like to thank. I have tried to include credits in code comments and in the change log, as appropriate. =head2 Code Contributors (in order of appearance): Kurt Andersen Roland Koeckel Urban Petry Sven Mueller =head1 Copyright, License, and Disclaimer I is Copyright (c) 2002 by World Design Group, Inc. and Maxim Paperno. Portions are Copyright (C) 2001 Morgan Stanley Dean Witter as mentioned above in the Credits section. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. The GNU GPL can be found at http://www.fsf.org/copyleft/gpl.html =head1 Bugs None known. Please report any to MPaperno@WorldDesign.com. =head1 To Do Figure out how to use Net::Server::PreFork because it has cool potential for load management. I tried but either I'm missing something or PreFork is somewhat broken in how it works. If anyone has experience here, please let me know. Add configurable option for rejecting mail outright based on spam score. It would be nice to make this program safe enough to sit in front of a mail server such as Postfix and be able to reject mail before it enters our systems. The only real problem is that Postfix will see localhost as the connecting client, so that disables any client-based checks Postfix can do and creates a possible relay hole if localhost is trusted. =head1 See Also perl(1), Spam::Assassin(3), L, L spampd-2.62/previous-versions/spampd-2.40.forceuser.pl000066400000000000000000001547101472556702500226740ustar00rootroot00000000000000#!/usr/bin/perl -T ###################### # SpamPD - spam proxy daemon # # v2.32 - 02-Feb-06 # v2.30 - 31-Oct-05 # v2.21 - 23-Oct-05 # v2.20 - 05-Oct-04 # v2.13 - 24-Nov-03 # v2.12 - 15-Nov-03 # v2.11 - 15-Jul-03 # v2.10 - 01-Jul-03 # v2.00 - 10-Jun-03 # v1.0.2 - 13-Apr-03 # v1.0.1 - 03-Feb-03 # v1.0.0 - May 2002 # # spampd is Copyright (c) 2002 by World Design Group and Maxim Paperno # (see http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm) # # Written and maintained by Maxim Paperno (MPaperno@WorldDesign.com) # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # The GNU GPL can be found at http://www.fsf.org/copyleft/gpl.html # # spampd v2 uses two Perl modules by Bennett Todd and Copyright (C) 2001 Morgan # Stanley Dean Witter. These are also distributed under the GNU GPL (see # module code for more details). Both modules have been slightly modified # from the originals and are included in this file under new names. # # spampd v1 was based on code by Dave Carrigan named assassind. Trace amounts # of his code or documentation may still remain. Thanks to him for the # original inspiration and code. (see http://www.rudedog.org/assassind/) # ###################### ################################################################################ package SpamPD::Server; # Originally known as MSDW::SMTP::Server # # This code is Copyright (C) 2001 Morgan Stanley Dean Witter, and # is distributed according to the terms of the GNU Public License # as found at . # # Modified for use in SpamPD by Maxim Paperno (June, 2003) # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # Written by Bennett Todd # =item DESCRIPTION # # This server simply gathers the SMTP acquired information (envelope # sender and recipient, and data) into unparsed memory buffers (or a # file for the data), and returns control to the caller to explicitly # acknowlege each command or request. Since acknowlegement or failure # are driven explicitly from the caller, this module can be used to # create a robust SMTP content scanning proxy, transparent or not as # desired. # # =cut use strict; use IO::File; #use IO::Socket; # =item new(interface => $interface, port => $port); # The #interface and port to listen on must be specified. The interface # must be a valid numeric IP address (0.0.0.0 to listen on all # interfaces, as usual); the port must be numeric. If this call # succeeds, it returns a server structure with an open # IO::Socket::INET in it, ready to listen on. If it fails it dies, so # if you want anything other than an exit with an explanatory error # message, wrap the constructor call in an eval block and pull the # error out of $@ as usual. This is also the case for all other # methods; they succeed or they die. # # =cut sub new { # This now emulates Net::SMTP::Server::Client for use with Net::Server which # passes an already open socket. my($this, $socket) = @_; my $class = ref($this) || $this; my $self = {}; $self->{sock} = $socket; bless($self, $class); die "$0: socket bind failure: $!\n" unless defined $self->{sock}; $self->{state} = 'started'; return $self; # Original code, removed by MP for spampd use # # my ($this, @opts) = @_; # my $class = ref($this) || $this; # my $self = bless { @opts }, $class; # $self->{sock} = IO::Socket::INET->new( # LocalAddr => $self->{interface}, # LocalPort => $self->{port}, # Proto => 'tcp', # Type => SOCK_STREAM, # Listen => 65536, # Reuse => 1, # ); # die "$0: socket bind failure: $!\n" unless defined $self->{sock}; # $self->{state} = 'just bound', # return $self; } # sub accept { } # # Removed by MP; not needed for spampd use # # =item chat; # # The chat method carries the SMTP dialogue up to the point where any # acknowlegement must be made. If chat returns true, then its return # value is the previous SMTP command. If the return value begins with # 'mail' (case insensitive), then the attribute 'from' has been filled # in, and may be checked; if the return value begins with 'rcpt' then # both from and to have been been filled in with scalars, and should # be checked, then either 'ok' or 'fail' should be called to accept # or reject the given sender/recipient pair. If the return value is # 'data', then the attributes from and to are populated; in this case, # the 'to' attribute is a reference to an anonymous array containing # all the recipients for this data. If the return value is '.', then # the 'data' attribute (which may be pre-populated in the "new" or # "accept" methods if desired) is a reference to a filehandle; if it's # created automatically by this module it will point to an unlinked # tmp file in /tmp. If chat returns false, the SMTP dialogue has been # completed and the socket closed; this server is ready to exit or to # accept again, as appropriate for the server style. # # The return value from chat is also remembered inside the server # structure in the "state" attribute. # # =cut sub chat { my ($self) = @_; local(*_); if ($self->{state} !~ /^data/i) { return 0 unless defined($_ = $self->_getline); s/[\r\n]*$//; $self->{state} = $_; if (s/^(l|h)?he?lo\s+//i) { # mp: find helo|ehlo|lhlo # mp: determine protocol (for future use) if (s/^helo\s+//i) { $self->{proto} = "smtp"; } elsif (s/^ehlo\s+//i) { $self->{proto} = "esmtp"; } elsif (s/^lhlo\s+//i) { $self->{proto} = "lmtp"; } # if ( /^L/i ) { # $self->{proto} = "lmtp"; # } elsif ( /^E/i ) { # $self->{proto} = "esmtp"; # } else { # $self->{proto} = "smtp"; } s/\s*$//; s/\s+/ /g; $self->{helo} = $_; } elsif (s/^rset\s*//i) { delete $self->{to}; delete $self->{data}; delete $self->{recipients}; } elsif (s/^mail\s+from:\s*//i) { delete $self->{to}; delete $self->{data}; delete $self->{recipients}; s/\s*$//; $self->{from} = $_; } elsif (s/^rcpt\s+to:\s*//i) { s/\s*$//; s/\s+/ /g; $self->{to} = $_; push @{$self->{recipients}}, $_; } elsif (/^data/i) { $self->{to} = $self->{recipients}; } } else { if (defined($self->{data})) { $self->{data}->seek(0, 0); $self->{data}->truncate(0); } else { $self->{data} = IO::File->new_tmpfile; } while (defined($_ = $self->_getline)) { if ($_ eq ".\r\n") { $self->{data}->seek(0,0); return $self->{state} = '.'; } s/^\.\./\./; $self->{data}->print($_) or die "$0: write error saving data\n"; } return(0); } return $self->{state}; } # =item ok([message]); # # Approves of the data given to date, either the recipient or the # data, in the context of the sender [and, for data, recipients] # already given and available as attributes. If a message is given, it # will be sent instead of the internal default. # # =cut sub ok { my ($self, @msg) = @_; @msg = ("250 ok.") unless @msg; $self->_print("@msg\r\n") or die "$0: write error acknowledging $self->{state}: $!\n"; } # =item fail([message]); # # Rejects the current info; if processing from, rejects the sender; if # processing 'to', rejects the current recipient; if processing data, # rejects the entire message. If a message is specified it means the # exact same thing as "ok" --- simply send that message to the sender. # # =cut sub fail { my ($self, @msg) = @_; @msg = ("550 no.") unless @msg; $self->_print("@msg\r\n") or die "$0: write error acknowledging $self->{state}: $!\n"; } # utility functions sub _getline { my ($self) = @_; local ($/) = "\r\n"; my $tmp = $self->{sock}->getline; if ( defined $self->{debug} ) { $self->{debug}->print($tmp) if ($tmp); } return $tmp; } sub _print { my ($self, @msg) = @_; $self->{debug}->print(@msg) if defined $self->{debug}; $self->{sock}->print(@msg); } 1; ################################################################################ package SpamPD::Client; # Originally known as MSDW::SMTP::Client # # This code is Copyright (C) 2001 Morgan Stanley Dean Witter, and # is distributed according to the terms of the GNU Public License # as found at . # # Modified for use in SpamPD by Maxim Paperno (June, 2003) # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # Written by Bennett Todd # =head1 DESCRIPTION # # MSDW::SMTP::Client provides a very lean SMTP client implementation; # the only protocol-specific knowlege it has is the structure of SMTP # multiline responses. All specifics lie in the hands of the calling # program; this makes it appropriate for a semi-transparent SMTP # proxy, passing commands between a talker and a listener. # # =cut use strict; use IO::Socket; # =item new(interface => $interface, port => $port[, timeout = 300]); # # The interface and port to talk to must be specified. The interface # must be a valid numeric IP address; the port must be numeric. If # this call succeeds, it returns a client structure with an open # IO::Socket::INET in it, ready to talk to. If it fails it dies, # so if you want anything other than an exit with an explanatory # error message, wrap the constructor call in an eval block and pull # the error out of $@ as usual. This is also the case for all other # methods; they succeed or they die. The timeout parameter is passed # on into the IO::Socket::INET constructor. # # =cut sub new { my ($this, @opts) = @_; my $class = ref($this) || $this; my $self = bless { timeout => 300, @opts }, $class; $self->{sock} = IO::Socket::INET->new( PeerAddr => $self->{interface}, PeerPort => $self->{port}, Timeout => $self->{timeout}, Proto => 'tcp', Type => SOCK_STREAM, ); die "$0: socket connect failure: $!\n" unless defined $self->{sock}; return $self; } # =item hear # # hear collects a complete SMTP response and returns it with trailing # CRLF removed; for multi-line responses, intermediate CRLFs are left # intact. Returns undef if EOF is seen before a complete reply is # collected. # # =cut sub hear { my ($self) = @_; my ($tmp, $reply); return undef unless $tmp = $self->{sock}->getline; while ($tmp =~ /^\d{3}-/) { $reply .= $tmp; return undef unless $tmp = $self->{sock}->getline; } $reply .= $tmp; $reply =~ s/\r\n$//; return $reply; } # =item say("command text") # # say sends an SMTP command, appending CRLF. # # =cut sub say { my ($self, @msg) = @_; return unless @msg; $self->{sock}->print("@msg", "\r\n") or die "$0: write error: $!"; } # =item yammer(FILEHANDLE) # # yammer takes a filehandle (which should be positioned at the # beginning of the file, remember to $fh->seek(0,0) if you've just # written it) and sends its contents as the contents of DATA. This # should only be invoked after a $client->say("data") and a # $client->hear to collect the reply to the data command. It will send # the trailing "." as well. It will perform leading-dot-doubling in # accordance with the SMTP protocol spec, where "leading dot" is # defined in terms of CR-LF terminated lines --- i.e. the data should # contain CR-LF data without the leading-dot-quoting. The filehandle # will be left at EOF. # # =cut sub yammer { my ($self, $fh) = (@_); local (*_); local ($/) = "\r\n"; $self->{sock}->autoflush(0); # use less writes (thx to Sam Horrocks for the tip) while (<$fh>) { s/^\./../; $self->{sock}->print($_) or die "$0: write error: $!\n"; } $self->{sock}->autoflush(1); # restore unbuffered socket operation $self->{sock}->print(".\r\n") or die "$0: write error: $!\n"; } 1; ################################################################################ package SpamPD; use strict; use Net::Server::PreForkSimple; use IO::File; use Getopt::Long; use Mail::SpamAssassin; BEGIN { # Load Time::HiRes if it's available eval { require Time::HiRes }; Time::HiRes->import( qw(time) ) unless $@; # use included modules import SpamPD::Server; import SpamPD::Client; } use vars qw(@ISA $VERSION); our @ISA = qw(Net::Server::PreForkSimple); our $VERSION = '2.30'; sub process_message { my ($self, $fh) = @_; # output lists with a , delimeter by default local ($") = ","; # start a timer my $start = time; # use the assassin object created during startup my $assassin = $self->{spampd}->{assassin}; my $sa_version = Mail::SpamAssassin::Version(); # $sa_version can have a non-numeric value if version_tag is # set in local.cf. Only take first numeric value $sa_version =~ s/([0-9]*\.[0-9]*).*/$1/; # this gets info about the message temp file my $size = ($fh->stat)[7] or die "Can't stat mail file: $!"; # Only process message under --maxsize KB if ( $size < ($self->{spampd}->{maxsize} * 1024) ) { my (@msglines, $msgid, $sender, $recips, $tmp, $mail, $msg_resp); my $inhdr = 1; my $envfrom = 0; my $envto = 0; my $addedenvto = 0; $recips = "@{$self->{smtp_server}->{to}}"; if ("$self->{smtp_server}->{from}" =~ /(\<.*?\>)/ ) {$sender = $1;} $recips ||= "(unknown)"; $sender ||= "(unknown)"; ## read message into array of lines to feed to SA # loop over message file content $fh->seek(0,0) or die "Can't rewind message file: $!"; while (<$fh>) { $envto = 1 if (/^(?:X-)?Envelope-To: /); $envfrom = 1 if (/^(?:X-)?Envelope-From: /); if ( (/^\r?\n$/) && ($inhdr ==1) ) { $inhdr = 0; # outside of msg header after first blank line if ( ( $self->{spampd}->{envelopeheaders} || $self->{spampd}->{setenvelopefrom} ) && $envfrom == 0 ) { push(@msglines, "X-Envelope-From: $sender\r\n"); if ( $self->{spampd}->{debug} ) { $self->mylog(2, "Added X-Envelope-From"); } } if ( $self->{spampd}->{envelopeheaders} && $envto == 0 ) { push(@msglines, "X-Envelope-To: $recips\r\n"); $addedenvto = 1; if ( $self->{spampd}->{debug} ) { $self->mylog(2, "Added X-Envelope-To"); } } } push(@msglines, $_); # find the Message-ID for logging (code is mostly from spamd) if ( $inhdr && /^Message-Id:\s+(.*?)\s*$/i ) { $msgid = $1; while ( $msgid =~ s/\([^\(\)]*\)// ) { } # remove comments and $msgid =~ s/^\s+|\s+$//g; # leading and trailing spaces $msgid =~ s/\s+/ /g; # collapse whitespaces $msgid =~ s/^.*?<(.*?)>.*$/$1/; # keep only the id itself $msgid =~ s/[^\x21-\x7e]/?/g; # replace all weird chars $msgid =~ s/[<>]/?/g; # plus all dangling angle brackets $msgid =~ s/^(.+)$/<$1>/; # re-bracket the id (if not empty) } } $msgid ||= "(unknown)"; $self->mylog(2, "processing message $msgid for ". $recips); eval { local $SIG{ALRM} = sub { die "Timed out!\n" }; # save previous timer and start new my $previous_alarm = alarm($self->{spampd}->{satimeout}); # Audit the message if ($sa_version >= 3) { $mail = $assassin->parse(\@msglines, 0); undef @msglines; #clear some memory-- this screws up SA < v3 } elsif ($sa_version >= 2.70) { $mail = Mail::SpamAssassin::MsgParser->parse(\@msglines); } else { $mail = Mail::SpamAssassin::NoMailAudit->new ( data => \@msglines ); } # Check spamminess (returns Mail::SpamAssassin:PerMsgStatus object) my $status = $assassin->check($mail); if ( $self->{spampd}->{debug} ) { $self->mylog(2, "Returned from checking by SpamAssassin"); } # Rewrite mail if high spam factor or options --tagall if ( $status->is_spam || $self->{spampd}->{tagall} ) { if ( $self->{spampd}->{debug} ) { $self->mylog(2, "Rewriting mail using SpamAssassin"); } # use Mail::SpamAssassin:PerMsgStatus object to rewrite message if ( $sa_version >= 3 ) { $msg_resp = $status->rewrite_mail; } else { # SA versions prior to 3 need to get the response in a different manner $status->rewrite_mail; $msg_resp = join '', $mail->header, "\r\n", @{$mail->body}; } # Build the new message to relay # pause the timeout alarm while we do this (no point in timing # out here and leaving a half-written file). my @resplines = split(/\r?\n/, $msg_resp); my $pause_alarm = alarm(0); my $inhdr = 1; my $skipline = 0; $fh->seek(0,0) or die "Can't rewind message file: $!"; $fh->truncate(0) or die "Can't truncate message file: $!"; my $arraycont = @resplines; for ( 0..($arraycont-1) ) { $inhdr=0 if ($resplines[$_] =~ m/^\r?\n$/); # if we are still in the header, skip over any # "X-Envelope-To: " line if we have previously added it. if ( $inhdr == 1 && $addedenvto == 1 && $resplines[$_] =~ m/^X-Envelope-To: .*$/) { $skipline = 1; if ( $self->{spampd}->{debug} ) { $self->mylog(2, "Removing X-Envelope-To"); } } if (! $skipline) { $fh->print($resplines[$_] . "\r\n") or die "Can't print to message file: $!"; } else { $skipline = 0; } } #restart the alarm alarm($pause_alarm); } # Log what we did my $was_it_spam = 'clean message'; if ($status->is_spam) { $was_it_spam = 'identified spam'; } my $msg_score = sprintf("%.2f",$status->get_hits); my $msg_threshold = sprintf("%.2f",$status->get_required_hits); my $proc_time = sprintf("%.2f", time - $start); $self->mylog(2, "$was_it_spam $msgid ($msg_score/$msg_threshold) from $sender for ". "$recips in ". $proc_time . "s, $size bytes."); # thanks to Kurt Andersen for this idea if ( $self->{spampd}->{rh} ) { $self->mylog(2, "rules hit for $msgid: " . $status->get_names_of_tests_hit); } $status->finish(); $mail->finish(); # set the timeout alarm back to wherever it was at alarm($previous_alarm); }; if ( $@ ne '' ) { $self->mylog(1, "WARNING!! SpamAssassin error on message $msgid: $@"); return 0; } } else { $self->mylog(2, "skipped large message (". $size / 1024 ."KB)"); } return 1; } sub process_request { my $self = shift; my $msg; my $rcpt_ok; eval { local $SIG{ALRM} = sub { die "Child server process timed out!\n" }; my $timeout = $self->{spampd}->{childtimeout}; # start a timeout alarm alarm($timeout); # start an smtp server my $smtp_server = SpamPD::Server->new($self->{server}->{client}); unless ( defined $smtp_server ) { die "Failed to create listening Server: $!"; } $self->{smtp_server} = $smtp_server; if ( $self->{spampd}->{debug} ) { $self->mylog(2, "Initiated Server"); } # start an smtp "client" (really a sending server) my $client = SpamPD::Client->new(interface => $self->{spampd}->{relayhost}, port => $self->{spampd}->{relayport}); unless ( defined $client ) { die "Failed to create sending Client: $!"; } if ( $self->{spampd}->{debug} ) { $self->mylog(2, "Initiated Client"); } # pass on initial client response # $client->hear can handle multiline responses so no need to loop $smtp_server->ok($client->hear) or die "Error in initial server->ok(client->hear): $!"; if ( $self->{spampd}->{debug} ) { $self->mylog(2, "smtp_server state: '" . $smtp_server->{state} . "'"); } # while loop over incoming data from the server while ( my $what = $smtp_server->chat ) { if ( $self->{spampd}->{debug} ) { $self->mylog(2, "smtp_server state: '" . $smtp_server->{state} . "'"); } # until end of DATA is sent, just pass the commands on transparently if ($what ne '.') { $client->say($what) or die "Failure in client->say(what): $!"; # but once the data is sent now we want to process it } else { # spam checking routine - message might be rewritten here my $pmrescode = $self->process_message($smtp_server->{data}); # pass on the messsage if exit code <> 0 or die-on-sa-errors flag is off if ( $pmrescode or !$self->{spampd}->{dose} ) { # need to give the client a rewound file $smtp_server->{data}->seek(0,0) or die "Can't rewind mail file: $!"; # now send the data on through the client $client->yammer($smtp_server->{data}) or die "Failure in client->yammer(smtp_server->{data}): $!"; } else { $smtp_server->ok("450 Temporary failure processing message, please try again later"); last; } #close the temp file $smtp_server->{data}->close or $self->mylog(1, "WARNING!! Couldn't close smtp_server->{data} temp file: $!"); if ( $self->{spampd}->{debug} ) { $self->mylog(2, "Finished sending DATA"); } } # pass on whatever the relayhost said in response # $client->hear can handle multiline responses so no need to loop my $destresp = $client->hear; $smtp_server->ok($destresp) or die "Error in server->ok(client->hear): $!"; if ( $self->{spampd}->{debug} ) { $self->mylog(2, "Destination response: '" . $destresp . "'"); } # if we're in data state but the response is an error, exit data state. # Shold not normally occur, but can happen. Thanks to Rodrigo Ventura for bug reports. if ( $smtp_server->{state} =~ /^data/i and $destresp =~ /^[45]\d{2} / ) { $smtp_server->{state} = "err_after_data"; if ( $self->{spampd}->{debug} ) { $self->mylog(2, "Destination response indicates error after DATA command"); } } # patch for LMTP - multiple responses after . after DATA, done by Vladislav Kurz # we have to count sucessful RCPT commands and then read the same amount of responses if ( $smtp_server->{proto} eq 'lmtp' ) { if ( $smtp_server->{state} =~ /^rset/i ) { $rcpt_ok=0; } if ( $smtp_server->{state} =~ /^mail/i ) { $rcpt_ok=0; } if ( $smtp_server->{state} =~ /^rcpt/i and $destresp =~ /^25/ ) { $rcpt_ok++; } if ( $smtp_server->{state} eq '.' ) { while ( --$rcpt_ok ) { $destresp = $client->hear; $smtp_server->ok($destresp) or die "Error in server->ok(client->hear): $!"; if ( $self->{spampd}->{debug} ) { $self->mylog(2, "Destination response: '" . $destresp . "'"); } } } } # restart the timeout alarm alarm($timeout); } # server ends connection # close connections $client->{sock}->close or die "Couldn't close client->{sock}: $!"; $smtp_server->{sock}->close or die "Couldn't close smtp_server->{sock}: $!"; if ( $self->{spampd}->{debug} ) { $self->mylog(2, "Closed connections"); } }; # end eval block alarm(0); # stop the timer # check for error in eval block if ($@ ne '') { chomp($@); $msg = "WARNING!! Error in process_request eval block: $@"; $self->mylog(0, $msg); die ($msg . "\n"); } $self->{spampd}->{instance}++; } # Net::Server hook # about to exit child process sub child_finish_hook { my($self) = shift; if ( $self->{spampd}->{debug} ) { $self->mylog(2, "Exiting child process after handling ". $self->{spampd}->{instance} ." requests"); } } # older Net::Server versions (<= 0.87) die when logging a % character to Sys::Syslog sub mylog($$$) { my ($self, $level, $msg) = @_; $msg =~ s/\%/%%/g; $self->log($level, $msg); } ################## SETUP ###################### my $relayhost = '127.0.0.1'; # relay to ip my $relayport = 25; # relay to port my $host = '127.0.0.1'; # listen on ip my $port = 10025; # listen on port my $children = 5; # number of child processes (servers) to spawn at start # my $maxchildren = $children; # max. number of child processes (servers) to spawn my $maxrequests = 20; # max requests handled by child b4 dying my $childtimeout = 6*60; # child process per-command timeout in seconds my $satimeout = 285; # SpamAssassin timeout in seconds (15s less than Postfix # default for smtp_data_done_timeout) my $pidfile = '/var/run/spampd.pid'; # write pid to file my $user = 'mail'; # user to run as my $group = 'mail'; # group to run as my $tagall = 0; # mark-up all msgs with SA, not just spam my $maxsize = 64; # max. msg size to scan with SA, in KB. my $rh = 0; # log which rules were hit my $debug = 0; # debug flag my $dose = 0; # die-on-sa-errors flag my $logsock = "unix"; # default log socket (some systems like 'inet') my $nsloglevel = 2; # default log level for Net::Server (in the range 0-4) my $background = 1; # specifies whether to 'daemonize' and fork into background; # apparently useful under Win32/cygwin to disable this via # --nodetach option; my $envelopeheaders = 0; # Set X-Envelope-To and X-Envelope-From headers in the mail before # passing it to spamassassin. Set to 1 to enable this. my $setenvelopefrom = 0; # Set X-Envelope-From header only my $saconfigfile = ""; # use this config file for SA settings (blank uses default local.cf) my $sa_home_dir = '/var/spool/spamassassin/spampd'; # home directory for SA files # (auto-whitelist, plugin helpers) my %options = (port => \$port, host => \$host, relayhost => \$relayhost, relayport => \$relayport, pid => \$pidfile, user => \$user, group => \$group, maxrequests => \$maxrequests, maxsize => \$maxsize, childtimeout => \$childtimeout, satimeout => \$satimeout, children => \$children, # maxchildren => \$maxchildren, logsock => \$logsock, envelopeheaders => \$envelopeheaders, setenvelopefrom => \$setenvelopefrom, saconfigfile => \$saconfigfile, sa_home_dir => \$sa_home_dir, ); usage(1) unless GetOptions(\%options, 'port=i', 'host=s', 'relayhost=s', 'relayport=i', 'children|c=i', # 'maxchildren|mc=i', 'maxrequests|mr=i', 'childtimeout=i', 'satimeout=i', 'dead-letters=s', # deprecated 'user|u=s', 'group|g=s', 'pid|p=s', 'maxsize=i', 'heloname=s', # deprecated 'tagall|a', 'auto-whitelist|aw', 'stop-at-threshold', # deprecated 'debug|d', 'help|h|?', 'local-only|l', 'log-rules-hit|rh', 'dose', 'add-sc-header|ash', # deprecated 'hostname=s', # deprecated 'logsock=s', 'nodetach', 'set-envelope-headers|seh', 'set-envelope-from|sef', 'saconfig=s', 'homedir=s', ); usage(0) if $options{help}; if ( $logsock !~ /^(unix|inet)$/ ) { print "--logsock parameter needs to be either unix or inet\n\n"; usage(0); } if ( $options{tagall} ) { $tagall = 1; } if ( $options{'log-rules-hit'} ) { $rh = 1; } if ( $options{debug} ) { $debug = 1; $nsloglevel = 4; } if ( $options{dose} ) { $dose = 1; } if ( $options{'nodetach'} ) { $background = undef; } if ( $options{'set-envelope-headers'} ) { $envelopeheaders = 1; } if ( $options{'set-envelope-from'} ) { $setenvelopefrom = 1; } if ( $options{'saconfig'} ) { $saconfigfile = $options{'saconfig'}; } if ( $options{'homedir'} ) { $sa_home_dir = $options{'homedir'}; } # if ( !$options{maxchildren} or $maxchildren < $children ) { $maxchildren = $children; } if ( $children < 1 ) { print "Option --children must be greater than zero!\n"; exit shift; } # my $min_spare_servers = ($children == $maxchildren) ? 0 : 1; # my $max_spare_servers = ($min_spare_servers == 0) ? 0 : $maxchildren-1; my @tmp = split (/:/, $relayhost); $relayhost = $tmp[0]; if ( $tmp[1] ) { $relayport = $tmp[1]; } @tmp = split (/:/, $host); $host = $tmp[0]; if ( $tmp[1] ) { $port = $tmp[1]; } my $sa_options = { 'dont_copy_prefs' => 1, 'debug' => $debug, 'local_tests_only' => $options{'local-only'} || 0, #'home_dir_for_helpers' => $sa_home_dir, #'userstate_dir' => $sa_home_dir, 'username' => $user }; my $use_user_prefs = 0; if ( $saconfigfile != "" ) { $sa_options->{ 'userprefs_filename' } = $saconfigfile; $use_user_prefs = 1; } #cleanup environment before starting SA (thanks to Alexander Wirt) $ENV{'PATH'} = '/bin:/usr/bin:/sbin:/usr/sbin'; #delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV', 'HOME'}; my $assassin = Mail::SpamAssassin->new($sa_options); $options{'auto-whitelist'} and eval { require Mail::SpamAssassin::DBBasedAddrList; # create a factory for the persistent address list my $addrlistfactory = Mail::SpamAssassin::DBBasedAddrList->new(); $assassin->set_persistent_address_list_factory ($addrlistfactory); }; $assassin->compile_now($use_user_prefs); # thanks to Kurt Andersen for the 'uname -s' fix if ( !