Mailing List Archive

On 16 Feb 2004, at 06:27, Loren Wilton wrote:
> Is there any obvious way to do something like this?

what I would do is use cron/procmail to take messages from a specific
mailbox (say "spamcop" and run them through spamassassin -d and then
sent them on to spamcop reporting address:


cron (every hour at 20 after)
20 * * * * * /path/to/script

script:
/patch/to/formail -s procmail -m /path/to/spamcop.rc <
$HOME/Mail/spamcop.mbox
mv $HOME/Mail/spamcop.mbox $HOME/reported.`date '+%Y-%m'`
touch $HOME/Mail/spamcop.mbox


spamcop.rc:

:0 fw
| spamassasin -d

:0c
! spamcop@reporting.address.tld

:0:
$HOME/Mail/reported.spam


Something like that (of course, this is untested, but I use a similar
mechanism for handling "learn" mailboxes for SA with Spam and Ham.

--
"Don't be nice. It's Creepy." Tendo Akane

Loren Wilton wrote:
> [...]
> SpamCop likes the original emails forwarded to them, so they can
> parse the headers and figure out where the evil beast came from,
then
> send it on to the abuse department of the ISP.
>
> Spamassassin of course likes to wrap old spam in its own
newspapers
> before throwing it out. This kinda conflicts wiith being able
to
> dispose of the spam thru SpamCop.

Some choices that come to mind:

1. You can have spamassassin leave the original more-or-less
intact by specifying:

report_safe 0

to local.cf, and possibly remove_header if you don't want the
X-Spam headers either.

2. Use the default of report_safe 1 (the wrapping) and
forward/resend the ATTACHED message. There have been several
messages on how to do this with various clients, and the details
depend on what you use. With the report_safe 0, the original is
more-or-less untouched, so that should work.

3. Push the message through:

spamassassin --remove-markup

To more-or-less restore it to the original state.

> I like the Spamcop headers on things so I can see what they are.
But
> I'd also like to get the original message, with maybe one added
> header, something like "X-SpamAssassin-Detected-Spam: 10.7", and
not
> all the fishwrapping, so I could filter the original spam into a
> bucket, or maybe auto-forward it to SpamCop.

I'm kicking around something like this, but for different reasons.
I want to run each message through several spam and virus checking
engines for testing purposes. I'd like to pass the original,
unmodified (as-received) version through several checkers (clamav,
spamassassin, bogofilter, spamoracle), then save a modified
version with headers from ALL of these in my spam box for review
and comparison. During this process, it would be easy enough to
just save a copy of the unmodified version off, then look it up by
message-id etc.

Has anyone developed any good rules for such "parallel testing"
with procmail or external scripts?

Thanks,

- Bob

Hi,

On Mon, 16 Feb 2004 05:27:17 -0800 "Loren Wilton" <lwilton@earthlink.net> wrote:

...
> I like the Spamcop headers on things so I can see what they are. But I'd
> also like to get the original message, with maybe one added header,
> something like "X-SpamAssassin-Detected-Spam: 10.7", and not all the
> fishwrapping, so I could filter the original spam into a bucket, or maybe
> auto-forward it to SpamCop.

I'd strongly advise against auto-forwarding or reporting messages as
spam without manually verification. The Razor folks strongly discourage
auto-reporting; the same should go for any public blacklist.

Two things happen when you screw up a report to Spamcop - yet another
server is wrongly blacklisted by bl.spamcom.net (this happens far too
often for it to be useful for blocking mail, unlike the SBL or XBL) and
you run the risk of getting dropped as a contributor. Though it's
apparently been getting better with time, Spamcop's quality control is
still miserable; please don't become part of the problem.

> Is there any obvious way to do something like this?

Like others have said,

spamassassin -d < marked_message > clean_message

or

spamassassin --remove-markup < marked_message > clean_message

hth,

-- Bob

> I'd strongly advise against auto-forwarding or reporting messages as
> spam without manually verification. The Razor folks strongly discourage
> auto-reporting; the same should go for any public blacklist.

SpamCop forwarding is a two-part process. You forward a bucket of supposed
spam to them, then at a later time you get a notice that they received it.
Then you have to go in though a web page and examine their analysis of each
of the messages individually and decide if it really was spam. If not, you
drop it rather than reporting it.

Its still possible to screw up at that level, but it takes more work. The
couple times I've done it and immediately realized my error I've sent off
"oops, bad spamcop report!" type messages to the recipients of the erroneous
reports, in the hope that someone will notice.

Loren

On Mon, Feb 16, 2004 at 08:47:04AM -0600, Bob Apthorpe wrote:
> > Is there any obvious way to do something like this?
>
> Like others have said,
>
> spamassassin -d < marked_message > clean_message
>
> or
>
> spamassassin --remove-markup < marked_message > clean_message

Also, take a look at http://www.kluge.net/~felicity/random/handlespam.txt

I use it to automate my spam handling ... Includes removing markup and
spamcop reporting amongst various other things. :)

--
Randomly Generated Tagline:
#define SIGILL 6 /* blech */
-- Larry Wall in perl.c from the perl source code