It is difficoult to write a doc of what this plugin that I wrote do But here is the ow.cf file, so you can see what this plugin do It can be used ONLY when box is the same for send and receive emails What do you think about it ?someone want to have to try ?
# oUTwHITELIST (ow) # Is a SpamAssassin Plugin that build a database WhiteList using data from email that your internal users send out # So ow works ONLY if the machine running SpamAssassin is used both for send and receive email. # When some internal people send a mail ow make two things : # 1 It save the internal Message Id into a dedicated table # 2 It save the destination email address into a dedicated table # When receiving external messages it check that they have a reference to a message id also it check email address that was a reply loadplugin Mail::SpamAssassin::Plugin::ow ow.pm use_ow 1 ow_message_id_string Message-ID ow_message_id_must_contain @ ow_message_id_server_prefix 10.1. ow_recipient_server_prefix 10.1. ow_inreplyto_string In-Reply-To ow_references_string References ow_sql_dsn DBI:mysql:mailscanner:localhost ow_sql_username sa_user ow_sql_password BxaDfefrfrr4frf4f4fNNE # (1) # Email Verification methods to be used combined with __OW_T_REF_EMAIL and __OW_T_SENT_EMAIL # If mxpf plugin is used it will be also considered meta __OW_PASS ( DKIM_VALID || SPF_PASS || MXPF_PASS ) # (2) # This rule hits when an incoming message have in the header a valid Message-ID that we # sent out in the past, we can be sure that this message is the reply to our message so is # impossible that is a spam, we can give a great bonus in its score describe OW_REF_THIS Message references a valid Message-ID header OW_REF_THIS eval:ow_ref_this() score OW_REF_THIS -1.80 # (3) # This rule hits when an incoming message have the email address and the C Class of the ip # that match a record in the table cwcontaining all messages that hit a Message-ID in the past # Also if it is not an immediate reply of our messages we are sure that it come from a user # we usually send messages # This is test only, score must be assigned to OW_REF_FULL (6) header __OW_T_REF_FULL eval:ow_ref_full() # (4) # This rule hits when an incoming message have the email address only (unverified) # that match a record in the table containing all messages that hit a Message-ID in the past # Also if it is not an immediate reply of our messages we are sure that it come from a user # we usually send messages but only if it match also a verification method (__OW_PASS) # This is test only, score must be assigned to OW_REF_EMAIL (7) header __OW_T_REF_EMAIL eval:ow_ref_email() # (5) # This rule hits when an incoming message have the email address only (unverified) # that match a record in the table containing all message recipients that iour internal users sent to # It is rasonable that if someone of us sent out something receivers can reply to it # If it match must be verified with a verification method (__OW_PASS) # This is test only, score must be assigned to OW_SENT_EMAIL (8) header __OW_T_SENT_EMAIL eval:ow_sent_email() # (6) # This rule hits when __OW_T_REF_FULL (3) is matched and there is no higher rules matched meta OW_REF_FULL ( __OW_T_REF_FULL && ! OW_REF_THIS ) describe OW_REF_FULL Message (Sender + Ip C Class) hit a reference in the past score OW_REF_FULL -1.60 # (7) # This rule hits when __OW_T_REF_EMAIL (4) is matched, __OW_PASS match also and there is no higher rules matched meta OW_REF_EMAIL ( __OW_T_REF_EMAIL && ! __OW_T_REF_FULL && ! OW_REF_THIS && __OW_PASS) describe OW_REF_EMAIL Message hit a reference in the past, Verified score OW_REF_EMAIL -1.40 # (8) # This rule hits when __OW_T_SENT_EMAIL (5) is matched, __OW_PASS match also and there is no higher rules matched meta OW_SENT_EMAIL ( __OW_T_SENT_EMAIL && ! __OW_T_REF_EMAIL ! && __OW_T_REF_FULL && ! OW_REF_THIS && __OW_PASS) describe OW_SENT_EMAIL Message with address we sent to in the past, Verified score OW_SENT_EMAIL -1.10
