On 06/28/2014 03:43 AM, David B Funk wrote:
Looking at my mail streams I see evidence that spammers sometimes
add faked "SpamAssassin" headers to their messages (I assume to try
to trick recipients into thinking that the message has already been
given a clean bill-of-health).
I wrote a few test rules to look for these pre-existing "X-Spam-"
headers to test to see if it could be used as a spam detector.
However I got no hits on these rules even on hand crafted test
messages that contained such stuff.
Checking the SA source I found in PerMsgStatus.pm a line of code:
$self->{msg}->delete_header('X-Spam-.*');
that ran before any tests. So looking for SA headers inside of SA
is pointless.
So does anybody have any ideas how to test for evidence of a
prior SA pass?
see "clear_headers" and "remove_header"
in
http://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin_Conf.txt
if you don't clear/remove headers and use custom add_header settings for
your SA you can do foo with prettaged msgs.
