crowdsec: Bug/notifications/email: Content needs ... tags

Describe the bug The default config for email notifications can trigger a high-scoring Spamassassin rules due to bare HTML without <html>...</html> enclosing tags.

To Reproduce Steps to reproduce the behavior:

  1. Set up email notifications, with minimal edits to the default notifications/email.yaml
  2. Trigger an email
  3. Check the content of the solitary text/html attachment

Expected behavior All reasonable attempts should be made for these emails to not look like spam.

Technical Information (please complete the following information):

  • OS: Debian buster (currently oldstable)
  • Version: crowdsec 1.3.2 from the APT repository

Additional context Spamassassin reports the following on crowdsec notification emails:

        *  3.8 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML
        *      tag

and indeed the only part of a crowdsec notification email starts with:

<a href=...

Now, obviously, I’ve gone and whitelisted (won’t even go through Spamassassin processing) the crowdsec emails in question now, and I can tweak my local config file to add the missing tags (presumably also <body>), but this is a small improvement that could be made to the defaults.

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 15 (6 by maintainers)

Commits related to this issue

Most upvoted comments

if you have more than one decision/alert, won’t spamassassin complain about the multiple opening/closing html/body tags ?

I’ve not yet seen an email with multiple decisions in it. All I can say is that the lack of them at all in this single alert case is an issue.

A quick test shows SA not caring about multiple <html><body>...</body></html> in the same attachment. I can’t speak for any other anti-spam detection.

+1
Athanasius on Mar 10, 2022

@Athanasius although naive, would this do trick : #1339 ?

Yes, that’s exactly the sort of thing I’ve applied in my local version of the config:

# The output goes in the email message body
format: |
  {{range . -}}
    {{$alert := . -}}
    {{range .Decisions -}}
      <html><body><a href=https://www.whois.com/whois/{{.Value}}>{{.Value}}</a> will get <b>{{.Type}}</b> for next <b>{{.Duration}}</b> for triggering <b>{{.Scenario}}</b> on machine <b>{{$alert.MachineID}}</b>. <a href=https://www.shodan.io/host/{{.Value}}>Shodan</a></html></body>
    {{end -}}
  {{end -}}

neomutt is happy to display it, and … ah, well now Spamassassin (I stopped the ‘live’ messages from going through it) has another hit on its SCC_BODY_URI_ONLY rule. Let me check into that and get back to you so we can fashion the best format for this in one go.

+1
Athanasius on Mar 10, 2022
Read more comments on GitHub
← github-action: Existing workflow - Failed to collect project info. Please contact our support team for help
crowdsec: crowdsec 1.5.2-1.fc37 package is signed by expired keys →