Hi Folks:
The spam we've been getting recently has seemingly been targeted at
getting lower scores to bypass the checks. With the pattern matching
being subverted, unless Razor, Pyzor, DCC or one of the BLs (if you use
them) have the message/sender data within it, the only defense is the
Bayesian test.
Interesting attack. Not that difficult to repel.
I did not want to monkey around with the base system scoring if
possible. I simply wanted to integrate another spam filter with its own
scoring into SpamAssassin. As I have been playing with bogofilter, I
thought this would be a nice idea to integrate bogofilter into
SpamAssassin, and amavisd-new. This is not meant to be a criticism of
SpamAssassin, just a note about a method to integrate two excellent
tools.
I use a late model of Postfix, though I think it might be possible to
do this with other MTA. I have a large corpus (2500+) of spam and about
the same of real mail.
Punchline: It works, quite nicely.
>From a recent message:
X_Spam_Status: Yes, hits=5.2 tag1=2.0 tag2=3.0 kill=3.0
tests=BOGOFILTER,
HTML_MESSAGE, NORMAL_HTTP_TO_IP
(where the X_Spam_Status has been substituted for the normal header tag
to let people read this message...)
Why: Couldn't you just use procmail? Yes, though I wanted a single
point of scoring to run under amavisd-new. While I could keep hacking
something simple under procmail, I would much prefer to make bogofilter
just another SpamAssassin test.
How:
1) implement the bogofilter script as indicated in the relevant
bogofilter readme. You want this run before spamassassin gets the
message. Run it in pass-through mode (-p)
2) Add the following to your /etc/mail/spamassassin/local.cf
require_version 2.61
header BOGOFILTER X-Bogosity =~ /Yes, tests=bogofilter, spamicity=(\d+)/
describe BOGOFILTER Bogosity: bogofilter thinks this mail is junk
score BOGOFILTER 5.000
3) restart postfix/amavisd (or similar).
Note: this technique should work for any other spam filters you want to
in-line into SpamAssassin. I think it would be difficult to add this to
the GA scores, as it is a function of the size, quality, and diversity
of your spam/real corpus. You might be able to accomplish something
similar by increasing the Bayesian weighting on the internal filter.
Enjoy
--
Joe Landman <[EMAIL PROTECTED]>
http://scalableinformatics.com
Scalable Informatics LLC
-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
