For anyone reading this that knows, I'm still curious about the effect
of multiple "--source=error" invocations of dspam for the same
message/signature.
Thanks LJ!
The reasoning behind the "fix-up" approach is that I process the mail
with dspam _before_ local address rewriting is done,
so that each (virtual) user gets its own set of tokens in dspam. I was
hoping that I'd only have to maintain the virtual alias table for the
known-spam users and not have to replicate that elsewhere, such as an
access(5) or transport(5) table.
You've got me thinking though, as I do use another SMTP instance as a
public-facing relay. Since it doesn't maintain its own aliases for the
served domains, I should be able to do something like setting up a
virtual alias for the multiple known-spam addresses to a single
"known-s...@known-spam.my.domain" address and then a simple transport(5)
to redirect just the "known-s...@known-spam.my.domain" address to
another instance of smtpd running on a different port the same server as
dspam. That smptd would "simply" have it delivered to dspam for
innoculation.
Thanks for getting me thinking in another direction!
Jeff
On 11/18/16 1:59 PM, L. Jankok wrote:
Hi,
It really boils down how you have implemented dspam with postfix.
You can create two transports, one for learning and one for inoculation.
Next all mails to heavily spammed e-mail address goes directly to
inoculate.
Why should you first go to learn and then go to inoculate if your
assumption is that the mail is spam anyways?
Regards,
LJ
On 18/11/2016, 22:14, "Jeff Kletsky" <dspam-li...@allycomm.com
<mailto:dspam-li...@allycomm.com>> wrote:
Over the years I've ended up with some email addresses that are
heavily spammed and no longer in use.
I'd like to take advantage of them as a honeypot for inoculation, with
the knowledge that they only receive spam.
I run Postfix and use dspam as a post-queue filter, as described at
http://www.postfix.org/FILTER_README.html#advanced_filter
As a result, all mail gets classified/before /I know the final
recipient, as local aliases haven't been evaluated yet.
I'd like to "deliver" mail for these destinations by routing all of it
through something like
| dspam --client --user <user> --source=error --class=spam
without having to first determine if it was improperly classified as
non-spam.
Reading DSPAM(1) reveals
You should use error only when DSPAM has made an error in clas-
sifying the message, and should present the modified version of
the message with the DSPAM signature when doing so.
Does this mean that if the message was originally classified as spam
that the token and message counts
are "blindly" incremented each time it is called,
or does dspam check to see the classification of the message ID before
incrementing the counts?
As easy as it would be to grep for 'X-DSPAM-Result: Innocent', it
starts getting messy
since I also either need the full message or the signature (another
grep pass) to pass to dspam.
If I can't just feed the message into the reclassify dspam call, are
there any "elegant" approaches to this?
Thanks!
Jeff
------------------------------------------------------------------------------
_______________________________________________ Dspam-user mailing
list Dspam-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspam-user
------------------------------------------------------------------------------
_______________________________________________
Dspam-user mailing list
Dspam-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspam-user
------------------------------------------------------------------------------
_______________________________________________
Dspam-user mailing list
Dspam-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspam-user