>> I think it's not a good idea to use forwarded mails as a source for
>> "learning". Somewhere in the SA's documentation indicates this issue.
>
>Yes, we are not forwarding, we are redirecting. But I realize
>that is
>not a good way. redirect/resend/bounce is where the mail is
>resent in
>its native form (but unfortunately has new received headers) so the
>checks that are not received header related would still run
Check if you mailclient can forward mails as attachment; with outlook/outlook
express (what I'm forsced to deal with at one site) this preserves all
headers of the forwarded message.
However, you'll need to feed the resulting mailbox through a script that
extracts the forwarded messages and feeds just these to sa-learn.
here's the script I currently use; mailbox handling is still quite bad but,
hey it works for me. New in this version: it'll print a warning with the
sender address of each email that DOESN'T contain a forwarded message, so you
can easily tell the users: "Please forward as an ATTACHMENT, don't use normal
forwarding". This seems necessary, I've hat lots of users try to submit spam
via normal forward which doesnt't work at all (headers changed,
sender/recipient mixed up....).
------------------------------------------------
#!/usr/bin/perl
# sa-learn-forwarded-spam 0.2
#
# extract message/rfc822 attachments from a mailbox and feed to sa-learn
# partialy copied from the imap/public folder learn
# script by Jason Crummack
use Mail::Util qw(read_mbox);
use MIME::Parser;
use IO::Lines;
# set to 1 to enable imapclient debugging
my $debug = 0;
# set to 1 if running under cron (disables output)
my $cron = 0;
my $mailbox="/var/spool/mail/s/t/steiermark.report-spam";
my $tempdir = "/tmp/spamassassin";
my $learndir = "/tmp/spamassassin/learn";
#
# execute sa-learn command
#
sub sa_learn {
my $dir = shift (@_);
my $type = shift (@_);
my $learncmd = "/usr/bin/sa-learn ".$type." --dir ".$dir;
if ($cron == 0) { $learncmd .= " --showdots"; }
else { $learncmd .= " > /dev/null 2>&1"; }
#
# Run sa-learn script on spam directory
#
#my $sh = Shell->new;
my @args = ($learncmd);
system (@args) == 0 or die "system @args failed: $?";
}
#
# Removes files in directory $dir
#
sub clear_directory{
my $dir = shift (@_);
opendir (DIR, $dir) or die "Couldn't open dir: $dir\n";
my @files = readdir (DIR);
close (DIR);
for (my $i = 0; $i <= $#files; $i++ )
{
if ($files[$i] !~ /\.+$/) {
unlink ($dir."/".$files[$i]);
}
}
}
mkdir ($tempdir);
mkdir ($learndir);
-r $mailbox || exit;
@msgs = read_mbox($mailbox);
unlink ($mailbox);
$cnt = 0;
foreach (@msgs) {
$debug && print ("Message $cnt\n");
my $parser = new MIME::Parser;
$parser->output_dir($tempdir);
$parser->extract_nested_messages(0);
$AH = new IO::Lines;
$AH->open($_);
$entity = $parser->parse($AH);
$num_rfc822=0;
$num_parts = $entity->parts;
$debug && print (" Parts: $num_parts\n");
for ($i=0;$i<$num_parts;$i++) {
$part = $entity->parts($i);
if ($part->effective_type eq "message/rfc822") {
$num_rfc822++;
$debug && print (" File: ".
$part->bodyhandle->path."\n");
@args = ("cp",
$part->bodyhandle->path,
$learndir);
system (@args);
}
}
if (!$num_rfc822) {
if ($entity->head->get('From') =~ m/<(.*)>/) {
print ("No message/rfc822 attachment from $1\n");
}
}
$parser->filer->purge;
$cnt++;
}
sa_learn ($learndir, "--spam");
clear_directory ($learndir);
------------------------------------------------
Bye, Martin
-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
