You should be careful! Don't forget that SA is not perfect! I have received mail marked as SPAM, but it WASN'T! If you do this thing you may lose email that you WANT. I think a better solution is to accept those messages and put them somplace temporarily, kind of like hotmail does. Have a folder called SPAM or BULKMAIL for each user and have tagged SPAM moved into that folder. I do that, and have a CRON job that runs tmpwatch on those folders and removes everything older than X days... I don't like receiving SPAM, but I HATE to miss a desired message!
Thanks for you comments.
I know that Spamassassin isn't perfect, so I do not discard every mail tagged as spam, I use three levels of spam messages:
(Spamassassin) 'required_hits 6.5', a mail over this score is just tagged as spam and sends to the recipient.
(qmail-scanner-st) 'sa_quaratine 8', a mail over this score is quarantined and it is not sent to the recipient. If the feature NOTIFY_ADDRS is set to recipient, the recipent will receive the notifications.
(qmail-scanner-st) 'sa_delete 10', a mail over this score is deleted. Even if NOTIFY_ADDRS is set to recipient, the recipient won't receive anything. The admin will still recieve a notification.
Now I'm working in reject the mail instead of delete it, in this case the sender will receive an error message, and if he isn't an spammer could do something.
I personally check the subject of every mail quarantined, maybe I'm lucky, but in the past 7 months I didn't see a mail over 8 points that wasn't spam.
I also check the SPAM messages regularly at the command-prompt to see how they're changing over time, and how they're scored with SA. It's interesting to see what these bastards are doing to get the message into our INBOX. They send messages to me AS me, or they insert fake HTML tags randomly throughout the message to break up words and avoid pattern searches, etc.
There is something that I saw recently that looked very interesting, and I LOST THE LINK. It involves DNS MX-type records. When receiving an SMTP connection, your MTA is given the sender ([EMAIL PROTECTED]). If the special MX record in the DNS lookup of the senders domain (yahoo.com) doesn't match the actual MTA sending the email, the connection is dropped. Or something like that. I never got the chance to check it out! Since yahoo lists hosts 10.10.10.1-10.10.10.20 (example) as their MX hosts, then if the message you're currently receiving from [EMAIL PROTECTED] is coming from HELO booger.de (10.20.30.40), then you know it's BOGUS, and the connection is dropped. Has anyone heard of this? If so, please post a LINK!!
Ken
This sounds good, if you retreive the link please send it to me.
Cheers
Salvatore
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
