20.05.2014, 14:54, "Tom Hendrikx" <t...@whyscream.net>:
> On 05/20/2014 05:31 AM, Boyandin Konstantin wrote:
>
>> 19.05.2014, 15:01, "Tom Hendrikx" <t...@whyscream.net>:
>>> On 05/19/2014 04:00 AM, Boyandin Konstantin wrote:
>>>> Hello Tom,
>>>>
>>>> 15.05.2014, 15:07, "Tom Hendrikx" <t...@whyscream.net>:
>>>>> On 05/15/2014 03:47 AM, Boyandin Konstantin wrote:
>>>>>> Hello,
>>>>>>
>>>>>> I receive quite a lot of email from another mailbox.
>>>>>> Recently the phishing spam (typically with an attachment
>>>>>> containing dangerous content in .zip form) is being marked as
>>>>>> "Innocent" by Dspam and thus requires much manual work to
>>>>>> remove.
>>>>>>
>>>>>> is it possible to force Dspam to treat forwarded message
>>>>>> (i.e., with 'To:'/'Cc:' addresses not containing email
>>>>>> address of my email box) regularly and analyze its content as
>>>>>> required?
>>>>>>
>>>>>> The original recipient mailbox (from which the messages are
>>>>>> forwarded) is whitelisted (messages from it are not
>>>>>> considered spam).
>>>>>>
>>>>>> I would appreciate pieces of advice.
>>>>> It depends on how your mail system is setup, but preferable
>>>>> you'd have the MTA passing the envelope sender (after alias
>>>>> expansion etc) to dspam. In that way, DSPAM doesn't care about
>>>>> the message headers.
>>>> I use the Exim setup when Dspam is used as filter.
>>>>
>>>> transport_filter = "/usr/bin/dspam --stdout --mode=teft
>>>> --feature=noise,whitelist --client --deliver=innocent,spam
>>>> --user ${lc:$local_part}"
>>>>
>>>> The whole message is passed, including Envelope-to: header. How
>>>> should I make Dspam to care about message headers?
>>> If you pipe to dspam like you dom dspam should be able to use the
>>> --user <foo>. That should be enough for dspam, so no header parsing
>>> should be used. Did you enable 'ParseToHeaders'? It should not be
>>> needed.
>> ParseToHeaders and ChangeUserOnParse were defaults (on), I have
>> explicitly set them to off.
>>
>> I'll watch the results for a couple of days (if the incoming spam
>> messages of mentioned kind will still be marked as innocent).
>
> After re-reading the whole thread, the fact that stuff is marked as
> whitelisted is of course bad too. Since the original receiver/forwarder
> didn't do a good job blocking malicious content, it shouldn't be trusted.
If I set up Dspam on the server where mail is coming from, is it possible to
take into account theclassification Dspam makes on forwarded messages?
(for certain reasons we prefer to do all spam sorting on the target mailboxes,
to avoid additional analysis elsewhere)
> Maybe disabling whitelisting for your specific user is the better
> option, like Wicher already mentioned.
Done, thanks to Wicher for the piece of advice. Today more spam gets correctly
identified.
Konstantin
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Dspam-user mailing list
Dspam-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspam-user
