On 05/20/2014 05:31 AM, Boyandin Konstantin wrote:
> 19.05.2014, 15:01, "Tom Hendrikx" <t...@whyscream.net>:
>> On 05/19/2014 04:00 AM, Boyandin Konstantin wrote:
>> 
>>> Hello Tom,
>>> 
>>> 15.05.2014, 15:07, "Tom Hendrikx" <t...@whyscream.net>:
>>>> On 05/15/2014 03:47 AM, Boyandin Konstantin wrote:
>>>>> Hello,
>>>>> 
>>>>> I receive quite a lot of email from another mailbox.
>>>>> Recently the phishing spam (typically with an attachment
>>>>> containing dangerous content in .zip form) is being marked as
>>>>> "Innocent" by Dspam and thus requires much manual work to
>>>>> remove.
>>>>> 
>>>>> is it possible to force Dspam to treat forwarded message
>>>>> (i.e., with 'To:'/'Cc:' addresses not containing email
>>>>> address of my email box) regularly and analyze its content as
>>>>> required?
>>>>> 
>>>>> The original recipient mailbox (from which the messages are 
>>>>> forwarded) is whitelisted (messages from it are not
>>>>> considered spam).
>>>>> 
>>>>> I would appreciate pieces of advice.
>>>> It depends on how your mail system is setup, but preferable
>>>> you'd have the MTA passing the envelope sender (after alias
>>>> expansion etc) to dspam. In that way, DSPAM doesn't care about
>>>> the message headers.
>>> I use the Exim setup when Dspam is used as filter.
>>> 
>>> transport_filter = "/usr/bin/dspam --stdout --mode=teft 
>>> --feature=noise,whitelist --client --deliver=innocent,spam
>>> --user ${lc:$local_part}"
>>> 
>>> The whole message is passed, including Envelope-to: header. How 
>>> should I make Dspam to care about message headers?
>> 
>> If you pipe to dspam like you dom dspam should be able to use the
>> --user <foo>. That should be enough for dspam, so no header parsing
>> should be used. Did you enable 'ParseToHeaders'? It should not be
>> needed.
> 
> ParseToHeaders and ChangeUserOnParse were defaults (on), I have
> explicitly set them to off.
> 
> I'll watch the results for a couple of days (if the incoming spam
> messages of mentioned kind will still be marked as innocent).
> 

After re-reading the whole thread, the fact that stuff is marked as
whitelisted is of course bad too. Since the original receiver/forwarder
didn't do a good job blocking malicious content, it shouldn't be trusted.

Maybe disabling whitelisting for your specific user is the better
option, like Wicher already mentioned.

Tom

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Dspam-user mailing list
Dspam-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspam-user

Reply via email to