New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug/notifications/email: Content needs <html>...</html> tags #1316
Comments
I note this also affects the registration emails for the console:
|
@Athanasius although naive, would this do trick : #1339 ? |
Yes, that's exactly the sort of thing I've applied in my local version of the config: # The output goes in the email message body
format: |
{{range . -}}
{{$alert := . -}}
{{range .Decisions -}}
<html><body><a href=https://www.whois.com/whois/{{.Value}}>{{.Value}}</a> will get <b>{{.Type}}</b> for next <b>{{.Duration}}</b> for triggering <b>{{.Scenario}}</b> on machine <b>{{$alert.MachineID}}</b>. <a href=https://www.shodan.io/host/{{.Value}}>Shodan</a></html></body>
{{end -}}
{{end -}} neomutt is happy to display it, and ... ah, well now Spamassassin (I stopped the 'live' messages from going through it) has another hit on its |
OK, it appears that # The output goes in the email message body
format: |
{{range . -}}
{{$alert := . -}}
{{range .Decisions -}}
<html><body><p><a href=https://www.whois.com/whois/{{.Value}}>{{.Value}}</a> will get <b>{{.Type}}</b> for next <b>{{.Duration}}</b> for triggering <b>{{.Scenario}}</b> on machine <b>{{$alert.MachineID}}</b>.</p> <p><a href=https://www.shodan.io/host/{{.Value}}>Shodan {{.Value}}</a></p></body></html>
{{end -}}
{{end -}} I've added the IP into the Shodan link text so it's more obvious it's a link for the IP, not a general Shodan one. The full SpamAssassin score in my setup is now:
|
If you can convince the golang Mail code that's being used to add a |
if you have more than one decision/alert, won't spamassassin complain about the multiple opening/closing html/body tags ? |
I've not yet seen an email with multiple decisions in it. All I can say is that the lack of them at all in this single alert case is an issue. A quick test shows SA not caring about multiple |
thanks, updated the PR, let me know if it sounds good to you and we merge |
I'm still seeing only the two commits there. Forgot to push ? |
Ah, the second one just reformatted. You're missing the |
ah thanks, missed that one, should be fixed now :) |
No, it needs to be TWO HTML paragraphs. That's why I moved the 'Shodan' link into its own. |
ah yes, slow day 😅 |
OK, looks good now (I still like the extra |
Yes, I think we need to revamp this, I think we might now want to include a link to the console's CTI for extra info. I will close this one after approval/merge of the PR and keep further modifications on the template in a separate one ! |
Describe the bug
The default config for email notifications can trigger a high-scoring Spamassassin rules due to bare HTML without
<html>...</html>
enclosing tags.To Reproduce
Steps to reproduce the behavior:
notifications/email.yaml
Expected behavior
All reasonable attempts should be made for these emails to not look like spam.
Technical Information (please complete the following information):
Additional context
Spamassassin reports the following on crowdsec notification emails:
and indeed the only part of a crowdsec notification email starts with:
Now, obviously, I've gone and whitelisted (won't even go through Spamassassin processing) the crowdsec emails in question now, and I can tweak my local config file to add the missing tags (presumably also
<body>
), but this is a small improvement that could be made to the defaults.The text was updated successfully, but these errors were encountered: