Re: OT Alert: Forward low scoring SPAM to sa-learn.
On 17.07.07 10:40, Anthony Kamau wrote: I'm faced with a dilemma on how to use sa-learn with mail forwarded from a user's inbox on Exchange to the sendmail server. Since we just recently started using sendmail as a front end server, our bayes system is still in its infancy and spam is getting through to user inboxes with scores lower than our threshold of 10 and thus not being clearly identified as spam on the subject line. My intention is to have a user forward spam back to sendmail server and use sa-learn to help the scoring system get better fast. my experience tells that exchange rewrites mails very often in such a horrible way that mail from exchange should be never used for SA training. Try to send all copies of received e-mail to special mailbox on your front-end server and whenever your user reports false positive/negative, run sa-learn (or spamassasin -r/-k) over the copy. -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Linux is like a teepee: no Windows, no Gates and an apache inside...
RE: OT Alert: Forward low scoring SPAM to sa-learn.
-Original Message- From: Michael Scheidell [mailto:[EMAIL PROTECTED] Sent: Tuesday, 17 July 2007 2:51 PM To: Anthony Kamau; users@spamassassin.apache.org Subject: RE: OT Alert: Forward low scoring SPAM to sa-learn. Only hope it to create shared, public folders for them to move the email to and have a separate program use imap to that folder to read the email (again, google is your friend, there are several programs like this for SA out there) Thanks Michael. I've always known that Google is my friend, but creativity with search terms eludes me -:). After reading your response, I quickly Googled imap exchange sa-learn and up came 794 links. The link at the top [1] provides all the details I need! [1] - http://www.ctdx.net/2006/10/27/spamassassin-linux-exchange-imap/ Cheers, AK.
RE: OT Alert: Forward low scoring SPAM to sa-learn.
-Original Message- From: Matt Kettler [mailto:[EMAIL PROTECTED] Sent: Tuesday, 17 July 2007 11:35 AM To: Anthony Kamau Cc: users@spamassassin.apache.org Subject: Re: OT Alert: Forward low scoring SPAM to sa-learn. That said, if you're just doing a forward as attachment type operation, you should be able to get any standard mime attachment extractor tool.. Thanks Matt, I was planning on having the users forward the spam/ham as an attachment, but that was before I read Michael's post. All should be well unless I have other issues with the script... Cheers, AK.
Re: OT Alert: Forward low scoring SPAM to sa-learn.
Anthony Kamau wrote: Hello all. I'm faced with a dilemma on how to use sa-learn with mail forwarded from a user's inbox on Exchange to the sendmail server. Since we just recently started using sendmail as a front end server, our bayes system is still in its infancy and spam is getting through to user inboxes with scores lower than our threshold of 10 and thus not being clearly identified as spam on the subject line. My intention is to have a user forward spam back to sendmail server and use sa-learn to help the scoring system get better fast. Here's what I've done so far: I have created two email addresses for this purpose; [EMAIL PROTECTED] for spam and [EMAIL PROTECTED] for false positives. I have created a connector that forwards all email destined for mail.domain.com back to the sendmail server and messages are getting into the appropriate mailboxes. The next step is what has me stunned - is there a standard marker to look out for that segregates the attachment from the mail sending the attachment? Standard? There's nothing that's standard about forwarding email. That said, if you're just doing a forward as attachment type operation, you should be able to get any standard mime attachment extractor tool.. ie: http://search.cpan.org/dist/ppt/bin/mimedecode If you're using an ordinary forward, don't bother. The message has been completely rebuilt and only has a visible-text resemblance to the original. Generally a normal forward does the following, any of which is more-or-less a different message as far as SA is concerned, but the header ones are pretty catastrophic unless you can do major reconstruction. 1) discard ALL of the original message headers, and build new ones, copying a minimal amount of text: -The message is now From: the forwardee, not the spammer. -All of the Received: headers are new. -Any out-of-the-ordinary headers are generally gone (ie: X-Id, X-Originating-IP, etc) -Even the subject is generally changed to include Fwd: or something similar. -Obviously the X-Mailer and/or User-Agent is replaced with the one for your MUA, not the original. 2) Significant changes to the body text: - For multipart/alternative messages, many mail clients will discard the original text/plain, and build a new one based on the contents of the text/html - Most add some kind of Forwarded message follows text - Most will re-do any character encodings. ie: a message that was base64 encoded will probably not be. - Most will re-do line-wraps to suit their own tastes. - All will generate completely new mime boundaries which will generally not be remotely similar to the originals.
RE: OT Alert: Forward low scoring SPAM to sa-learn.
-Original Message- From: Anthony Kamau [mailto:[EMAIL PROTECTED] Sent: Monday, July 16, 2007 8:40 PM To: users@spamassassin.apache.org Subject: OT Alert: Forward low scoring SPAM to sa-learn. Hello all. The next step is what has me stunned - is there a standard marker to look out for that segregates the attachment from the mail sending the attachment? No, and even if you could talk your users through forwarding the email as an attachment (google is your friend) is would still be messed up. Only hope it to create shared, public folders for them to move the email to and have a separate program use imap to that folder to read the email (again, google is your friend, there are several programs like this for SA out there) Or, you could create a vbscript that sends it to a waiting spamd daemon, that could work also. _ This email has been scanned and certified safe by SpammerTrap(tm). For Information please see http://www.spammertrap.com _
