Uwe Kiewel wrote: > Hi, > > I hosting 3 domains xx.de, yy.net, zz.de I think about to use e spam > reporting account, e.g. [EMAIL PROTECTED] If one of my users got spam into > their mailbox, they can send it to the spam reporting account. A cron > job looks into that account to train spamassassin. > > In postfix I use "smtpd_sasl_authenticated_header = yes". > > Does such a spam reporting account work? If they're forwarding the message, no.
Forwarding *COMPLETELY* destroys the message from a bayes perspective. Forwarding: 1) Creates a completely new set of headers. SA learns from the header contents, not just the body. 2) Re-creates the whole body text from some arbitrary text rendering of the message. Number 2 is the most detrimental. This includes things like spam in multipart/alternative with different contents in the text/plain and text/html section. Most forwarding clients will discard the original text/plain and make a new one from the text/html. They will also change the encoding to suit their needs, so if it was base64 encoded, it probably won't be anymore. In some circumstances they'll redo the HTML tags, opting for different font encodings, ripping out comments, etc. Finally, they generally redo the line-wraps, and insert some kind of "Forwarded message follows" text. The end result is a completely different message, although the human-readable text portion is the same. However, if you can preserve the original message, this kind of thing works well. Some clients do a "forward as attachment" which works well, but you'd have to have a script that rips off the attachment and feeds that to sa-learn. In other clients, they have a "redirect" or "bounce" feature that works well and essentially re-sends the original message with no changes. This could be fed directly to sa-learn, however you would have to test the mail clients to make sure, as some do a forward-type action here, but preserve the original From: line.