$options{logsock} ) { eval { my $osname = `uname -s`; if (($osname =~ 'HP-UX') || ($osname =~ 'SunOS')) { $logsock = "inet"; } }; } my $server = bless { server => {host => $host, port => [ $port ], log_file => 'Sys::Syslog', log_level => $nsloglevel, syslog_logsock => $logsock, syslog_ident => 'spampd', syslog_facility => 'mail', background => $background, # setsid => 1, pid_file => $pidfile, user => $user, group => $group, max_servers => $children, max_requests => $maxrequests, # min_servers => $children, # max_servers => $maxchildren, # min_spare_servers => $min_spare_servers, # max_spare_servers => $max_spare_servers, }, spampd => { relayhost => $relayhost, relayport => $relayport, tagall => $tagall, maxsize => $maxsize, assassin => $assassin, childtimeout => $childtimeout, satimeout => $satimeout, rh => $rh, debug => $debug, dose => $dose, instance => 0, envelopeheaders => $envelopeheaders, setenvelopefrom => $setenvelopefrom, }, }, 'SpamPD'; # Redirect all warnings to Server::log $SIG{__WARN__} = sub { $server->log (2, $_[0]); }; # call Net::Server to start up the daemon inside $server->run; exit 1; # shouldn't get here sub usage { print < 3.0 now control this via local.cf). --local-only or -L Turn off all SA network-based tests (RBL, Razor, etc). --homedir=path Use the specified directory as home directory for the SpamAssassin process. Default is /var/spool/spamassassin/spampd --saconfig=filename Use the specified file for loading SA configuration options after the default local.cf file. --debug or -d Turn on SA debugging (sent to log file). --help or -h or -? This message Deprecated Options (still accepted for backwards compatibility): --heloname=hostname No longer used in spampd v.2 --dead-letters=path No longer used in spampd v.2 --stop-at-threshold No longer implemented in SpamAssassin EOF # --maxchildren=n Maximum number of child processes (servers) to # run. Default is the value of --children. exit shift; } __END__ # Some commented-out documentation. POD doesn't have a way to comment # out sections!? This documents a feature which may be implemented later. # # =item B<--maxchildren=n> or B<--mc=n> # # Maximum number of children to spawn if needed (where n >= --children). When # I starts it will spawn a number of child servers as specified by # --children. If all those servers become busy, a new child is spawned up to the # number specified in --maxchildren. Default is to have --maxchildren equal to # --children so extra child processes aren't started. Also see the --children # option, above. You may want to set your origination mail server to limit the # number of concurrent connections to I to match this setting (for # Postfix this is the C setting where # 'xxxx' is the transport being used, usually 'smtp', and the default is 100). # # Note that extra servers after the initial --children will only spawn on very # busy systems. This is because the check to see if a new server is needed (ie. # all current ones are busy) is only done around once per minute (this is # controlled by the Net::Server::PreFork module, in case you want to # hack at it :). It can still be useful as an "overflow valve," and is # especially nice since the extra child servers will die off once they're not # needed. =pod =head1 NAME SpamPD - Spam Proxy Daemon (version 2.2) =head1 Synopsis B [B<--host=host[:port]>] [B<--relayhost=hostname[:port]>] [B<--user|u=username>] [B<--group|g=groupname>] [B<--children|c=n>] #[B<--maxchildren|mc=n>] [B<--maxrequests=n>] [B<--childtimeout=n>] [B<--satimeout=n>] [B<--pid|p=filename>] [B<--nodetach>] [B<--logsock=inet|unix>] [B<--maxsize=n>] [B<--dose>] [B<--tagall|a>] [B<--log-rules-hit|rh>] [B<--set-envelope-headers|seh>] [B<--set-envelope-from|sef>] [B<--auto-whitelist|aw>] [B<--local-only|L>] [B<--saconfig=filename>] [B<--debug|d>] B B<--help> =head1 Description I is an SMTP/LMTP proxy that marks (or tags) spam using SpamAssassin (http://www.SpamAssassin.org/). The proxy is designed to be transparent to the sending and receiving mail servers and at no point takes responsibility for the message itself. If a failure occurs within I (or SpamAssassin) then the mail servers will disconnect and the sending server is still responsible for retrying the message for as long as it is configured to do so. I uses SpamAssassin to modify (tag) relayed messages based on their spam score, so all SA settings apply. This is described in the SA documentation. I will by default only tell SA to tag a message if it exceeds the spam threshold score, however you can have it rewrite all messages passing through by adding the --tagall option (see SA for how non-spam messages are tagged). I logs all aspects of its operation to syslog(8), using the mail syslog facility. The latest version can be found at L. =head1 Requires =over 5 Perl modules: =item B =item B =item B =item B =item B (not actually required but recommended) =back =head1 Operation I is meant to operate as an S/LMTP mail proxy which passes each message through SpamAssassin for analysis. Note that I does not do anything other than check for spam, so it is not suitable as an anti-relay system. It is meant to work in conjunction with your regular mail system. Typically one would pipe any messages they wanted scanned through I after initial acceptance by your MX host. This is especially useful for using Postfix's (http://www.postfix.org) advanced content filtering mechanism, although certainly not limited to that application. Please re-read the second sentence in the above paragraph. You should NOT enable I to listen on a public interface (IP address) unless you know exactly what you're doing! It is very easy to set up an open relay this way. Here are some simple examples (square brackets in the "diagrams" indicate physical machines): B =over 3 The firewall/gateway MTA would be configured to forward all of its mail to the port that I listens on, and I would relay its messages to port 25 of your internal server. I could either run on its own host (and listen on any port) or it could run on either mail server (and listen on any port except port 25). Internet -> [ MX gateway (@inter.net.host:25) -> spampd (@localhost:2025) ] -> Internal mail (@private.host.ip:25) =back B =over 3 Please see the F that came with the Postfix distribution. You need to have a version of Postfix which supports this (ideally v.2 and up). Internet -> [ Postfix (@inter.net.host:25) -> spampd (@localhost:10025) -> Postfix (@localhost:10026) ] -> final delivery =back Note that these examples only show incoming mail delivery. Since it is usually unnecessary to scan mail coming from your network (right?), it may be desirable to set up a separate outbound route which bypasses I. =head1 Upgrading If upgrading from a version prior to 2.2, please note that the --add-sc-header option is no longer supported. Use SAs built-in header manipulation features instead (as of SA v2.6). Upgrading from version 1 simply involves replacing the F program file with the latest one. Note that the I folder is no longer being used and the --dead-letters option is no longer needed (though no errors are thrown if it's present). Check the L<"Options"> list below for a full list of new and deprecated options. Also be sure to check out the change log. =head1 Installation I can be run directly from the command prompt if desired. This is useful for testing purposes, but for long term use you probably want to put it somewhere like /usr/bin or /usr/local/bin and execute it at system startup. For example on Red Hat-style Linux system one can use a script in /etc/rc.d/init.d to start I (a sample script is available on the I Web page @ http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm). The options all have reasonable defaults, especially for a Postfix-centric installation. You may want to specify the --children option if you have an especially beefy or weak server box because I is a memory-hungry program. Check the L<"Options"> for details on this and all other parameters. Note that I B I from the I distribution in function. You do not need to run I in order for I to work. This has apparently been the source of some confusion, so now you know. =head2 Postfix-specific Notes Here is a typical setup for Postfix "advanced" content filtering as described in the F that came with the Postfix distribution (which you really need to read): F: smtp inet n - y - - smtpd -o content_filter=smtp:localhost:10025 -o myhostname=mx.example.com localhost:10026 inet n - n - 10 smtpd -o content_filter= -o myhostname=mx-int.example.com The first entry is the main public-facing MTA which uses localhost:10025 as the content filter for all mail. The second entry receives mail from the content filter and does final delivery. Both smtpd instances use the same Postfix F file. I is the process that listens on localhost:10025 and then connects to the Postfix listener on localhost:10026. Note that the C options must be different between the two instances, otherwise Postfix will think it's talking to itself and abort sending. For the above example you can simply start I like this: spampd --host=localhost:10025 --relayhost=localhost:10026 F from the Postfix distro has more details and examples of various setups, including how to skip the content filter for outbound mail. Another tip for Postfix when considering what timeout values to use for --childtimout and --satimeout options is the following command: C<# postconf | grep timeout> This will return a list of useful timeout settings and their values. For explanations see the relevant C page (smtp, smtpd, lmtp). By default I is set up for the default Postfix timeout values. =head1 Options =over 5 =item B<--host=ip[:port] or hostname[:port]> Specifies what hostname/IP and port I listens on. By default, it listens on 127.0.0.1 (localhost) on port 10025. B You should NOT enable I to listen on a public interface (IP address) unless you know exactly what you're doing! =item B<--port=n> Specifies what port I listens on. By default, it listens on port 10025. This is an alternate to using the above --host=ip:port notation. =item B<--relayhost=ip[:port] or hostname[:port]> Specifies the hostname/IP where I will relay all messages. Defaults to 127.0.0.1 (localhost). If the port is not provided, that defaults to 25. =item B<--relayport=n> Specifies what port I will relay to. Default is 25. This is an alternate to using the above --relayhost=ip:port notation. =item B<--user=username> or B<--u=username> =item B<--group=groupname> or B<--g=groupname> Specifies the user and group that the proxy will run as. Default is I/I. =item B<--children=n> or B<--c=n> Number of child servers to start and maintain (where n > 0). Each child will process up to --maxrequests (below) before exiting and being replaced by another child. Keep this number low on systems w/out a lot of memory. Default is 5 (which seems OK on a 512MB lightly loaded system). Note that there is always a parent process running, so if you specify 5 children you will actually have 6 I processes running. You may want to set your origination mail server to limit the number of concurrent connections to I to match this setting (for Postfix this is the C setting where 'xxxx' is the transport being used, usually 'smtp', and the default is 100). =item B<--maxrequests=n> I works by forking child servers to handle each message. The B parameter specifies how many requests will be handled before the child exits. Since a child never gives back memory, a large message can cause it to become quite bloated; the only way to reclaim the memory is for the child to exit. The default is 20. =item B<--childtimeout=n> This is the number of seconds to allow each child server before it times out a transaction. In an S/LMTP transaction the timer is reset for every command. This timeout includes time it would take to send the message data, so it should not be too short. Note that it's more likely the origination or destination mail servers will timeout first, which is fine. This is just a "sane" failsafe. Default is 360 seconds (6 minutes). =item B<--satimeout=n> This is the number of seconds to allow for processing a message with SpamAssassin (including feeding it the message, analyzing it, and adding the headers/report if necessary). This should be less than your origination and destination servers' timeout settings for the DATA command. For Postfix the default is 300 seconds in both cases (smtp_data_done_timeout and smtpd_timeout). In the event of timeout while processing the message, the problem is logged and the message is passed on anyway (w/out spam tagging, obviously). To fail the message with a temp 450 error, see the --dose (die-on-sa-errors) option, below. Default is 285 seconds. =item B<--pid=filename> or B<--p=filename> Specifies a filename where I will write its process ID so that it is easy to kill it later. The directory that will contain this file must be writable by the I user. The default is F. =item B<--logsock=unix or inet> C<(new in v2.20)> Syslog socket to use. May be either "unix" of "inet". Default is "unix" except on HP-UX and SunOS (Solaris) systems which seem to prefer "inet". =item B<--nodetach> C<(new in v2.20)> If this option is given spampd won't detach from the console and fork into the background. This can be useful for running under control of some daemon management tools or when configured as a win32 service under cygrunsrv's control. =item B<--maxsize=n> The maximum message size to send to SpamAssassin, in KBytes. By default messages over 64KB are not scanned at all, and an appropriate message is logged indicating this. The size includes headers and attachments (if any). =item B<--dose> Acronym for (d)ie (o)n (s)pamAssassin (e)rrors. By default if I encounters a problem with processing the message through Spam Assassin (timeout or other error), it will still pass the mail on to the destination server. If you specify this option however, the mail is instead rejected with a temporary error (code 450, which means the origination server should keep retrying to send it). See the related --satimeout option, above. =item B<--tagall> or B<--a> Tells I to have SpamAssassin add headers to all scanned mail, not just spam. By default I will only rewrite messages which exceed the spam threshold score (as defined in the SA settings). Note that for this option to work as of SA-2.50, the I and/or I settings in your SpamAssassin F need to be set to 1/true. =item B<--log-rules-hit> or B<--rh> Logs the names of each SpamAssassin rule which matched the message being processed. This list is returned by SA. =item B<--set-envelope-headers> or B<--seh> C<(new in v2.30)> Turns on addition of X-Envelope-To and X-Envelope-From headers to the mail being scanned before it is passed to SpamAssassin. The idea is to help SA process any blacklist/whitelist to/from directives on the actual sender/recipients instead of the possibly bogus envelope headers. This potentially exposes the list of all recipients of that mail (even BCC'ed ones). Therefore usage of this option is discouraged. I: Even though spampd tries to prevent this leakage by removing the X-Envelope-To header after scanning, SpamAssassin itself might add headers itself which report one or more of the recipients which had been listed in this header. =item B<--set-envelope-from> or B<--sef> C<(new in v2.30)> Same as above option but only enables the addition of X-Envelope-From header. For those that don't feel comfortable with the possible information exposure of X-Envelope-To. The above option overrides this one. =item B<--auto-whitelist> or B<--aw> This option is no longer relevant with SA version 3.0 and above, which controls auto whitelist use via local.cf settings. For SA version < 3.0, turns on the SpamAssassin global whitelist feature. See the SA docs. Note that per-user whitelists are not available. =item B<--local-only> or B<--L> Turn off all SA network-based tests (DNS, Razor, etc). =item B<--homedir=directory> Use the specified directory as home directory for the spamassassin process. Things like the auto-whitelist and other plugin (razor/pyzor) files get written to here. Defaul is /var/spool/spamassassin/spampd. A good place for this is in the same place your bayes_path SA config setting points to (if any). Make sure this directory is accessible to the user that spampd is running as (default: mail). New in v2.40. Thanks to Alexander Wirt for this fix. =item B<--saconfig=filename> Use the specified file for SpamAssassin configuration options in addition to the default local.cf file. Any options specified here will override the same option from local.cf. Default is to not use any additional configuration file. =item B<--debug> or B<--d> Turns on SpamAssassin debug messages which print to the system mail log (same log as spampd will log to). Also turns on more verbose logging of what spampd is doing (new in v2). Also increases log level of Net::Server to 4 (debug), adding yet more info (but not too much) (new in v2.2). =item B<--help> or B<--h> Prints usage information. =back =head2 Deprecated Options =over 5 The following options are no longer used but still accepted for backwards compatibility with prevoius I versions: =item B<--dead-letters> =item B<--heloname> =item B<--stop-at-threshold> =item B<--add-sc-header> =item B<--hostname> =back =head1 Examples =over 5 =item Running between firewall/gateway and internal mail server I listens on port 10025 on the same host as the internal mail server. spampd --host=192.168.1.10 Same as above but I runs on port 10025 of the same host as the firewall/gateway and passes messages on to the internal mail server on another host. spampd --relayhost=192.168.1.10 =item Using Postfix advanced content filtering example and the SA auto-whitelist feature spampd --port=10025 --relayhost=127.0.0.1:10026 --auto-whitelist =back =head1 Credits I is written and maintained by Maxim Paperno . See http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm for latest info. I v2 uses two Perl modules by Bennett Todd and Copyright (C) 2001 Morgan Stanley Dean Witter. These are distributed under the GNU GPL (see module code for more details). Both modules have been slightly modified from the originals and are included in this file under new names. Also thanks to Bennett Todd for the example smtpproxy script which helped create this version of I. See http://bent.latency.net/smtpprox/ . I v1 was based on code by Dave Carrigan named I. Trace amounts of his code or documentation may still remain. Thanks to him for the original inspiration and code. See http://www.rudedog.org/assassind/ . Also thanks to I (included with SpamAssassin) and I (http://www.ijs.si/software/amavisd/) for some tricks. Various people have contributed patches, bug reports, and ideas, all of whom I would like to thank. I have tried to include credits in code comments and in the change log, as appropriate. =head2 Code Contributors (in order of appearance): Kurt Andersen Roland Koeckel Urban Petry Sven Mueller =head1 Copyright, License, and Disclaimer I is Copyright (c) 2002 by World Design Group, Inc. and Maxim Paperno. Portions are Copyright (C) 2001 Morgan Stanley Dean Witter as mentioned above in the Credits section. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. The GNU GPL can be found at http://www.fsf.org/copyleft/gpl.html =head1 Bugs None known. Please report any to MPaperno@WorldDesign.com. =head1 To Do Figure out how to use Net::Server::PreFork because it has cool potential for load management. I tried but either I'm missing something or PreFork is somewhat broken in how it works. If anyone has experience here, please let me know. Add configurable option for rejecting mail outright based on spam score. It would be nice to make this program safe enough to sit in front of a mail server such as Postfix and be able to reject mail before it enters our systems. The only real problem is that Postfix will see localhost as the connecting client, so that disables any client-based checks Postfix can do and creates a possible relay hole if localhost is trusted. =head1 See Also perl(1), Spam::Assassin(3), L, L spampd-2.62/previous-versions/spampd-2.40.pl000066400000000000000000001546551472556702500207100ustar00rootroot00000000000000#!/usr/bin/perl -T ###################### # SpamPD - spam proxy daemon # # v2.32 - 02-Feb-06 # v2.30 - 31-Oct-05 # v2.21 - 23-Oct-05 # v2.20 - 05-Oct-04 # v2.13 - 24-Nov-03 # v2.12 - 15-Nov-03 # v2.11 - 15-Jul-03 # v2.10 - 01-Jul-03 # v2.00 - 10-Jun-03 # v1.0.2 - 13-Apr-03 # v1.0.1 - 03-Feb-03 # v1.0.0 - May 2002 # # spampd is Copyright (c) 2002 by World Design Group and Maxim Paperno # (see http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm) # # Written and maintained by Maxim Paperno (MPaperno@WorldDesign.com) # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # The GNU GPL can be found at http://www.fsf.org/copyleft/gpl.html # # spampd v2 uses two Perl modules by Bennett Todd and Copyright (C) 2001 Morgan # Stanley Dean Witter. These are also distributed under the GNU GPL (see # module code for more details). Both modules have been slightly modified # from the originals and are included in this file under new names. # # spampd v1 was based on code by Dave Carrigan named assassind. Trace amounts # of his code or documentation may still remain. Thanks to him for the # original inspiration and code. (see http://www.rudedog.org/assassind/) # ###################### ################################################################################ package SpamPD::Server; # Originally known as MSDW::SMTP::Server # # This code is Copyright (C) 2001 Morgan Stanley Dean Witter, and # is distributed according to the terms of the GNU Public License # as found at . # # Modified for use in SpamPD by Maxim Paperno (June, 2003) # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # Written by Bennett Todd # =item DESCRIPTION # # This server simply gathers the SMTP acquired information (envelope # sender and recipient, and data) into unparsed memory buffers (or a # file for the data), and returns control to the caller to explicitly # acknowlege each command or request. Since acknowlegement or failure # are driven explicitly from the caller, this module can be used to # create a robust SMTP content scanning proxy, transparent or not as # desired. # # =cut use strict; use IO::File; #use IO::Socket; # =item new(interface => $interface, port => $port); # The #interface and port to listen on must be specified. The interface # must be a valid numeric IP address (0.0.0.0 to listen on all # interfaces, as usual); the port must be numeric. If this call # succeeds, it returns a server structure with an open # IO::Socket::INET in it, ready to listen on. If it fails it dies, so # if you want anything other than an exit with an explanatory error # message, wrap the constructor call in an eval block and pull the # error out of $@ as usual. This is also the case for all other # methods; they succeed or they die. # # =cut sub new { # This now emulates Net::SMTP::Server::Client for use with Net::Server which # passes an already open socket. my($this, $socket) = @_; my $class = ref($this) || $this; my $self = {}; $self->{sock} = $socket; bless($self, $class); die "$0: socket bind failure: $!\n" unless defined $self->{sock}; $self->{state} = 'started'; return $self; # Original code, removed by MP for spampd use # # my ($this, @opts) = @_; # my $class = ref($this) || $this; # my $self = bless { @opts }, $class; # $self->{sock} = IO::Socket::INET->new( # LocalAddr => $self->{interface}, # LocalPort => $self->{port}, # Proto => 'tcp', # Type => SOCK_STREAM, # Listen => 65536, # Reuse => 1, # ); # die "$0: socket bind failure: $!\n" unless defined $self->{sock}; # $self->{state} = 'just bound', # return $self; } # sub accept { } # # Removed by MP; not needed for spampd use # # =item chat; # # The chat method carries the SMTP dialogue up to the point where any # acknowlegement must be made. If chat returns true, then its return # value is the previous SMTP command. If the return value begins with # 'mail' (case insensitive), then the attribute 'from' has been filled # in, and may be checked; if the return value begins with 'rcpt' then # both from and to have been been filled in with scalars, and should # be checked, then either 'ok' or 'fail' should be called to accept # or reject the given sender/recipient pair. If the return value is # 'data', then the attributes from and to are populated; in this case, # the 'to' attribute is a reference to an anonymous array containing # all the recipients for this data. If the return value is '.', then # the 'data' attribute (which may be pre-populated in the "new" or # "accept" methods if desired) is a reference to a filehandle; if it's # created automatically by this module it will point to an unlinked # tmp file in /tmp. If chat returns false, the SMTP dialogue has been # completed and the socket closed; this server is ready to exit or to # accept again, as appropriate for the server style. # # The return value from chat is also remembered inside the server # structure in the "state" attribute. # # =cut sub chat { my ($self) = @_; local(*_); if ($self->{state} !~ /^data/i) { return 0 unless defined($_ = $self->_getline); s/[\r\n]*$//; $self->{state} = $_; if (s/^(l|h)?he?lo\s+//i) { # mp: find helo|ehlo|lhlo # mp: determine protocol (for future use) if (s/^helo\s+//i) { $self->{proto} = "smtp"; } elsif (s/^ehlo\s+//i) { $self->{proto} = "esmtp"; } elsif (s/^lhlo\s+//i) { $self->{proto} = "lmtp"; } # if ( /^L/i ) { # $self->{proto} = "lmtp"; # } elsif ( /^E/i ) { # $self->{proto} = "esmtp"; # } else { # $self->{proto} = "smtp"; } s/\s*$//; s/\s+/ /g; $self->{helo} = $_; } elsif (s/^rset\s*//i) { delete $self->{to}; delete $self->{data}; delete $self->{recipients}; } elsif (s/^mail\s+from:\s*//i) { delete $self->{to}; delete $self->{data}; delete $self->{recipients}; s/\s*$//; $self->{from} = $_; } elsif (s/^rcpt\s+to:\s*//i) { s/\s*$//; s/\s+/ /g; $self->{to} = $_; push @{$self->{recipients}}, $_; } elsif (/^data/i) { $self->{to} = $self->{recipients}; } } else { if (defined($self->{data})) { $self->{data}->seek(0, 0); $self->{data}->truncate(0); } else { $self->{data} = IO::File->new_tmpfile; } while (defined($_ = $self->_getline)) { if ($_ eq ".\r\n") { $self->{data}->seek(0,0); return $self->{state} = '.'; } s/^\.\./\./; $self->{data}->print($_) or die "$0: write error saving data\n"; } return(0); } return $self->{state}; } # =item ok([message]); # # Approves of the data given to date, either the recipient or the # data, in the context of the sender [and, for data, recipients] # already given and available as attributes. If a message is given, it # will be sent instead of the internal default. # # =cut sub ok { my ($self, @msg) = @_; @msg = ("250 ok.") unless @msg; $self->_print("@msg\r\n") or die "$0: write error acknowledging $self->{state}: $!\n"; } # =item fail([message]); # # Rejects the current info; if processing from, rejects the sender; if # processing 'to', rejects the current recipient; if processing data, # rejects the entire message. If a message is specified it means the # exact same thing as "ok" --- simply send that message to the sender. # # =cut sub fail { my ($self, @msg) = @_; @msg = ("550 no.") unless @msg; $self->_print("@msg\r\n") or die "$0: write error acknowledging $self->{state}: $!