On Sat, 2009-04-11 at 09:14 -0400, martes wrote:
> Greetings Karsten.
>
> How can you tell that the header was mangled?
>
> I have not gotten that deep into email analysis yet, however, I don't
> see what you mean.
Your pastebin sample expired -- so here goes from memory.
The Received headers, injected by the MTAs, are below the sender
generated headers. That's obviously been rewritten. Also, in addition to
personal information, the Organization header read something like "my
organization", just like my-address and stuff. Appears to have been
altered by you.
> I also have to "train" my bayesian filter, so that could be why some
> mail is slipping through.
>
> In response to some other inquiries, citadel simply shoots the mail to
> spamd on the requisit host, and then relies on spamd to evaluate the
> message. There are no SA headers because of the process that was just
> described. This must be specific to citadel.
See my previous post. While you're right that it probably is Citadel
specific, SA can be used as a filter just fine. Maybe Citadel knows how
to do that, too.
> Can anyone let me know where spamassassin stores spam on a default
> install?
It doesn't -- default or not. SA does not reject mail, store or deliver
mail, or whatever else. SA classifies and scores mail. Any action
whatsoever is the duty of other tools in your mail processing chain.
Citadel in your case.
Yup, you want to follow up with Citadel folks... ;)
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
