using sa-learn on spam attachements

Matt Kettler mkettler at EVI-INC.COM
Tue Sep 13 18:44:23 IST 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Greg Matthews wrote:
> is it ok to use sa-learn to learn spam from mail that has been delivered
> as attachement? ie message arrives from mailscanner with the spam
> included as attachment. Can I then:
> 
> sa-learn --spam -p /etc/MailScanner/spam.assassin.conf \
> 	--dbpath /etc/MailScanner/bayes/bayes \
> 	--mbox < spam.mbx
> 
> or do I need to strip all the attachments out and feed them through
> seperately?

You need to strip the attachments and feed those in.

> 
> I found this on the wiki:
> "It's OK to feed emails with Spamassassin markup into the sa-learn
> command -- sa-learn will ignore any standard Spamassassin headers, and
> if the original email has been encapsulated into an attachment it will
> decapsulate the email. In other words sa-learn will undo any changes
> which Spamassassin has done before learning the spam/ham character of
> the email."

Caveat: Decapsulation works the same as header stripping. SA will only
decapsulate the mail if SA did the encapsulation.

> 
> which sounds good but then:
> "If you or any upstream service has added any additional headers to the
> emails which may mislead Bayes, those should probably be removed before
> feeding the email to sa-learn. Alternatively, use the
> bayes_ignore_header setting in your local.cf (as detailed in the man
> page for Mail::SpamAssassin::Conf)."
> 
> sounds bad as MS has added in headers....

Not only that, but SA didn't generate the encapsulation, MailScanner did. SA can
ONLY undo it's own markups and encapsulations, because SA knows it's own
configuration and can recognize it's own changes as a result.

SA cannot undo markups or encapsulations done by MS, or any other tool, because
it doesn't know what was done.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list