On 05/20/2014 05:31 AM, Boyandin Konstantin wrote:
> 19.05.2014, 15:01, "Tom Hendrikx" <t...@whyscream.net>:
>> On 05/19/2014 04:00 AM, Boyandin Konstantin wrote:
>>
>>> Hello Tom,
>>>
>>> 15.05.2014, 15:07, "Tom Hendrikx" <t...@whyscream.net>:
>>>> On 05/15/2014 03:47 AM, Boyandin Konstantin wrote:
>>>>> Hello,
>>>>>
>>>>> I receive quite a lot of email from another mailbox.
>>>>> Recently the phishing spam (typically with an attachment
>>>>> containing dangerous content in .zip form) is being marked as
>>>>> "Innocent" by Dspam and thus requires much manual work to
>>>>> remove.
>>>>>
>>>>> is it possible to force Dspam to treat forwarded message
>>>>> (i.e., with 'To:'/'Cc:' addresses not containing email
>>>>> address of my email box) regularly and analyze its content as
>>>>> required?
>>>>>
>>>>> The original recipient mailbox (from which the messages are
>>>>> forwarded) is whitelisted (messages from it are not
>>>>> considered spam).
>>>>>
>>>>> I would appreciate pieces of advice.
>>>> It depends on how your mail system is setup, but preferable
>>>> you'd have the MTA passing the envelope sender (after alias
>>>> expansion etc) to dspam. In that way, DSPAM doesn't care about
>>>> the message headers.
>>> I use the Exim setup when Dspam is used as filter.
>>>
>>> transport_filter = "/usr/bin/dspam --stdout --mode=teft
>>> --feature=noise,whitelist --client --deliver=innocent,spam
>>> --user ${lc:$local_part}"
>>>
>>> The whole message is passed, including Envelope-to: header. How
>>> should I make Dspam to care about message headers?
>>
>> If you pipe to dspam like you dom dspam should be able to use the
>> --user <foo>. That should be enough for dspam, so no header parsing
>> should be used. Did you enable 'ParseToHeaders'? It should not be
>> needed.
>
> ParseToHeaders and ChangeUserOnParse were defaults (on), I have
> explicitly set them to off.
>
> I'll watch the results for a couple of days (if the incoming spam
> messages of mentioned kind will still be marked as innocent).
> After re-reading the whole thread, the fact that stuff is marked as whitelisted is of course bad too. Since the original receiver/forwarder didn't do a good job blocking malicious content, it shouldn't be trusted. Maybe disabling whitelisting for your specific user is the better option, like Wicher already mentioned. Tom
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs
_______________________________________________ Dspam-user mailing list Dspam-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspam-user
