This Space for Rent

Killing spam the old fashioned way

Over the past couple of years, the only spam that's been making its way into pell (except for a few really dedicated junk mailers) are variants of the traditional nigerian 419 spam (mainly DEAR FRIEND, but with a healthy side of YOU'VE WON THE WESCAMYOU LOTTERY!) In the past few weeks, this trickle of spam has increased, not to torrental portions, but enough to bring it up to 4-5 pieces a day. So, since I'd put sendmail filter support into postoffice just in case I wanted to do more enthusiastic spamtrapping, I decided that this was a good time to go out and wedge a spamassassin filter onto gehenna so I could do 419 catching from all of my public web machines.

This is, of course, easier said than done. gehenna ran perl 5.00000000005, and spamassassin wanted perl topofthegarbageheap, so I had to schedule a perl upgrade, and then run around like a rabid ferret for a while when the perl upgrade broke every single perl program on the stupid box. But after that was done, it seemed like it would be trivial to install spamassassin, then install the already made sendmail filter for it, and bob would be your uncle just the same way he was on the Centos3 box I used as the milter server platform when writing the code in the first place.

Well, it turns out that I don't have an uncle bob. The spamassassin<->sendmail filter translation program is written in butt-ugly c++, and it takes full advantage of that thrice-damned language. It's not modular, it doesn't appear to reuse code very well, but it certainly takes full advantage of c++. And it does stop spam! Spamassassin detect the spam, spits up a spam status (which I then massage to produce a listing of the tests that say "you're a spammer!" so I can have the committee properly report failures. However, it also does the same to non-spam messages; I toss one-line "this is a test" messages into pell to test the mail server, and spamassassin or spamass-milter (I'm not sure which one, because they don't log anything even with logging turned on and the machine running in full debug) returns -- silently -- a "refuse this for it is spam" status (without a message! Or any status! Or any indication of what the fuck is going on.)

Well, now that's useful. That's almost as useful as unplugging the computer for keeping out the bad email while allowing the good email to come in.

So far I'm two for two with sendmail filters. The clamav filter was merely annoying when it croaked because I! didn't! have! a! /etc/sendmail.cf! on a machine which I've systematically SCRUBBED CLEAN of sendmail poop for just that reason, but I still had to patch the stupid thing before it would actually work. The spamassassin filter, on the other hand, has been patched and printf'ed (actually syslogged()) at least six times now, and it's still (silently!) telling me that it won't accept any of my non-test messages.

When I get some free time, I'm going to rewrite the spamassassin filter in a proper language (C, and by C I most vehemently don't mean C99 [motto: C++ without the useful parts!]) and strip out all of the grade-A prime junk features which infest the current one. Until then, I'll just look for a different nigerian 419 detector and see if I can get that to talk sendmail filter to me.