MESpamC - MailEnable SpamAssassin Client [v 0.3.1 / 0.2.5]

Discussion, support and announcements for third party applications that work with MailEnable.
Post Reply
FuzzyWuzzy
Posts: 13
Joined: Sun Jul 30, 2006 12:58 pm

Post by FuzzyWuzzy » Thu Aug 03, 2006 10:14 am

Hello again:
1. Check your MailEnable logs, and see if MESpamC is invoked on all messages.
This is from the activity log
08/03/06 11:36:14 [F940E0DFBFC94052B9BDF2CEBAA4393D.MAI] from (SMTP) [SMTP:jesper@nlphuset.dk]->[SF:nlphuset.dk/jesper] Mapped Literal
08/03/06 11:36:14 [9444CAA3F27C4FAEBF58B42923E26782.MAI] from (SMTP) [SMTP:jesper@oneopenwindow.com]->[SF:oneopenwindow.com/jesper] Mapped Literal
08/03/06 11:36:19 [5D3EBCA04D3D4F28BE8F5823B68B293F.MAI] from (SMTP) [SMTP:jesper@oneopenwindow.dk]->[SF:oneopenwindow.dk/jesper] Mapped Literal
This would tell me what MAI ID's to look for in the debug log

From the debug log:
08/03/06 11:36:14 Processing file 5D3EBCA04D3D4F28BE8F5823B68B293F.MAI from queue SMTP
08/03/06 11:36:14 Pre Pickup Event executing: CMD /C "C:\Program Files (x86)\MESpamC\MESpamC.CMD" 5D3EBCA04D3D4F28BE8F5823B68B293F.MAI SMTP
08/03/06 11:36:14 Processing file 9444CAA3F27C4FAEBF58B42923E26782.MAI from queue SMTP
08/03/06 11:36:14 Pre Pickup Event executing: CMD /C "C:\Program Files (x86)\MESpamC\MESpamC.CMD" 9444CAA3F27C4FAEBF58B42923E26782.MAI SMTP
08/03/06 11:36:14 Processing file F940E0DFBFC94052B9BDF2CEBAA4393D.MAI from queue SMTP
08/03/06 11:36:14 Pre Pickup Event executing: CMD /C "C:\Program Files (x86)\MESpamC\MESpamC.CMD" F940E0DFBFC94052B9BDF2CEBAA4393D.MAI SMTP
08/03/06 11:36:14 ME-MTA-ROUTE [F940E0DFBFC94052B9BDF2CEBAA4393D.MAI] from [SMTP] Connector queued to [SF] Connector as [3824F8CABB4C4A60AD3BBA497C561F7B.MAI]
08/03/06 11:36:14 ME-MTA-ROUTE [9444CAA3F27C4FAEBF58B42923E26782.MAI] from [SMTP] Connector queued to [SF] Connector as [50946DC06CC043BAB75A813D31CED152.MAI]
08/03/06 11:36:19 ME-MTA-ROUTE [5D3EBCA04D3D4F28BE8F5823B68B293F.MAI] from [SMTP] Connector queued to [SF] Connector as [58C1FC780F15479BBDFEAE75F2039090.MAI]
This would then tell me that three of the msg's get processed

Adding the following line:
X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on server2
X-Spam-Level:
X-Spam-Status: No, score=0.6 required=5.0 tests=AWL,HTML_MESSAGE,
MANY_EXCLAMATIONS,SPF_HELO_PASS,SUSPICIOUS_RECIPS autolearn=no
version=3.1.3
To the common header
Received: from mail2world.com ([66.28.189.197]) by oneopenwindow.dk with MailEnable ESMTP; Thu, 03 Aug 2006 11:36:12 +0200
Received: from mail pickup service by mail2world.com with Microsoft SMTPSVC;
Thu, 3 Aug 2006 02:21:40 -0700
auth-sender: muzzysalta@icqmail.com
Return-Path: <muzzysalta@icqmail.com>
Received: from 10.1.201.114 unverified ([10.1.201.114]) by mwde08la.mail2world.com with Mail2World SMTP Server,
Thu 03 Aug 2006 02:21:38 -07:00
Received: from [212.242.209.7] by icqmail.com with HTTP; 8/3/2006 2:21:38 AM PST
thread-index: Aca23jj8/5nvieZYQeyAbVmuLzh53g==
Thread-Topic: So tasty! Very Tasty!
From: "Muzzy First" <muzzysalta@icqmail.com>
To: <jesper@oneopenwindow.dk>,
<jesper@oneopenwindow.com>,
<jesper@oneopenwindow.dk>,
<jesper@nlphuset.dk>,
<jesper@oneopenwindow.com>
Subject: So tasty! Very Tasty!
Date: Thu, 3 Aug 2006 02:21:38 -0700
Message-ID: <058401c6b6de$38ff05b0$72c9010a@mail2world.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0585_01C6B6A3.8CA02DB0"
X-Mailer: Microsoft CDO for Exchange 2000
Importance: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1807
Content-Class: urn:content-classes:message
Priority: normal
X-Spam: [FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF,0,41]"\Miscellaneous\Extreme"
<0>
X-OriginalArrivalTime: 03 Aug 2006 09:21:40.0081 (UTC) FILETIME=[3A200610:01C6B6DE]
Received-SPF: none (oneopenwindow.dk: icqmail.com does not designate permitted sender hosts)

This is a multi-part message in MIME format.

------=_NextPart_000_0585_01C6B6A3.8CA02DB0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Do You Think I Am Tasty?
There is actually 5 receivers, but logicly enough, the mail server sorts out the clones before processing with the MTA.

Lets look at the SpamAssassin server.
Since I cant trust that if the MAI ID is 34563545 on the mailenable server then it wouldnt be the same on the SpamAssassin server.
But it wasnt hard since I knew that the sending server was mail2world.com
Thu Aug 3 11:51:58 2006 [5276] info: spamd: connection from ws221.ltsp [81.19.251.221] at port 4223
Thu Aug 3 11:51:58 2006 [5276] info: spamd: processing message <058401c6b6de$38ff05b0$72c9010a@mail2world.com> for (unknown):107
Thu Aug 3 11:52:03 2006 [5276] info: spamd: clean message (0.6/5.0) for (unknown):107 in 5.0 seconds, 2669 bytes.
Thu Aug 3 11:52:03 2006 [5276] info: spamd: result: . 0 - AWL,HTML_MESSAGE,MANY_EXCLAMATIONS,SPF_HELO_PASS,SUSPICIOUS_RECIPS scantime=5.0,size=2669,user=(unknown),uid=107,required_score=5.0,rhost=ws221.ltsp,raddr=81.19.251.221,rport=4223, mid=<058401c6b6de$38ff05b0$72c9010a@mail2world.com>,autolearn=no
Thu Aug 3 11:52:03 2006 [23825] info: prefork: child states: II
Alright... So this is what happens:
1. Mail gets sent
2. Mail received by mail enable
3. Mail Enable processes by sending the 3 msg's through the MTA
4. MESpamC should send 3 msg's to SpamD
5. SpamD receives and proceses 1 msg.
6. SpamD sends back
7. Mail Enable releases all 3 msg's and delivers them?

FuzzyWuzzy
Posts: 13
Joined: Sun Jul 30, 2006 12:58 pm

Post by FuzzyWuzzy » Thu Aug 03, 2006 10:22 am

I was just looking at the timing which Mail Enable shows me
08/03/06 11:36:14 Processing file 5D3EBCA04D3D4F28BE8F5823B68B293F.MAI from queue SMTP
08/03/06 11:36:14 Pre Pickup Event executing: CMD /C "C:\Program Files (x86)\MESpamC\MESpamC.CMD" 5D3EBCA04D3D4F28BE8F5823B68B293F.MAI SMTP
08/03/06 11:36:14 Processing file 9444CAA3F27C4FAEBF58B42923E26782.MAI from queue SMTP
08/03/06 11:36:14 Pre Pickup Event executing: CMD /C "C:\Program Files (x86)\MESpamC\MESpamC.CMD" 9444CAA3F27C4FAEBF58B42923E26782.MAI SMTP
08/03/06 11:36:14 Processing file F940E0DFBFC94052B9BDF2CEBAA4393D.MAI from queue SMTP
08/03/06 11:36:14 Pre Pickup Event executing: CMD /C "C:\Program Files (x86)\MESpamC\MESpamC.CMD" F940E0DFBFC94052B9BDF2CEBAA4393D.MAI SMTP
08/03/06 11:36:14 ME-MTA-ROUTE [F940E0DFBFC94052B9BDF2CEBAA4393D.MAI] from [SMTP] Connector queued to [SF] Connector as [3824F8CABB4C4A60AD3BBA497C561F7B.MAI]
08/03/06 11:36:14 ME-MTA-ROUTE [9444CAA3F27C4FAEBF58B42923E26782.MAI] from [SMTP] Connector queued to [SF] Connector as [50946DC06CC043BAB75A813D31CED152.MAI]
08/03/06 11:36:19 ME-MTA-ROUTE [5D3EBCA04D3D4F28BE8F5823B68B293F.MAI] from [SMTP] Connector queued to [SF] Connector as [58C1FC780F15479BBDFEAE75F2039090.MAI]
If you look close, then it takes under 1 second for processing the first two msg's.

