Page 1 of 1

RelayPlugin stopped working

Posted: 02 Apr 2021 23:53
by ericcox
Possibly related: viewtopic.php?f=14&t=4342&p=16168&hilit ... try#p16168

I'm running eFa-4.0.4
The RelayCountry plugin was working great, then stopped working for me. (This was quite some months ago - I didn't have time to work on it at the time, so I just set all scores near zero.)

The plugin seems to work flawlessly when calling spamassassin from the command line on a specific queue file, but not when mail is flowing through the system. It does not add the X-Spam-Relay-Countries header, nor does it insert the appropriate matching rules to the spam report.

Here is the config in /etc/mail/spamassassin/local.cf:

Code: Select all

  ifplugin Mail::SpamAssassin::Plugin::RelayCountry
  
    country_db_type GeoIP2
    country_db_path /usr/share/GeoIP/GeoLite2-Country.mmdb
    add_header all Relay-Country _RELAYCOUNTRY_
  
    header        RC_BAD          X-Spam-Relay-Countries =~ /(IN|CN|RU)/
    describe      RC_BAD          Relayed through a prohibited country at some point
    score         RC_BAD          0.1
  
    header        RC_FIRST_USCA   X-Spam-Relay-Countries =~ /(^US)/
    describe      RC_FIRST_USCA   First relay is in United States/Canada
    score         RC_FIRST_USCA   -0.1
  
    header        RC_ANY_USCA     X-Spam-Relay-Countries =~ /(US)/
    describe      RC_ANY_USCA     At least one relay is in United States/Canada
    score         RC_ANY_USCA     -0.1
  
    meta          RC_NOT_ANY_USCA !RC_ANY_USCA
    describe      RC_NOT_ANY_USCA No relays are in United States
    score         RC_NOT_ANY_USCA 0.1
  
    meta          RC_NOT_FIRST_US !RC_FIRST_USCA
    describe      RC_NOT_FIRST_US First trusted relay is not in the US
    score         RC_NOT_FIRST_US 0.1
  
  endif Mail::SpamAssassin::Plugin::RelayCountry
I made sure the plugin is enabled. From /etc/mail/spamassassin:

Code: Select all

loadplugin Mail::SpamAssassin::Plugin::RelayCountry

GeoIP DB is updating fine:

Code: Select all

  # ls -l /usr/share/GeoIP/GeoLite2-Country.mmdb /var/www/html/mailscanner/temp/GeoLite2-Country.mmdb
  lrwxrwxrwx. 1 root    root         52 Sep 20  2020 /usr/share/GeoIP/GeoLite2-Country.mmdb -> /var/www/html/mailscanner/temp/GeoLite2-Country.mmdb
  -rw-r--r--. 1 php-fpm php-fpm 3977956 Mar 24 04:02 /var/www/html/mailscanner/temp/GeoLite2-Country.mmdb
When I send a test email from an account on Protonmail (in Switzerland), mailwatch shows the correct country info, and mailscanner seems to insert the matching mail rules in the spam report:
cap1.png
cap1.png (94.5 KiB) Viewed 721 times

But that's not the case. If the X-Spam-Relay-Countries header is not there, RC_ANY_USCA will be false, and since RC_NOT_ANY_USCA is a meta rule that's simply an inversion of RC_ANY_USCA, then RC_NOT_ANY_USCA will be true. Here is a message from the US, and RC_NOT_ANY_USCA appears.
cap2.png
cap2.png (63.25 KiB) Viewed 721 times
But Spamassassin is clearly working properly, because it works perfectly from the command line. So the only explanation that makes sense to me is that the X-Spam-Relay-Countries header is not being inserted into the version of the message that Mailscanner is looking at.

What am I missing?

Re: RelayPlugin stopped working

Posted: 10 Apr 2021 14:34
by shawniverson
I believe you are right, MailScanner isn't incorporating new headers during SA scan. I am taking a look.