At 2007-10-15 06:26 -0500, Ryan Malayter <[EMAIL PROTECTED]> wrote: > The real solution would be for SpamAssasin to check that the PGP > messages are well-formed, and verify signatures on any PGP message > before altering its score. A tad CPU intensive, I think, and it poses > a host of key management and trust management issues if the > SpamAssasin systems serves many users (which most do).
It's still a worthwhile check, assuming an appropriately weighted system (valid PGP signatures don't necessarily mean I want to read the email, so it's worth a few points, but definitely a less-than-1 fraction of my "not spam, deliver it" number). Given that the default install of SA in most package distributions makes use of various DNS[/RBL] checks, I'm pretty sure that CPU time isn't the compelling factor. I'm happy to accept a 10 minute lag in my email delivery (from or two, really) for a 95%+ reduction in email I didn't want to have to delete manually. At 2007-10-15 19:51 -0700, Dave Brondsema <[EMAIL PROTECTED]> wrote: > I have started an OpenPGP plugin for SpamAssassin that could be useful to > assign a negative score to signed emails. See > http://search.cpan.org/perldoc?Mail::SpamAssassin::Plugin::OpenPGP I am interested in your project and excited by the concept, but I'm pretty sure it will reach the point of Works Good Enough before I have the free time to help. Good luck, though! At 2007-10-15 16:32 +0200, Werner Koch <[EMAIL PROTECTED]> wrote: > FWIW, a few weeks ago I received the first PGP signed spam. The > signature was good and I believe that it was sent using a trojan > utilizing the local MUA which was configured to sign all outgoing mail. It was only a matter of time. -- gabriel rosenkoetter [EMAIL PROTECTED]
pgpbisBuFU9GQ.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
