SA Bugzilla – Bug 7814
SpamAssassin: Add prelude support
Last modified: 2021-04-08 12:15:04 UTC
Hello I made a patch to be able to send alerts to Prelude with the standard IDMEF (RFC 4765) : https://github.com/ToToL/spamassassin Prelude is an OpenSource SIEM (Security and Information Event Management): https://www.prelude-siem.org Is it possible to add this to SpamAssassin ? Thanks Regards
Thanks for the interest, but it doesn't seem something that SA core distribution should include or need. Also the code logic is quite bad, there is no reason to modify spamd or SA core. It should be implemented as independent M::SA::Plugin::Prelude module that utilises standard api/hooks to act when message is spam.
Love the idea of surfacing the information to a SIEM but as Henrik points out, this should be a plugin.
Changing "component" to 'spamassassin' from "Security" to make it generally visible, as this is NOT a security bug. I agree with Henrik & Kevin: this does not belong in the core, it should be a plugin, like anything else that is likely to be used by a small subset of users. Also, some code notes: 1. Add "use re 'taint';" (and fix anything it breaks.) 2. Remove "use bytes;" (and fix anything it breaks.) 3. Line 48 is unacceptable. Fortunately, it also appears to be essentially pointless, as if you intended to remove it. This is not in any way an exhaustive list, it's just the 3 issues that stood out to me from a cursory look at the code.
Hello Thanks for giving me this feedback ! I will work on this and propose you a new version of this. do you have an example of a plugins like what i should do? Thanks Regards
Please post on the dev@spamassassin.apache.org list about plugin development.
Closing stale bug, development of third party plugins is outside Bugzillas scope.