[milters] Archive

Lists Index Date Thread Search

Article: 81
From: Frank Heydlauf
Date: 2004-09-23 05:21:05 -0400
Subject: [SIQ] 013 Re: RE: [LFN14080312] milter-spamc setup generating false p ositives

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

On Thu, Sep 23, 2004 at 09:57:03AM +0200, Christian 'CBE' Benner wrote:
> 
> Hi Frank,
> I guess filtering for Header "X-Spam" isn't the right way.
> The spamc milter can also change the Subject to
> whatever you want (e.g. **** SPAM ****)
> and thats a Header information which a spammer
> would'nt insert by itself.

- You have no control about client-side filters.
  Your users just do what they want.
- There are users who do not like changed subjects
- I got Mails with "**** SPAM ****" in the subject
  but not filtered/tagged by _our_ spamassassin
  (which would use [SPAM] in the beginning or the end
  of the subject)
  What shall I do to get only the spam I filtered
  myself with *my* rules and *my* bayesian filter?

> X-Header can be set and remove by each spammer like
> doubled X-Header insertion
> e.g.  sending X-Spam-Flag: twice... first one is
> tagged by Client with NO and spamc is inserting a
> second X-Spam-Flag: Yes but e.g. on Windows
> Maschines OE (outlook express) decides on first
> occurence of that X-Header.

therefore: 
no X-Spam-Flag -> scan the mail
X-Spam-Flag -> mail is allready scanned and spam - regardless
	how often X-Spam-Flag occurs. 

The exim/spamassassin setup would *not* set an additional
X-Spam-Flag! And not everybody is using outlook and even 
if - you don't want rely on microsoft keeping this 
behaviour!?


google for this section:

# Spam Assassin
spamcheck_router:
  no_verify
  check_local_user
  # When to scan a message :
  #   -   it isn't already flagged as spam
  #   -   it isn't already scanned
  condition = "${if and { {!def:h_X-Spam-Flag:} {!eq
{$received_protocol}{spam-scanned}}} {1}{0}}"
  driver = accept
  transport = spamcheck

that's the way recommended by exim mailing-lists and by
Derrick 'dman' Hudson:
http://dman13.dyndns.org/~dman/config_docs/exim-spamassassin/node12.html
(which is _the_ reference for integrating spamassassin and exim)

The problem (the milter users problem) is: there are
countless installations using exim in this configuration.
See my answer to anthony.

-- 
Gruss Frank

Lists Index Date Thread Search