Spamassassin hack

Hello,

I tried to install Akismet on my zenphoto album. The installation was successfull, but spam did not decrease... ==> removed!

As I am filtering mails with spamassassin, I was wondering if it would be possible to filter my Zenphoto comments with it :-)
I googled a little bit and found quite nothing.

I found "Bad behaviour"... I downloaded it... I did understand nothing... ===> removed!

So... I did the work :-)
All "personal" data pieces are in zp-config.php.

The hack adds one file and modifies 2 files:
- zp-config.php: I need some parameters ;-)
- class-image.php: I just added the check...
- functions-spam.php: only one function. Which do all the work.

How it works is quite easy:
- Spamassassin needs a mail as input
- Spamd must be running
- We have enough data pieces to build "missing" headers.
- IP, URL, Nickname are provided to increase the probability to catch a bot.
- The function builds a mail and gives it to spamassassin that answers

You can find the result of my work here: http://www.hebergement-pro.org/zenphoto/spamassassin/

TODO: socket implementation... As I didn't find any spamassassin socket on my box, I didn't try to use it :-)

What do you think about this piece of code?
Is there a way to throw a particular error message in this case?
I set up $errormsg, but it's useless here...

Comments

  • Here is a sample of what my logs look like :)

    May 29 10:28:11 serveur spamd[18625]: spamd: checking message <zenphoto-6d4944cd87391f1781a849ebca8b33b9@serveur> for daemon:1
    May 29 10:28:12 serveur spamd[18625]: spamd: result: Y 6 - RCVD_NUMERIC_HELO,ZENPHOTO_AIRFARE scantime=0.4,size=967,user=daemon,uid=1,required_score=5.0,rhost=serveur,raddr=127.0.0.1,rport=38993,mid=<zenphoto-6d4944cd87391f1781a849ebca8b33b9@serveur>,autolearn=no
    May 29 10:28:56 serveur spamd[18625]: spamd: checking message <zenphoto-6782111f461b9794a75b77eabd7c47f6@serveur> for daemon:1
    May 29 10:28:59 serveur spamd[18625]: spamd: result: Y 6 - RCVD_IN_DSBL,ZENPHOTO_AIRFARE scantime=3.6,size=981,user=daemon,uid=1,required_score=5.0,rhost=serveur,raddr=127.0.0.1,rport=38994,mid=<zenphoto-6782111f461b9794a75b77eabd7c47f6@serveur>,autolearn=no

    ==> It works fine now :-)
    To have a false positive, my contacts should send a mail with a particular subject AND containing bad words collection :)
  • Jun 8 17:36:05 serveur spamd[31873]: spamd: connection from serveur [127.0.0.1] at port 37068
    Jun 8 17:36:05 serveur spamd[31873]: spamd: setuid to daemon succeeded
    Jun 8 17:36:05 serveur spamd[31873]: spamd: checking message <zenphoto-69b0d856499e420bcace34dc686b68df@serveur> for daemon:1
    Jun 8 17:36:06 serveur spamd[31873]: spamd: identified spam (15.5/5.0) for daemon:1 in 0.6 seconds, 937 bytes.
    Jun 8 17:36:06 serveur spamd[31873]: spamd: result: Y 15 - FROM_LOCAL_NOVOWEL,HELO_DYNAMIC_IPADDR2,ZENPHOTO_ABUSE,ZENPHOTO_LINK,ZENPHOTO_WEDDING scantime=0.6,size=937,user=daemon,uid=1,required_score=5.0,rhost=serveur,raddr=127.0.0.1,rport=37068,mid=<zenphoto-69b0d856499e420bcace34dc686b68df@serveur>,autolearn=no
    Jun 8 17:36:06 serveur spamd[31872]: prefork: child states: II

    ==> Perfect :)
  • Boon Member
    Man, this sounds totally cool!

