More descriptive body spam message

Thu Jul 30 14:00:08 IST 2009

On 30/07/2009 13:11, Mauricio Tavares wrote:
> Jules Field wrote:
>>
>>
>> On 23/07/2009 12:00, Mauricio Tavares wrote:
>>>     I received a spam mail from one of my other accounts in which 
>>> their spamassassin detected the spam. That is fine, nothing 
>>> specially really. But what it had that was interesting to me was the 
>>> amount of info shown on the body of the message about the said spam:
>>>
>>> =============================%< ====================================
>>> Spam detection software, running on the system "freenet9.afn.org", has
>>> identified this incoming email as possible spam.  The original message
>>> has been attached to this so you can view it (if it isn't spam) or 
>>> label
>>> similar future email.  If you have any questions, see
>>> the administrator of that system for details.
>>>
>>>    [...]
>>>
>>> Content analysis details:   (6.9 points, 5.0 required)
>>>
>>>  pts rule name              description
>>> ---- ---------------------- 
>>> --------------------------------------------------
>>>  0.0 MISSING_MID            Missing Message-Id: header
>>>  1.3 MISSING_HEADERS        Missing To: header
>>>  1.0 BAYES_60               BODY: Bayesian spam probability is 60 to 
>>> 80%
>>>                             [score: 0.6317]
>>>  0.0 HTML_MESSAGE           BODY: HTML included in message
>>>  1.5 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
>>>  0.0 FORGED_OUTLOOK_HTML    Outlook can't send HTML message only
>>>  3.1 FORGED_MUA_OUTLOOK     Forged mail pretending to be from MS 
>>> Outlook
>>>
>>> The original message was not completely plain text, and may be 
>>> unsafe to
>>> open with some email clients; in particular, it may contain a virus,
>>> or confirm that your address can receive spam.  If you wish to view
>>> it, it may be safer to save it to a file and open it with an editor.
>>>
>>> =============================%< ====================================
>>>
>>> A lot of that MailScanner already does, but in a shorthand version 
>>> on the header. Is there a way to do something like the above, as in 
>>> append that to the top of the body of the mail that by now is 
>>> already defanged?
>> Add a spam action "encapsulate" and you will find you get a lot of that.
>>
>     Getting into my Homer Simpson mode here: how do I do that? =)
As I said in a previous article in this thread, it's actually called 
"attachment" in the "Spam Actions". Read up on Spam Actions in 
MailScanner.conf or in the book.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.