The next and last one takes about 5 seconds,.. Now if I check up this MAI ID with the activity log, then I would find that msg taking the most time is the one delivered to jesper@oneopenwindow.dk
Now here comes the interesting. The mail delivered to this address, is the only one with the SpamD header.

Could we debug on MESpamC?

someone_else
Posts: 302
Joined: Tue Jul 19, 2005 1:12 pm
Location: 404

IP maps

Post by someone_else » Thu Aug 03, 2006 11:03 am

Annelies, generally speaking, the IP specified in the spamd 'A' tag should be your actual/main IP and not 127.0.0.1; 127.0.0.1 is normally accepted by default (both for 'A' and for 'i').

When a process connects to spamd, it will use one of your mapped IPs, i.e. 192.168.1.2 or 69.69.69.69, so even though spamd will accept the 'local' IP, 127.0.0.1, it will reject that process' connection as it originates on a 'different' IP. As such, it is best practice to list *all* your localhost's mapped IPs in the 'A' tag (you can list multiple IPs as a comma separated list).

The same also holds true for the 'i' tag, though my advice is to just leave the 'i' tag blank (i.e. '-i', with no values following it) which defaults to 0.0.0.0 or all available interfaces.
MailEnable plugins:
DKeyEvent - DomainKeys/DKIM
MESpamC - SpamAssassin integration

someone_else
Posts: 302
Joined: Tue Jul 19, 2005 1:12 pm
Location: 404

multiple recipient processing

Post by someone_else » Thu Aug 03, 2006 11:15 am

FuzzyWuzzy, my workstation is currently down due to hardware problems, so I won't really be able to test things on this end for a while; I will look into it, though, as soon as possible.

One thing I noticed, though, is that you are running MESpamC through a batch file (so I assume that it not the only filter running on messages); have you tried calling MESpamC.exe directly (instead of the CMD file)?
MailEnable plugins:
DKeyEvent - DomainKeys/DKIM
MESpamC - SpamAssassin integration

FuzzyWuzzy
Posts: 13
Joined: Sun Jul 30, 2006 12:58 pm

Post by FuzzyWuzzy » Thu Aug 03, 2006 2:54 pm

Making it link against the .exe actually worked :)

I would wonder why it wont process the msg if it gets through the batch file.

baratus
Posts: 6
Joined: Tue Aug 01, 2006 6:48 pm

Another feature request...

Post by baratus » Fri Aug 04, 2006 8:19 am

With some work, I've modified the ME Webmail a bit to tie in to an SQL Database I've set up for user prefs. What I'd like to do is have SpamD check against those prefs for user-configured options (whitelist, blacklist, scores, etc.), but since it's all running on Windows I need to pass the -u argument to SpamC (to provide the e-mail address being checked).

Can MESpamC be configured to pass the -u switch to SpamC? I realize that the MTA Pickup event does not pass any of that info, but if need be I'm confortable enough to write a script to pick out the to address (as long as I can pass that on to SpamC).
Last edited by baratus on Fri Aug 04, 2006 3:10 pm, edited 1 time in total.

Annelies
Posts: 5
Joined: Tue Aug 01, 2006 10:49 pm

Almost there??

