RelayPlugin stopped working

Bugs in eFa 4
Post Reply
ericcox
Posts: 5
Joined: 01 Apr 2021 20:00

RelayPlugin stopped working

Post by ericcox »

Possibly related: viewtopic.php?f=14&t=4342&p=16168&hilit ... try#p16168

I'm running eFa-4.0.4
The RelayCountry plugin was working great, then stopped working for me. (This was quite some months ago - I didn't have time to work on it at the time, so I just set all scores near zero.)

The plugin seems to work flawlessly when calling spamassassin from the command line on a specific queue file, but not when mail is flowing through the system. It does not add the X-Spam-Relay-Countries header, nor does it insert the appropriate matching rules to the spam report.

Here is the config in /etc/mail/spamassassin/local.cf:

Code: Select all

  ifplugin Mail::SpamAssassin::Plugin::RelayCountry
  
    country_db_type GeoIP2
    country_db_path /usr/share/GeoIP/GeoLite2-Country.mmdb
    add_header all Relay-Country _RELAYCOUNTRY_
  
    header        RC_BAD          X-Spam-Relay-Countries =~ /(IN|CN|RU)/
    describe      RC_BAD          Relayed through a prohibited country at some point
    score         RC_BAD          0.1
  
    header        RC_FIRST_USCA   X-Spam-Relay-Countries =~ /(^US)/
    describe      RC_FIRST_USCA   First relay is in United States/Canada
    score         RC_FIRST_USCA   -0.1
  
    header        RC_ANY_USCA     X-Spam-Relay-Countries =~ /(US)/
    describe      RC_ANY_USCA     At least one relay is in United States/Canada
    score         RC_ANY_USCA     -0.1
  
    meta          RC_NOT_ANY_USCA !RC_ANY_USCA
    describe      RC_NOT_ANY_USCA No relays are in United States
    score         RC_NOT_ANY_USCA 0.1
  
    meta          RC_NOT_FIRST_US !RC_FIRST_USCA
    describe      RC_NOT_FIRST_US First trusted relay is not in the US
    score         RC_NOT_FIRST_US 0.1
  
  endif Mail::SpamAssassin::Plugin::RelayCountry
I made sure the plugin is enabled. From /etc/mail/spamassassin:

Code: Select all

loadplugin Mail::SpamAssassin::Plugin::RelayCountry

GeoIP DB is updating fine:

Code: Select all

  # ls -l /usr/share/GeoIP/GeoLite2-Country.mmdb /var/www/html/mailscanner/temp/GeoLite2-Country.mmdb
  lrwxrwxrwx. 1 root    root         52 Sep 20  2020 /usr/share/GeoIP/GeoLite2-Country.mmdb -> /var/www/html/mailscanner/temp/GeoLite2-Country.mmdb
  -rw-r--r--. 1 php-fpm php-fpm 3977956 Mar 24 04:02 /var/www/html/mailscanner/temp/GeoLite2-Country.mmdb
When I send a test email from an account on Protonmail (in Switzerland), mailwatch shows the correct country info, and mailscanner seems to insert the matching mail rules in the spam report:
cap1.png
cap1.png (94.5 KiB) Viewed 7731 times

But that's not the case. If the X-Spam-Relay-Countries header is not there, RC_ANY_USCA will be false, and since RC_NOT_ANY_USCA is a meta rule that's simply an inversion of RC_ANY_USCA, then RC_NOT_ANY_USCA will be true. Here is a message from the US, and RC_NOT_ANY_USCA appears.
cap2.png
cap2.png (63.25 KiB) Viewed 7731 times
But Spamassassin is clearly working properly, because it works perfectly from the command line. So the only explanation that makes sense to me is that the X-Spam-Relay-Countries header is not being inserted into the version of the message that Mailscanner is looking at.

What am I missing?
User avatar
shawniverson
Posts: 3783
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: RelayPlugin stopped working

Post by shawniverson »

I believe you are right, MailScanner isn't incorporating new headers during SA scan. I am taking a look.
ericcox
Posts: 5
Joined: 01 Apr 2021 20:00

Re: RelayPlugin stopped working

Post by ericcox »

Thanks shawniverson, I appreciate it. If there is anything you need, I'm happy to help.
ericcox
Posts: 5
Joined: 01 Apr 2021 20:00

Re: RelayPlugin stopped working

Post by ericcox »

Any news on this? We're getting hammered by spammers using compromised machines all over the world right now. Would really love to be able to filter them out.
User avatar
shawniverson
Posts: 3783
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: RelayPlugin stopped working

Post by shawniverson »

There's definitely an issue here. MailScanner calls SpamAssassin and feeds in a sample, but it does not ingest any header modifications back from the result. Going to take me some time to come up with a solution to capture headers added via SpamAssassin in this fashion.
Post Reply