Feature Requests
Jan-Peter Koopmann
Jan-Peter.Koopmann at SECEIDOS.DE
Fri Aug 1 16:22:08 IST 2003
> 1) new action type: Ham Actions or Not Spam Actions
>
> Similar to "Spam Actions" and "High Spam Actions", what
> to do if the message isn't spam. It may seem like you'd
> always want to "deliver", but maybe not. For one, you might
> want to strip-html even for ham.
You can do this already with the "Convert HTML To Text" option.
> 2) perhaps also a "Low Ham Actions" or "Low Not Spam Actions"
> and "Low Ham Score"/"Low Not Spam Score"
>
> If the message's spam assassin score is lower than "Low
> Ham Score", then use these actions instead of the Ham Actions.
What good would that do? Just curious.
> 3) "Actions Log File" and action "log"
>
> If you specify an action of log, then then 5 things will
> be put into the log file (or log facility? perhaps something like
> (FILE|SYSLOG):(PATH|FACILITY) ) you specify:
>
> a) From: sender
> b) "Mail From" sender and $_ (the qf relay)
> c) Recipient list
> d) Subject
> e) the DNSBLs and Spam Assassin score (like of the
> SpamCheck header, without the individual spam assassin
> scores, though just putting the SpamCheck header would probably work)
Have you had a look at Mailwatch for MailScanner? It will put this kind
of information in a MySQL database.
> auto-* will submit the message to sa-learn so that its
> addresses will be added to the auto-whitelist with either a -100 score
> (auto-whitelisting) or +100 score (auto-blacklisting)
Why not use the auto-thresholds in SpamAssassin itself?
> Then I might process the action log nightly/weekly/monthly to
> see if there's a common sender or relay that is sending me
> the most spam, and create an entry in my sendmail access db
> if they exceed a certain threshold.
This would be the first time in months that spam is coming through a
common sender or relay. Common sender is close to impossible. Only some
viruses (big at boss.com) are dumb enough to do this. And common relay
would most automatically mean that this relay is an open relay and it
will probably be put into the RBL lists. So why bother?
Regards,
JP
More information about the MailScanner
mailing list