Post by Annelies » Fri Aug 04, 2006 9:30 am

Thanks to your help :D , someone_else, I found out with Telnet that spamD could connect to 127.0.0.1 but only on port 25. (There's no other local host)

I changed the port in the ini to 25 en added -p 25 in the register to see what happened:

SMTP activity log

08/04/06 10:08:55 SMTP-IN BF8E25DF4BFF4080BA939FC51445AF55.MAI 428 127.0.0.1 220 mail.nl ESMTP MailEnable Service, Version: 0--2.11 ready at 08/04/06 10:08:55 0 0
08/04/06 10:08:55 SMTP-IN BF8E25DF4BFF4080BA939FC51445AF55.MAI 428 127.0.0.1 UNKN PROCESS SPAMC/1.2 503 Bad sequence of commands 30 19
08/04/06 10:08:55 SMTP-IN BF8E25DF4BFF4080BA939FC51445AF55.MAI 428 127.0.0.1 UNKN Content-length: 830 503 Bad sequence of commands 30 853
08/04/06 10:08:55 SMTP-IN BF8E25DF4BFF4080BA939FC51445AF55.MAI 428 127.0.0.1 UNKN 503 Bad sequence of commands 30 0
08/04/06 10:08:55 SMTP-IN BF8E25DF4BFF4080BA939FC51445AF55.MAI 428 127.0.0.1 UNKN ----=_NextPart_000_000B_1C8FF1FB.556646D7-- 503 Too many invalid commands were received. Terminating Session -1 0


SMTP Debug log

about 30 times:
08/04/06 10:08:55 ME-E0072: (send) could not send response to client (10053)

Any suggestions? :oops:

baratus
Posts: 6
Joined: Tue Aug 01, 2006 6:48 pm

Re: Almost there??

Post by baratus » Fri Aug 04, 2006 11:14 am

Annelies wrote:Thanks to your help :D , someone_else, I found out with Telnet that spamD could connect to 127.0.0.1 but only on port 25. (There's no other local host)

I changed the port in the ini to 25 en added -p 25 in the register to see what happened:

SMTP activity log
...
SMTP Debug log
...
Any suggestions? :oops:
Connecting on Port 25 is actually connecting to the SMTP service from MailEnable. If you're running POP, you'll be able to connect on port 110 as well (telnet localhost 110). Neither of these are actually hitting the SpamD service, but other programs to interact with MailEnable (sending and downloading mail, specifically). This is kind of like opening Microsoft Word to browse the web - there is some similar functionality but by and large they are very different applications.

If you're unable to connect on port 783 you'll want to check your configuartion for spamd and make sure of what port is specified, also see if you can see the process running in task manager.

jerry2
Posts: 22
Joined: Sun Apr 23, 2006 7:53 pm

Post by jerry2 » Fri Aug 04, 2006 1:47 pm

Hm, sorry for me not knowing all the details, but I use Plesk CP and I would like to use Spam Assasin without the add on module for Plesk.

As far as I can understand this plugin can do exactly that. But is it necessary to use it as a MTA pickup event, because I would still like to use original Plesk PickUp Event that does Antivirus for me. Is that possible?

Jerry

someone_else
Posts: 302
Joined: Tue Jul 19, 2005 1:12 pm
Location: 404

Re: Another feature request...

Post by someone_else » Fri Aug 04, 2006 3:23 pm

baratus wrote:Can MESpamC be configured to pass the -u switch to SpamC? I realize that the MTA Pickup event does not pass any of that info, but if need be I'm confortable enough to write a script to pick out the to address (as long as I can pass that on to MESpamC).
MESpamC does not use spamC as an intermediary; it is a spamD client, i.e. it connects to the spamD daemon directly. Now, passing a username from MESpamC to spamD is not a problem; the problem is how MESpamC would know what username to pass. Extracting a ME recipient from the message 'To' header is an option (though, of course, the message might well have multiple recipients, which, again, is problematic) though that would imply setting up user accounts in Linux/SpamAssassin data base that match those is ME.

All in all, it is possible, of course, but frankly, is it really worth the effort? I.e. is it that important to have user-level control? If people are really interested in this, I suppose I could find some way to implement it (maybe have pre-configured user maps in the MESPamC ini file), but again, only if there really is some interest in this...



jerry2 wrote:is it necessary to use it as a MTA pickup event, because I would still like to use original Plesk PickUp Event that does Antivirus for me. Is that possible?
It is possible to run multiple pickup events by calling them one - after the other - through a batch file. The MESpamC installer will detect the presence of a pickup event in MailEnable, and automatically create a batch file for you, first calling your existing pickup event (the Plesk one) and then MESpamC.
MailEnable plugins:
DKeyEvent - DomainKeys/DKIM
MESpamC - SpamAssassin integration

baratus
Posts: 6
Joined: Tue Aug 01, 2006 6:48 pm

Re: Another feature request...

