On Sun, Jul 27, 2008 at 11:13 AM, mouss <[EMAIL PROTECTED]> wrote: > you should have posted this to the other thread: > "Rewriting Subject line, adding an X-header?" > (always think of the archives).
Indeed. There seems to be a lot of good stuff in the archives! > note that just because you find **SPAM** in the Subject doesn't mean it was > added by your filtering provider. we see such headers in mail to > mailing-lists (and even in mail from customers;-p)... In short, it does not > prove that the message is spam according to your own policy. That's true. That's why I wish they would identify spam by other means than by a simple (and not necessarily unique as you point out) Subject tagging. An X-Header of some sort would be a better choice. Local spam filtering is always an option, but takes much more local system resources and for a relatively small environment subscribing to commercial RBLs may not be as cost-effective as using an external commercial filter. For many years I was running SpamAssassin+dcc-dccd+pyzor combination (with qmail), and it did a fairly decent job, but in last year or so the amount of spam that was getting past the filter became unbearable, and the choices became to either bolster the filtering locally or to externalize it. > use postfix to prepend the spam header (X-Spam: yes) and use the proxy to > "fix" the subject. This way you prepend the new header instead of adding it > to the middle of previous headers (and you don't want to buffer headers in > the proxy). That is probably a better way. I was thinking of scanning the message twice in the proxy; first to look for a Subject line with "**SPAM**"; if found, set a local variable to denote it, then rewrite (add header, clean the Subject) on the second pass. But that would come at cost of reduced performance. > to fix the subject, you probably only need to change the yammer() function, > just after > s/^\./../; > > the quick&dirty way (for testing) is to add > s/^Subject:\s*\*\*SPAM\*\*\s+/Subject: /i; > CAVEAT: this would perform the substitution even in the body. you need a > little more code to prevent this. Thanks; I'll do some experimentation with the proxy today and that'll get me started. Ville