\n"; } # utility functions sub _getline { my ($self) = @_; local ($/) = "\r\n"; my $tmp = $self->{sock}->getline; if ( defined $self->{debug} ) { $self->{debug}->print($tmp) if ($tmp); } return $tmp; } sub _print { my ($self, @msg) = @_; $self->{debug}->print(@msg) if defined $self->{debug}; $self->{sock}->print(@msg); } 1; ################################################################################ package SpamPD::Client; # Originally known as MSDW::SMTP::Client # # This code is Copyright (C) 2001 Morgan Stanley Dean Witter, and # is distributed according to the terms of the GNU Public License # as found at . # # Modified for use in SpamPD by Maxim Paperno (June, 2003) # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # Written by Bennett Todd # =head1 DESCRIPTION # # MSDW::SMTP::Client provides a very lean SMTP client implementation; # the only protocol-specific knowlege it has is the structure of SMTP # multiline responses. All specifics lie in the hands of the calling # program; this makes it appropriate for a semi-transparent SMTP # proxy, passing commands between a talker and a listener. # # =cut use strict; use IO::Socket; # =item new(interface => $interface, port => $port[, timeout = 300]); # # The interface and port to talk to must be specified. The interface # must be a valid numeric IP address; the port must be numeric. If # this call succeeds, it returns a client structure with an open # IO::Socket::INET in it, ready to talk to. If it fails it dies, # so if you want anything other than an exit with an explanatory # error message, wrap the constructor call in an eval block and pull # the error out of $@ as usual. This is also the case for all other # methods; they succeed or they die. The timeout parameter is passed # on into the IO::Socket::INET constructor. # # =cut sub new { my ($this, @opts) = @_; my $class = ref($this) || $this; my $self = bless { timeout => 300, @opts }, $class; $self->{sock} = IO::Socket::INET->new( PeerAddr => $self->{interface}, PeerPort => $self->{port}, Timeout => $self->{timeout}, Proto => 'tcp', Type => SOCK_STREAM, ); die "$0: socket connect failure: $!\n" unless defined $self->{sock}; return $self; } # =item hear # # hear collects a complete SMTP response and returns it with trailing # CRLF removed; for multi-line responses, intermediate CRLFs are left # intact. Returns undef if EOF is seen before a complete reply is # collected. # # =cut sub hear { my ($self) = @_; my ($tmp, $reply); return undef unless $tmp = $self->{sock}->getline; while ($tmp =~ /^\d{3}-/) { $reply .= $tmp; return undef unless $tmp = $self->{sock}->getline; } $reply .= $tmp; $reply =~ s/\r\n$//; return $reply; } # =item say("command text") # # say sends an SMTP command, appending CRLF. # # =cut sub say { my ($self, @msg) = @_; return unless @msg; $self->{sock}->print("@msg", "\r\n") or die "$0: write error: $!"; } # =item yammer(FILEHANDLE) # # yammer takes a filehandle (which should be positioned at the # beginning of the file, remember to $fh->seek(0,0) if you've just # written it) and sends its contents as the contents of DATA. This # should only be invoked after a $client->say("data") and a # $client->hear to collect the reply to the data command. It will send # the trailing "." as well. It will perform leading-dot-doubling in # accordance with the SMTP protocol spec, where "leading dot" is # defined in terms of CR-LF terminated lines --- i.e. the data should # contain CR-LF data without the leading-dot-quoting. The filehandle # will be left at EOF. # # =cut sub yammer { my ($self, $fh) = (@_); local (*_); local ($/) = "\r\n"; $self->{sock}->autoflush(0); # use less writes (thx to Sam Horrocks for the tip) while (<$fh>) { s/^\./../; $self->{sock}->print($_) or die "$0: write error: $!\n"; } $self->{sock}->autoflush(1); # restore unbuffered socket operation $self->{sock}->print(".\r\n") or die "$0: write error: $!\n"; } 1; ################################################################################ package SpamPD; use strict; use Net::Server::PreForkSimple; use IO::File; use Getopt::Long; use Mail::SpamAssassin; BEGIN { # Load Time::HiRes if it's available eval { require Time::HiRes }; Time::HiRes->import( qw(time) ) unless $@; # use included modules import SpamPD::Server; import SpamPD::Client; } use vars qw(@ISA $VERSION); our @ISA = qw(Net::Server::PreForkSimple); our $VERSION = '2.30'; sub process_message { my ($self, $fh) = @_; # output lists with a , delimeter by default local ($") = ","; # start a timer my $start = time; # use the assassin object created during startup my $assassin = $self->{spampd}->{assassin}; my $sa_version = Mail::SpamAssassin::Version(); # $sa_version can have a non-numeric value if version_tag is # set in local.cf. Only take first numeric value $sa_version =~ s/([0-9]*\.[0-9]*).*/$1/; # this gets info about the message temp file my $size = ($fh->stat)[7] or die "Can't stat mail file: $!"; # Only process message under --maxsize KB if ( $size < ($self->{spampd}->{maxsize} * 1024) ) { my (@msglines, $msgid, $sender, $recips, $tmp, $mail, $msg_resp); my $inhdr = 1; my $envfrom = 0; my $envto = 0; my $addedenvto = 0; $recips = "@{$self->{smtp_server}->{to}}"; if ("$self->{smtp_server}->{from}" =~ /(\<.*?\>)/ ) {$sender = $1;} $recips ||= "(unknown)"; $sender ||= "(unknown)"; ## read message into array of lines to feed to SA # loop over message file content $fh->seek(0,0) or die "Can't rewind message file: $!"; while (<$fh>) { $envto = 1 if (/^(?:X-)?Envelope-To: /); $envfrom = 1 if (/^(?:X-)?Envelope-From: /); if ( (/^\r?\n$/) && ($inhdr ==1) ) { $inhdr = 0; # outside of msg header after first blank line if ( ( $self->{spampd}->{envelopeheaders} || $self->{spampd}->{setenvelopefrom} ) && $envfrom == 0 ) { push(@msglines, "X-Envelope-From: $sender\r\n"); if ( $self->{spampd}->{debug} ) { $self->mylog(2, "Added X-Envelope-From"); } } if ( $self->{spampd}->{envelopeheaders} && $envto == 0 ) { push(@msglines, "X-Envelope-To: $recips\r\n"); $addedenvto = 1; if ( $self->{spampd}->{debug} ) { $self->mylog(2, "Added X-Envelope-To"); } } } push(@msglines, $_); # find the Message-ID for logging (code is mostly from spamd) if ( $inhdr && /^Message-Id:\s+(.*?)\s*$/i ) { $msgid = $1; while ( $msgid =~ s/\([^\(\)]*\)// ) { } # remove comments and $msgid =~ s/^\s+|\s+$//g; # leading and trailing spaces $msgid =~ s/\s+/ /g; # collapse whitespaces $msgid =~ s/^.*?<(.*?)>.*$/$1/; # keep only the id itself $msgid =~ s/[^\x21-\x7e]/?/g; # replace all weird chars $msgid =~ s/[<>]/?/g; # plus all dangling angle brackets $msgid =~ s/^(.+)$/<$1>/; # re-bracket the id (if not empty) } } $msgid ||= "(unknown)"; $self->mylog(2, "processing message $msgid for ". $recips); eval { local $SIG{ALRM} = sub { die "Timed out!\n" }; # save previous timer and start new my $previous_alarm = alarm($self->{spampd}->{satimeout}); # Audit the message if ($sa_version >= 3) { $mail = $assassin->parse(\@msglines, 0); undef @msglines; #clear some memory-- this screws up SA < v3 } elsif ($sa_version >= 2.70) { $mail = Mail::SpamAssassin::MsgParser->parse(\@msglines); } else { $mail = Mail::SpamAssassin::NoMailAudit->new ( data => \@msglines ); } # Check spamminess (returns Mail::SpamAssassin:PerMsgStatus object) my $status = $assassin->check($mail); if ( $self->{spampd}->{debug} ) { $self->mylog(2, "Returned from checking by SpamAssassin"); } # Rewrite mail if high spam factor or options --tagall if ( $status->is_spam || $self->{spampd}->{tagall} ) { if ( $self->{spampd}->{debug} ) { $self->mylog(2, "Rewriting mail using SpamAssassin"); } # use Mail::SpamAssassin:PerMsgStatus object to rewrite message if ( $sa_version >= 3 ) { $msg_resp = $status->rewrite_mail; } else { # SA versions prior to 3 need to get the response in a different manner $status->rewrite_mail; $msg_resp = join '', $mail->header, "\r\n", @{$mail->body}; } # Build the new message to relay # pause the timeout alarm while we do this (no point in timing # out here and leaving a half-written file). my @resplines = split(/\r?\n/, $msg_resp); my $pause_alarm = alarm(0); my $inhdr = 1; my $skipline = 0; $fh->seek(0,0) or die "Can't rewind message file: $!"; $fh->truncate(0) or die "Can't truncate message file: $!"; my $arraycont = @resplines; for ( 0..($arraycont-1) ) { $inhdr=0 if ($resplines[$_] =~ m/^\r?\n$/); # if we are still in the header, skip over any # "X-Envelope-To: " line if we have previously added it. if ( $inhdr == 1 && $addedenvto == 1 && $resplines[$_] =~ m/^X-Envelope-To: .*$/) { $skipline = 1; if ( $self->{spampd}->{debug} ) { $self->mylog(2, "Removing X-Envelope-To"); } } if (! $skipline) { $fh->print($resplines[$_] . "\r\n") or die "Can't print to message file: $!"; } else { $skipline = 0; } } #restart the alarm alarm($pause_alarm); } # Log what we did my $was_it_spam = 'clean message'; if ($status->is_spam) { $was_it_spam = 'identified spam'; } my $msg_score = sprintf("%.2f",$status->get_hits); my $msg_threshold = sprintf("%.2f",$status->get_required_hits); my $proc_time = sprintf("%.2f", time - $start); $self->mylog(2, "$was_it_spam $msgid ($msg_score/$msg_threshold) from $sender for ". "$recips in ". $proc_time . "s, $size bytes."); # thanks to Kurt Andersen for this idea if ( $self->{spampd}->{rh} ) { $self->mylog(2, "rules hit for $msgid: " . $status->get_names_of_tests_hit); } $status->finish(); $mail->finish(); # set the timeout alarm back to wherever it was at alarm($previous_alarm); }; if ( $@ ne '' ) { $self->mylog(1, "WARNING!! SpamAssassin error on message $msgid: $@"); return 0; } } else { $self->mylog(2, "skipped large message (". $size / 1024 ."KB)"); } return 1; } sub process_request { my $self = shift; my $msg; my $rcpt_ok; eval { local $SIG{ALRM} = sub { die "Child server process timed out!\n" }; my $timeout = $self->{spampd}->{childtimeout}; # start a timeout alarm alarm($timeout); # start an smtp server my $smtp_server = SpamPD::Server->new($self->{server}->{client}); unless ( defined $smtp_server ) { die "Failed to create listening Server: $!"; } $self->{smtp_server} = $smtp_server; if ( $self->{spampd}->{debug} ) { $self->mylog(2, "Initiated Server"); } # start an smtp "client" (really a sending server) my $client = SpamPD::Client->new(interface => $self->{spampd}->{relayhost}, port => $self->{spampd}->{relayport}); unless ( defined $client ) { die "Failed to create sending Client: $!"; } if ( $self->{spampd}->{debug} ) { $self->mylog(2, "Initiated Client"); } # pass on initial client response # $client->hear can handle multiline responses so no need to loop $smtp_server->ok($client->hear) or die "Error in initial server->ok(client->hear): $!"; if ( $self->{spampd}->{debug} ) { $self->mylog(2, "smtp_server state: '" . $smtp_server->{state} . "'"); } # while loop over incoming data from the server while ( my $what = $smtp_server->chat ) { if ( $self->{spampd}->{debug} ) { $self->mylog(2, "smtp_server state: '" . $smtp_server->{state} . "'"); } # until end of DATA is sent, just pass the commands on transparently if ($what ne '.') { $client->say($what) or die "Failure in client->say(what): $!"; # but once the data is sent now we want to process it } else { # spam checking routine - message might be rewritten here my $pmrescode = $self->process_message($smtp_server->{data}); # pass on the messsage if exit code <> 0 or die-on-sa-errors flag is off if ( $pmrescode or !$self->{spampd}->{dose} ) { # need to give the client a rewound file $smtp_server->{data}->seek(0,0) or die "Can't rewind mail file: $!"; # now send the data on through the client $client->yammer($smtp_server->{data}) or die "Failure in client->yammer(smtp_server->{data}): $!"; } else { $smtp_server->ok("450 Temporary failure processing message, please try again later"); last; } #close the temp file $smtp_server->{data}->close or $self->mylog(1, "WARNING!! Couldn't close smtp_server->{data} temp file: $!"); if ( $self->{spampd}->{debug} ) { $self->mylog(2, "Finished sending DATA"); } } # pass on whatever the relayhost said in response # $client->hear can handle multiline responses so no need to loop my $destresp = $client->hear; $smtp_server->ok($destresp) or die "Error in server->ok(client->hear): $!"; if ( $self->{spampd}->{debug} ) { $self->mylog(2, "Destination response: '" . $destresp . "'"); } # if we're in data state but the response is an error, exit data state. # Shold not normally occur, but can happen. Thanks to Rodrigo Ventura for bug reports. if ( $smtp_server->{state} =~ /^data/i and $destresp =~ /^[45]\d{2} / ) { $smtp_server->{state} = "err_after_data"; if ( $self->{spampd}->{debug} ) { $self->mylog(2, "Destination response indicates error after DATA command"); } } # patch for LMTP - multiple responses after . after DATA, done by Vladislav Kurz # we have to count sucessful RCPT commands and then read the same amount of responses if ( $smtp_server->{proto} eq 'lmtp' ) { if ( $smtp_server->{state} =~ /^rset/i ) { $rcpt_ok=0; } if ( $smtp_server->{state} =~ /^mail/i ) { $rcpt_ok=0; } if ( $smtp_server->{state} =~ /^rcpt/i and $destresp =~ /^25/ ) { $rcpt_ok++; } if ( $smtp_server->{state} eq '.' ) { while ( --$rcpt_ok ) { $destresp = $client->hear; $smtp_server->ok($destresp) or die "Error in server->ok(client->hear): $!"; if ( $self->{spampd}->{debug} ) { $self->mylog(2, "Destination response: '" . $destresp . "'"); } } } } # restart the timeout alarm alarm($timeout); } # server ends connection # close connections $client->{sock}->close or die "Couldn't close client->{sock}: $!"; $smtp_server->{sock}->close or die "Couldn't close smtp_server->{sock}: $!"; if ( $self->{spampd}->{debug} ) { $self->mylog(2, "Closed connections"); } }; # end eval block alarm(0); # stop the timer # check for error in eval block if ($@ ne '') { chomp($@); $msg = "WARNING!! Error in process_request eval block: $@"; $self->mylog(0, $msg); die ($msg . "\n"); } $self->{spampd}->{instance}++; } # Net::Server hook # about to exit child process sub child_finish_hook { my($self) = shift; if ( $self->{spampd}->{debug} ) { $self->mylog(2, "Exiting child process after handling ". $self->{spampd}->{instance} ." requests"); } } # older Net::Server versions (<= 0.87) die when logging a % character to Sys::Syslog sub mylog($$$) { my ($self, $level, $msg) = @_; $msg =~ s/\%/%%/g; $self->log($level, $msg); } ################## SETUP ###################### my $relayhost = '127.0.0.1'; # relay to ip my $relayport = 25; # relay to port my $host = '127.0.0.1'; # listen on ip my $port = 10025; # listen on port my $children = 5; # number of child processes (servers) to spawn at start # my $maxchildren = $children; # max. number of child processes (servers) to spawn my $maxrequests = 20; # max requests handled by child b4 dying my $childtimeout = 6*60; # child process per-command timeout in seconds my $satimeout = 285; # SpamAssassin timeout in seconds (15s less than Postfix # default for smtp_data_done_timeout) my $pidfile = '/var/run/spampd.pid'; # write pid to file my $user = 'mail'; # user to run as my $group = 'mail'; # group to run as my $tagall = 0; # mark-up all msgs with SA, not just spam my $maxsize = 64; # max. msg size to scan with SA, in KB. my $rh = 0; # log which rules were hit my $debug = 0; # debug flag my $dose = 0; # die-on-sa-errors flag my $logsock = "unix"; # default log socket (some systems like 'inet') my $nsloglevel = 2; # default log level for Net::Server (in the range 0-4) my $background = 1; # specifies whether to 'daemonize' and fork into background; # apparently useful under Win32/cygwin to disable this via # --nodetach option; my $envelopeheaders = 0; # Set X-Envelope-To and X-Envelope-From headers in the mail before # passing it to spamassassin. Set to 1 to enable this. my $setenvelopefrom = 0; # Set X-Envelope-From header only my $saconfigfile = ""; # use this config file for SA settings (blank uses default local.cf) my $sa_home_dir = '/var/spool/spamassassin/spampd'; # home directory for SA files # (auto-whitelist, plugin helpers) my %options = (port => \$port, host => \$host, relayhost => \$relayhost, relayport => \$relayport, pid => \$pidfile, user => \$user, group => \$group, maxrequests => \$maxrequests, maxsize => \$maxsize, childtimeout => \$childtimeout, satimeout => \$satimeout, children => \$children, # maxchildren => \$maxchildren, logsock => \$logsock, envelopeheaders => \$envelopeheaders, setenvelopefrom => \$setenvelopefrom, saconfigfile => \$saconfigfile, sa_home_dir => \$sa_home_dir, ); usage(1) unless GetOptions(\%options, 'port=i', 'host=s', 'relayhost=s', 'relayport=i', 'children|c=i', # 'maxchildren|mc=i', 'maxrequests|mr=i', 'childtimeout=i', 'satimeout=i', 'dead-letters=s', # deprecated 'user|u=s', 'group|g=s', 'pid|p=s', 'maxsize=i', 'heloname=s', # deprecated 'tagall|a', 'auto-whitelist|aw', 'stop-at-threshold', # deprecated 'debug|d', 'help|h|?', 'local-only|l', 'log-rules-hit|rh', 'dose', 'add-sc-header|ash', # deprecated 'hostname=s', # deprecated 'logsock=s', 'nodetach', 'set-envelope-headers|seh', 'set-envelope-from|sef', 'saconfig=s', 'homedir=s', ); usage(0) if $options{help}; if ( $logsock !~ /^(unix|inet)$/ ) { print "--logsock parameter needs to be either unix or inet\n\n"; usage(0); } if ( $options{tagall} ) { $tagall = 1; } if ( $options{'log-rules-hit'} ) { $rh = 1; } if ( $options{debug} ) { $debug = 1; $nsloglevel = 4; } if ( $options{dose} ) { $dose = 1; } if ( $options{'nodetach'} ) { $background = undef; } if ( $options{'set-envelope-headers'} ) { $envelopeheaders = 1; } if ( $options{'set-envelope-from'} ) { $setenvelopefrom = 1; } if ( $options{'saconfig'} ) { $saconfigfile = $options{'saconfig'}; } if ( $options{'homedir'} ) { $sa_home_dir = $options{'homedir'}; } # if ( !$options{maxchildren} or $maxchildren < $children ) { $maxchildren = $children; } if ( $children < 1 ) { print "Option --children must be greater than zero!\n"; exit shift; } # my $min_spare_servers = ($children == $maxchildren) ? 0 : 1; # my $max_spare_servers = ($min_spare_servers == 0) ? 0 : $maxchildren-1; my @tmp = split (/:/, $relayhost); $relayhost = $tmp[0]; if ( $tmp[1] ) { $relayport = $tmp[1]; } @tmp = split (/:/, $host); $host = $tmp[0]; if ( $tmp[1] ) { $port = $tmp[1]; } my $sa_options = { 'dont_copy_prefs' => 1, 'debug' => $debug, 'local_tests_only' => $options{'local-only'} || 0, 'home_dir_for_helpers' => $sa_home_dir, 'userstate_dir' => $sa_home_dir }; my $use_user_prefs = 0; if ( $saconfigfile != "" ) { $sa_options->{ 'userprefs_filename' } = $saconfigfile; $use_user_prefs = 1; } #cleanup environment before starting SA (thanks to Alexander Wirt) $ENV{'PATH'} = '/bin:/usr/bin:/sbin:/usr/sbin'; delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV', 'HOME'}; my $assassin = Mail::SpamAssassin->new($sa_options); $options{'auto-whitelist'} and eval { require Mail::SpamAssassin::DBBasedAddrList; # create a factory for the persistent address list my $addrlistfactory = Mail::SpamAssassin::DBBasedAddrList->new(); $assassin->set_persistent_address_list_factory ($addrlistfactory); }; $assassin->compile_now($use_user_prefs); # thanks to Kurt Andersen for the 'uname -s' fix if ( !$options{logsock} ) { eval { my $osname = `uname -s`; if (($osname =~ 'HP-UX') || ($osname =~ 'SunOS')) { $logsock = "inet"; } }; } my $server = bless { server => {host => $host, port => [ $port ], log_file => 'Sys::Syslog', log_level => $nsloglevel, syslog_logsock => $logsock, syslog_ident => 'spampd', syslog_facility => 'mail', background => $background, # setsid => 1, pid_file => $pidfile, user => $user, group => $group, max_servers => $children, max_requests => $maxrequests, # min_servers => $children, # max_servers => $maxchildren, # min_spare_servers => $min_spare_servers, # max_spare_servers => $max_spare_servers, }, spampd => { relayhost => $relayhost, relayport => $relayport, tagall => $tagall, maxsize => $maxsize, assassin => $assassin, childtimeout => $childtimeout, satimeout => $satimeout, rh => $rh, debug => $debug, dose => $dose, instance => 0, envelopeheaders => $envelopeheaders, setenvelopefrom => $setenvelopefrom, }, }, 'SpamPD'; # Redirect all warnings to Server::log $SIG{__WARN__} = sub { $server->log (2, $_[0]); }; # call Net::Server to start up the daemon inside $server->run; exit 1; # shouldn't get here sub usage { print < 3.0 now control this via local.cf). --local-only or -L Turn off all SA network-based tests (RBL, Razor, etc). --homedir=path Use the specified directory as home directory for the SpamAssassin process. Default is /var/spool/spamassassin/spampd --saconfig=filename Use the specified file for loading SA configuration options after the default local.cf file. --debug or -d Turn on SA debugging (sent to log file). --help or -h or -? This message Deprecated Options (still accepted for backwards compatibility): --heloname=hostname No longer used in spampd v.2 --dead-letters=path No longer used in spampd v.2 --stop-at-threshold No longer implemented in SpamAssassin EOF # --maxchildren=n Maximum number of child processes (servers) to # run. Default is the value of --children. exit shift; } __END__ # Some commented-out documentation. POD doesn't have a way to comment # out sections!? This documents a feature which may be implemented later. # # =item B<--maxchildren=n> or B<--mc=n> # # Maximum number of children to spawn if needed (where n >= --children). When # I starts it will spawn a number of child servers as specified by # --children. If all those servers become busy, a new child is spawned up to the # number specified in --maxchildren. Default is to have --maxchildren equal to # --children so extra child processes aren't started. Also see the --children # option, above. You may want to set your origination mail server to limit the # number of concurrent connections to I to match this setting (for # Postfix this is the C setting where # 'xxxx' is the transport being used, usually 'smtp', and the default is 100). # # Note that extra servers after the initial --children will only spawn on very # busy systems. This is because the check to see if a new server is needed (ie. # all current ones are busy) is only done around once per minute (this is # controlled by the Net::Server::PreFork module, in case you want to # hack at it :). It can still be useful as an "overflow valve," and is # especially nice since the extra child servers will die off once they're not # needed. =pod =head1 NAME SpamPD - Spam Proxy Daemon (version 2.2) =head1 Synopsis B [B<--host=host[:port]>] [B<--relayhost=hostname[:port]>] [B<--user|u=username>] [B<--group|g=groupname>] [B<--children|c=n>] #[B<--maxchildren|mc=n>] [B<--maxrequests=n>] [B<--childtimeout=n>] [B<--satimeout=n>] [B<--pid|p=filename>] [B<--nodetach>] [B<--logsock=inet|unix>] [B<--maxsize=n>] [B<--dose>] [B<--tagall|a>] [B<--log-rules-hit|rh>] [B<--set-envelope-headers|seh>] [B<--set-envelope-from|sef>] [B<--auto-whitelist|aw>] [B<--local-only|L>] [B<--saconfig=filename>] [B<--debug|d>] B B<--help> =head1 Description I is an SMTP/LMTP proxy that marks (or tags) spam using SpamAssassin (http://www.SpamAssassin.org/). The proxy is designed to be transparent to the sending and receiving mail servers and at no point takes responsibility for the message itself. If a failure occurs within I (or SpamAssassin) then the mail servers will disconnect and the sending server is still responsible for retrying the message for as long as it is configured to do so. I uses SpamAssassin to modify (tag) relayed messages based on their spam score, so all SA settings apply. This is described in the SA documentation. I will by default only tell SA to tag a message if it exceeds the spam threshold score, however you can have it rewrite all messages passing through by adding the --tagall option (see SA for how non-spam messages are tagged). I logs all aspects of its operation to syslog(8), using the mail syslog facility. The latest version can be found at L. =head1 Requires =over 5 Perl modules: =item B =item B =item B =item B =item B (not actually required but recommended) =back =head1 Operation I is meant to operate as an S/LMTP mail proxy which passes each message through SpamAssassin for analysis. Note that I does not do anything other than check for spam, so it is not suitable as an anti-relay system. It is meant to work in conjunction with your regular mail system. Typically one would pipe any messages they wanted scanned through I after initial acceptance by your MX host. This is especially useful for using Postfix's (http://www.postfix.org) advanced content filtering mechanism, although certainly not limited to that application. Please re-read the second sentence in the above paragraph. You should NOT enable I to listen on a public interface (IP address) unless you know exactly what you're doing! It is very easy to set up an open relay this way. Here are some simple examples (square brackets in the "diagrams" indicate physical machines): B =over 3 The firewall/gateway MTA would be configured to forward all of its mail to the port that I listens on, and I would relay its messages to port 25 of your internal server. I could either run on its own host (and listen on any port) or it could run on either mail server (and listen on any port except port 25). Internet -> [ MX gateway (@inter.net.host:25) -> spampd (@localhost:2025) ] -> Internal mail (@private.host.ip:25) =back B =over 3 Please see the F that came with the Postfix distribution. You need to have a version of Postfix which supports this (ideally v.2 and up). Internet -> [ Postfix (@inter.net.host:25) -> spampd (@localhost:10025) -> Postfix (@localhost:10026) ] -> final delivery =back Note that these examples only show incoming mail delivery. Since it is usually unnecessary to scan mail coming from your network (right?), it may be desirable to set up a separate outbound route which bypasses I. =head1 Upgrading If upgrading from a version prior to 2.2, please note that the --add-sc-header option is no longer supported. Use SAs built-in header manipulation features instead (as of SA v2.6). Upgrading from version 1 simply involves replacing the F program file with the latest one. Note that the I folder is no longer being used and the --dead-letters option is no longer needed (though no errors are thrown if it's present). Check the L<"Options"> list below for a full list of new and deprecated options. Also be sure to check out the change log. =head1 Installation I can be run directly from the command prompt if desired. This is useful for testing purposes, but for long term use you probably want to put it somewhere like /usr/bin or /usr/local/bin and execute it at system startup. For example on Red Hat-style Linux system one can use a script in /etc/rc.d/init.d to start I (a sample script is available on the I Web page @ http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm). The options all have reasonable defaults, especially for a Postfix-centric installation. You may want to specify the --children option if you have an especially beefy or weak server box because I is a memory-hungry program. Check the L<"Options"> for details on this and all other parameters. Note that I B I from the I distribution in function. You do not need to run I in order for I to work. This has apparently been the source of some confusion, so now you know. =head2 Postfix-specific Notes Here is a typical setup for Postfix "advanced" content filtering as described in the F that came with the Postfix distribution (which you really need to read): F: smtp inet n - y - - smtpd -o content_filter=smtp:localhost:10025 -o myhostname=mx.example.com localhost:10026 inet n - n - 10 smtpd -o content_filter= -o myhostname=mx-int.example.com The first entry is the main public-facing MTA which uses localhost:10025 as the content filter for all mail. The second entry receives mail from the content filter and does final delivery. Both smtpd instances use the same Postfix F file. I is the process that listens on localhost:10025 and then connects to the Postfix listener on localhost:10026. Note that the C options must be different between the two instances, otherwise Postfix will think it's talking to itself and abort sending. For the above example you can simply start I like this: spampd --host=localhost:10025 --relayhost=localhost:10026 F from the Postfix distro has more details and examples of various setups, including how to skip the content filter for outbound mail. Another tip for Postfix when considering what timeout values to use for --childtimout and --satimeout options is the following command: C<# postconf | grep timeout> This will return a list of useful timeout settings and their values. For explanations see the relevant C page (smtp, smtpd, lmtp). By default I is set