On 05/21/2014 04:26 AM, Boyandin Konstantin wrote:
> 20.05.2014, 14:54, "Tom Hendrikx" <t...@whyscream.net>:
>> On 05/20/2014 05:31 AM, Boyandin Konstantin wrote:
>>
>>> 19.05.2014, 15:01, "Tom Hendrikx" <t...@whyscream.net>:
>>>> On 05/19/2014 04:00 AM, Boyandin Konstantin wrote:
>>>>> Hello Tom,
>>>>>
>>>>> 15.05.2014, 15:07, "Tom Hendrikx" <t...@whyscream.net>:
>>>>>> On 05/15/2014 03:47 AM, Boyandin Konstantin wrote:
>>>>>>> Hello,
>>>>>>>
>>>>>>> I receive quite a lot of email from another mailbox.
>>>>>>> Recently the phishing spam (typically with an attachment
>>>>>>> containing dangerous content in .zip form) is being
>>>>>>> marked as "Innocent" by Dspam and thus requires much
>>>>>>> manual work to remove.
>>>>>>>
>>>>>>> is it possible to force Dspam to treat forwarded message
>>>>>>> (i.e., with 'To:'/'Cc:' addresses not containing email
>>>>>>> address of my email box) regularly and analyze its
>>>>>>> content as required?
>>>>>>>
>>>>>>> The original recipient mailbox (from which the messages
>>>>>>> are forwarded) is whitelisted (messages from it are not
>>>>>>> considered spam).
>>>>>>>
>>>>>>> I would appreciate pieces of advice.
>>>>>> It depends on how your mail system is setup, but
>>>>>> preferable you'd have the MTA passing the envelope sender
>>>>>> (after alias expansion etc) to dspam. In that way, DSPAM
>>>>>> doesn't care about the message headers.
>>>>> I use the Exim setup when Dspam is used as filter.
>>>>>
>>>>> transport_filter = "/usr/bin/dspam --stdout --mode=teft
>>>>> --feature=noise,whitelist --client --deliver=innocent,spam
>>>>> --user ${lc:$local_part}"
>>>>>
>>>>> The whole message is passed, including Envelope-to: header.
>>>>> How should I make Dspam to care about message headers?
>>>> If you pipe to dspam like you dom dspam should be able to use
>>>> the --user <foo>. That should be enough for dspam, so no header
>>>> parsing should be used. Did you enable 'ParseToHeaders'? It
>>>> should not be needed.
>>> ParseToHeaders and ChangeUserOnParse were defaults (on), I have
>>> explicitly set them to off.
>>>
>>> I'll watch the results for a couple of days (if the incoming
>>> spam messages of mentioned kind will still be marked as
>>> innocent).
>>
>> After re-reading the whole thread, the fact that stuff is marked
>> as whitelisted is of course bad too. Since the original
>> receiver/forwarder didn't do a good job blocking malicious content,
>> it shouldn't be trusted.
>
> If I set up Dspam on the server where mail is coming from, is it
> possible to take into account theclassification Dspam makes on
> forwarded messages?
>
> (for certain reasons we prefer to do all spam sorting on the target
> mailboxes, to avoid additional analysis elsewhere)Dspam adds headers, so yes. Retraining etc should be done on the filtering host though, that might complicate the setup. > >> Maybe disabling whitelisting for your specific user is the better >> option, like Wicher already mentioned. > > Done, thanks to Wicher for the piece of advice. Today more spam gets > correctly identified. > > Konstantin > > ------------------------------------------------------------------------------ > > "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE > Instantly run your Selenium tests across 300+ browser/OS combos. Get > unparalleled scalability from the best Selenium testing platform > available Simple to use. Nothing to install. Get started now for > free." http://p.sf.net/sfu/SauceLabs > _______________________________________________ Dspam-user mailing > list Dspam-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/dspam-user >
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs
_______________________________________________ Dspam-user mailing list Dspam-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspam-user