Post by baratus » Sat Aug 05, 2006 5:18 am

someone_else wrote:MESpamC does not use spamC as an intermediary; it is a spamD client, i.e. it connects to the spamD daemon directly. Now, passing a username from MESpamC to spamD is not a problem; the problem is how MESpamC would know what username to pass.
Ah, I misunderstood that - I thought it was an intermediary.

I actually figured on just adding a custom header via a filter from MailEnable called X-Apparently-To which would show the destination mailbox... but now I see that the add header option in the filters is pretty limited.

I know I'm definitely interested in user level control and will be happy to share what solution I can come up with for passing the destination mailbox to MESpamC. I administer a web server hosting about 15 domains, and rather than making the changes globally I'd like to allow the users to maintain their own whitelists/blacklists.

someone_else
Posts: 302
Joined: Tue Jul 19, 2005 1:12 pm
Location: 404

Re: Another feature request...

Post by someone_else » Sat Aug 05, 2006 6:13 am

baratus wrote:I know I'm definitely interested in user level control and will be happy to share what solution I can come up with for passing the destination mailbox to MESpamC. I administer a web server hosting about 15 domains, and rather than making the changes globally I'd like to allow the users to maintain their own whitelists/blacklists.
I will consider this. For the time being, though, you could have MESpamC work in conjunction with the filtering options in ME. For example:
- users set their white/blacklists in ME
- ME filters the message (according to user preferences) and adds a header
- MESpamC in invoked
- MESpamC looks for the ME added header (pre-SA content filtering) and based on that runs or does not run SA

The idea is that with the content filtering in MESpamC, you can tell it to skip SpamAssassin processing if the message meets a certain criteria (say, it is whitelisted or blacklisted in ME).

Also, while I have not tested this myself, I have been told that is it possible to run MESpamC as a Filter in ME (instead of a pickup event); that would give you even more flexibility as regards content filtering.
MailEnable plugins:
DKeyEvent - DomainKeys/DKIM
MESpamC - SpamAssassin integration

baratus
Posts: 6
Joined: Tue Aug 01, 2006 6:48 pm

Re: Another feature request...

Post by baratus » Sat Aug 05, 2006 7:23 am

someone_else wrote:
baratus wrote:I know I'm definitely interested in user level control and will be happy to share what solution I can come up with for passing the destination mailbox to MESpamC.
I will consider this.
I haven't seen a way for users to specify white/blacklists. I'm using MailEnable Pro, so I don't have the mailbox-level filtering in ME Enterprise, is there somewhere else that I've just missed for user level whitelists?

I'll look into running as a part of the filters... I just looked at it from the mailbox delivery event standpoint, and it looks like MailEnable by default passes the postoffice and the destination mailbox. Since my SQL settings will all be configured by mailbox name and domain (easy enough to change to working by PostOffice) anyway, I can just modify my query to work with that.

Using it as the MDE also allows me to incorporate that with the webmail, allowing users to enable/disable spam filtering alltogether, so that may be the route I want to go (if we can pass the username variable to SpamD in the format of mailbox@postoffice).

someone_else
Posts: 302
Joined: Tue Jul 19, 2005 1:12 pm
Location: 404

new feature to be implemented

Post by someone_else » Sat Aug 05, 2006 4:55 pm

Baratus, I've actually given this some more thought, and decided that username specification will indeed be implemented in the next version of MESpamC. The way it will work is that it will extract recipient maps from message envelopes, and if there is only one local recipient, it will pass that as a username to spamD, using the standard ME username@postoffice format. Of course, for this to work, one would need to configure user preferences in spamD, but that should not be a problem if using --virtual-config-dir. Anyway, new release should be available some time next week.
MailEnable plugins:
DKeyEvent - DomainKeys/DKIM
MESpamC - SpamAssassin integration

baratus
Posts: 6
Joined: Tue Aug 01, 2006 6:48 pm

Re: new feature to be implemented

Post by baratus » Sat Aug 05, 2006 6:44 pm

Great, look forward to seeing it, thanks for looking into it.

Post Reply