up for the default Postfix timeout values. =head1 Options =over 5 =item B<--host=ip[:port] or hostname[:port]> Specifies what hostname/IP and port I listens on. By default, it listens on 127.0.0.1 (localhost) on port 10025. B You should NOT enable I to listen on a public interface (IP address) unless you know exactly what you're doing! =item B<--port=n> Specifies what port I listens on. By default, it listens on port 10025. This is an alternate to using the above --host=ip:port notation. =item B<--relayhost=ip[:port] or hostname[:port]> Specifies the hostname/IP where I will relay all messages. Defaults to 127.0.0.1 (localhost). If the port is not provided, that defaults to 25. =item B<--relayport=n> Specifies what port I will relay to. Default is 25. This is an alternate to using the above --relayhost=ip:port notation. =item B<--user=username> or B<--u=username> =item B<--group=groupname> or B<--g=groupname> Specifies the user and group that the proxy will run as. Default is I/I. =item B<--children=n> or B<--c=n> Number of child servers to start and maintain (where n > 0). Each child will process up to --maxrequests (below) before exiting and being replaced by another child. Keep this number low on systems w/out a lot of memory. Default is 5 (which seems OK on a 512MB lightly loaded system). Note that there is always a parent process running, so if you specify 5 children you will actually have 6 I processes running. You may want to set your origination mail server to limit the number of concurrent connections to I to match this setting (for Postfix this is the C setting where 'xxxx' is the transport being used, usually 'smtp', and the default is 100). =item B<--maxrequests=n> I works by forking child servers to handle each message. The B parameter specifies how many requests will be handled before the child exits. Since a child never gives back memory, a large message can cause it to become quite bloated; the only way to reclaim the memory is for the child to exit. The default is 20. =item B<--childtimeout=n> This is the number of seconds to allow each child server before it times out a transaction. In an S/LMTP transaction the timer is reset for every command. This timeout includes time it would take to send the message data, so it should not be too short. Note that it's more likely the origination or destination mail servers will timeout first, which is fine. This is just a "sane" failsafe. Default is 360 seconds (6 minutes). =item B<--satimeout=n> This is the number of seconds to allow for processing a message with SpamAssassin (including feeding it the message, analyzing it, and adding the headers/report if necessary). This should be less than your origination and destination servers' timeout settings for the DATA command. For Postfix the default is 300 seconds in both cases (smtp_data_done_timeout and smtpd_timeout). In the event of timeout while processing the message, the problem is logged and the message is passed on anyway (w/out spam tagging, obviously). To fail the message with a temp 450 error, see the --dose (die-on-sa-errors) option, below. Default is 285 seconds. =item B<--pid=filename> or B<--p=filename> Specifies a filename where I will write its process ID so that it is easy to kill it later. The directory that will contain this file must be writable by the I user. The default is F. =item B<--logsock=unix or inet> C<(new in v2.20)> Syslog socket to use. May be either "unix" of "inet". Default is "unix" except on HP-UX and SunOS (Solaris) systems which seem to prefer "inet". =item B<--nodetach> C<(new in v2.20)> If this option is given spampd won't detach from the console and fork into the background. This can be useful for running under control of some daemon management tools or when configured as a win32 service under cygrunsrv's control. =item B<--maxsize=n> The maximum message size to send to SpamAssassin, in KBytes. By default messages over 64KB are not scanned at all, and an appropriate message is logged indicating this. The size includes headers and attachments (if any). =item B<--dose> Acronym for (d)ie (o)n (s)pamAssassin (e)rrors. By default if I encounters a problem with processing the message through Spam Assassin (timeout or other error), it will still pass the mail on to the destination server. If you specify this option however, the mail is instead rejected with a temporary error (code 450, which means the origination server should keep retrying to send it). See the related --satimeout option, above. =item B<--tagall> or B<--a> Tells I to have SpamAssassin add headers to all scanned mail, not just spam. By default I will only rewrite messages which exceed the spam threshold score (as defined in the SA settings). Note that for this option to work as of SA-2.50, the I and/or I settings in your SpamAssassin F need to be set to 1/true. =item B<--log-rules-hit> or B<--rh> Logs the names of each SpamAssassin rule which matched the message being processed. This list is returned by SA. =item B<--set-envelope-headers> or B<--seh> C<(new in v2.30)> Turns on addition of X-Envelope-To and X-Envelope-From headers to the mail being scanned before it is passed to SpamAssassin. The idea is to help SA process any blacklist/whitelist to/from directives on the actual sender/recipients instead of the possibly bogus envelope headers. This potentially exposes the list of all recipients of that mail (even BCC'ed ones). Therefore usage of this option is discouraged. I: Even though spampd tries to prevent this leakage by removing the X-Envelope-To header after scanning, SpamAssassin itself might add headers itself which report one or more of the recipients which had been listed in this header. =item B<--set-envelope-from> or B<--sef> C<(new in v2.30)> Same as above option but only enables the addition of X-Envelope-From header. For those that don't feel comfortable with the possible information exposure of X-Envelope-To. The above option overrides this one. =item B<--auto-whitelist> or B<--aw> This option is no longer relevant with SA version 3.0 and above, which controls auto whitelist use via local.cf settings. For SA version < 3.0, turns on the SpamAssassin global whitelist feature. See the SA docs. Note that per-user whitelists are not available. =item B<--local-only> or B<--L> Turn off all SA network-based tests (DNS, Razor, etc). =item B<--homedir=directory> Use the specified directory as home directory for the spamassassin process. Things like the auto-whitelist and other plugin (razor/pyzor) files get written to here. Defaul is /var/spool/spamassassin/spampd. A good place for this is in the same place your bayes_path SA config setting points to (if any). Make sure this directory is accessible to the user that spampd is running as (default: mail). New in v2.40. Thanks to Alexander Wirt for this fix. =item B<--saconfig=filename> Use the specified file for SpamAssassin configuration options in addition to the default local.cf file. Any options specified here will override the same option from local.cf. Default is to not use any additional configuration file. =item B<--debug> or B<--d> Turns on SpamAssassin debug messages which print to the system mail log (same log as spampd will log to). Also turns on more verbose logging of what spampd is doing (new in v2). Also increases log level of Net::Server to 4 (debug), adding yet more info (but not too much) (new in v2.2). =item B<--help> or B<--h> Prints usage information. =back =head2 Deprecated Options =over 5 The following options are no longer used but still accepted for backwards compatibility with prevoius I versions: =item B<--dead-letters> =item B<--heloname> =item B<--stop-at-threshold> =item B<--add-sc-header> =item B<--hostname> =back =head1 Examples =over 5 =item Running between firewall/gateway and internal mail server I listens on port 10025 on the same host as the internal mail server. spampd --host=192.168.1.10 Same as above but I runs on port 10025 of the same host as the firewall/gateway and passes messages on to the internal mail server on another host. spampd --relayhost=192.168.1.10 =item Using Postfix advanced content filtering example and the SA auto-whitelist feature spampd --port=10025 --relayhost=127.0.0.1:10026 --auto-whitelist =back =head1 Credits I is written and maintained by Maxim Paperno . See http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm for latest info. I v2 uses two Perl modules by Bennett Todd and Copyright (C) 2001 Morgan Stanley Dean Witter. These are distributed under the GNU GPL (see module code for more details). Both modules have been slightly modified from the originals and are included in this file under new names. Also thanks to Bennett Todd for the example smtpproxy script which helped create this version of I. See http://bent.latency.net/smtpprox/ . I v1 was based on code by Dave Carrigan named I. Trace amounts of his code or documentation may still remain. Thanks to him for the original inspiration and code. See http://www.rudedog.org/assassind/ . Also thanks to I (included with SpamAssassin) and I (http://www.ijs.si/software/amavisd/) for some tricks. Various people have contributed patches, bug reports, and ideas, all of whom I would like to thank. I have tried to include credits in code comments and in the change log, as appropriate. =head2 Code Contributors (in order of appearance): Kurt Andersen Roland Koeckel Urban Petry Sven Mueller =head1 Copyright, License, and Disclaimer I is Copyright (c) 2002 by World Design Group, Inc. and Maxim Paperno. Portions are Copyright (C) 2001 Morgan Stanley Dean Witter as mentioned above in the Credits section. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. The GNU GPL can be found at http://www.fsf.org/copyleft/gpl.html =head1 Bugs None known. Please report any to MPaperno@WorldDesign.com. =head1 To Do Figure out how to use Net::Server::PreFork because it has cool potential for load management. I tried but either I'm missing something or PreFork is somewhat broken in how it works. If anyone has experience here, please let me know. Add configurable option for rejecting mail outright based on spam score. It would be nice to make this program safe enough to sit in front of a mail server such as Postfix and be able to reject mail before it enters our systems. The only real problem is that Postfix will see localhost as the connecting client, so that disables any client-based checks Postfix can do and creates a possible relay hole if localhost is trusted. =head1 See Also perl(1), Spam::Assassin(3), L, L spampd-2.62/previous-versions/spampd.1.0.1.pl000066400000000000000000000442161472556702500207520ustar00rootroot00000000000000#! /usr/bin/perl # spampd - spam proxy daemon # # v1.0.1 - minor bug fix (3-Feb-03) # v1.0.0 - initial release (May 2002) # # Original assassind code by and Copyright (c) 2002 Dave Carrigan #(see http://www.rudedog.org/assassind/) # Changed and renamed to spampd by Maxim Paperno (MPaperno@WorldDesign.com) # whose contributions are placed in the Public Domain. #(see http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm) # # 1.0.1 update: # - fixed minor but substantial bug preventing child processes # from exiting properly since the counter wasn't being incremented (d'oh!). # Thanks to Mark Blackman for pointing this out. # # - fixed typo in pod docs (Thx to James Sizemore for pointing out) # # Changes to assassind (1.0.0 initial release of spampd): # A different message rewriting method (using # Mail::SpamAssassin::NoMailAudit instead of Dave Carrigan's # custom headers and Mail::Audit); # Adding more options for message handling, network/protocol options, # some options to pass on to SpamAssassin (such as whitelist usage); # More orientation to being used as a content filter for the # Postfix MTA, mostly by changing some default values; # Documentation changes; # package SpamPD; use strict; use Net::Server::PreFork; use IO::File; use Getopt::Long; use Net::SMTP; use Net::SMTP::Server::Client; use Mail::SpamAssassin; use Mail::SpamAssassin::NoMailAudit; use Error qw(:try); our @ISA = qw(Net::Server::PreFork); our $VERSION = '1.0.1'; sub dead_letter { my($self, $client, $message) = @_; my $filename = join("/", $self->{spampd}->{dead_letters}, sprintf("spampd.%d.%d.%f.dead", time(), $$, rand)); my $dead = IO::File->new; unless ($dead->open(">$filename")) { $self->log(0, "Can't open dead letter file $filename: $!"); return; } chmod 0600, $filename; try { if (defined $message) { $dead->print($message, "\r\n") or throw Error -text => "Can't print to dead letter: $!"; } foreach (@{$client->{TO}}) { $dead->print("TO $_\r\n") or throw Error -text => "Can't print to dead letter: $!"; } $dead->print("FROM ", $client->{FROM}, "\r\n\r\n") or throw Error -text => "Can't print to dead letter: $!"; $dead->print($client->{MSG}) or throw Error -text => "Can't print to dead letter: $!"; } catch Error with { my $e = shift; $self->log(0, "Warning!!!! Couldn't print dead letter: " . $e->stringify); }; unless ($dead->close) { $self->log(0, "Warning!!!! Could not close the dead letter file: $!"); } } sub relay_message { my($self, $client) = @_; my $start = time; my $msg_resp; # Now read in message my $message = $client->{MSG}; # Skip processing message over n KB if ( length($message) < ($self->{spampd}->{maxsize} * 1024) ) { # prep the message (is this necessary?) my @msglines = split (/\r?\n/, $message); my $arraycont = @msglines; for(0..$arraycont) { $msglines[$_] .= "\r\n"; } # Audit the message my $mail = Mail::SpamAssassin::NoMailAudit->new ( data => \@msglines, add_From_line => 0 ); my $assassin = $self->{spampd}->{assassin}; # Check spamminess my $status = $assassin->check($mail); # Rewrite mail if high spam factor or option --tagall if ( $status->is_spam || $self->{spampd}->{tagall} ) { $status->rewrite_mail; } # Build the message to send back $msg_resp = join '',$mail->header,"\n",@{$mail->body}; # Log what we did, FWIW my $was_it_spam; if($status->is_spam) { $was_it_spam = 'identified spam'; } else { $was_it_spam = 'clean message'; } my $msg_score = int($status->get_hits); my $msg_threshold = int($status->get_required_hits); $self->log(2, "$was_it_spam ($msg_score/$msg_threshold) in ". sprintf("%3d", time - $start) ." seconds."); $status->finish(); } else { $msg_resp = $message; $self->log(2, "Scanning skipped due to size (". length($message) .")"); } my $smtp = Net::SMTP->new($self->{spampd}->{relayhost}, Hello => $self->{spampd}->{heloname}); unless (defined $smtp) { $self->log(1, "Connection to SMTP server failed"); $self->dead_letter($client); return; } try { $smtp->mail($client->{FROM}); throw Error -text => sprintf("Relay failed; server said %s %s", $smtp->code, $smtp->message) unless $smtp->ok; foreach (@{$client->{TO}}) { $smtp->recipient($_); throw Error -text => sprintf("Relay failed; server said %s %s", $smtp->code, $smtp->message) unless $smtp->ok; } $smtp->data($msg_resp); throw Error -text => sprintf("Relay failed; server said %s %s", $smtp->code, $smtp->message) unless $smtp->ok; $smtp->quit; throw Error -text => sprintf("Relay failed; server said %s %s", $smtp->code, $smtp->message) unless $smtp->ok; $self->log(4, "Message relayed successfully."); } catch Error with { my $e = shift; $self->dead_letter($client, $e->stringify); }; } sub process_request { my $self = shift; my $client = Net::SMTP::Server::Client->new($self->{server}->{client}); if ($client->process) { $self->log(2, "Received message from '".$client->{FROM}."'"); $SIG{TERM} = sub { $self->dead_letter($client, "Process interrupted by SIGTERM"); }; $self->relay_message($client); $SIG{TERM} = sub { exit 0; }; } else { $self->log(1, "An error occurred while receiving message"); } $self->{spampd}->{instance} = 1 unless defined $self->{spampd}->{instance}; exit 0 if $self->{spampd}->{instance}++ > $self->{spampd}->{maxrequests}; } my $relayhost = '127.0.0.1'; my $host = '127.0.0.1'; my $port = 10025; my $maxrequests = 20; my $dead_letters = '/var/tmp'; my $pidfile = '/var/run/spampd.pid'; my $user = 'mail'; my $group = 'mail'; my $tagall = 0; my $maxsize = 64; my $heloname = 'spampd.localdomain'; my %options = (port => \$port, host => \$host, relayhost => \$relayhost, 'dead-letters' => \$dead_letters, pid => \$pidfile, user => \$user, group => \$group, maxrequests => \$maxrequests, maxsize => \$maxsize, heloname => \$heloname ); usage(1) unless GetOptions(\%options, 'port=i', 'host=s', 'relayhost=s', 'maxrequests=i', 'dead-letters=s', 'user=s', 'group=s', 'pid=s', 'maxsize=i', 'heloname=s', 'tagall', 'auto-whitelist', 'stop-at-threshold', 'debug', 'help'); usage(0) if $options{help}; if ( $options{tagall} ) { $tagall = 1; } my $assassin = Mail::SpamAssassin->new({ 'dont_copy_prefs' => 1, 'stop_at_threshold' => $options{'stop_at_threshold'} || 0, 'debug' => $options{'debug'} || 0 }); $options{'auto-whitelist'} and eval { require Mail::SpamAssassin::DBBasedAddrList; # create a factory for the persistent address list my $addrlistfactory = Mail::SpamAssassin::DBBasedAddrList->new(); $assassin->set_persistent_address_list_factory ($addrlistfactory); }; $assassin->compile_now(); $/ = "\n"; # argh, Razor resets this! Bad Razor! my $server = bless { server => {host => $host, port => [ $port ], log_file => 'Sys::Syslog', syslog_ident => 'spampd', syslog_facility => 'mail', background => 1, pid_file => $pidfile, user => $user, group => $group, }, spampd => {maxrequests => $maxrequests, relayhost => $relayhost, dead_letters => $dead_letters, tagall => $tagall, maxsize => $maxsize, assassin => $assassin, heloname => $heloname, }, }, 'SpamPD'; $server->run; sub usage { print < [B<--port=n>] [B<--host=host>] [B<--relayhost=hostname[:port]>] [B<--heloname=hostname>] [B<--user=username>] [B<--group=groupname>] [B<--maxrequests=n>] [B<--dead-letters=/path>] [B<--pid=filename>] [B<--maxsize=n>] [B<--tagall>] [B<--auto-whitelist>] [B<--stop-at-threshold>] [B<--debug>] B B<--help> =head1 DESCRIPTION I is a relaying SMTP proxy that filters spam using SpamAssassin (http://www.SpamAssassin.org). The proxy is designed to be robust in the face of exceptional errors, and will (hopefully) never lose a message. I uses SpamAssassin to modify (tag) relayed messages based on their spam score, so all SA settings apply. This is described in the SA documentation. I will by default only tell SA to tag a message if it exceeds the spam threshold score, however you can have it rewrite all messages passing through by adding the --tagall option (see SA for how non-spam messages are tagged). I logs all aspects of its operation to syslog(8), using the mail syslog facility. =head1 REQUIRES Perl modules: B B B B =head1 OPERATION I is meant to operate as an SMTP mail relay which passes each message through SpamAssassin for analysis. Note that I does not do anything other than check for spam, so it is not suitable as an anti-relay system. It is meant to work in conjunction with your regular mail system. Typically one would pipe any messages they wanted scanned through I after initial acceptance by your MX host. This is especially useful for using Postfix's (http://www.postfix.org) advanced content filtering mechanism, although certainly not limited to that application. Please re-read the second sentence in the above paragraph. You should NOT enable I to listen on a public interface (IP address) unless you know exactly what you're doing! Here are some simple examples (square brackets in the "diagrams" indicate physical machines): =over 5 =item Running between firewall/gateway and internal mail server The firewall/gateway MTA would be configured to forward all of its mail to the port that I listens on, and I would relay its messages to port 25 of your internal server. I could either run on its own host (and listen on any port) or it could run on either mail server (and listen on any port except port 25). Internet -> [ MX gateway (@inter.net.host:25) -> I (@localhost:2025) ] -> Internal mail (@private.host.ip:25) =item Using Postfix advanced content filtering Please see the FILTER_README that came with the Postfix distribution. You need to have a version of Postfix which supports this. Internet -> [ I (@inter.net.host:25) -> I (@localhost:10025) -> I (@localhost:10026) ] -> final delivery =back Note that these examples only show incoming mail delivery. Since it is usually unnecessary to scan mail coming from your network (right?), it may be desirable to set up a separate outbound route which bypasses I. =head1 OPTIONS =over 5 =item B<--port=n> Specifies what port I listens on. By default, it listens on port 10025. =item B<--host=ip> Specifies what interface/IP I listens on. By default, it listens on 127.0.0.1 (localhost). B You should NOT enable I to listen on a public interface (IP address) unless you know exactly what you're doing! =item B<--relayhost=hostname[:port]> Specifies the hostname where I will relay all messages. Defaults to 127.0.0.1. If the port is not provided, that defaults to 25. =item B<--heloname=hostname> Hostname to use in HELO command when sending mail. Default is 'spampd.localdomain'. The HELO name may show up in the Received headers of any processed message, depending on your setup. =item B<--user=username> =item B<--group=groupname> Specifies the user and group that the proxy will run as. Default is I/I. =item B<--maxrequests=n> I works by forking child servers to handle each message. The B parameter specifies how many requests will be handled before the child exits. Since a child never gives back memory, a large message can cause it to become quite bloated; the only way to reclaim the memory is for the child to exit. The default is 20. =item B<--dead-letters=/path> Specifies the directory where I will store any message that it fails to deliver. The default is F. You should periodically examine this directory to see if there are any messages that couldn't be delivered. B This path should not be on the same partition as your mail server's message spool, because if your mail server rejects a message because of a full disk, I will not be able to save the message, and it will be lost. =item B<--pid=filename> Specifies a filename where I will write its process ID so that it is easy to kill it later. The directory that will contain this file must be writable by the I user. The default is F. =item B<--tagall> Tells I to have SpamAssassin add headers to all scanned mail, not just spam. By default I will only rewrite messages which exceed the spam threshold score (as defined in the SA settings). =item B<--maxsize=n> The maximum message size to send to SpamAssassin, in KB. By default messages over 64KB are not scanned at all, and an appropriate message is logged indicating this. This includes headers. =item B<--auto-whitelist> Turns on the SpamAssassin global whitelist feature. See the SA docs. Note that per-user whitelists are not available. =item B<--stop-at-threshold> Turns on the SpamAssassin (v2.20 and up) "stop at threshold" feature which stops any further scanning of a message once the minimum spam score is reached. See the SA docs for more info. =item B<--debug> Turns on SpamAssassin debug messages. =item B<--help> Prints usage information. =back =head1 EXAMPLES =over 5 =item Running between firewall/gateway and internal mail server I listens on port 10025 on the same host as the internal mail server. spampd --host=192.168.1.10 Same as above but I runs on port 10025 of the same host as the firewall/gateway and passes messages on to the internal mail server on another host. spampd --relayhost=192.168.1.10 =item Using Postfix advanced content filtering example and the SA auto-whitelist feature spampd --port=10025 --relayhost=127.0.0.1:10026 --auto-whitelist =back =head1 AUTHORS Based on I by Dave Carrigan, see http://www.rudedog.org/assassind/ Modified and renamed to I (to avoid confusion) by Maxim Paperno, . My modifications are mostly based on code included with the SpamAssassin distribution, namely spamd and spamproxy. =head1 COPYRIGHT AND DISCLAIMER Portions of this program are Copyright © 2002, Dave Carrigan, all rights reserved. Other contributions can be considered Public Domain property. This program is free software; you can redistribute it and/or modify it under the same terms as Perl. This program is distributed "as is", without warranty of any kind, either expressed or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. The entire risk as to the quality and performance of the program is with you. Should the program prove defective, you assume the cost of all necessary servicing, repair or correction. =head1 BUGS Due to the nature of Perl's SMTP::Server module, an SMTP message is stored completely in memory. However, as soon as the module receives its entire message data from the SMTP client, it returns a 250, signifying to the client that the message has been delivered. This means that there is a period of time where the message is vulnerable to being lost if the I process is killed before it has relayed or saved the message. Caveat Emptor! No message loop protection. Net::SMTP::Server::Client has a "problem" with spaces in email addresses. For example during the SMTP dialog, if a mail is FROM:<"some spammer"@some.dom.ain> the address gets truncated after the first space to just '<"some' . This causes a problem when relaying the message to the receiving server, because the sender address is now in an illegal format. The mail is then rejected, and it ends up in the dead-letters directory. I have actually seen this happen several times, and of course they were bogus messages each time. I don't believe there are any legitimate envelope email addresses with spaces in them, so don't see this as much of an issue (except that it's un elegant). =head1 TO DO Add option for extracting recipient address(es) and using SpamAssassin's SQL lookup capability check for user-specific preferences. Deal with above bugs. =head1 SEE ALSO perl(1), Spam::Assassin(3), http://www.spamassassin.org/, http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm, http://www.rudedog.org/assassind/ spampd-2.62/readme.md000066400000000000000000000162751472556702500145360ustar00rootroot00000000000000# SpamPD - Spam Proxy Daemon Originally released in May of 2002, _SpamPD_ is a program used within an e-mail delivery system to scan messages for possible Unsolicited Commercial E-mail (UCE, aka spam) content. It uses an excellent program called SpamAssassin (SA) to do the actual message scanning. SpamPD acts as a transparent SMTP/LMTP proxy between two mail servers, and during the transaction it passes the mail through SA. If SA decides the mail could be spam, then SpamPD will ask SA to add some headers and a report to the message indicating it's spam and why. SpamPD is written in Perl and should theoretically run on any platform supported by Perl and SpamAssassin. Here's an un-solicited comment someone sent regarding *SpamPD* performance: > Just to let you know: We have the SA/spampd combo up an running in a high volume environment. With 3 KAT-B Server (4x 2,5 GHz Xeon MP with Hyperthreading, 3 GB RAM) we handle 15.000 to 20.000 Mails/h (Hour!) with room to spare. We had some performance issues with the Bayes databases but now everything runs smoothly. Check the [Releases](https://github.com/mpaperno/spampd/releases) area for latest versions, and see the "previous-versions" folder for some more ancient ones.
(Note that the Debian package version was added to this repo as a branch, and those tags will also show up in the Releases page.) Please read the [POD file](https://github.com/mpaperno/spampd/blob/master/spampd.pod) for full documentation of the many available options. See the [changelog](https://github.com/mpaperno/spampd/blob/master/changelog.txt) for full version history. ## Package status **HELP!** Debian package maintainer needed. Please see [GitHub Issue 46](https://github.com/mpaperno/spampd/issues/46). Linux packages data courtesy of Repology: Packaging status

