[Spambayes] sb_mailsort.py

Skip Montanaro skip at pobox.com
Sun Nov 30 18:11:26 EST 2003 

    atom> ok, no answers to my previous post, of similar subject... here's
    atom> more....

I sort of suspect very few people use sb_mailsort.py.

    atom> 1) will the script return a non-zero exit status if it fails for
    atom>    *ANY* reason? this is important, since a .qmail-file will
    atom>    recognize that as an unsuccessful delivery attempt.

Looking at the code, it appears that sb_mailsort.py may not properly exit
with non-zero status in all cases.  I see one error condition it catches
then raises SystemExit, which on my system produces an exit status of 1.
However, the main() function call is not wrapped in a try/except statement.
You might want to modify the end of sb_mailsort.py to something like

if __name__ == "__main__":
    try:
        main()
    except Exception, msg:
        sys.exit(1)
    else:
        sys.exit(0)

just to be sure unanticipated error conditions are caught and that you
guarantee a non-zero exit status.  More detailed analysis of the program's
guts is probably required though.

    atom> 2) is the SPAM_CUTTOFF hard-coded at 0.57??? (like i said, i don't
    atom>    know code in python.) is there a way to only assign a value to
    atom>    a variable [in python] if a user-specified value is not
    atom>    defined?

Sure looks like it (beats me why, though).  You can work around that problem
by initializing SPAM_CUTOFF like so:

from spambayes.Options import options
SPAM_CUTOFF = options["Categorization", "spam_cutoff"]

Note that the above import technique is common usage, though sb_mailsort.py
does its imports differently.  Again, I'm not sure why.  You'll have to
investigate to make sure you're not violating some assumptions the program
author made by importing SpamBayes modules that early in the program.

    atom> 3) how well is this (and similar) scripts protected against
    atom>    attacks where a malicious email can cause commands to be
    atom>    executed with the permissions of the recipient?

I think it should be okay in that regard.  The only actions it takes based
upon a message's content is train on it or score it (by moving it from one
directory to another which you specify on the command line).  I don't think
a black hat could convince Python to twiddle the values of sys.argv, but it
might be a microscopically small amount safer if the spamdir and hamdir were
picked up from your options file.  That would require changes to
spambayes/Options.py as well as scripts/sb_mailsort.py thought.  It's
probably best left for the author.

Skip

More information about the Spambayes mailing list