My plan is to scan all outbound mail and drop all mails that match to a log
file or a separate directory where they can be hand-reviewed by someone in
our customer service department. We also wouldn't want to actually modify
the mails on the way out-- so we wouldn't add the spamassassin mail headers.

Some things to think about:

1    You need to get mail from the webmail app to SA
2    You need to filter in SA without munging the orignal mail
3    You need to route potential spam to one or more mailboxes
4 You probably want to stick a 'spammyness' indication on the subject in the mailbox 5 You need to resend misclassified spam, ideally without an indication that it was resent 6 You probably want to run Bayes, and you need to train it on at least the misclassifications

There are various apps that will run SA on mail and then look at the result and use it for forwarding the mail, and toss the SA markup (at least for non-spam). You might want to use one of these, but I'm not sure it is the best way to go.

Another method would be to filter with SA, and set report_safe to 1 so that if it decides the mail is spam, it wraps it as an attachment in another message and outputs that. This has the advantage of not changing the original message, giving you a modified subject that includes the spammyness indication (if you want it), and wrappring viruses as attachments so that it is safe to open the outer message without problems. SA can also unwrap these messages to recover the original message.

My thought on a simple solution would be to feed the webmail into procmail, have it run SA. SA will do report_safe markup on spam. You can now look at the classification result in procmail and route the probable spam to a special mailbox, otherwise let it pass through. You will still need some script or tool to re-send any message that was mis-classified, but this is probably some fairly trivial web app cgi.

By default this will result in a SA score summary in the non-spam showing that it is non-spam. You can probably play with the options on SA to make it not do this; but frankly I don't see a problem here. If spammers can see that you are scanning outbound mail they might not bother abusing your service in the first place.

       Loren


Reply via email to