For anyone reading this that knows, I'm still curious about the effect of multiple "--source=error" invocations of dspam for the same message/signature.

Thanks LJ!

The reasoning behind the "fix-up" approach is that I process the mail with dspam _before_ local address rewriting is done, so that each (virtual) user gets its own set of tokens in dspam. I was hoping that I'd only have to maintain the virtual alias table for the known-spam users and not have to replicate that elsewhere, such as an access(5) or transport(5) table.

You've got me thinking though, as I do use another SMTP instance as a public-facing relay. Since it doesn't maintain its own aliases for the served domains, I should be able to do something like setting up a virtual alias for the multiple known-spam addresses to a single "known-s...@known-spam.my.domain" address and then a simple transport(5) to redirect just the "known-s...@known-spam.my.domain" address to another instance of smtpd running on a different port the same server as dspam. That smptd would "simply" have it delivered to dspam for innoculation.

Thanks for getting me thinking in another direction!

Jeff




On 11/18/16 1:59 PM, L. Jankok wrote:

Hi,

It really boils down how you have implemented dspam with postfix.

You can create two transports, one for learning and one for inoculation.

Next all mails to heavily spammed e-mail address goes directly to inoculate.

Why should you first go to learn and then go to inoculate if your assumption is that the mail is spam anyways?

Regards,

LJ

On 18/11/2016, 22:14, "Jeff Kletsky" <dspam-li...@allycomm.com <mailto:dspam-li...@allycomm.com>> wrote:

Over the years I've ended up with some email addresses that are heavily spammed and no longer in use.

I'd like to take advantage of them as a honeypot for inoculation, with the knowledge that they only receive spam.

I run Postfix and use dspam as a post-queue filter, as described at http://www.postfix.org/FILTER_README.html#advanced_filter

As a result, all mail gets classified/before /I know the final recipient, as local aliases haven't been evaluated yet.

I'd like to "deliver" mail for these destinations by routing all of it through something like

        | dspam --client --user <user> --source=error --class=spam

without having to first determine if it was improperly classified as non-spam.

Reading DSPAM(1) reveals

    You should use error only when DSPAM has made an error in  clas-
    sifying  the message, and should present the modified version of
    the message with the DSPAM signature when doing so.

Does this mean that if the message was originally classified as spam that the token and message counts
are "blindly" incremented each time it is called,
or does dspam check to see the classification of the message ID before incrementing the counts?

As easy as it would be to grep for 'X-DSPAM-Result: Innocent', it starts getting messy since I also either need the full message or the signature (another grep pass) to pass to dspam.

If I can't just feed the message into the reclassify dspam call, are there any "elegant" approaches to this?

Thanks!

Jeff

------------------------------------------------------------------------------ _______________________________________________ Dspam-user mailing list Dspam-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspam-user



------------------------------------------------------------------------------


_______________________________________________
Dspam-user mailing list
Dspam-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspam-user

------------------------------------------------------------------------------
_______________________________________________
Dspam-user mailing list
Dspam-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspam-user

Reply via email to