After checking some things, I've noticed what the problem is. When
SpamAssassin flags the message as spam it trashes that old message and
recreates a new one with the report on the front, the spam attached, etc.
And brand new set of headers. what is lost is all of the custom X-type
headers and group headers, etc. In addition I can't take a look at a FP
and see what recieveds, etc it had on it to track down SORBS and other
Blacklist hits, all that info is lost in the recreation of the headers.
I would like to suggest that when SA recreates the new positive spam
email, it keeps all custom headers (non-RFC) like List-ID, anything with
an X, etc. Or possibly prepend it with Orig- prefix or something. This
will allow me to filter my mailling lists to my mailling lists folders
before it hits trashes into my spam folder on a false positive.
the other thing I would like to suggest is that the original headers be
available in a non-modified state. Either appended to the original
message or prepended as long as the snippet part of the report email is
smart enough to skip the headers. I think prepended would be preferrable.
Or if it is more easily implemented, add the original headers as a
seperate Test/Plain section or addtional attachment. this would allows
us to better track down and adjust for false positives.
Bryan Britt
Beltane Web Services
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ICQ: 53037451
Bryan L. Britt 501-327-8558
Beltane Web Services, Conway, AR http://www.beltane.com
~~~~~~~~~~Support Private Communications on the Internet~~~~~~~~~~
----------------------- Original Message -----------------------
On Fri, 20 Feb 2004 09:35:36 -0600, Bryan Britt <beltane@beltane.com> wrote:
> In trying to figure out why my mail client dumped his message to my spam
> filter (as the last rule) instead of to the list folder (which is above
> it) it brought up a question. I'm filtering the list based on List-ID:
> header. But in his post the list headers were all stripped. there are
> no other recieveds, etc? I'm just running procmail and SA.... no other
> programs in the chain?
>
>
>
> Received: from localhost
> by equinox
> with SpamAssassin (2.63 2004-01-11);
> Fri, 20 Feb 2004 03:30:39 -0600
> From: Alexander Galitski <triton-sec@gidro-service.ru>
> To: spamassassin-users@incubator.apache.org
> Subject: [SPAM 995.70/05.00] spamc not seeing razor/pyzor/dcc while spamassassin does
> Date: Fri, 20 Feb 2004 12:30:36 +0300
> Message-Id: <499152025.20040220123036@gidro-service.ru>
> X-Spam-Flag: YES
> X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on equinox
> X-Spam-Level: **************************************************
> X-Spam-Status: Yes, hits=995.7 required=5.0 tests=BAYES_00,GTUBE, J_CHICKENPOX_45 autolearn=no version=2.63
> MIME-Version: 1.0
> Content-Type: multipart/mixed; boundary="----------=_4035D3BF.502C4C66"
> Status:
>
>
>
>
> Bryan Britt
> Beltane Web Services
>
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ICQ: 53037451
> Bryan L. Britt 501-327-8558
> Beltane Web Services, Conway, AR http://www.beltane.com
> ~~~~~~~~~~Support Private Communications on the Internet~~~~~~~~~~
>
>
>
> ----------------------- Original Message -----------------------
> On Fri, 20 Feb 2004 10:18:57 -0500, Matt Kettler <mkettler@evi-inc.com> wrote:
>
> > At 10:00 AM 2/20/2004, Alexander Galitski wrote:
> >
> > > sorry for my stupid fault ... very unclever ((
> > >
> > > isn't list protected from such user faults??
> >
> > IMO it's not a fault to post a GTUBE string to the list.. So there's no
> > protection needed.
> >
> > I got the message just fine... ok, it did have a high-score, and it did get
> > subject-tagged, but it got here none the less and was placed in my
> > spamassassin folder by my mail client.
> >
> > Quite frankly, it's a fault to not expect a message posted to the list
> > containing GTUBE...
SpamAssassin flags the message as spam it trashes that old message and
recreates a new one with the report on the front, the spam attached, etc.
And brand new set of headers. what is lost is all of the custom X-type
headers and group headers, etc. In addition I can't take a look at a FP
and see what recieveds, etc it had on it to track down SORBS and other
Blacklist hits, all that info is lost in the recreation of the headers.
I would like to suggest that when SA recreates the new positive spam
email, it keeps all custom headers (non-RFC) like List-ID, anything with
an X, etc. Or possibly prepend it with Orig- prefix or something. This
will allow me to filter my mailling lists to my mailling lists folders
before it hits trashes into my spam folder on a false positive.
the other thing I would like to suggest is that the original headers be
available in a non-modified state. Either appended to the original
message or prepended as long as the snippet part of the report email is
smart enough to skip the headers. I think prepended would be preferrable.
Or if it is more easily implemented, add the original headers as a
seperate Test/Plain section or addtional attachment. this would allows
us to better track down and adjust for false positives.
Bryan Britt
Beltane Web Services
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ICQ: 53037451
Bryan L. Britt 501-327-8558
Beltane Web Services, Conway, AR http://www.beltane.com
~~~~~~~~~~Support Private Communications on the Internet~~~~~~~~~~
----------------------- Original Message -----------------------
On Fri, 20 Feb 2004 09:35:36 -0600, Bryan Britt <beltane@beltane.com> wrote:
> In trying to figure out why my mail client dumped his message to my spam
> filter (as the last rule) instead of to the list folder (which is above
> it) it brought up a question. I'm filtering the list based on List-ID:
> header. But in his post the list headers were all stripped. there are
> no other recieveds, etc? I'm just running procmail and SA.... no other
> programs in the chain?
>
>
>
> Received: from localhost
> by equinox
> with SpamAssassin (2.63 2004-01-11);
> Fri, 20 Feb 2004 03:30:39 -0600
> From: Alexander Galitski <triton-sec@gidro-service.ru>
> To: spamassassin-users@incubator.apache.org
> Subject: [SPAM 995.70/05.00] spamc not seeing razor/pyzor/dcc while spamassassin does
> Date: Fri, 20 Feb 2004 12:30:36 +0300
> Message-Id: <499152025.20040220123036@gidro-service.ru>
> X-Spam-Flag: YES
> X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on equinox
> X-Spam-Level: **************************************************
> X-Spam-Status: Yes, hits=995.7 required=5.0 tests=BAYES_00,GTUBE, J_CHICKENPOX_45 autolearn=no version=2.63
> MIME-Version: 1.0
> Content-Type: multipart/mixed; boundary="----------=_4035D3BF.502C4C66"
> Status:
>
>
>
>
> Bryan Britt
> Beltane Web Services
>
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ICQ: 53037451
> Bryan L. Britt 501-327-8558
> Beltane Web Services, Conway, AR http://www.beltane.com
> ~~~~~~~~~~Support Private Communications on the Internet~~~~~~~~~~
>
>
>
> ----------------------- Original Message -----------------------
> On Fri, 20 Feb 2004 10:18:57 -0500, Matt Kettler <mkettler@evi-inc.com> wrote:
>
> > At 10:00 AM 2/20/2004, Alexander Galitski wrote:
> >
> > > sorry for my stupid fault ... very unclever ((
> > >
> > > isn't list protected from such user faults??
> >
> > IMO it's not a fault to post a GTUBE string to the list.. So there's no
> > protection needed.
> >
> > I got the message just fine... ok, it did have a high-score, and it did get
> > subject-tagged, but it got here none the less and was placed in my
> > spamassassin folder by my mail client.
> >
> > Quite frankly, it's a fault to not expect a message posted to the list
> > containing GTUBE...