On 01/18/2011 04:20 PM, Martin Gregorie wrote:
> On Tue, 2011-01-18 at 09:00 -0500, Bowie Bailey wrote:
>> On 1/18/2011 4:13 AM, J4 wrote:
>>> I have Dovecot LDA so Sieve might well be a good idea, but I would
>>> like to inform the sender that the Email was dropped as spam, and
>>> avoid backscatter. I don't think I can do this with Sieve/Dovecot LDA.
>> You cannot do this from the delivery agent without creating
>> backscatter. If you want to inform the sender, the only reliable way to
>> do it is to scan the message when it first comes in and simply reject
>> the spam. This way, you never accept the message and the sending system
>> is responsible for notifying the sender that the message did not go through.
>>
> If you're thinking of detecting spam at SMTP time you should consider
> greylisting. When my ISP implemented it the spam I get dropped
> immediately from 80% of my mail to 8%, where its remained ever since.
> After that you can take a view whether you want to:
>
> - scan the remaining mail at SMTP time (and reject spam as you
> originally described)
>
> - use SA as an MTA filter and let the recipient's MUA put it in a spam
> folder or bin depending on what the user decides. Or your MTA filter
> could silently bin spam or feed it to Bayes to be learned as spam.
> Your choice: you just can't reject it at this stage.
>
> - use a procmail recipe to scan mail and either reject spam or pass it
> to the recipient's MUA as above. Use this if you want the recipients
> to have some control over spam recognition, individual Bayes filters,
> etc.
>
> Martin
>
>
Hi!
Right - I've moved the SA scanning to the front of postfix, and it
scans accordingly and adds headers.
What is odd, is that :-
It seems that the AWL white-lists the email addresses that were
black-listed. Additionally, the shortcircuit should have classes these
as blacklisted addresses.
Tue Jan 18 17:07:18 2011 [28825] info: spamd: clean message (-0.1/6.0)
for nobody:5002 in 0.9 seconds, 2231 bytes.
Tue Jan 18 17:07:18 2011 [28825] info: spamd: result: . 0 -
AWL,HTML_MESSAGE,SPF_HELO_PASS
scantime=0.9,size=2231,user=nobody,uid=5002,required_score=6.0,rhost=localhost,raddr=127.0.0.1,rport=51653,mid=<[email protected]>,autolearn=ham,shortcircuit=no
The mysql spamassassin.userpref table has the entry in it:
| username | preference |
value
| prefid |
| [email protected] | blacklist_from |
[email protected]
| 19 |
+----------------------------+--------------------------------+------------------------------------------------------------------------------------------------------+--------+
Here is the entry it added to the awl table:
select * from awl;
+-------------------------+------------------------+-------+-------+----------+
| username | email | ip | count |
totscore |
+-------------------------+------------------------+-------+-------+----------+
| [email protected] | [email protected] | 62.58 | 1 | -0.7 |
| nobody | [email protected] | 62.58 | 7 | -0.7 |
+-------------------------+------------------------+-------+-------+----------+
My testing was based on rejecting spam using a blacklist, and now this
test method has been circumvented :D Brought a smile to my face. I
could simply disable AWL for testing purposes...
Q) I would like to understand why a blacklisted address in the userpref
table is overridden. Does anyone know?
Cheers.
