From: "List Mail User" <[EMAIL PROTECTED]>
>...>You can only safely skip messages with an X-Spam-Status: that reads"yes",>due to the fact that you can't trust it. Of course, spammers can always >forge a X-Spam-Status: on themselves that declares the message to bespam,>but if they do.. more power to em.. > Or even better, you can check for already marked positive spam headers and refuse the email on that basis (for like some sites who scan outgoing mail, but pass mail marked as spam on anyway e.g. ufl.edu is"big"on this).Note that this only works on 3.0++. On 2.6x (and I assume previously) the SA headers on an incoming mail were stripped before the rules had a chance to look at the text. LorenNot if the mail is never accepted. I reject mail marked that way with a "550 Already marked as spam" from Postfix (using header rules - so a quoted mail message won't trigger it). There are plenty of large institutions and sites "kind enough" to mark outgoing mail as spam, but send it to you anyway (mostly government or educational sites).
Paul, the procmail script Loren and I use simply strips it out. I've read
too many folks on this list talk about scanning outbound for one reason
or another to figure premarking is a good spam sign.
Of course, there are odd cases to consider.
Suppose somebody honest or at least passing honest scans outbound,
marks the messages, but sends them anyway premarked as spam. I am
inclined to be a little obnoxious and believe it. If it marks the
message as non-spam I'd strip the markup that *I* might mis-sort
upon, In either case I'd rescan it my self. If either case resulted
in a spam markup, either from me or the sender, it becomes spam. In
fact I'd put in a rule looking for an X-Spam sort of header and
explicitly give a "yes" a healthy big score so that I am sure to believe
the joker who sent it.
This way if a spammer tries to spoof I don't much care if the spam
markup came from J-Random-Machine. The score I'd work with would be
the one tagged with MY machine name. I note spam markups are so
marked these days. (Tagging the spam with a very private machine ID
that is a GUID would be even better. Then stripping the spam headers
would not be necessary, for this purpose.)
(So far nobody has nailed down the PerMsgStatus problems that result
in logs that say a message is spam but no markups at all appear on the
message. THIS is why I strip off spam markups. I trigger on their
presence to indicate that I properly completed a spamc/spamd run. If
the header is missing I feed it through spamassassin itself as a backup.
The forgery aspect is a pleasant side effect of stripping the headers.)
{^_^}