Usage

SpamPD was initially designed as a content filter mechanism for use with the Postfix MTA. However, it has no inherent dependencies on Postfix or any other MTA. Some more specific setup information is provided in the included documentation.

Version 2 Architecture

Version 2 of SpamPD is a major rewrite of the underlying methods. SpamPD no longer acts as a relay server but more as a "transparent" proxy server. That is, it never actually takes responsibility for the mail at any point. Instead, the origination and destination mail servers speak directly to each other. If a failure occurs within SpamPD (or SpamAssassin) during a transaction, then the mail servers will disconnect and the sending server is still responsible for retrying the message for as long as it is configured to do so. Responsibility for mail delivery always lies with the 2 mail servers, which would be "real" MTAs and not a 500 line Perl script :-) This removes a major problem with version 1 of SpamPD, and makes this a recommended upgrade.

While this is a much safer technique than previously employed, it does remove a possible feature which some users of SpamPD have implemented (sorry guys). That is redirecting spam to a spamtrap address instead of letting the message through to the original recipient. This is due to the fact that the recipient information is passed on to the destination server before the message data is scanned for spam. On the other hand it presents the possibility of rejecting spam at the S/LMTP level without having to generate bounce notices and such.

SpamPD now fully supports the LMTP protocol (due to the nature of it's new transparency). Logging has been improved and is now more compatible with spamd. New parameters added: --children, --local-only, --childtimeout, --satimeout, --dose, --log-rules-hit, --add-sc-header, and --hostname. Three parameters are now deprecated: --dead-letters, --heloname, and --stop-at-threshold.

More details and further changes are documented in the change log.

More Information

If you aren't familiar with SpamAssassin, then you should definitely start there (or end up there) first. There is a very helpful users discussion list for SA (see their site). For Postfix setup, be sure to read the FILTER_README document that is included with the distribution. SpamPD is meant to be used as an "advanced content filtering" method (some examples are included with the SpamPD documentation). Postfix also has a helpful users discussion list. Make sure you do your homework before you ask other people to help you!

Be sure to check out the SpamPD documentation, the change log, as well as comments in the ac

Credits

SpamPD is written and maintained by Maxim Paperno (https://github.com/mpaperno).

SpamPD contains code written by Bennecode Todd (Copyright (C) 2001 Morgan Stanley Dean Witter) and is used in accordance with the GNU General Public License. The code is in the form of two Perl modules which have been included in the program. Also his smtpproxy example program served as inspiration for this version of SpamPD.

SpamPD version 1 was based on code by Dave Carrigan named assassind. Trace amounts of his code or documentation may still remain. Thanks to him for the original inspiration and code.

Various people have contributed patches, bug reports, and ideas, all of whom I would like to thank. I have tried to include credits in code comments, documentation, and in the change log, as appropriate.

Copyright, License, & Disclaimer

Copyright Maxim Paperno; All rights reserved.

Portions are Copyright © 2001 Morgan Stanley Dean Witter as mentioned above in the CREDITS section.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

