Dear Scott,
> I've installed the latest Open Protect on a RH 8.0
> server. It is working in all respects
> (ClamAV+Spamassassin) except for the "inappropriate
> material". I've been having spam & adult messages
> pumped into the server for testing and it simply isn't
> doing anything about them. Some of the adult messages
> are flagged as spam. However, NONE are flagged for
> bad content. I really want the messages with adult
> content to be "attached". I've set this in the CONF
> file but it isn't working.
If you want those mails too be caught by MCP, you have to define
the rules yourself, in any .cf file under /etc/MailScanner/mcp/.
header BANNED Subject =~ /obscene/i
describe BANNED Banned Subject
score BANNED 2
In the above example, it will catch mails with subject obscene. MCP
catches user defined patterns. You can see more commented examples in
/etc/MailScanner/mcp/10_example.cf.
But, if you want them to be caught as spam, you can train them using
SpamAssassins Bayes Filter and sa-learn feature.
If you want to teach it when it gets it wrong, you can have it
run the "sa-learn" script to learn about particular messages. Set up 2
addresses here, "spam" and "notspam" in your server.
People can just redirect wrongly-classified messages to one of
the addresses. Then once an hour the script below is run by cron to
teach the bayes engine about the messages it got wrong.
sa-learn --no-rebuild --spam /path/to/spam/folder
sa-learn --no-rebuild --ham /path/to/ham/folder
You should also run a nightly cron job that does a
"sa-learn --rebuild"
as well, to do all the time consuming housekeeping the Bayes engine
requires.
The problem of having the wrong headers when the mail is forwarded from
a MUA can be resolved in two ways.
One is in an IMAP setup. Simply read from different mailboxes (Spam and
Nospam) and have users copy the message in there. You can either create
a script that detects messages in the mailbox (~/Spam for mbox or
~/Maildir/.Spam/* for maildir format, similar for Nospam) and learn
from those, or (and this is more tricky and less convenient) create a
public IMAP account.
Another idea would be to create a webpage where users can paste the raw
message into a textarea, together with a tutorial on how to copy and
paste the right format in the users client. That would work for POP3
based services, but that requires apache on the mailserver or some
remote scripting or services.
A third less painful, but not so elegant approach is do nothing about
the forwarded headers, and whitelist your users in the file
/etc/MailScanner/rules/spam.whitelist.rules:
From: yourdomain.com1 yes
From: yourdomain.com2 yes
You can also blacklist new spam IP's or domains as new spam is received
in the blacklist.
Set "Is Definitely Spam = /etc/MailScanner/etc/rules/blacklist.rules".
Set addresses to be blacklisted using rules such as
From: [EMAIL PROTECTED] yes
From: [EMAIL PROTECTED] yes
in the file /etc/MailScanner/etc/rules/blacklist.rules. But, this is
painful.
So, you can follow a
1)spam, notspam accounts + whitelisting your users(easiest)
2)spam, notspam accounts + using IMAP shared spam, notspam
accountsspam(not so easy)
3)notspam accounts + using text area on a web browser, where users can
paste the spam,notspam text in appropriate text boxes(tough)
4)blacklist new domains/IPs as and when new spam is received(toughest)
Keep me updated on your progress.
cheers,
Karthikeyan, S.
--
S.Karthikeyan | Mobile: +91 (0) 9444080290
Opencomputing Technologies | http://opencompt.com
Server Side E-Mail Protection.
