Subject Line control (SPAM CONTROL)

Scott Farrell sfarrell at ICCONSULTING.COM.AU
Sun Nov 4 06:48:04 GMT 2001 

Andrew,

I had a little dig around and came up with a few things.

1. I think sendmail.pl is the place to play with support for spamassasin.
2. it looks as though someone has already had a plug at some other "Spam
Killer"  - to a search for Kill in sendmail.pl
3. all we need to do is send the entire email to stdin of spamc, and read
it back from stdout
4. parse the subject and look for *****SPAM*****
5. copy over the header X-Spam-Status if spam detected (see 4 above).

spamc is a nice little proggy that will read from stdin, talk to a daemon
(spamd), which checks for spam, writes in the subject and body and
headers, and returns to spamc, and spamc spits the email back to stdout.

I think I'll go pick up a copy of O'Reilly learning perl or something, and
make a proper attempt at some of this.

not wanting to teach anyone to suck eggs, but I got as far as:
http://cpan.perl.org/doc/manual/html/pod/perlipc.html#Bidirectional_Communication_with
which has an example to read and write to stdin,stdout.

I would rather spamassasin not scribble so much in the email, but rather
return flags, and let mailscanner follow its rules. So basically I think
we parse the email coming back from spamc, and discard it, and makes
decisions in mailscanner. So we might need to reprocess the output of
spamc, and look for *****SPAM***** in the subject, and use that as the key
from output from spamc to tell mailscanner it is spam, I think the header:
X-Spam-Status would be good to keep/process as well, its output looks
something like this:

X-Spam-Status: Yes, hits=10 required=5 tests=FORGED_RCVD_FOUND,NO_REAL_NAM
    E,UNDISC_RECIPS,INVALID_DATE,MSGID_HAS_NO_AT,REMOVE_SUBJ

which shows which rules were broken , leading to the spam decision.

this is the stuff it adds to the body of the email:

SPAM: -------------------- Start SpamAssassin results
----------------------
SPAM: This mail is probably spam.  The original message has been altered
SPAM: so you can recognise or block similar unwanted mail in future, using
SPAM: the built-in mail filtering support in your mail reader.
SPAM:
SPAM: Content analysis details:   (10 hits, 5 required)
SPAM: Hit! (0.1 points)  Possibly-forged 'Received:' header found
SPAM: Hit! (3.2 points)  From: does not include a real name
SPAM: Hit! (1.4 points)  Valid-looking To "undisclosed-recipients"
SPAM: Hit! (3.3 points)  Invalid Date: header (has AM/PM)
SPAM: Hit! (0.3 points)  Message-Id has no @ sign
SPAM: Hit! (1.7 points)  BODY: /remove.*subject/i
SPAM:
SPAM: -------------------- End of SpamAssassin results
---------------------

I don't think we can do much with that - I dont think that much is allowed
in headers, and I think it is "over the top" for the mail body.

regards
Scott Farrell

http://www.icconsulting.com.au
ic Consulting - the people that make eBusiness happen.
We offer e-business consulting and perform services. We deliver high
impact consulting, and fast turn around projects for our clients.
Ask us about Web Content Management,  Web Self Service, or working closer
with your customers or suppliers.

0412 927 156,   02 9411 3622  mailto:sfarrell at icconsulting.com.au




Andrew Hoying <andrewh at CQG.COM>
Sent by: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
31/10/2001 04:22 AM
Please respond to MailScanner mailing list


        To:     MAILSCANNER at JISCMAIL.AC.UK
        cc:
        Subject:        Re: Subject Line control (SPAM CONTROL)
I've been using spam-assassin, http://spamassassin.taint.org/, along with
mailscanner. Spam-assassin catches about 95% of the spam sent to the
company
I work for, up significantly from what mailscanner can catch, but it
doesn't
do virus scanning so I have to use both products on my mail gateway. I
would
love to see these to products combined into one. I may have a chance to
start some work in that direction in the comming days, but if someone else
would like to look at this, that would be great.

Andrew Hoying


> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of Julian Field
> Sent: Tuesday, October 30, 2001 2:19 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Subject Line control (SPAM CONTROL)
>
>
> At 21:21 29/10/2001, you wrote:
> >I am new to mailscanner, so I apologies if this is answered
> somewhere else.
> >Is there a way to scan for word expressions in the Subject line
> to identify
> >Spam mail?  It seems to only catch 20% of the Spam coming through my
mail
> >server using MAPS.
>
> No there aren't, I'm afraid. Have you looked at using ORDB, ORBZ and/or
> ORBL as well?
> --
> Julian Field                Teaching Systems Manager
> jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
> Tel. 023 8059 2817          University of Southampton
>                              Southampton SO17 1BJ


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20011104/2c087c26/attachment.html

More information about the MailScanner mailing list