The GNU GPL can be found at https://www.gnu.org/licenses/

spampd-2.62/spampd.pl000077500000000000000000003320211472556702500145710ustar00rootroot00000000000000#!/usr/bin/perl -T ###################### # SpamPD - Spam Proxy Daemon # # v2.62 - 09-Dec-24 # v2.61 - 06-Aug-21 # v2.60 - 26-Jul-21 # v2.53 - 25-Feb-19 # v2.52 - 10-Nov-18 # v2.51 - 01-May-18 # v2.50 - 30-Apr-18 # v2.42 - 08-Dec-13 # v2.41 - 11-Aug-10 # v2.40 - 10-Jan-09 # v2.32 - 02-Feb-06 # v2.30 - 31-Oct-05 # v2.21 - 23-Oct-05 # v2.20 - 05-Oct-04 # v2.13 - 24-Nov-03 # v2.12 - 15-Nov-03 # v2.11 - 15-Jul-03 # v2.10 - 01-Jul-03 # v2.00 - 10-Jun-03 # v1.0.2 - 13-Apr-03 # v1.0.1 - 03-Feb-03 # v1.0.0 - May 2002 # # spampd is Copyright (c) Maxim Paperno; All Rights Reserved. # # Written and maintained by Maxim Paperno (MPaperno@WorldDesign.com) # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see L. # # spampd v2 uses two Perl modules by Bennett Todd and Copyright (C) 2001 Morgan # Stanley Dean Witter. These are also distributed under the GNU GPL (see # module code for more details). Both modules have been slightly modified # from the originals and are included in this file under new names. # # spampd v1 was based on code by Dave Carrigan named assassind. Trace amounts # of his code or documentation may still remain. Thanks to him for the # original inspiration and code. (see http://www.rudedog.org/assassind/) # ###################### ################################################################################ package SpamPD::Server; # Originally known as MSDW::SMTP::Server # # This code is Copyright (C) 2001 Morgan Stanley Dean Witter, and # is distributed according to the terms of the GNU Public License # as found at . # # Modified for use in SpamPD by Maxim Paperno (June, 2003) # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # Written by Bennett Todd # =item DESCRIPTION # # This server simply gathers the SMTP acquired information (envelope # sender and recipient, and data) into unparsed memory buffers (or a # file for the data), and returns control to the caller to explicitly # acknowledge each command or request. Since acknowledgement or failure # are driven explicitly from the caller, this module can be used to # create a robust SMTP content scanning proxy, transparent or not as # desired. # # =cut use strict; use warnings; use IO::File (); # =item new(socket => $socket); # # Changed by MP: This now emulates Net::SMTP::Server::Client for use with # Net::Server which passes an already open socket. # The $socket to listen on must be specified. If this call # succeeds, it returns a server structure. If it fails it dies, so # if you want anything other than an exit with an explanatory error # message, wrap the constructor call in an eval block and pull the # error out of $@ as usual. This is also the case for all other # methods; they succeed or they die. # # =cut sub new { my ($this, $socket) = @_; my $class = ref($this) || $this || die "Missing class"; die "Invalid $socket argument in ".__PACKAGE__."->new()" unless defined $socket; return bless { sock => $socket, state => 'started', proto => 'unknown', helo => 'unknown.host', }, $class; } # =item chat; # # The chat method carries the SMTP dialogue up to the point where any # acknowledgement must be made. If chat returns true, then its return # value is the previous SMTP command. If the return value begins with # 'mail' (case insensitive), then the attribute 'from' has been filled # in, and may be checked; if the return value begins with 'rcpt' then # both from and to have been been filled in with scalars, and should # be checked, then C should be called to accept # or reject the given sender/recipient pair. If the return value is # 'data', then the attributes from and to are populated; in this case, # the 'to' attribute is a reference to an anonymous array containing # all the recipients for this data. If the return value is '.', then # the 'data' attribute (which may be pre-populated in the "new" or # "accept" methods if desired) is a reference to a filehandle; if it's # created automatically by this module it will point to an unlinked # tmp file in /tmp. If chat returns false, the SMTP dialogue has been # completed and the socket closed; this server is ready to exit or to # accept again, as appropriate for the server style. # # The return value from chat is also remembered inside the server # structure in the "state" attribute. # # =cut sub chat { my ($self) = @_; local (*_); if ($self->{state} !~ /^data/i) { return 0 unless defined($_ = $self->_getline); s/[\r\n]*$//; $self->{state} = $_; if (/^(l|h)?he?lo\s+/i) { # mp: find helo|ehlo|lhlo # mp: determine protocol if (s/^helo\s+//i) { $self->{proto} = "smtp"; } elsif (s/^ehlo\s+//i) { $self->{proto} = "esmtp"; } elsif (s/^lhlo\s+//i) { $self->{proto} = "lmtp"; } s/\s*$//; s/\s+/ /g; $self->{helo} = $_; } elsif (s/^rset\s*//i) { delete $self->{to}; delete $self->{data}; delete $self->{recipients}; } elsif (s/^mail\s+from:\s*//i) { delete $self->{to}; delete $self->{data}; delete $self->{recipients}; s/\s*$//; $self->{from} = $_; } elsif (s/^rcpt\s+to:\s*//i) { s/\s*$//; s/\s+/ /g; $self->{to} = $_; push @{$self->{recipients}}, $_; } elsif (/^data/i) { $self->{to} = $self->{recipients}; } } else { if (defined($self->{data})) { $self->{data}->seek(0, 0); $self->{data}->truncate(0); } else { $self->{data} = IO::File->new_tmpfile; } while (defined($_ = $self->_getline)) { if ($_ eq ".\r\n") { $self->{data}->seek(0, 0); return $self->{state} = '.'; } s/^\.\./\./; $self->{data}->print($_) or die "Server error while saving data: $!\n"; } return 0; } return $self->{state}; } # =item reply([message]); # # Send a response back to the connected peer. Default message is a confirmation # response: "250 ok." # # =cut sub reply { my ($self, @msg) = @_; @msg = ("250 ok.") unless @msg; chomp(@msg); $self->{sock}->print("@msg\r\n") or die "Server error while sending response '@msg' (state = $self->{state}): $!\n"; # $self->{debug}->print(@msg) if defined $self->{debug}; } # utility functions sub _getline { my ($self) = @_; local ($/) = "\r\n"; my $tmp = $self->{sock}->getline; if (defined $self->{debug}) { $self->{debug}->print($tmp) if ($tmp); } return $tmp; } 1; ################################################################################ package SpamPD::Client; # Originally known as MSDW::SMTP::Client # # This code is Copyright (C) 2001 Morgan Stanley Dean Witter, and # is distributed according to the terms of the GNU Public License # as found at . # # Modified for use in SpamPD by Maxim Paperno (June, 2003) # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # Written by Bennett Todd # =head1 DESCRIPTION # # MSDW::SMTP::Client provides a very lean SMTP client implementation; # the only protocol-specific knowledge it has is the structure of SMTP # multiline responses. All specifics lie in the hands of the calling # program; this makes it appropriate for a semi-transparent SMTP # proxy, passing commands between a talker and a listener. # # =cut use strict; use warnings; # =item new([interface => $interface, port => $port] | [unix_socket => $unix_socket] [, timeout = 300]); # # The interface and port, OR a UNIX socket to talk to must be specified. If # this call succeeds, it returns a client structure with an open # IO::Socket::IP or IO::Socket::UNIX in it, ready to talk to. # If it fails it dies, so if you want anything other than an exit with an # explanatory error message, wrap the constructor call in an eval block and pull # the error out of $@ as usual. This is also the case for all other # methods; they succeed or they die. The timeout parameter is passed # on into the IO::Socket::IP/UNIX constructor. # # =cut sub new { my ($this, @opts) = @_; my $class = ref($this) || $this; my $self = bless {timeout => 300, @opts}, $class; if ($self->{unix_socket}) { require IO::Socket::UNIX; $self->{sock} = IO::Socket::UNIX->new( Peer => $self->{unix_socket}, Timeout => $self->{timeout}, Type => IO::Socket::UNIX->SOCK_STREAM, ); } else { require IO::Socket::IP; $self->{sock} = IO::Socket::IP->new( PeerAddr => $self->{interface}, PeerPort => $self->{port}, Timeout => $self->{timeout}, Proto => 'tcp', Type => IO::Socket::IP->SOCK_STREAM, ); } die "Client connection failure to ". ($self->{unix_socket} || $self->{interface}) .": $!\n" unless defined $self->{sock}; return $self; } # =item hear # # hear collects a complete SMTP response and returns it with trailing # CRLF removed; for multi-line responses, intermediate CRLFs are left # intact. Returns undef if EOF is seen before a complete reply is # collected. # # =cut sub hear { my ($self) = @_; my ($tmp, $reply); return unless $tmp = $self->{sock}->getline; while ($tmp =~ /^\d{3}-/) { $reply .= $tmp; return unless $tmp = $self->{sock}->getline; } $reply .= $tmp; $reply =~ s/\r\n$//; return $reply; } # =item say("command text") # # say sends an SMTP command, appending CRLF. # # =cut sub say { my ($self, @msg) = @_; return unless @msg; chomp(@msg); $self->_print("@msg", "\r\n"); } # =item yammer(FILEHANDLE) # # yammer takes a filehandle (which should be positioned at the # beginning of the file, remember to $fh->seek(0,0) if you've just # written it) and sends its contents as the contents of DATA. This # should only be invoked after a $client->say("data") and a # $client->hear to collect the reply to the data command. It will send # the trailing "." as well. It will perform leading-dot-doubling in # accordance with the SMTP protocol spec, where "leading dot" is # defined in terms of CR-LF terminated lines --- i.e. the data should # contain CR-LF data without the leading-dot-quoting. The filehandle # will be left at EOF. # # =cut sub yammer { my ($self, $fh) = (@_); local (*_); local ($/) = "\r\n"; $self->{sock}->autoflush(0); # use fewer writes (thx to Sam Horrocks for the tip) while (<$fh>) { s/^\./../; $self->_print($_); } $self->{sock}->autoflush(1); # restore unbuffered socket operation $self->_print(".\r\n"); } sub _print { return unless @_ > 1; shift()->{sock}->print(@_) or die "Client socket write error: $!\n"; } 1; ################################################################################ package SpamPD; use strict; use warnings; BEGIN { require Net::Server; Net::Server->VERSION(0.89); # use included modules import SpamPD::Server; import SpamPD::Client; } use Getopt::Long qw(GetOptions); use Time::HiRes qw(time); use Mail::SpamAssassin (); our $VERSION = '2.62'; # ISA will change to a Net::Server "flavor" at runtime based on options. our @ISA = qw(Net::Server); use constant { # Logging type constants: low byte for destination(s), high byte for logger type. LOG_NONE => 0, LOG_SYSLOG => 0x01, LOG_FILE => 0x02, LOG_STDERR => 0x04, LOG_TYPE_MASK => 0xFF, LOGGER_DEFAULT => 0, LOGGER_SA => 0x0100, LOGGER_L4P => 0x0200, LOGGER_TYPE_MASK => 0xFF00, # Map Net::Server logging levels to SpamAssassin::Logger level names. SA_LOG_LEVELS => {0 => 'error', 1 => 'warn', 2 => 'notice', 3 => 'info', 4 => 'dbg'}, }; ################## RUN ###################### unless (caller) { # Create, init, and go. SpamPD->new()->init()->run(); exit 1; # shouldn't get here } ################## SETUP ###################### # Create ourselves and set defaults for options. sub new { my $class = shift || die "Missing class."; return bless { server => { host => '127.0.0.1', # listen on ip port => 10025, # listen on port min_servers => undef, # min num of servers to always have running (undef means use same value as max_servers, otherwise means run as PreFork) min_spare_servers => 1, # min num of servers just sitting there (only used when running as PreFork) max_spare_servers => 4, # max num of servers just sitting there (only used when running as PreFork) max_servers => 5, # max number of child processes (servers) to spawn max_requests => 20, # max requests handled by child b4 dying pid_file => '/var/run/spampd.pid', # write pid to file user => 'mail', # user to run as group => 'mail', # group to run as log_file => undef, # log destination (undef means log to use write_to_log_hook() with stderr fallback) syslog_logsock => undef, # syslog socket (undef means for Sys::Syslog to decide) syslog_ident => 'spampd', # syslog identity syslog_facility => 'mail', # syslog facility log_level => 2, # log level for Net::Server (in the range 0-4) (--debug option sets this to 4) background => 1, # specifies whether to 'daemonize' and fork into background (--[no]detach option) setsid => 0, # use POSIX::setsid() command to truly daemonize. leave_children_open_on_hup => 1, # this lets any busy children finish processing before exiting, using old SA object }, spampd => { socket => undef, # listen on socket (saved for setting permissions after binding) socket_mode => undef, # listening socket permissions (octal) relayhost => '127.0.0.1', # relay to ip relayport => 25, # relay to port relaysocket => undef, # relay to socket childtimeout => 6 * 60, # child process per-command timeout in seconds satimeout => 285, # SA timeout in seconds (15s less than Postfix default for smtp_data_done_timeout) tagall => 0, # mark-up all msgs with SA, not just spam maxsize => 64, # max. msg size to scan with SA, in KB. rh => 0, # log which rules were hit dose => 0, # die-on-sa-errors flag envelopeheaders => 0, # Set X-Envelope-To & X-Envelope-From headers in the mail before passing it to SA (--seh option) setenvelopefrom => 0, # Set X-Envelope-From header only (--sef option) sa_awl => 0, # SA auto-whitelist (deprecated) logtype => LOG_SYSLOG, # logging destination and logger type (--logfile option) sa_version => $Mail::SpamAssassin::VERSION, # may be used while processing messages runtime_stats => undef, # variables hash for status tracking, can be used as values in user-provided template strings (defined in init()) # default child name template child_name_templ => '%base_name: child #%child_count(%child_status) ' . '[req %req_count/%req_max, time lst/avg/ttl %(req_time_last).3f/%(req_time_avg).3f/%(req_time_ttl).3f, ham/spm %req_ham/%req_spam] ' . '[SA %sa_ver/%sa_rls_ver]', }, # this hash is eventually passed to SpamAssassin->new() so it must use valid SA option names. This also becomes the SA object afterwards. assassin => { debug => 0, # debug flag, can be boolean or a list to pass to SA (--debug option) local_tests_only => 0, # disable SA network tests (--local-only flag) userstate_dir => '/var/spool/spamassassin/spampd', # home directory for SA files and plugins (--homedir option) home_dir_for_helpers => '', # this will be set to the same as userstate_dir once options are parsed username => '', # this will be set to the same user as we're running as once options are parsed userprefs_filename => undef, # add this config file for SA "user_prefs" settings (--saconfig option) dont_copy_prefs => 1, # tell SA not to copy user pref file into its working dir } }, $class; } # Set the actual Net::Server flavor type we'll run as. sub set_server_type { my $self = shift; # Default behavior is to run as PreForkSimple unless min_servers is set and is != max_servers. if ($self->{server}->{min_servers} && $self->{server}->{min_servers} != $self->{server}->{max_servers}) { require Net::Server::PreFork; @SpamPD::ISA = qw(Net::Server::PreFork); } else { require Net::Server::PreForkSimple; @SpamPD::ISA = qw(Net::Server::PreForkSimple); } } ################## INIT ###################### sub init { my $self = shift; my ($spd_p, $sa_p) = ($self->{spampd}, $self->{assassin}); # Clean up environment. delete @ENV{qw(IFS CDPATH ENV BASH_ENV HOME)}; eval { # Try to safely untaint the PATH instead of resetting it. Also prevents SA from duplicating this step when it starts. require Mail::SpamAssassin::Util; Mail::SpamAssassin::Util::clean_path_in_taint_mode(); } or do { $ENV{'PATH'} = '/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin'; }; # Untaint $0 and each member of @ARGV, and save untainted copies for HUPping. This saves the original # command line, including any configuration files, which would be re-read upon a HUP. commandline() is in Net::Server. $self->commandline([untaint_var($0), @{untaint_var(\@ARGV)}]); # Set the logger type. SA v3.1.0 changed debug logging to be more granular and introduced Logger module which we can use. $spd_p->{logtype} |= eval { require Mail::SpamAssassin::Logger; LOGGER_SA; } or LOGGER_DEFAULT; # We actually call Getopt::Long::GetOptions twice. First time is to check for presence of config file option(s). # If we get any, then we parse the file(s) into @ARGV, in front of any existing @ARGV options (so command-line overrides). $self->handle_initial_opts(); # save final ARGV for debug (handle_main_opts() will clear @ARGV) my @startup_args = @ARGV; # Now process all the actual options passed on @ARGV (including anything from config files). # Options on the actual command line will override anything loaded from the file(s). $self->handle_main_opts(); # Configure logging ASAP, unless just showing debug info. $self->setup_logging() if !$spd_p->{show_dbg}; # Validate options. my (@errs, @warns) = $self->validate_main_opts(); if (@errs) { $self->err("CONFIG ERROR! ".$_."\n") for @errs; $self->server_close(1) if $self->is_reloading(); $self->server_exit(1); } $self->wrn("CONFIG WARNING! ".$_."\n") for @warns; # If debug output requested, do it now and exit. $self->show_debug($spd_p->{show_dbg}, {$self->options_map()}, \@startup_args) && exit(0) if $spd_p->{show_dbg}; # Create and set up SpamAssassin object. This replaces our SpamPD->{assassin} property with the actual object instance. $sa_p = Mail::SpamAssassin->new($sa_p); $spd_p->{sa_awl} and eval { require Mail::SpamAssassin::DBBasedAddrList; # create a factory for the persistent address list my $addrlistfactory = Mail::SpamAssassin::DBBasedAddrList->new(); $sa_p->set_persistent_address_list_factory($addrlistfactory); }; $sa_p->compile_now(!!$sa_p->{userprefs_filename}); # Get the SA "rules update version" for logging and child process name (since v3.4.0). # https://github.com/apache/spamassassin/blob/3.4/build/announcements/3.4.0.txt#L334 # https://github.com/apache/spamassassin/blob/3.4/lib/Mail/SpamAssassin/PerMsgStatus.pm#L1597 my $sa_rules_ver; ($spd_p->{sa_version} >= 3.0040) and eval { $sa_rules_ver = Mail::SpamAssassin::PerMsgStatus->new($sa_p)->get_tag("RULESVERSION"); }; # Set up statistics hash. This is currently used for report formatting, eg. in child process name. my $ns_type = (split(':', $self->net_server_type()))[-1]; $spd_p->{runtime_stats} = { base_name => eval { ($0 =~ m/^.*?([\w-]+)(?:\.[\w-]+)*$/) ? $1 : "spampd"; }, spampd_ver => $self->VERSION(), perl_ver => sprintf("%vd", $^V), # (split(/v/, $^V))[-1]; ns_ver => Net::Server->VERSION(), ns_typ => $ns_type, ns_typ_acr => do { (my $tmp = $ns_type) =~ s/[a-z]//g; $tmp }, sa_ver => Mail::SpamAssassin::Version(), sa_rls_ver => $sa_rules_ver || "(unknown)", child_count => 0, # total # of children launched child_status => "D", # (C)onnected, or (D)isconnected req_count => 0, # num of requests child has processed so far req_max => $self->{server}->{max_requests}, # maximum child requests req_time_last => 0, # [s] time to process the last message req_time_ttl => 0, # [s] total processing time for this child req_time_avg => 0, # [s] average processing time for this child (req_time_ttl / req_count) req_ham => 0, # count of ham messages scored by child req_spam => 0, # count of spam messages scored by child }; my $template = ' v%spampd_ver [Perl %perl_ver, Net::Server::%ns_typ %ns_ver, SA %sa_ver, rules v%sa_rls_ver] '; $self->inf(ref($self) . $self->format_stats_string($template) . ($self->is_reloading() ? "reloading": "starting") . " with: @startup_args \n"); # Redirect all errors to logger (must do this after SA is compiled, otherwise for some reason we get strange SA errors if anything actually dies). # $SIG{__DIE__} = sub { return if $^S; chomp(my $m = $_[0]); $self->fatal($m); }; # clean up a bit delete $spd_p->{config_files}; delete $spd_p->{logspec}; delete $spd_p->{show_dbg}; delete $spd_p->{sa_awl}; return $self; } sub initial_options_map { my $self = shift; my $spd_p = $self->{spampd}; my %options = ( 'conf|config|cfg|conf-file|config-file|cfg-file=s@' => \$spd_p->{config_files}, ); # Also a good place to check for help/version/show option(s), but not if we're HUPping. # These all cause an exit(0) (--show is processed later but still exits). if (!$self->is_reloading()) { my ($q2, $q3, $q4) = ("|??", "|???", "|????"); # https://github.com/mpaperno/spampd/issues/30#issuecomment-889110122 $q2 = $q3 = $q4 = "" if ($Getopt::Long::VERSION < 2.39); %options = ( %options, 'show=s@' => \$spd_p->{show_dbg}, 'help|h|?:s' => sub { $self->usage(0, 1, $_[1]); }, 'hh'.$q2.':s' => sub { $self->usage(0, 2, $_[1]); }, 'hhh'.$q3.':s' => sub { $self->usage(0, 3, $_[1]); }, 'hhhh'.$q4.'|man:s' => sub { $self->usage(0, 4, $_[1]); }, 'version|vers' => sub { $self->version(); }, ); } return %options; } sub handle_initial_opts { my $self = shift; my %options = $_[0] || $self->initial_options_map(); my $spd_p = $self->{spampd}; # Configure Getopt::Long to pass through any unknown options. Getopt::Long::Configure(qw(ignore_case no_permute no_auto_abbrev no_require_order pass_through)); # Check for config file option(s) only. GetOptions(%options); # Handle "--show " if ($spd_p->{show_dbg}) { my $shw = \@{$spd_p->{show_dbg}}; trimmed(@$shw = split(/,/, join(',', @$shw))); # could be a CSV list if (@$shw && grep(/^(def(aults?)?|all)$/i, @$shw)) { # Handle "--show defaults" debugging request here (while we still know them). @$shw = grep {$_ !~ /^def(aults?)?