Interesting games with spam-assassin.
joe at tao.org.uk
Thu Sep 4 20:10:01 BST 2003
Content-Type: text/plain; charset=us-ascii
I've been playing around with my spam-assassin configuration and thought
I'd share some things.
Most people probably run spam-assassin locally on their mailbox using
procmail, but it's becoming more popular to have the MTA filter mail as
it passes through the SMTP channel. This is what I do on transwarp
before forwarding the mail onto the list server at Easynet. What
I've noticed however is that spam-assassin doesn't necessarily do
anything sensible if the mail that it is looking at has already
been marked as spam by another spam-assassin in the chain. In the
case of the list things can get quite complicated because one of my
secondary MX's appears to be running spam-assassin over all mail
that passes through the server (jump.org.uk), even mail that is
being relayed. I'm running spam assassin here and then Easynet appear
to be running it there too. Then the mail gets sent to the
list-members, many of which are running spam-assassin.
Here's an example:
51951 Prespamassassinated! Removing headers!!
51951 X-Spam-Level: ******
51951 DOM: tao.org.uk [brueffer at FreeBSD.org joe at tao.org.uk]
51951 X-Spam-Level: ***********
This is a piece of spam that I've just received, supposedly from
'brueffer at FreeBSD.org' to 'joe at tao.org.uk'. It came in already
spam-assassinated, with a spam level of 6. After reversing the
assassinatin that was previously done I ran spam-assassin on it again,
and this time it got locally assigned a level of 11.
What to do? I think that the only sensible thing to do is to ignore any
spam-assassin that others do in passing, (with spamassassin -d) and then
re-classify it locally. That is what I'm going to do with the list mail
at least. I'll reverse and redo spamassassination and then throw the
mail away if I locally think that it's spam. This should cut the spam
level to the list down by most of it.
Does this sound a sensible approach?
I wonder what the ethics are of filtering mail that is being relayed for
others. Am I doing a service by doing this, or is it none of my
business? I kind of feel the later, and would adopt that I don't filter
for mail that is being relaxed, but do for mail that lands locally (that
is my responsibility). There's a grey area here in which I have mail
addresses locally, like the ukug.uk.freebsd.org ones, which actually get
forwarded on to another address. I feel that these are actaully local
addresses and so should be filtered.
Gawd, this stuff is a mess!
Josef Karthauser (joe at tao.org.uk) http://www.josef-k.net/
FreeBSD (cvs meister, admin and hacker) http://www.uk.FreeBSD.org/
Physics Particle Theory (student) http://www.pact.cpes.sussex.ac.uk/
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D An eclectic mix of fact an=
d theory. =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (FreeBSD)
-----END PGP SIGNATURE-----
More information about the Ukfreebsd