It is more associated with Mailscanner rather than Amavis, but the Scamnailer project does something very similar with a long list of "known bad" phishing mail addresses. It scans each message for the presence of any of thousands of addresses from a frequently-updated list, and when it finds one, it adds an additional header. You then configure a Mailscanner "Spamassassin Rule Action" setting to perform some custom action if it finds that Scamnailer header in the message. Perhaps that action could include the kind of bounce/sender notify you'd want to do.
Scamnailer also works great for stopping targeted phishing attacks, too, which as a university we get a lot of. Scamnailer is at http://www.scamnailer.info/ Thanks, James __ James Kelly Network Administrator IS&T Network Operations Chapman University Phone: 714-744-7833 Email: jake...@chapman.edu --- CHAPMAN UNIVERSITY WILL NEVER ASK FOR YOUR PASSWORD! DO NOT SHARE YOUR PASSWORD WITH OTHERS! If you wish to modify your Chapman email address account information: Use the account management web page at https://web.chapman.edu/accountmanagement/, Call the Chapman University helpdesk at (714) 997-6600, or Contact helpd...@chapman.edu. -----Original Message----- From: Matthew Kitchin (public/usenet) [mailto:mkitchin.pub...@gmail.com] Sent: Thursday, August 05, 2010 11:11 AM To: Spamassassin Subject: Re: List of "banned" words/bounce to sender On 8/5/2010 1:03 PM, Evan Platt wrote: > > Spamassassin can't handle this - it has no capability to reject mail, > however you need to think - are you going to have a database of > patients names, or is your intention to block anything with a "Name"? > Are you really going to want to manage a databse of every name out > there? If so, what happens when someone e-mails "I watched a > presentation from Bill Gates on...." Well, that's a name, right? > > So let's take the alternative - you have a database of just custom > names (of your patients). Whos job is it to maintain that? And what > happens if, again, in the above situation, a patient has the same name > as say a celebrity or even worse, say a doctor? Let's say there's a > world famous doctor James Bond. But James Bond (different person) is a > patient. One of your staf members e-mails "We need to go see the > conference Dr. James Bond is putting on". Bounced. > Amavisd could reject the mail. I was planning on using Spamassassin (with a custom built rule) to examine the email for the names. We would only use the names of our patients. The names would be dumped out of our patient DB every night. If a patient has a a same name as a friend, there would be a code we would put in the subject to bypass the filter. I was thinking of a custom rule for that code that would have a score of -20 or something like that. Basically, Spamassassin's role would be deciding whether or not one of the names was in the email and if the override code was in the subject. I'm not saying it is the most brilliant idea in the world, but it is what I have been told to implement. I know Amavisd well, so I can handle that part. I guess by main question should be, could I have Spamassassin read a custom rule to look for several thousand patient names in the format "John Smith" and "Smith, John"?