$/i} @$shw; # remove "defaults" from list # show defaults and exit here if that's all the user wanted to see $self->print_options({$self->options_map()}, 'default', (@$shw ? -1 : 0)); } } # Handle config files. Note that options on the actual command line will override anything loaded from the file(s). if (defined($spd_p->{config_files})) { # files could be passed as a list separated by ":" trimmed(@{$spd_p->{config_files}} = split(/:/, join(':', @{$spd_p->{config_files}}))); $self->inf("Loading config from file(s): @{$spd_p->{config_files}} \n"); read_args_from_file(\@{$spd_p->{config_files}}, \@ARGV); } } # Main command-line options mapping; this is for Getopt::Long::GetOptions and also to generate config dumps. sub options_map { my $self = $_[0]; my ($srv_p, $spd_p, $sa_p) = ($self->{server}, $self->{spampd}, $self->{assassin}); $spd_p->{logspec} = logtype2logfile($spd_p->{logtype}, $srv_p->{log_file}); # set a valid default for print_options() # To support setting boolean options with "--opt", "--opt=1|0", as well as the "no-" prefix, # we make them accept an optional integer and add the "no" variants manually. Because Getopt::Long doesn't support that :( # Anything that isn't a direct reference to value (eg. a sub) will not be shown in "--show defaults|config" listings. return ( # Net::Server 'host=s' => \$srv_p->{host}, 'port=i' => \$srv_p->{port}, 'min-servers|mns=i' => \$srv_p->{min_servers}, 'min-spare|mnsp=i' => \$srv_p->{min_spare_servers}, 'max-spare|mxsp=i' => \$srv_p->{max_spare_servers}, 'max-servers|mxs=i' => \$srv_p->{max_servers}, 'children|c=i' => sub { $srv_p->{max_servers} = $_[1]; }, 'maxrequests|mr|r=i' => \$srv_p->{max_requests}, 'pid|p=s' => \$srv_p->{pid_file}, 'user|u=s' => \$srv_p->{user}, 'group|g=s' => \$srv_p->{group}, 'logsock|ls=s' => \$srv_p->{syslog_logsock}, 'logident|li=s' => \$srv_p->{syslog_ident}, 'logfacility|lf=s' => \$srv_p->{syslog_facility}, 'detach:1' => \$srv_p->{background}, 'no-detach|nodetach' => sub { $srv_p->{background} = 0; }, 'setsid:1' => \$srv_p->{setsid}, 'no-setsid|nosetsid' => sub { $srv_p->{setsid} = 0; }, # SpamPD 'socket=s' => \$spd_p->{socket}, 'socket-perms=s' => \$spd_p->{socket_mode}, 'relayhost=s' => \$spd_p->{relayhost}, 'relayport=i' => \$spd_p->{relayport}, 'relaysocket=s' => \$spd_p->{relaysocket}, 'childtimeout=i' => \$spd_p->{childtimeout}, 'satimeout=i' => \$spd_p->{satimeout}, 'maxsize=i' => \$spd_p->{maxsize}, 'logfile|o=s@' => \$spd_p->{logspec}, 'tagall|a:1' => \$spd_p->{tagall}, 'no-tagall|no-a' => sub { $spd_p->{tagall} = 0; }, 'log-rules-hit|rh:1' => \$spd_p->{rh}, 'no-log-rules-hit|no-rh' => sub { $spd_p->{rh} = 0; }, 'dose:1' => \$spd_p->{dose}, 'no-dose|nodose' => sub { $spd_p->{dose} = 0; }, 'auto-whitelist|aw:1' => \$spd_p->{sa_awl}, 'set-envelope-headers|seh:1' => \$spd_p->{envelopeheaders}, 'no-set-envelope-headers|no-seh' => sub { $spd_p->{envelopeheaders} = 0; }, 'set-envelope-from|sef:1' => \$spd_p->{setenvelopefrom}, 'no-set-envelope-from|no-sef' => sub { $spd_p->{setenvelopefrom} = 0; }, 'child-name-template|cnt:s' => \$spd_p->{child_name_templ}, # SA 'debug|d:s' => \$sa_p->{debug}, 'saconfig=s' => \$sa_p->{userprefs_filename}, 'homedir=s' => \$sa_p->{userstate_dir}, 'local-only|l:1' => \$sa_p->{local_tests_only}, 'no-local-only|no-l' => sub { $sa_p->{local_tests_only} = 0; }, # others 'dead-letters=s' => \&deprecated_opt, 'heloname=s' => \&deprecated_opt, 'stop-at-threshold' => \&deprecated_opt, 'add-sc-header|ash' => \&deprecated_opt, 'hostname=s' => \&deprecated_opt, ); } sub handle_main_opts { my $self = shift; my %options = $_[0] || $self->options_map(); my ($srv_p, $spd_p, $sa_p) = ($self->{server}, $self->{spampd}, $self->{assassin}); # Reconfigure GoL for stricter parsing and check for all other options on ARGV, including anything parsed from config file(s). Getopt::Long::Configure(qw(ignore_case no_permute no_bundling auto_abbrev require_order no_pass_through)); GetOptions(%options) or ($self->is_reloading ? $self->fatal("Could not parse command line!\n") : $self->usage(1)); $self->set_server_type(); # decide who we are # These paths are already untainted but do a more careful check JIC. for ($spd_p->{socket}, $spd_p->{relaysocket}, $srv_p->{pid_file}, $sa_p->{userprefs_filename}) { $_ = untaint_path($_); } # set up logging specs based on options ($logspec is only an array if --logfile option(s) existed) if (ref($spd_p->{logspec}) eq 'ARRAY') { $spd_p->{logtype} &= ~LOG_TYPE_MASK; # reset the low byte containing LOG_ constant ($spd_p->{logtype}, $srv_p->{log_file}) = logfile2logtype($spd_p->{logspec}, $spd_p->{logtype}); } # elsif (!$srv_p->{background}) { # # set default logging to stderr if not daemonizing and user didn't specify. # $spd_p->{logtype} = $spd_p->{logtype} & (~LOG_TYPE_MASK) | LOG_STDERR; # } # fixup listening socket/host/port if needed if ($spd_p->{socket}) { # Net::Server wants UNIX sockets passed via port option. $srv_p->{port} = join('|', $spd_p->{socket}, 'unix'); } elsif ($srv_p->{host}) { # Set IP host/port if they're passed together. A port as part of the host option wins over port option. my @tmp = split(/:(\d+)$/, $srv_p->{host}); # this split should handle IPv6 addresses also. $srv_p->{host} = $tmp[0]; $srv_p->{port} = $tmp[1] if $tmp[1]; } # Set misc. options based on other options. $srv_p->{setsid}= 0 if !$srv_p->{background}; $sa_p->{home_dir_for_helpers} = $sa_p->{userstate_dir}; $sa_p->{username} = $srv_p->{user}; } sub validate_main_opts { my $self = shift; my ($srv_p, $spd_p) = ($self->{server}, $self->{spampd}); my (@errs, @warns) = (@_ ? $_[0] : (), @_ > 1 ? $_[1] : ()); (@errs, @warns) = $self->validate_server_type_opts(@errs, @warns); if ($self->{spampd}->{sa_awl} && $spd_p->{sa_version} >= 3) { push (@errs, "Option --auto-whitelist is deprecated with SpamAssassin v3.0+. Use SA configuration file instead."); } # Validate that required modules for relay server exist (better now than later). if ($spd_p->{relaysocket}) { eval { require IO::Socket::UNIX; } or push (@errs, "Error loading IO::Socket::UNIX module, required for --relaysocket option.\n\t$@"); } else { eval { require IO::Socket::IP; } or push (@errs, "Error loading IO::Socket::IP module, required for --relayhost option.\n\t$@"); } return (@errs, @warns); } sub validate_server_type_opts { my $self = shift; return $self->validate_prefork_opts(@_) if $self->isa(qw(Net::Server::PreFork)); # must check before Simple (PreFork inherits from it) return $self->validate_preforksimple_opts(@_) if $self->isa(qw(Net::Server::PreForkSimple)); return @_; } sub validate_preforksimple_opts { my ($self, @errs, @warns) = @_; if ($self->{server}->{max_servers} < 1) { push (@errs, "Option '--max-servers' (or '--children') ($self->{server}->{max_servers}) must be greater than zero!"); } return (@errs, @warns); } sub validate_prefork_opts { my ($self, @errs, @warns) = @_; my $prop = $self->{server}; # Even though Net::Server::PreFork validates all these options also, # their error messages can be confusing and in some cases just wrong. if ($prop->{min_servers} < 1) { push (@errs, "Option '--min-servers' ($prop->{min_servers}) must be greater than zero!"); } elsif ($prop->{max_servers} < 1) { push (@errs, "Option '--max-servers' (or '--children') ($prop->{max_servers}) must be greater than zero!"); } elsif ($prop->{max_servers} < $prop->{min_servers}) { push (@errs, "Option '--max-servers' (or --children) ($prop->{max_servers}) must be >= '--min-servers' ($prop->{min_servers})!"); } else { if ($prop->{max_spare_servers} >= $prop->{max_servers}) { push (@errs, "Option '--max-spare' ($prop->{max_spare_servers}) must be < '--max-servers' ($prop->{max_servers})."); } if (my $ms = $prop->{min_spare_servers}) { if ($ms > $prop->{min_servers}) { push (@errs, "Option '--min-spare' ($ms) must be <= '--min-servers' ($prop->{min_servers})"); } if ($ms > $prop->{max_spare_servers}) { push (@errs, "Option '--min-spare' ($ms) must be <= '--max-spare' ($prop->{max_spare_servers})"); } } } return (@errs, @warns); } sub setup_logging { my $self = shift; my ($srv_p, $ltype, $debug) = ($self->{server}, $self->{spampd}->{logtype}, \$self->{assassin}->{debug}); if ($ltype & LOG_SYSLOG) { # Need to validate logsock option otherwise SA Logger barfs. In theory this check could be made more adaptive based on OS or something. if ($srv_p->{syslog_logsock} && $srv_p->{syslog_logsock} !~ /^(native|eventlog|tcp|udp|inet|unix|stream|pipe|console)$/) { $self->wrn("WARNING! Option '--logsock' parameter \"$srv_p->{syslog_logsock}\" not recognized, reverting to default.\n"); $srv_p->{syslog_logsock} = undef; } # set log socket default for HP-UX and SunOS (thanks to Kurt Andersen for the 'uname -s' fix) # `uname` throws errors (and fails anyway) when HUPping, so we do not repeat it, but do "cache" any new default in our 'commandline'. if (!($srv_p->{syslog_logsock} || $self->is_reloading())) { eval { push(@{$srv_p->{commandline}}, "--logsock=" . ($srv_p->{syslog_logsock} = "inet")) if (`uname -s` =~ /HP\-UX|SunOS/); }; } } # Configure debugging if ($$debug ne '0') { $srv_p->{log_level} = 4; # set Net::Server log level to debug # SA since v3.1.0 can do granular debug logging based "channels" which can be passed to us via --debug option parameters. # --debug can also be specified w/out any parameters, in which case we enable the "all" channel. if ($ltype & LOGGER_SA) { $$debug = 'all' if (!$$debug || $$debug eq '1'); } else { $$debug = 1; } # In case of old SA version, just set the debug flag to true. } if ($ltype & LOGGER_SA) { # Add SA logging facilities Mail::SpamAssassin::Logger::add_facilities($$debug); my $have_log = 0; # Add syslog method? if ($ltype & LOG_SYSLOG) { $have_log = Mail::SpamAssassin::Logger::add( method => 'syslog', socket => $srv_p->{syslog_logsock}, facility => $srv_p->{syslog_facility}, ident => $srv_p->{syslog_ident} ); } # Add file method? if (($ltype & LOG_FILE) && Mail::SpamAssassin::Logger::add(method => 'file', filename => $srv_p->{log_file})) { $have_log = 1; push(@{$srv_p->{chown_files}}, $srv_p->{log_file}); # make sure we own the file } # Stderr logger method is active by default, remove it unless we need it. if (!($ltype & LOG_STDERR) && $have_log) { Mail::SpamAssassin::Logger::remove('stderr'); } $$debug = undef; # clear this otherwise SA will re-add the facilities in new() $srv_p->{log_file} = undef; # disable Net::Server logging (use our write_to_log_hook() instead) } # using Net::Server default logging elsif ($ltype & LOG_SYSLOG) { $srv_p->{log_file} = 'Sys::Syslog'; } elsif ($ltype & LOG_STDERR) { $srv_p->{log_file} = undef; # tells Net::Server to log to stderr } # Redirect all warnings to logger $SIG{__WARN__} = sub { $self->wrn($_[0]); }; } ################## SERVER METHODS ###################### sub process_message { my ($self, $fh) = @_; my $prop = $self->{spampd}; # output lists with a , delimeter by default local ($") = ","; # start a timer my $start = time; # use the assassin object created during startup my $assassin = $self->{assassin}; # this gets info about the message temp file my $size = ($fh->stat)[7] or die "Can't stat mail file: $!"; # Only process message under --maxsize KB if ($size >= ($prop->{maxsize} * 1024)) { $self->inf("skipped large message (" . $size / 1024 . "KB)"); return 1; } my (@msglines, $msgid, $sender, $recips, $tmp, $mail, $msg_resp); my $inhdr = 1; my $addedenvto = 0; my $envfrom = !($prop->{envelopeheaders} || $prop->{setenvelopefrom}); my $envto = !$prop->{envelopeheaders}; $recips = "@{$self->{smtp_server}->{to}}"; if ("$self->{smtp_server}->{from}" =~ /(\<.*?\>)/) { $sender = $1; } $recips ||= "(unknown)"; $sender ||= "(unknown)"; ## read message into array of lines to feed to SA # loop over message file content $fh->seek(0, 0) or die "Can't rewind message file: $!"; while (<$fh>) { if ($inhdr) { # we look for and possibly set some headers before handing to SA if (/^\r?\n$/) { # outside of msg header after first blank line $inhdr = 0; if (!$envfrom) { unshift(@msglines, "X-Envelope-From: $sender\r\n"); $self->dbg("Added X-Envelope-From") ; } if (!$envto) { unshift(@msglines, "X-Envelope-To: $recips\r\n"); $addedenvto = 1; # we remove this header later $self->dbg("Added X-Envelope-To"); } } else { # still inside headers, check for some we're interested in $envto = $envto || (/^(?:X-)?Envelope-To: /); $envfrom = $envfrom || (/^(?:X-)?Envelope-From: /); # find the Message-ID for logging (code is mostly from spamd) if (/^Message-Id:\s+(.*?)\s*$/i) { $msgid = $1; while ($msgid =~ s/\([^\(\)]*\)//) { } # remove comments and $msgid =~ s/^\s+|\s+$//g; # leading and trailing spaces $msgid =~ s/\s+/ /g; # collapse whitespaces $msgid =~ s/^.*?<(.*?)>.*$/$1/; # keep only the id itself $msgid =~ s/[^\x21-\x7e]/?/g; # replace all weird chars $msgid =~ s/[<>]/?/g; # plus all dangling angle brackets $msgid =~ s/^(.+)$/<$1>/; # re-bracket the id (if not empty) } } } # add the line to our result array push(@msglines, $_); } $msgid ||= "(unknown)"; $self->inf("processing message $msgid for " . $recips); eval { local $SIG{ALRM} = sub { die "Timed out!\n" }; # save previous timer and start new my $previous_alarm = alarm($prop->{satimeout}); # Audit the message if ($prop->{sa_version} >= 3) { $mail = $assassin->parse(\@msglines, 0); undef @msglines; #clear some memory-- this screws up SA < v3 } elsif ($prop->{sa_version} >= 2.70) { $mail = Mail::SpamAssassin::MsgParser->parse(\@msglines); } else { $mail = Mail::SpamAssassin::NoMailAudit->new(data => \@msglines); } # Check spamminess (returns Mail::SpamAssassin:PerMsgStatus object) my $status = $assassin->check($mail); $self->dbg("Returned from checking by SpamAssassin"); # Rewrite mail if high spam factor or options --tagall if ($status->is_spam || $prop->{tagall}) { $self->dbg("Rewriting mail using SpamAssassin"); # use Mail::SpamAssassin:PerMsgStatus object to rewrite message if ($prop->{sa_version} >= 3) { # inject _SPAMPDVERSION_ as a "template tag" (macro) for SA add_header $status->set_tag("SPAMPDVERSION", $self->VERSION) if ($prop->{sa_version} >= 3.0020); $msg_resp = $status->rewrite_mail; } else { # SA versions prior to 3 need to get the response in a different manner $status->rewrite_mail; $msg_resp = join '', $mail->header, "\r\n", @{$mail->body}; } # remove the envelope-to header if we added it if ($addedenvto) { $self->dbg("Removing X-Envelope-To"); $msg_resp =~ s/^X-Envelope-To: .+\r?\n//m; } # Write the modified mail back to the original file. # Pause the timeout alarm while we do this (no point in timing # out here and leaving a half-written file). my $pause_alarm = alarm(0); $fh->seek(0, 0) or die "Can't rewind message file: $!"; $fh->truncate(0) or die "Can't truncate message file: $!"; $fh->print($msg_resp) or die "Can't print to message file: $!"; #restart the alarm alarm($pause_alarm); } # end rewrite mail # Track some statistics my $stats = $prop->{runtime_stats}; my $was_it_spam; my $time_d = time - $start; $stats->{req_time_last} = $time_d; $stats->{req_time_ttl} += $time_d; $stats->{req_time_avg} = $stats->{req_time_ttl} / $self->{server}->{requests}; if ($status->is_spam) { ++$stats->{req_spam}; $was_it_spam = 'identified spam'; } else { ++$stats->{req_ham}; $was_it_spam = 'clean message'; } # Log what we did my $msg_score = sprintf("%.2f", $status->get_hits); my $msg_threshold = sprintf("%.2f", $status->get_required_hits); my $proc_time = sprintf("%.2f", $time_d); $self->inf("$was_it_spam $msgid ($msg_score/$msg_threshold) from $sender for " . "$recips in ${proc_time}s, $size bytes, with rules v$prop->{runtime_stats}->{sa_rls_ver}"); # thanks to Kurt Andersen for this idea $self->inf("rules hit for $msgid: " . $status->get_names_of_tests_hit) if ($prop->{rh}); $status->finish(); $mail->finish(); # set the timeout alarm back to wherever it was at alarm($previous_alarm); }; # end eval block if ($@ ne '') { $self->wrn("WARNING!! SpamAssassin error on message $msgid: $@"); return 0; } return 1; } sub process_request { my $self = shift; my $prop = $self->{spampd}; my $rcpt_ok = 0; eval { # start a timeout alarm local $SIG{ALRM} = sub { die "Child server process timed out!\n" }; alarm($prop->{childtimeout}); # start an smtp server my $smtp_server = SpamPD::Server->new($self->{server}->{client}); die "Failed to create listening Server: $!" unless (defined $smtp_server); $self->{smtp_server} = $smtp_server; $self->dbg("Initiated Server"); # start an smtp "client" (really a sending server) my $client = SpamPD::Client->new( interface => $prop->{relayhost}, port => $prop->{relayport}, unix_socket => $prop->{relaysocket} ); die "Failed to create sending Client: $!" unless (defined $client); $self->dbg("Initiated Client"); # pass on initial client response # $client->hear can handle multiline responses so no need to loop $smtp_server->reply($client->hear); $self->dbg("smtp_server state: '" . $smtp_server->{state} . "'"); # while loop over incoming data from the server while (my $what = $smtp_server->chat) { $self->dbg("smtp_server state: '" . $smtp_server->{state} . "'"); # until end of DATA is sent, just pass the commands on transparently if ($what ne '.') { $client->say($what); } # but once the data is sent now we want to process it else { # spam checking routine - message might be rewritten here my $pmrescode = $self->process_message($smtp_server->{data}); # pass on the messsage if exit code <> 0 or die-on-sa-errors flag is off if ($pmrescode or !$prop->{dose}) { # need to give the client a rewound file $smtp_server->{data}->seek(0, 0) or die "Can't rewind mail file: $!"; # now send the data on through the client $client->yammer($smtp_server->{data}); } else { $smtp_server->reply("450 Temporary failure processing message, please try again later"); last; } #close the temp file $smtp_server->{data}->close or $self->wrn("WARNING!! Couldn't close smtp_server->{data} temp file: $!"); $self->dbg("Finished sending DATA"); } # pass on whatever the relayhost said in response # $client->hear can handle multiline responses so no need to loop my $destresp = $client->hear; $smtp_server->reply($destresp); $self->dbg("Destination response: '" . $destresp . "'"); # if we're in data state but the response is an error, exit data state. # Shold not normally occur, but can happen. Thanks to Rodrigo Ventura for bug reports. if ($smtp_server->{state} =~ /^data/i and $destresp =~ /^[45]\d{2} /) { $smtp_server->{state} = "err_after_data"; $self->dbg("Destination response indicates error after DATA command"); } # patch for LMTP - multiple responses after . after DATA, done by Vladislav Kurz # we have to count sucessful RCPT commands and then read the same amount of responses if ($smtp_server->{proto} eq 'lmtp') { if ($smtp_server->{state} =~ /^(?:rset|mail)/i) { $rcpt_ok = 0; } elsif ($smtp_server->{state} =~ /^rcpt/i and $destresp =~ /^25/) { $rcpt_ok++; } elsif ($smtp_server->{state} eq '.') { while (--$rcpt_ok) { $destresp = $client->hear; $smtp_server->reply($destresp); $self->dbg("Destination response: '" . $destresp . "'"); } } } # restart the timeout alarm alarm($prop->{childtimeout}); } # server ends connection # close connections $client->{sock}->close or die "Couldn't close Client socket: $!"; $smtp_server->{sock}->close or die "Couldn't close Server socket: $!"; $self->dbg("Closed connections"); }; # end eval block alarm(0); # stop the timer # check for error in eval block if ($@) { chomp($@); $self->err("WARNING!! Error in process_request eval block: $@"); $self->{server}->{done} = 1; # exit this child gracefully } } # Net::Server hook: After binding listening sockets sub post_bind_hook { my $prop = $_[0]->{spampd}; if (defined($prop->{socket}) and defined($prop->{socket_mode})) { chmod(oct($prop->{socket_mode}), $prop->{socket}) or $_[0]->fatal("Couldn't chmod '$prop->{socket}' [$!]\n"); } } # Net::Server hook: about to fork a new child sub pre_fork_hook { return if $_[1]; # && $_[1] eq 'dequeue'; ++$_[0]->{spampd}->{runtime_stats}->{child_count}; ($_[0]->{spampd}->{sa_version} >= 3) and eval { $_[0]->{assassin}->call_plugins("prefork_init"); } } # Net::Server hook: new child starting sub child_init_hook { return if $_[1]; # && $_[1] eq 'dequeue'; # set process name to help clarify via process listing which is child/parent $_[0]->update_child_name(); ($_[0]->{spampd}->{sa_version} >= 3) and eval { $_[0]->{assassin}->call_plugins("spamd_child_init"); } } # Net::Server hook: about to exit child process sub child_finish_hook { return if $_[1]; # && $_[1] eq 'dequeue'; $_[0]->dbg("Exiting child process after handling " . $_[0]->{server}->{requests} . " requests"); } # Net::Server hook: new connection established sub post_accept_hook { my $self = $_[0]; $self->{spampd}->{runtime_stats}->{req_count} = $self->{server}->{requests}; $self->{spampd}->{runtime_stats}->{child_status} = "C"; $self->update_child_name(); } # Net::Server hook: connection ended sub post_client_connection_hook { $_[0]->{spampd}->{runtime_stats}->{child_status} = "D"; $_[0]->update_child_name(); } # Net::Server hook: called when we're using SA Logger or falling back to Net::Server logging. sub write_to_log_hook { my ($self, $level, $msg) = @_; if ($self->{spampd}->{logtype} & LOGGER_SA) { Mail::SpamAssassin::Logger::log_message(SA_LOG_LEVELS->{$level}, $msg); } else { $self->SUPER::write_to_log_hook($level, $msg); } } # Net::Server override: default behavior on HUP is to delete $ENV{'PATH'}, but we like our PATH as it is. sub hup_delete_env_keys { return ''; } # Convenience logging aliases sub err { shift()->log(0, @_); } sub wrn { shift()->log(1, @_); } sub inf { shift()->log(2, @_); } sub nte { shift()->log(3, @_); } sub dbg { shift()->log(4, @_); } ################## FUNCTIONS ###################### # =item read_args_from_file(, ) # Loads all options from a list of files into destination array (typically \@ARGV). # Options loaded from file(s) are placed before any existing items in the destination array # (this is done to preserve precedence of any command-line arguments). Options in subsequent # files will override (or add to) the same option in any previous file(s). # All options found in files following a lone "--" separator are appended to the very end # of the destination array, after a "--" item. This is meant to mimick the behavior of # Getopt::Long passthrough argument handling. sub read_args_from_file() { my ($config_files, $to_args) = @_; return if !($config_files && $to_args); my @extra_args; # store any passthrough args to add at the end # loop over files in reverse order so that precedence is maintained for (reverse(@$config_files)) { # load arguments from file my ($args, $ptargs) = read_conf_file(untaint_path($_), '='); # add to beginning of array, this way command line arg override config files unshift(@{$to_args}, @{$args}); unshift(@extra_args, @{$ptargs}); # save any passthrough args for later } # add any passthrough args at the end, after processing all the files if (@extra_args) { push(@{$to_args}, '--'); # separator for Getopt::Long push(@{$to_args}, @extra_args); } } # =item read_conf_file(file [, separator = "="] [, prefix = "--"]) # Parses a basic configuration file into an array of options suitable for use in a command line. # By default the result key/value separator is an "=" sign. This can be overriden by providing a second argument. # If a blank value is passed as separator, the keys and values will be added as separate array items. # Returns 2 arrays: one with all options before encountering a lone "--" separator, and another (possibly blank) # with any options found after the "--" separator. (This is for handling "passthrough" options since they must be # placed at the end of a command line. The actual "--" separator is not included. See Getopt::Long for more details # about passthrough options). # Config files support commented and blank lines, with one name/value pair per line. Values are optional. # Preceeding option names with "-" or "--" is optional. An optional prefix (default "--") will be prepended to the # name if it does not begin with at least one "-". Names and values can be separated by space(s)/tab(s) or "=" sign. # sub read_conf_file { my ($file, $sep, $prfx) = @_; return ([], []) if !$file; my (@args, @ptargs); my $dest = \@args; $sep //= '='; $prfx //= '--'; open(my $fh, '<', $file) or die "Couldn't open config file '$file' [$!]"; while (defined(my $line = <$fh>)) { next if ($line !~ m/^\s* ((?:--?)?[\w\@-]+) (?:[=:\t ]+ (.+) \s*)?