Re: AWL questions (faq?)

13 Oct 2004 00:23:37 -0000

At 08:25 AM 10/13/2004 +0900, MATSUDA Yoh-ichi wrote: 
(1) How to monitor AWL registered listings?
    In my spambox, there are many various scored mail address.
    I want to monitor registered email address and scoring.
    I couldn't find method for monitoring or dumping list.


If you look in the tools subdirectory of the tarball distribution, there's a tool called check_whitelist. Feed it an AWL database file (look in ~/.spamassassin for it) and it will dump the contents in human-readable text.

Quoting some help inside the script itself:

The output looks like this:

     AVG  (TOTSCORE/COUNT)  --  EMAIL|ip=IPBASE

For example:

     0.0         (0.0/7)  --  [EMAIL PROTECTED]|ip=208.192
    21.8        (43.7/2)  --  [EMAIL PROTECTED]|ip=200.106


Note you may see some with "ip=none" from the manual adjustments discussed below...


(2) SA option switch:

        -W, --add-to-whitelist
        --add-to-blacklist
        -R, --remove-from-whitelist

are registering/removing "ALL" email address from full mail message?

In the case of blacklist, To: and Cc: are ignored. All others are added. Whitelist adds all address, including To:.

From the SA 3.0 code in SpamAssassin.pm that actually implements that command:


        =item $f->add_all_addresses_to_blacklist ($mail)

Given a mail message, find addresses in the From headers and add them to the
automatic whitelist database with a high score, effectively blacklisting them.

        Note that To and Cc addresses are not used.



Although looking at the code itself in SA 3.0, it appears to only handle the From: line, and nothing else.

  my @addrlist = ();
  my @hdrs = $mail_obj->get_header ('From');
  if ($#hdrs >= 0) {
    push (@addrlist, $self->find_all_addrs_in_line (join (" ", @hdrs)));
  }

  foreach my $addr (@addrlist) {
    if ($list->add_known_bad_address ($addr)) {
      print "SpamAssassin auto-whitelist: blacklisting address: $addr\n";
    }




    Ex. A spammer send me a spam including "To: [EMAIL PROTECTED]".
    If I execute:

    $ spamassassin --add-to-blacklist spam.txt

Then, my mail address in "To:" field also add to blacklist? 

No.


    If so, complete manipulating is below? (from manpage)

        --add-addr-to-whitelist=addr      Add addr to whitelist (AWL)
        --add-addr-to-blacklist=addr      Add addr to blacklist (AWL)
        --remove-addr-from-whitelist=addr Remove addr from whitelist (AWL)

That method works too.

Reply via email to