My plan is to scan all outbound mail and drop all mails that match to a
log
file or a separate directory where they can be hand-reviewed by someone in
our customer service department. We also wouldn't want to actually modify
the mails on the way out-- so we wouldn't add the spamassassin mail
headers.
Some things to think about:
1 You need to get mail from the webmail app to SA
2 You need to filter in SA without munging the orignal mail
3 You need to route potential spam to one or more mailboxes
4 You probably want to stick a 'spammyness' indication on the subject in
the mailbox
5 You need to resend misclassified spam, ideally without an indication
that it was resent
6 You probably want to run Bayes, and you need to train it on at least
the misclassifications
There are various apps that will run SA on mail and then look at the result
and use it for forwarding the mail, and toss the SA markup (at least for
non-spam). You might want to use one of these, but I'm not sure it is the
best way to go.
Another method would be to filter with SA, and set report_safe to 1 so that
if it decides the mail is spam, it wraps it as an attachment in another
message and outputs that. This has the advantage of not changing the
original message, giving you a modified subject that includes the spammyness
indication (if you want it), and wrappring viruses as attachments so that it
is safe to open the outer message without problems. SA can also unwrap
these messages to recover the original message.
My thought on a simple solution would be to feed the webmail into procmail,
have it run SA. SA will do report_safe markup on spam. You can now look at
the classification result in procmail and route the probable spam to a
special mailbox, otherwise let it pass through. You will still need some
script or tool to re-send any message that was mis-classified, but this is
probably some fairly trivial web app cgi.
By default this will result in a SA score summary in the non-spam showing
that it is non-spam. You can probably play with the options on SA to make
it not do this; but frankly I don't see a problem here. If spammers can see
that you are scanning outbound mail they might not bother abusing your
service in the first place.
Loren