For what it's worth, on the system here I have a special directory on the server set up, and when the users get a spam message they do a 'save as ascii text file' to that directory. sa-learn runs thru that directory every half hour. Just a thought.
Mike- On Fri, 24 Nov 2006 15:39:35 +0000, you wrote: >Matt, > >Thank you, that makes things a lot clearer, is there any way to utilise >forwarded messages or is it a lost cause? > >Thanks >Andrew > >On Fri, 2006-11-24 at 10:22 -0500, Matt Kettler wrote: >> Andrew Sykes wrote: >> > Hi, >> > >> > I'm writing some code to integrate SpamAssassin with Apache JAMES. >> > >> > I want to setup an address to allow me to pipe spam into sa-learn. I >> > have a prototype of this working fine, but would like to allow various >> > webmail client users to be able to forward spam messages to this >> > address. >> > >> > As I have very limited understanding of how SA works, I don't want to >> > end up blocking the forwarding addresses. >> > >> > If I whitelist the forwarding addresses, can I then simply pipe a >> > forwarded spam from that address into sa-learn or is there more to it? >> > >> >> There's MUCH more to it.. In fact, whitelisting won't really affect what >> sa-learn does at all. >> >> Generally speaking, forwarded messages are mostly useless to sa-learn. >> Exactly how useless depends a bit on the mail client.. >> >> SA tokenizes MANY mail headers, including Received:, not just From: and >> To. All the headers in a forwarded message are completely new, thus the >> sa-learn process will be learning the headers generated by forwarding, >> and not spam. >> >> SA also tokenizes the body of the message. However, most mail clients >> substantially modify the body of the message when you forward. >> Generally speaking they only preserve one of the mime sections in a >> multipart/alternative message. Spammers FREQUENTLY have text/plain >> sections which are dissimilar from the text/html. By forwarding you're >> loosing all but one mime section (generally text/html is kept). >> >> On top of this, most mail clients also insert "Forwarded message:" type >> text into the body, and add Fwd: to the subject. >> >> SA also tokenizes the in-body mime headers describing how the message >> was encoded. However, when you forward, the mail client doing the >> forward re-encodes things its own way. What might have been base64 >> encoded may now be quoted-printable, 8 bit, or 7 bit. >> >> So, fundamentally, as far as bayes is concerned the forwarded message is >> a completely different message than the original spam. >> >> You can try this sometime by taking an original spam, and a forwarded >> version of it and feed them both to spamassassin or sa-learn with "-D >> bayes" added. This will cause the debug output to list all the tokens >> used. Take a look at the tokens. .some are the same, but many are different. >> >> >> >> >> >> >> -- If you're not confused, you're not trying hard enough. -- Please note - Due to the intense volume of spam, we have installed site-wide spam filters at catherders.com. If email from you bounces, try non-HTML, non-encoded, non-attachments,
