Subject Line control (SPAM CONTROL)

Scott Farrell sfarrell at ICCONSULTING.COM.AU
Sun Nov 4 06:48:04 GMT 2001


I had a little dig around and came up with a few things.

1. I think is the place to play with support for spamassasin.
2. it looks as though someone has already had a plug at some other "Spam
Killer"  - to a search for Kill in
3. all we need to do is send the entire email to stdin of spamc, and read
it back from stdout
4. parse the subject and look for *****SPAM*****
5. copy over the header X-Spam-Status if spam detected (see 4 above).

spamc is a nice little proggy that will read from stdin, talk to a daemon
(spamd), which checks for spam, writes in the subject and body and
headers, and returns to spamc, and spamc spits the email back to stdout.

I think I'll go pick up a copy of O'Reilly learning perl or something, and
make a proper attempt at some of this.

not wanting to teach anyone to suck eggs, but I got as far as:
which has an example to read and write to stdin,stdout.

I would rather spamassasin not scribble so much in the email, but rather
return flags, and let mailscanner follow its rules. So basically I think
we parse the email coming back from spamc, and discard it, and makes
decisions in mailscanner. So we might need to reprocess the output of
spamc, and look for *****SPAM***** in the subject, and use that as the key
from output from spamc to tell mailscanner it is spam, I think the header:
X-Spam-Status would be good to keep/process as well, its output looks
something like this:

X-Spam-Status: Yes, hits=10 required=5 tests=FORGED_RCVD_FOUND,NO_REAL_NAM

which shows which rules were broken , leading to the spam decision.

this is the stuff it adds to the body of the email:

SPAM: -------------------- Start SpamAssassin results
SPAM: This mail is probably spam.  The original message has been altered
SPAM: so you can recognise or block similar unwanted mail in future, using
SPAM: the built-in mail filtering support in your mail reader.
SPAM: Content analysis details:   (10 hits, 5 required)
SPAM: Hit! (0.1 points)  Possibly-forged 'Received:' header found
SPAM: Hit! (3.2 points)  From: does not include a real name
SPAM: Hit! (1.4 points)  Valid-looking To "undisclosed-recipients"
SPAM: Hit! (3.3 points)  Invalid Date: header (has AM/PM)
SPAM: Hit! (0.3 points)  Message-Id has no @ sign
SPAM: Hit! (1.7 points)  BODY: /remove.*subject/i
SPAM: -------------------- End of SpamAssassin results

I don't think we can do much with that - I dont think that much is allowed
in headers, and I think it is "over the top" for the mail body.

Scott Farrell
ic Consulting - the people that make eBusiness happen.
We offer e-business consulting and perform services. We deliver high
impact consulting, and fast turn around projects for our clients.
Ask us about Web Content Management,  Web Self Service, or working closer
with your customers or suppliers.

0412 927 156,   02 9411 3622  mailto:sfarrell at

Andrew Hoying <andrewh at CQG.COM>
Sent by: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
31/10/2001 04:22 AM
Please respond to MailScanner mailing list

        Subject:        Re: Subject Line control (SPAM CONTROL)
I've been using spam-assassin,, along with
mailscanner. Spam-assassin catches about 95% of the spam sent to the
I work for, up significantly from what mailscanner can catch, but it
do virus scanning so I have to use both products on my mail gateway. I
love to see these to products combined into one. I may have a chance to
start some work in that direction in the comming days, but if someone else
would like to look at this, that would be great.

Andrew Hoying

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of Julian Field
> Sent: Tuesday, October 30, 2001 2:19 AM
> Subject: Re: Subject Line control (SPAM CONTROL)
> At 21:21 29/10/2001, you wrote:
> >I am new to mailscanner, so I apologies if this is answered
> somewhere else.
> >Is there a way to scan for word expressions in the Subject line
> to identify
> >Spam mail?  It seems to only catch 20% of the Spam coming through my
> >server using MAPS.
> No there aren't, I'm afraid. Have you looked at using ORDB, ORBZ and/or
> ORBL as well?
> --
> Julian Field                Teaching Systems Manager
> jkf at         Dept. of Electronics & Computer Science
> Tel. 023 8059 2817          University of Southampton
>                              Southampton SO17 1BJ

-------------- next part --------------
An HTML attachment was scrubbed...

More information about the MailScanner mailing list