$/xo); ($dest = \@ptargs) && next if $1 eq '--'; my $k = $1; my $v = $2 || ""; $v =~ s/^"(.*)"$/$1/; $k = join('', $prfx, $k) if $prfx && substr($k, 0, 1) ne '-'; $k = join($sep, $k, $v) if $sep && $v ne ''; push (@{$dest}, $k); push (@{$dest}, $v) if !$sep && $v ne ''; } close $fh; return (\@args, \@ptargs); } # Converts a string or array of --logfile options to a log type bitfield of LOG_* constants. # Returns the log type and either an actual logfile name, or undef if there wasn't one. sub logfile2logtype { my ($spec, $type, $sep) = @_; $spec = [$spec] if !ref($spec); $sep //= ":"; $type //= 0; my $file; # Handle ":" record separator and trim values. trimmed(@$spec = split(qr($sep), join($sep, @$spec))); for (@$spec) { if ($_ eq 'syslog') { $type |= LOG_SYSLOG; } elsif ($_ eq 'stderr') { $type |= LOG_STDERR; } elsif ($_ = untaint_path($_)) { $type |= LOG_FILE; $file = $_; } } return ($type, $file); } # Converts a bitfield of logging type, plus optional file name, to an array/list # of values which would be suitable for the commandline --logfile (-o) option. sub logtype2logfile { my ($type, $file, $sep) = @_; my @ret; push(@ret, 'syslog') if ($type & LOG_SYSLOG); push(@ret, 'stderr') if ($type & LOG_STDERR); push(@ret, $file) if ($type & LOG_FILE) && $file; my $q = @ret > 1 ? '"' : ''; return wantarray ? @ret : $q.join($sep || ' : ', @ret).$q; } # Untaint a scalar (or ref to one) or an array ref (most code "borrowed" from spamd) sub untaint_var { my $r = ref $_[0]; if (!$r) { return if !defined($_[0]); local $1; $_[0] =~ /^(.*)$/; return $1; } my $arg = $_[0]; if ($r eq 'ARRAY') { $_ = untaint_var($_) for @{$arg}; return @{$arg} if wantarray; } elsif ($r eq 'SCALAR' || $r eq 'REF') { ${$arg} = untaint_var(${$arg}); } else { warn "Not untainting a $r !\n"; } return $_[0]; } # Untaint a path/file value (most code "borrowed" from spamd) sub untaint_path { my ($path) = @_; return unless defined($path); return '' if ($path eq ''); my $chars = '-_a-z0-9.%=+,/:()\\@\\xA0-\\xFF\\\\'; my $re = qr{^\s*([$chars][${chars}~ ]*)\z}io; local $1; return $1 if ($path =~ $re); warn "WARNING! Refusing to untaint suspicious path: '$path'\n"; return ''; } # Trims a string or array of strings. Modifies whatever was passed in! sub trimmed { s{^\s+|\s+$}{}g foreach @_; }; sub deprecated_opt { warn "Note: option '".$_[0]."' is deprecated and will be ignored.\n"; } # Try to display a temporary HTML file in a browser (used to show "--man html"). sub show_html_file { (my $tmpfile = shift) || return; # should be a File::Temp type # if we get here, handle html output: first try to show it in a browser. my $disp_ok = eval { require HTML::Display; print "Using HTML::Display to display HTML.\n"; HTML::Display::display(file => $tmpfile->filename()); }; # if HTML::Display is not installed, just try Debian or OSX style, or bail out. if (!$disp_ok) { my ($deb, $mac) = (-x "/usr/bin/x-www-browser"), ($^O =~ qr/darwin/i); if (my $cmdline = ($deb ? "x-www-browser " : ($mac ? "open " : undef))) { $cmdline .= $tmpfile->filename()." > /dev/null 2>&1" if $cmdline; if ($disp_ok = (system($cmdline) == 0)) { print "Waiting to delete temp file...\n"; sleep 3; } } } if ($disp_ok) { $tmpfile->unlink_on_destroy(1); print "Removing temporary perldoc file ".$tmpfile->filename()."\n"; } else { print "Unable to start a browser, open the generated HTML file manually.\n"; print "Consider installing the HTML::Display Perl module.\n" if !defined($HTML::Display::VERSION); } } # =item sprintf_named(, ) # Like C but with named parameter support. Converts named placeholders to printf-style # positional arguments based on a passed hash of values. Supports all typical printf formatting options. # Parameters are specified like: "Value of %(my_name)s is %(my_float_value).4f", with names in parenthesis, # or simply "Value of %my_name is %my_value" with the default format being a string. # Original code from https://metacpan.org/dist/Text-sprintfn/source/lib/Text/sprintfn.pm # simplified and optimized for our humble needs. sub sprintf_named { my ($format, $hash) = @_; my $regex = qr{( #all=1 ( #fmt=2 % (?| #npi=3 \((\w+)\) | (\w+) )? # any format specifiers must follow a ")" (?:(?<=\)) (#flags=4 [ +0#-]+ )? (#vflag=5 \*?[v] )? (#width=6 -?\d+ | \*\d+\$? )? (#dot=7 \.?) (#prec=8 (?: \d+ | \*) )? (#conv=9 [%csduoxefgXEGbBpniDUOF] )? )? ) | % | [^%]+ )}xs; my @args; my $replace = sub { my ($all, $fmt, $npi, $flags, $vflag, $width, $dot, $prec, $conv) = @_; if ($fmt && defined($npi) && defined(my $val = $hash->{$npi})) { push(@args, $val); return join("", grep {defined} ("%", $flags, $vflag, $width, $dot, $prec, $conv || "s") ); } return $all; }; $format =~ s/$regex/$replace->($1, $2, $3, $4, $5, $6, $7, $8, $9)/ge; # use Data::Dump; dd [$format, @args]; return sprintf($format, @args); } ################## UTILITY METHODS ###################### # returns true if server is being restarted with a SIGHUP. sub is_reloading { return !!$ENV{'BOUND_SOCKETS'}; }; # set process name to a string formatted from user-specified template sub update_child_name { my $self = $_[0]; return if !$self->{spampd}->{child_name_templ}; eval { $0 = $self->format_stats_string($self->{spampd}->{child_name_templ}); }; $self->dbg("Error in update_child_name(): $@") if $@ ne ''; } # Calls sprintf_named() on passed string with {$self->{spampd}->{runtime_stats} data hash. # Returns results or blank string if error. Errors are logged to debug stream. sub format_stats_string { my ($self, $string) = @_; my $ret = eval { sprintf_named($string, \%{$self->{spampd}->{runtime_stats}}); }; $self->dbg("Error calling sprintf_named(): $@") if $@ ne ''; # $self->dbg($ret); return $ret || ""; } # =item print_options(\%options [, type = "default"] [, exit = -1]) # Prints out names and values from a hash of option {name => \$value} pairs, such as might # be passed to Getopt::Long::GetOptions(). Fairly limited, eg. it cannot handle hash values. # Any value that is not a ref to a scalar or to an array ref is ignored. The first version of the # option name, before the first "|", is used as the option name. Any option spec is also excluded. sub print_options { my ($self, $opts) = (shift, shift); my $type = ($_[0] && $_[0] !~ /^\d+$/ ? shift : 'default'); my $exit = @_ ? $_[0] : -1; print "\n"; print "# Configuration options for ".ref($self)." v".$self->VERSION." with ".$type." values.\n"; print "# This format is suitable as a configuration file. Just remove\n". "# the '#' marks (comment characters) and change values as needed.\n\n" if $exit > -1; for my $k (sort keys %{$opts}) { my $v = $opts->{$k}; next if ref($v) !~ /SCALAR|REF/; $k = $1 if $k =~ /([\w-]+).*/; $v = defined(${$v}) ? ${$v} : "(undefined)"; $v = join(":", @{$v}) if ref($v) eq 'ARRAY'; printf("# %-24s %s\n", $k, $v); } print "\n"; exit $exit if $exit > -1; } # =item show_debug($what, [ \%options, \@startup_args | \$thing_to_dump [,\$another_thing[,...]] ]) # Debug helper, print some values and exit. $what can be an array or single string or CSV list. # $what values: [ all | [vers(ion), conf(ig), argv, start(args), self] ] | obj(ect) # "all" means everything except "object". # "obj" means just dump the rest of the argument(s); ignores rest of $what, basically Data::Dumper->Dump(@_) # Always returns true, even if there is an error, so can be used eg.: show_debug(...) && exit(0); sub show_debug { eval { my ($self, $what, $opts, $clargs) = (shift, shift); my ($ok, @dumps, @dnames) = (0); $what = [$what] if !ref($what); trimmed(@$what = split(/,/, join(',', @$what))); if (grep(/^obj(ect)?$/i, @$what)) { push(@dumps, @_); } else { ($opts, $clargs) = @_; if (grep(/^(vers(ion)?|all)$/i, @$what)) { $self->version(-1); $ok = 1; } if (grep(/^(conf(ig)?|all)$/i, @$what) && $opts) { $self->print_options($opts, 'current', -1); $ok = 1; } if (grep(/^(argv|all)$/i, @$what)) { push(@dumps, \@ARGV); push(@dnames, '*ARGV'); } if (grep(/^(start\w*|all)$/i, @$what)) { push(@dumps, $clargs); push(@dnames, '*startup_args'); } if (grep(/^(self|all)$/i, @$what)) { push(@dumps, %$self); push(@dnames, qw(object *values object *values object *values)); } } if (@dumps) { eval { require Data::Dumper; no warnings 'once'; # https://github.com/mpaperno/spampd/issues/30#issuecomment-889117210 $Data::Dumper::Quotekeys = 0; $Data::Dumper::Bless = ''; $Data::Dumper::Sortkeys = 1; $Data::Dumper::Sparseseen = 1; print("\n". Data::Dumper->Dump(\@dumps, \@dnames) ."\n"); }; warn "Data::Dumper error:\n\t$@\n\n" if $@; } elsif (!$ok) { warn "Don't know how to show '@$what', sorry.\n\n"; } }; warn $@ if $@; return 1; } sub version { my ($self, $exit) = (shift, @_ ? $_[0] : 0); print __PACKAGE__." version $VERSION\n"; print " using ".$self->net_server_type()." ".Net::Server->VERSION()."\n"; print " using SpamAssassin ".Mail::SpamAssassin::Version()."\n"; print " using Perl ".(split(/v/, $^V))[-1]."\n\n"; exit $exit if $exit > -1; } # =item usage([exit_value=2, [help_level=1, [help_format=man]]]) sub usage { my $self = shift; my ($exitval, $hlevel, $helpfmt) = @_; $exitval = 2 if !defined($exitval); $hlevel ||= 1; $helpfmt ||= 'man'; my ($width, $indent, $quotes, $type, $vers) = (78, 2, "`", ref($self), $self->VERSION()); my (@sections, $msg, $outfile, $pdoc_opts); eval { if ($helpfmt !~ /^txt$/i) { no warnings 'once'; # silence useless "$Pod::Usage::Formatter used only once: possible typo" warning $Pod::Usage::Formatter = 'Pod::Text::Termcap'; } require Pod::Usage; } or die "Could not load Pod::Usage!\n\t$@"; if ($hlevel == 4) { # decide which perldoc formatter (-o) to use (currently only works with full docs due to Pod::Usage behavior of -verbose < 2) if ($helpfmt =~ /^html?$/i) { eval { require File::Temp; require File::Spec; $outfile = File::Temp->new( TEMPLATE => "spampd_XXXXXX", SUFFIX => '.html', UNLINK => 0, DIR => untaint_path($ENV{'TMPDIR'} || File::Spec->tmpdir()) ); $pdoc_opts = "-o html -w index -d " . $outfile->filename() if $outfile; }; warn "Could not create temp file for html output: $@\n" if $@; } elsif ($helpfmt =~ /^man$/i) { $pdoc_opts = "-o man -w quotes:$quotes -w section:8 -w release:".$vers." ". "-w center:".$type." -w name:".lc($type); } elsif ($helpfmt =~ /^txt$/i) { $pdoc_opts = "-o text -T -w width:$width -w indent:$indent -w quotes:$quotes"; } } else { push(@sections, "USAGE") if $hlevel == 1 || $hlevel == 3; push(@sections, "SYNOPSIS") if $hlevel == 2; push(@sections, "OPTIONS") if $hlevel == 3; $msg = "\n".$type." version ".$vers."\n"; } Pod::Usage::pod2usage( -verbose => (@sections ? 99 : 2), -message => $msg, -sections => \@sections, -perldocopt => $pdoc_opts, -exitval => "NOEXIT", # text formatter options width => $width, indent => $indent, quotes => $quotes, errors => "none" ); show_html_file($outfile) if $outfile; exit $exitval; } 1; __END__ ################## POD ###################### =encoding UTF-8 =head1 NAME SpamPD - Spam Proxy Daemon =head1 VERSION Documentation for SpamPD version 2.62. =head1 DESCRIPTION I is an SMTP/LMTP proxy that marks (or tags) spam using SpamAssassin (L). The proxy is designed to be transparent to the sending and receiving mail servers and at no point takes responsibility for the message itself. If a failure occurs within I (or SpamAssassin) then the mail servers will disconnect and the sending server is still responsible for retrying the message for as long as it is configured to do so. I uses SpamAssassin to modify (tag) relayed messages based on their spam score, so all SA settings apply. This is described in the SA documentation. I will by default only tell SA to tag a message if it exceeds the spam threshold score, however you can have it rewrite all messages passing through by adding the --tagall option (see SA for how non-spam messages are tagged). I logs all aspects of its operation to syslog(8), using the mail syslog facility. The latest version can be found at L. =head1 SYNOPSIS B I<[ options ]> Options: --config Load options from file(s). --host [:] Hostname/IP and optional port to listen on. --port Port to listen on (alternate syntax to above). --socket UNIX socket to listen on. --socket-perms The octal mode to set on the UNIX socket. --relayhost [:] Host and optional port to relay mail to. --relayport Port to relay to (alternate syntax to above). --relaysocket UNIX socket to relay to. --min-servers | -mns The minimum number of servers to keep running. --min-spare | -mnsp The minimum number of servers to have waiting. --max-spare | -mxsp The maximum number of servers to have waiting. --max-servers | -mxs The maximum number of child servers to start. --maxrequests or -r Maximum requests that each child can process. --childtimeout Time out children after this many seconds. --satimeout Time out SpamAssassin after this many seconds. --child-name-template [s] Template for formatting child process name. --pid or -p Store the daemon's process ID in this file. --user or -u Specifies the user that the daemon runs as. --group or -g Specifies the group that the daemon runs as. --[no]detach Detach from the console daemonize (default). --[no]setsid Completely detach from stderr with setsid(). --maxsize n Maximum size of mail to scan (in KB). --dose (D)ie (o)n (s)pamAssassin (e)rrors. --tagall Tag all messages with SA headers, not just spam. --set-envelope-headers Set X-Envelope-From and X-Envelope-To headers. --set-envelope-from Set X-Envelope-From header only. --local-only or -L Turn off all SA network-based tests. --homedir Use the specified directory as SA home. --saconfig Use the file for SA "user_prefs" configuration. --logfile or -o Destination for logs (syslog|stderr|). --logsock or -ls Allows specifying the syslog socket type. --logident or -li Specify syslog identity name. --logfacility or -lf Specify syslog facility (log name). --log-rules-hit or -rh Log the names of each matched SA test per mail. --debug or -d [] Controls extra debug logging. --help | -h | -? [txt] Show basic command-line usage. -hh | -?? [txt] Show short option descriptions (this text). -hhh | -??? [txt] Show usage summary and full option descriptions. --man [html|txt] Show full docs a man page or HTML/plain text. --show defaults| Print default option values or and exit. --version Print version information and exit. Compatibility with previous SpamPD versions: --children or -c Same as --max-servers | -mxs (since v2.60). Deprecated since SpamAssassin v3: --auto-whitelist or -aw Use the SA global auto-whitelist feature. =head1 REQUIRES Perl modules: =over 5 =item B =item B (>= v0.89, v2.009+ recommended) with B and/or B submodules. =item B =item B =item B (if using TCP/IP sockets) =item B (if using UNIX sockets) =back =head1 OPERATION I is meant to operate as an S/LMTP mail proxy which passes each message through SpamAssassin for analysis. Note that I does not do anything other than check for spam, so it is not suitable as an anti-relay system. It is meant to work in conjunction with your regular mail system. Typically one would pipe any messages they wanted scanned through I after initial acceptance by your MX host. This is especially useful for using Postfix's (http://www.postfix.org) advanced content filtering mechanism, although certainly not limited to that application. Please re-read the second sentence in the above paragraph. You should NOT enable I to listen on a public interface (IP address) unless you know exactly what you're doing! It is very easy to set up an open relay this way. Here are some simple examples (square brackets in the "diagrams" indicate physical machines): =over 2 =item B The firewall/gateway MTA would be configured to forward all of its mail to the port that I listens on, and I would relay its messages to port 25 of your internal server. I could either run on its own host (and listen on any port) or it could run on either mail server (and listen on any port except port 25). Internet -> [ MX gateway (@inter.net.host:25) -> spampd (@localhost:2025) ] -> [ Internal mail (@private.host.ip:25) ] =item B Please see the F that came with the Postfix distribution. You need to have a version of Postfix which supports this (ideally v.2 and up). Internet -> [ Postfix (@inter.net.host:25) -> spampd (@localhost:10025) -> Postfix (@localhost:10026) ] -> final delivery =back Note that these examples only show incoming mail delivery. Since it is often unnecessary to scan mail coming from your network, it may be desirable to set up a separate outbound route which bypasses I. =head2 Scalable Mode Since v2.60 I can optionally run in "scalable mode" which dynamically adjusts the number of child servers which can process requests simultaneously. This is activated automatically if the C<--min-servers> option is specifically set to be lower than C<--max-servers>. Historically I inherited from the module I which only allows for a static number of child servers to be running at once. This new option essentially allows for inheriting from I which features dynamic allocation of child servers, with some tunable parameters. (The reason I wasn't used to begin with is because older versions of it didn't seem to work... it was an old TODO to try again later.) Here is what the I documentation has to say (option names changed to match I): I<"This personality binds to one or more ports and then forks C<--min-servers> child process. The server will make sure that at any given time there are C<--min-spare> servers available to receive a client request, up to C<--max-servers>. Each of these children will process up to C<--maxrequests> client connections. This type is good for a heavily hit site, and should scale well for most applications."> Some experimentation and tuning will likely be needed to get the best performance vs. efficiency. Keep in mind that a SIGHUP sent to the parent process will reload configuration files and restart child servers gracefully (handy for tuning a busy site). See the documentation for C<--min-servers>, C<--max-servers>, C<--min-spare>, and C<--max-spare> options, and also the section about L for tuning parameters and links to further documentation. =head1 INSTALLATION AND CONFIGURATION I can be run directly from the command prompt if desired. This is useful for testing purposes, but for long term use you probably want to put it somewhere like /usr/bin or /usr/local/bin and execute it at system startup. For example on Red Hat-style Linux system one can use a script in /etc/rc.d/init.d to start I (a L is available in the I code repository). I is available as a B for a significant number of Linux distributions, including Debian and derivatives (Ubuntu, etc). This is typically the easiest/best way to install and configure I since it should already take into account any system specifics for setting up and running as a daemon, etc. Note however that packages might not offer the latest version of I. A good reference for available packages and their versions can be found at L. I is also used in the turnkey L project, which includes Postfix as the main MTA and Dovecot as the local delivery agent with LMTP protocol. Even if you don't need the turnkey solution, it may be informative to peruse the MIAB L / L files for reference. All I options have reasonable defaults, especially for a Postfix-centric installation. You may want to specify the C<--max-servers> option if you have an especially beefy or weak server box because I is a memory-hungry program. Check the L<"Options"> for details on this and all other parameters. To show default values for all options, run C. B I injects a C<_SPAMPDVERSION_> L<"template tag"|https://spamassassin.apache.org/doc/Mail_SpamAssassin_Conf.html#TEMPLATE-TAGS> macro at message processing time. This can be used in an C SA config file directive, for example. add_header all Filter-Version SpamAssassin _VERSION_ (_SUBVERSION_, Rules: _RULESVERSION_) / SpamPD _SPAMPDVERSION_ Note that B< I replaces I > from the I distribution in function. You do not need to run I in order for I to work. This has apparently been the source of some confusion, so now you know. =head2 Postfix-specific Notes Here is a typical setup for Postfix "advanced" content filtering as described in the F that came with the Postfix distribution (which you really need to read): F: smtp inet n - y - - smtpd -o content_filter=smtp:localhost:10025 -o myhostname=mx.example.com localhost:10026 inet n - n - 10 smtpd -o content_filter= -o myhostname=mx-int.example.com The first entry is the main public-facing MTA which uses localhost:10025 as the content filter for all mail. The second entry receives mail from the content filter and does final delivery. Both smtpd instances use the same Postfix F file. I is the process that listens on localhost:10025 and then connects to the Postfix listener on localhost:10026. Note that the C options must be different between the two instances, otherwise Postfix will think it's talking to itself and abort sending. For the above example you can simply start I like this: spampd --host=localhost:10025 --relayhost=localhost:10026 F from the Postfix distro has more details and examples of various setups, including how to skip the content filter for outbound mail. Another tip for Postfix when considering what timeout values to use for --childtimout and --satimeout options is the following command: C<# postconf | grep timeout> This will return a list of useful timeout settings and their values. For explanations see the relevant C page (smtp, smtpd, lmtp). By default I is set up for the default Postfix timeout values. The following guide has some more specific setup instructions: B> =head1 UPGRADING Always consult the F file which should be included in the I repository/distribution. If upgrading from a version B, please note that the --add-sc-header option is no longer supported. Use SA's built-in header manipulation features instead (as of SA v2.6). Upgrading from B simply involves replacing the F program file with the latest one. Note that the I folder is no longer being used and the --dead-letters option is no longer needed (though no errors are thrown if it's present). Check the L list below for a full list of new and deprecated options. Also be sure to check out the change log. B I has a new L feature which varies the number of running child servers based on demand. This is disabled by default. The option previosly known as C<--children> (or C<-c>) is now called C<--max-servers> (or C<-mxs>), but the old style is still accepted. See descriptions of the C and C options for details. Also note that v2.60 added the ability to use a L for specifying all options. =head1 USAGE spampd [ [ --config | --cfg | --config-file | --cfg-file [] ][...] [ --host [:] | --socket --socket-perms ] [ --relayhost [:] | --relaysocket ] [--min-servers | -mns ] [--saconfig ] [--user | -u ] [--min-spare | -mnsp ] [--satimeout ] [--group | -g ] [--max-spare | -mxsp ] [--dose ] [--pid | -p ] [--max-servers | -mxs ] [--maxsize ] [--[no]detach ] [--maxrequests | -r ] [--local-only | -L ] [--[no]setsid ] [--childtimeout ] [--tagall | -a ] [--log-rules-hit | -rh] [ --child-name-template | -cnt [