Proper way to handle misidentifiedspamsite-wide?

Thu Jun 27 18:52:35 IST 2002

Julian Field wrote:
> >subjects in -- there must be a better way?
>
> grep -i subject: qf* | less
>
> That isn't too hard, surely?

Not hard, no, but not very accurate/usable either.  :)  What is going on is
that I'm trying to pull all the spam out of our "info" and "help" accounts
before the people that have to handle such requests see them.  This is why it
is really all "my" mail -- I don't think there are legal problems are.  The
problem is that we get tons of spam at these -- because we make the email
addresses so readily available on web sites and such -- crawlers pick them up
repeatedly.

So, I'm just trying to filter most of that out before it ever gets to them to
see at all -- but want to check for errors.  So, just for fun, here are some
of the subjects from our quarantine (ie. marked as spam already) using your
method:

qfg5QM7D128287:H??Subject: help...
qfg5QMBv131050:H??Subject: Offer
qfg5QMOo104547:H??Subject: Re: More info?
qfg5R0Jj104316:H??Subject: Here is what you requested
qfg5R0Rs109645:H??Subject: YOUR ATTENTION PLEASE
qfg5R2IS106590:H??Subject: Welcome New Member!

Those seem "questionable" to me -- at least where I would need to read more of
the information.  And that is just from like an hour or two.  If I check that
even every day, I'd still have dozens and dozens of subjects that I'd have to
research more to see if they might be customer service related in some way.

Now, most of the above are indeed spam.  In fact, I've already checked
manually - and they are.  But just checking them (having to go back and read
the headers in the qf files and, in some cases, actually read the text in the
df files) was not a pleasant experience.  :)

> Personally, I don't use either "store" or "delete". I tag it and
> deliver it all, leaving the users to filter it if they want to. My
> users hate the idea of other people deciding for them. And with a
> multi-Gb network, bandwidth for a bit of mail is hardly a problem :-)

Indeed.  I wouldn't do this for "normal" users -- I'd let them handle it after
just marking them for them.  I just see many other legit uses for
MailScanner/SpamAssassin outside of just marking things for "normal" users.
It seems so close -- but just not quite -- when it comes to doing things
besides "deliver."

> However, I see your point, and I may do something about it in the
> next big release, but that isn't going to be any time very soon. A
> feature for V4.

No problem -- hope to see it someday.  I'll do deliver for now.  Actually, I'm
already more than happy -- since I requested the "two threshold levels" thing
only a day or two ago, was told that it wasn't possible for now, and then
suddenly have it today!  So, I'll consider myself more than lucky for what I
got already.  To whoever paid Julian for that implementation, I thank you!  :)

 - John...