I'm using this on a test box at the moment.
SPAM_DIR=/var/mail/spool/quarantine/spam
LOGFILE=/tmp/spam.log
:0c
{
:0:
* ^X-Spam-Score: \*\*\*\*\*.*
$SPAM_DIR
}
The checks a copy of each message and dumps it into $SPAM_DIR if it
matches >= 5. In the end I'll make this >= 10. This allows me to archive
what I believe to be spam for subsequent reporting or pattern matching.
Since I'm working with a copy of the message, delivery procedes like
normal. The user never knows I'm doing this.
If you want to just take all matches and null them
:0h
* ^X-Spam-Score: \*\*\*\*\*.*
/dev/null
Oh wait, I just realized I'm matching my header line, not what you're
likely to have. My X-Spam-Score line is different. It allows filtering
to work in LookOut and other braindead MUAs. I print the stars
immediately after X-Spam-Score: . I imagine you can rig SA to do the same
though. If not, you'll have to get someone to assist you with the
specific regex to match either the stars or the numeric value.
* ^X-Spam-Score: .*\(\*\*\*\*\*.*)
might work for default SA rules. LookOut apparently can't search for a
header called X-Spam-Score and then check to see if it was a value (or a
string within it ) of X. The only way I've found to make a header match
work is to do a header search for a literal "X-Spam-Score: ******". That
seems to work fine.
I imagine the thresholds you're referring to are what each admin, and
ultimately each user define at what they aren't "pretty sure" is spam and
"can't be anything but" spam. To me, I'd consider anything about 5 to
probably be spam. Anything above 10 would almost always be spam. If it's
above 15, there's a snow ball's chance in hell of it not being good ole
spam. You as a user or admin might want to take different actions
depending on the score. For most of my users, I'd recommend auto-deleting
>= 10 scores. I'd then recommend they move >= 5 scores to a "Possible
SPAM" folder, auto delete from it if it's a week old, and go through it
every couple of days for false positives.
Hope that helps
Justin
On Thu, 17 Oct 2002, Kenneth Chen wrote:
> I'm curious about something -- can you actually create a recipe in
> procmail to filter emails with X-Spam-Status at 20 or more to send emails
> directly to /dev/null?
>
> If so, what would the recipe be?
>
> And what exactly is the difference between 'probably-spam' and
> 'definitely-spam' thresholds?
>
> Thanks,
> Kenneth
-------------------------------------------------------
This sf.net email is sponsored by: viaVerio will pay you up to
$1,000 for every account that you consolidate with us.
http://ad.doubleclick.net/clk;4749864;7604308;v?
http://www.viaverio.com/consolidator/osdn.cfm
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
