spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sebastian Arcus <s.ar...@open-t.co.uk>
Subject Re: Config option to skip pyzor check on empty body emails?
Date Mon, 11 Sep 2017 23:37:40 GMT

On 11/09/17 20:20, RW wrote:
> On Mon, 11 Sep 2017 17:39:16 +0100
> Sebastian Arcus wrote:
> 
>> Is there any way to tell SA to skip pyzor checks on emails with an
>> empty body (even if there are attachments). I've noticed for a while
>> now that emails which don't contain any text in their bodies seem to
>> automatically trigger PYZOR_CHECK (even if they have an attachment) -
>> although they are private emails so can't possibly match the digest
>> of spam emails. I can only guess that Pyzor matches the digest of
>> empty emails automatically.
> 
> It's because pyzor is based only on a simplified version of the body
> text. This includes stripping any URIs or email addresses from the text.
> 
> It's not just emails with no body text there are also variants of
> this that reduce to common phrases such as "Sent from my iPhone"
> 
>>   I have clients who receive important
>> emails from their customers just with an attachment and a subject
>> line - and they all seem to go to Junk - because they trigger the
>> PYZOR_CHECK rule - which is causing problems. Any way to deal with
>> this?
> 
> This is why pyzor has the  local_whitelist command. At very least it's
> a good idea to pipe an empty string through
> "pyzor local_whitelist" (probably as the user running spamassassin).

I have spotted that command in the docs - and if it worked, it would 
seem like a good solution. But it doesn't seem to. I have added the hash 
of the empty string to the local whitelist. If I try to re-add the same 
hash, or the hash of the problem emails - I get a message stating that 
it is already in the whitelist - so it would appear to be working. But 
when running the email message through SA, it still hits PYZOR_CHECK. I 
have found the location of Pyzor's local whitelist - and the permissions 
are correct. It appears that SA completely ignores the fact that the 
digest is whitelisted locally:


su - spamd -c "spamassassin -D 2>&1 < /test1.eml" | grep -i pyzor
Sep 12 00:31:49.080 [23559] dbg: plugin: loading 
Mail::SpamAssassin::Plugin::Pyzor from @INC
Sep 12 00:31:49.090 [23559] dbg: pyzor: network tests on, attempting Pyzor
Sep 12 00:31:50.679 [23559] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.004001/updates_spamassassin_org/25_pyzor.cf
Sep 12 00:31:50.679 [23559] dbg: config: using 
"/var/lib/spamassassin/3.004001/updates_spamassassin_org/25_pyzor.cf" 
for included file
Sep 12 00:31:50.680 [23559] dbg: config: read file 
/var/lib/spamassassin/3.004001/updates_spamassassin_org/25_pyzor.cf
Sep 12 00:31:57.411 [23559] dbg: util: executable for pyzor was found at 
/usr/bin/pyzor
Sep 12 00:31:57.412 [23559] dbg: pyzor: pyzor is available: /usr/bin/pyzor
Sep 12 00:31:57.413 [23559] dbg: pyzor: opening pipe: /usr/bin/pyzor 
--homedir /var/spool/spamd check < /tmp/.spamassassin23559DIrl4Ktmp
Sep 12 00:31:58.154 [23559] dbg: pyzor: [23560] finished: exit 1
Sep 12 00:31:58.155 [23559] dbg: pyzor: got response: 
public.pyzor.org:24441 (200, 'OK') 2749542 82562
Sep 12 00:31:58.156 [23559] dbg: check: tagrun - tag PYZOR is now ready, 
value: Whitelisted.
Sep 12 00:31:58.157 [23559] dbg: pyzor: listed: COUNT=2749542/5 
WHITELIST=82562
Sep 12 00:31:58.159 [23559] dbg: rules: ran eval rule PYZOR_CHECK 
======> got hit (1)
</snip>

*  2.5 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
   2.5 PYZOR_CHECK            Listed in Pyzor (http://pyzor.sf.net/)

Mime
View raw message