    I will try it out on my ZP gallery tonight :)
  • lasse Member
    hi..
    would be pretty cool if u could explain how to use this a little bit more precise.
    havent figured out it yet :(
  • lasse :

    in the folder, you have 3 files :

    zp-config.php ==> include this near the end of your zp-config file...
    functions-spam.php ==> copy it to .../zen/
    class-image.php ==> try patch -p1 class-image.php < class-image.php.diff.txt
    (backup files before, as usual)

    It should have included all the stuff needed to include spamassassin...
    Just try to insert a comment to see if spamd is waking up...
  • Hello,

    I updated functions-spam.php to fix some things:
    - magic_quotes_gpc was modifying some comments
    - "\r\n" replaced by "\n\n". Should me more compliant to RFC...
    - one call to php_uname(...) removed

    I was a little bit confused by one thing: when the comment is approved, a mail is sent to the administrator... and this mail contains some errors... (most of them should be easy to fix, as it's about conversion and MIME format)
  • I updated functions-spam.phps (http://www.hebergement-pro.org/zenphoto/spamassassin/functions-spam.phps).

    When building the "Received: " header, I have to match the following rules:
    - IP should be between [ ]
    - when no name resolution is available (no reverse, LAN...), I should only provide the IP address... So between [] (previous rule)

    I have absolutely no idea of the way it will behave with IPv6 IP...

    With these changes, I have the following result:
    X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,BAYES_00
    autolearn=ham version=3.2.3

    As you can see, it works with the latest stable version of spamassassin.
  • Hello all :-)

    I wrote the Spamassassin plugin for the latest zenphoto version...
    It should work fine with the 1.1 zenphoto gallery. I use it right now on mine...

    You can find the result of my work here:

    http://www.hebergement-pro.org/zenphoto/spamassassin/

    With 1.0.x versions of zenphoto, you have to modify class-image.php...
    With 1.1.x versions, you don't have to do it anymore.

    In both cases, you have to modify the zp-config.php file in order to add some specific variables.

    In the future, I think I will modify this plugin to store every setting in the database instead of the config file.

    So, now... Let's play with it :)
  • Be careful: I opened this ticket to fix a small issue: http://www.zenphoto.org/trac/ticket/269
  • TheBLIONCorp:

    You can add parameters fairly easily by adding calls to setOptionDefault() in you plugin. This creates them as plugin options. (I tried to download your work, but apparently your zenphoto thinks I am trying to browse to an image!)
  • Hi,

    Strange... On several computers, I tested and I have the good listing...
    http://www.hebergement-pro.org/zp-spamassassin/
    Is it better ? (it's just a symlink :p )

    I use setOptionDefault and getOption to fetch values I need for moderation, for example.
    For now, I'm wondering if it's really interesting to do it:
    Writing in a configuration file some constants seems more easier for me. Using a GUI is much more comfortable. For settings which could change often,

    I rewrote the module this afternoon, I will think about it during the next days.

    I'm a little bit disappointed... Nobody seems to use this plugin except me :-/
  • The link worked fine this time. Thanks.
  • I've updated this to work with the pending 1.1.1 release of Zenphoto. I have also moved the configuration information from zp-config to database options. Do you have any objections for adding this into the release? You might get some support requests. I don't think my server has SpamAssassin, anyway, I have not tested the actual filtering of messages.
  • Hello,

    Sure, you can add it to the next release, I opened this thread to share my work.
    If you want to fill my email in the revised source, it's jerome hebergement-pro.org

    Just for information, what will change in 1.1.1?
  • The zp_conf() function has been removed. Version 1.1 added in the getOption() function, but it took a while to fix all the places so that only the database user/password/prefix are set in zp-config.php.
  • OK ! So there is a good reason to use the database now :-D
  • Updated the 1.1 version. This one will be ready for 1.1.1.

    Major changes:
    - settings have to be registered in the admin options page now
    - some cleanup
    - ready for 1.1.1
    - should for PHP4 AND PHP5 (whereas the previous one was PHP5 only)

    Thanks to sbillard for the help ;) and the integration in the next release.

    If you want to update this plugin, take care of the options you will have to fill in the admin panel ;-)
Sign In or Register to comment.