On 2023-02-25 at 09:34:52 UTC-0500 (Sat, 25 Feb 2023 15:34:52 +0100)
hg user <mercurialu...@gmail.com>
is rumored to have said:
The last time I was hit by a not-recognized phishing campaign, no Ips
nor
domains were present in RBL. When I took action one hour later I found
that
several of them were listed.
So my idea is; is it possible to replay the queries one/two hours
later?
If you write the code to do it, based on however you manage your mail,
you can do this. There's no way to put that sort of site-specific
tooling into SA itself. SA does not know anything about mail other than
the messages it is given. SA has no way to know what has happened to a
message after it has made its judgment.
I envision two methods:
- logging the queries, with Message-ids
- storing a copy of the message
If the second run hits new RBL, report to me, to take action.
It's certainly something that one could do.
It is not something that SpamAssassin itself does or ever will do.
A useful tool for doing this sort of thing involving SA is the
MIMEDdefang milter, which can use SA for filtering and also can do
anything else you can tell Perl to do with mail. I believe MailMunge (a
descendant of MIMEDefang) also has that capacity.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
