Kevin Peuhkurinen said: > > J Thomas Hancock wrote: > >> I apologize for the questions, but this is how my Boss wants things >> done and who am I to argue with him. I figure he will listen to me >> better if I have a creditable source, the SpamAssassin mailing list, >> backing me up versus me by myself. >> >> Part 1: >> >> My boss is convinced that SpamAssassin can delete an email if it >> crosses a certain hit threshold. Everything I have read states that >> SpamAssassin can only add a flag to the message (be it a subject >> rewrite, something in the header, ect) and that the MTA, postfix in >> our case, rejects the message based on that flag. So am I correct in >> stating that SpamAssassin can not delete a message? >> > Correct. > >> Part 2: >> >> My last question to this list was how to able to flag the message for >> deleting if the required_hits exceeds 15, for argument sake, and >> rewrite the subject header if the required_hits exceeds 10. I was told >> SpamAssassin could not do that. I looked into using MailScanner, but >> the PHB did not like that solution since it took too much >> customization to read the users preferences from a MySQL table. We >> came up with 2 ugly solutions. >> >> The first solution is to run two instances of SpamAssassin. Instance >> one runs the required_hits for deleting the message and the second >> instance runs the scan for rewriting the subject. Each instance of >> SpamAssassin can run on a different port/IP address. Does anyone here >> have any experience with such a configuration? >> >> The second solution would be to set postfix to reject a message if the >> header contains “Spam Score 15”, “Spam Score 16”, “Spam Score 17” ect. >> >> Ugly, I know. >> >> What are the thoughts of the members of this list? Does anyone have >> any other suggestions besides MailScanner and our two solutions? >> >> Thank you for your assistance. >> >> Tom Hancock >> > amavis-new can do this nicely. You can set a "tag" level which allows > subject re-writing and a "kill" level above which the email can be > either deleted outright or quarantined (either to a seperate mailbox or > folder on the server). >
I agree, amavisd-new handles this pretty well. I use amavisd-new, postfix & SA as relay server before delivering to Exchange. 1. SA score => -999 points add X-Spam-* headers to the message. This way I can always see what triggered on a message without searching log files. 2. SA Score => 6.0 points, tag as spam, message is delivered to user. Users can use rules within their MUA to handle these. 3. SA Score => 10.0 points, message is delivered to quarantine mbox on the relay server and is not delivered to end user. 4. Amavisd-new blacklisted sender, message bypasses SA tests and is marked as spam and delivered to quarantine mbox on relay server and is not delivered to end user. 5. Amavisd-new whitelisted sender, message bypasses SA tests and is delivered to end user. Useful for skipping scanning like SA users mailing list traffic, as I also use site-wide bayes with auto-learn, I wouldn't want to have SA mails get -100 points and then auto-learn discussions about spam. ;) The other nice feature was when we first rolled this out, I set final spam destination to pass, so that at => 12.0 message was delivered to quarantine and the end user. using this method we were able to tune the system for a few months before we stopped delivering the really spammy stuff to the users. Also worked our way down to a kill level of 10 points. Note: We have a clear policy in place that all comminucations belong to the company and that no one has a right to privacy. Still, check with your boss & lawyers before reviewing mail that was destined for other folks. In the end the answer is no, SpamAssassin can't / won't delete email. You need another tool to delete the messages based on what SpamAssassin scores the message at. Oh, and don't blame SA if you loose any real messages. :) HTH, Matt
