When we forward mail, our mailers encapsulate the message as a MIME object of type message/rfc822. If the message was a false negative, the attachment is the message that should have been spam. If the message was a false positive, the attachment is the SA message which contains an attachment of type message/rfc822 which is the message which should have been ham (I have report_safe enabled).
Do I need to preprocess these or can I feed them directly into sa-learn?
You don't want to learn the components of your message, you only want to learn the attachment (which is the original message). What you need to do is strip out that attachment and pass that to sa-learn. I do that by using a very simplistic bash script (that the MTA pipes mail to via an alias:
http://h0b0.net/salearn.txt
I have two scripts, only difference is that one uses 'sa-learn --spam' the other uses 'sa-learn --ham', for forwarding either missed spam or marked ham.
Ryan Moore ---------- Perigee.net Corporation 704-849-8355 (sales) 704-849-8017 (tech) www.perigee.net
