28.06.2014 05:47, Jari Fredriksson kirjoitti:
> 28.06.2014 04:43, David B Funk kirjoitti:
>> Looking at my mail streams I see evidence that spammers sometimes
>> add faked "SpamAssassin" headers to their messages (I assume to try
>> to trick recipients into thinking that the message has already been
>> given a clean bill-of-health).
>>
>> I wrote a few test rules to look for these pre-existing "X-Spam-"
>> headers to test to see if it could be used as a spam detector.
>> However I got no hits on these rules even on hand crafted test
>> messages that contained such stuff.
>>
>> Checking the SA source I found in PerMsgStatus.pm a line of code:
>> $self->{msg}->delete_header('X-Spam-.*');
>> that ran before any tests. So looking for SA headers inside of SA
>> is pointless.
>>
>> So does anybody have any ideas how to test for evidence of a
>> prior SA pass?
>>
>>
>>
> This is my script /etc/maildroprc
>
> # IF ALREADY SCANNED AND FOUND SPAM, DO NOT RE-SCAN
> if (/^X-Spam-Status: Yes/:h)
> {
> # strip markup, and re-test
> if (/^X-FredSpamComment\: SpamAssassin called at jarif\.iki\.fi\./)
> {
> # Already scanned by us, this is when spam resends mail to
> users when they are clean.
> SCAN_SPAM=0
> }
> else
> {
> xfilter "/usr/bin/spamassassin --remove-markup --nocreate-prefs"
> }
> }
>
>
>
And the glue. Later (lots later!) in the same script:
#
# Here we go! ("Death to Spam" lol)
#
if ( $SCAN_SPAM == 1 )
{
xfilter "spamc -H -x --max-size=5000000 -d spamd -u spam"
xfilter "reformail -A'X-FredSpamComment: SpamAssassin called at
tempest.fredriksson.dy.fi'"
}
If you want to write our own glue, you have the Force. If you rely on SA
alone or Amavis it's harder.
--
jarif.bit
signature.asc
Description: OpenPGP digital signature
