Bug 7814 - SpamAssassin: Add prelude support
Summary: SpamAssassin: Add prelude support
Status: NEW
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: spamassassin (show other bugs)
Version: unspecified
Hardware: All All
: P2 enhancement
Target Milestone: Undefined
Assignee: SpamAssassin Developer Mailing List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-05-01 23:15 UTC by Thomas Andrejak
Modified: 2020-05-03 03:18 UTC (History)
4 users (show)



Attachment Type Modified Status Actions Submitter/CLA Status

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Andrejak 2020-05-01 23:15:26 UTC
Hello

I made a patch to be able to send alerts to Prelude with the standard IDMEF (RFC 4765) : https://github.com/ToToL/spamassassin

Prelude is an OpenSource SIEM (Security and Information Event Management): https://www.prelude-siem.org

Is it possible to add this to SpamAssassin ?

Thanks

Regards
Comment 1 Henrik Krohns 2020-05-02 08:09:10 UTC
Thanks for the interest, but it doesn't seem something that SA core distribution should include or need. Also the code logic is quite bad, there is no reason to modify spamd or SA core. It should be implemented as independent M::SA::Plugin::Prelude module that utilises standard api/hooks to act when message is spam.
Comment 2 Kevin A. McGrail 2020-05-02 18:27:35 UTC
Love the idea of surfacing the information to a SIEM but as Henrik points out, this should be a plugin.
Comment 3 Bill Cole 2020-05-02 19:06:09 UTC
Changing "component" to 'spamassassin' from "Security" to make it generally visible, as this is NOT a security bug. 

I agree with Henrik & Kevin: this does not belong in the core, it should be a plugin, like anything else that is likely to be used by a small subset of users. 

Also, some code notes:

1. Add "use re 'taint';" (and fix anything it breaks.) 
2. Remove "use bytes;" (and fix anything it breaks.)
3. Line 48 is unacceptable. Fortunately, it also appears to be essentially pointless, as if you intended to remove it. 

This is not in any way an exhaustive list, it's just the 3 issues that stood out to me from a cursory look at the code.
Comment 4 Thomas Andrejak 2020-05-02 19:43:48 UTC
Hello

Thanks for giving me this feedback !

I will work on this and propose you a new version of this.

do you have an example of a plugins like what i should do?

Thanks

Regards
Comment 5 Kevin A. McGrail 2020-05-03 03:18:01 UTC
Please post on the dev@spamassassin.apache.org list about plugin development.