On 05/20/2014 05:31 AM, Boyandin Konstantin wrote: > 19.05.2014, 15:01, "Tom Hendrikx" <t...@whyscream.net>: >> On 05/19/2014 04:00 AM, Boyandin Konstantin wrote: >> >>> Hello Tom, >>> >>> 15.05.2014, 15:07, "Tom Hendrikx" <t...@whyscream.net>: >>>> On 05/15/2014 03:47 AM, Boyandin Konstantin wrote: >>>>> Hello, >>>>> >>>>> I receive quite a lot of email from another mailbox. >>>>> Recently the phishing spam (typically with an attachment >>>>> containing dangerous content in .zip form) is being marked as >>>>> "Innocent" by Dspam and thus requires much manual work to >>>>> remove. >>>>> >>>>> is it possible to force Dspam to treat forwarded message >>>>> (i.e., with 'To:'/'Cc:' addresses not containing email >>>>> address of my email box) regularly and analyze its content as >>>>> required? >>>>> >>>>> The original recipient mailbox (from which the messages are >>>>> forwarded) is whitelisted (messages from it are not >>>>> considered spam). >>>>> >>>>> I would appreciate pieces of advice. >>>> It depends on how your mail system is setup, but preferable >>>> you'd have the MTA passing the envelope sender (after alias >>>> expansion etc) to dspam. In that way, DSPAM doesn't care about >>>> the message headers. >>> I use the Exim setup when Dspam is used as filter. >>> >>> transport_filter = "/usr/bin/dspam --stdout --mode=teft >>> --feature=noise,whitelist --client --deliver=innocent,spam >>> --user ${lc:$local_part}" >>> >>> The whole message is passed, including Envelope-to: header. How >>> should I make Dspam to care about message headers? >> >> If you pipe to dspam like you dom dspam should be able to use the >> --user <foo>. That should be enough for dspam, so no header parsing >> should be used. Did you enable 'ParseToHeaders'? It should not be >> needed. > > ParseToHeaders and ChangeUserOnParse were defaults (on), I have > explicitly set them to off. > > I'll watch the results for a couple of days (if the incoming spam > messages of mentioned kind will still be marked as innocent). >
After re-reading the whole thread, the fact that stuff is marked as whitelisted is of course bad too. Since the original receiver/forwarder didn't do a good job blocking malicious content, it shouldn't be trusted. Maybe disabling whitelisting for your specific user is the better option, like Wicher already mentioned. Tom
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs
_______________________________________________ Dspam-user mailing list Dspam-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspam-user