Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Interesting spam test

So I'm reading up on how to filter mailman lists through SpamAssassin (might 
he be referring to officers@?  Why, yes!).  It seems that there are one or 
two ways of setting up SpamAssassin (as well as other prorams, as mail 
filters in postfix.  It's a rather complex process with 8 or 9 steps, and 
would affect every message going through the mail server.

I came up with my own technique, which works well, but has only one minor 
(to me) problem with it.

Postfix feeds mail to Mailman via the aliases table like so:

mailman:             "|/usr/lib/mailman/mail/mailman post mailman"
mailman-admin:       "|/usr/lib/mailman/mail/mailman admin mailman"
mailman-bounces:     "|/usr/lib/mailman/mail/mailman bounces mailman"
mailman-confirm:     "|/usr/lib/mailman/mail/mailman confirm mailman"
mailman-join:        "|/usr/lib/mailman/mail/mailman join mailman"

So first I put spamc in the pipe:
mailman:             "|/usr/bin/spamc |/usr/lib/mailman/mail/mailman post 

Now spamassassin will put in the X-Spam... headers.

Next, newer versions of Mailman let you trap spam by looking for regular 
expressions.  You can either look for the "X-Spam-Status: Yes" (if you want 
to control the trip point with spamassassin), or look for the "X-Spam-Level: 
\*\*\*\*\*" (if you want to control the trup point with Mailman)

I testted this all out, and there's only one problem.  If the message is 
reported as spam, spamassassin will wrap the message in mime and put the 
"Spam detection software, running on the system..." message in front of it. 
    If you decide that it was NOT spam, then you would have to copy/paste 
the original mail into a new mail and you lose the sender.

Can you think of a way around this problem?  What do you think of the 
technique otherwise?  It seems like it would place a much lower load on the 
system, and you don't need tricks to get it to not do both ingoing and 
outgoing mail.

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /