Re: Forward to learn spam and ham?
Jorgen Lundman a écrit : I would assume someone has already solved this, but it seems hard to search for. I would like to setup SA site wide, so that all the users can use it. However, users are not very technical, so it would be nice if they could have an easy method to train their own DBs. I envisioned that a "[EMAIL PROTECTED]" user could forward said mail to something like "[EMAIL PROTECTED]" (forward to themselves, with instructions) to train SA. Naturally also "[EMAIL PROTECTED]". The syntax/method is not so important. you can also use a transport: user just submits spam/ham to [EMAIL PROTECTED] and [EMAIL PROTECTED] respectively. This has been discussed recently (last month?). this way you don't need procmail at all. I would imagine I could do this in procmail, but I would have to make sure: 1) Procmail drops the enclosing email, which is from the user themselves, so that isn't part of the training. 2) The spam/ham email might be inline, or attached, so deal with both. the real problem is that the resubmitted message will differ from the original message. most people only know to do classical "forward". - if the user's MUA supports resend/bounce/forward as attachment, then you can - you can ask them to view source -> copy -> paste Not very user friendly (and people will generally forget, so don't count on that) - imap users can move/copy message to specific folders - webmail users can have specific buttons. I don't know if there is a way to train using only the body (well, some mime parts may have been removed by the MUA...). An overkill way is to keep a copy of all mail, then when users forwards a spam/ham, find it. either use msg-id (if MUA puts it in References)+a combination of other headers/fields; or use a local ID that you insert at delivery time (and hope it won't be removed by the MUA. so X headers won't work for instance). putting such an ID in the body requires correct handling of mime parts (and will pollute the message). [dspam does so]. Already been done? Or just plain bad idea? Ultimately, it would be nice if there was a global DB that I/sysadmin to could train, as well as, each user's own DB that they train. That way I can globally add spam when I am sure that it is spam. for spam, you can setup trap addresses. The problem is for ham.
Re: Forward to learn spam and ham?
Thanks, Stearns mail gives ground work, but the "bounce" requirement is not acceptable as Lenz points out. Nor do sufficient enough people run imap (less than 1%). Naturally this can be done, it is just complicated. Perhaps if I assume the spam mails are always forwarded "inline" I can strip the first header, then pipe it in as --mbox. Thanks for the feedback, Lund Matthew Lenz wrote: I believe that only works with a redirect/bounce though and outlook express doesn't support it. dunno about your users but with mine that represents about 95% of the users. What about IMAP? If you have your users switch to IMAP you can just have a Spam folder for each account. Can't think of any clients that don't support IMAP. - Original Message - From: "William Stearns" <[EMAIL PROTECTED]> To: "Jorgen Lundman" <[EMAIL PROTECTED]> Cc: "ML-spamassassin-talk" ; "William Stearns" <[EMAIL PROTECTED]> Sent: Monday, October 03, 2005 10:10 PM Subject: Re: Forward to learn spam and ham? Good evening, Jorgen, On Tue, 4 Oct 2005, Jorgen Lundman wrote: I would assume someone has already solved this, but it seems hard to search for. I would like to setup SA site wide, so that all the users can use it. However, users are not very technical, so it would be nice if they could have an easy method to train their own DBs. I envisioned that a "[EMAIL PROTECTED]" user could forward said mail to something like "[EMAIL PROTECTED]" (forward to themselves, with instructions) to train SA. Naturally also "[EMAIL PROTECTED]". The syntax/method is not so important. I would imagine I could do this in procmail, but I would have to make sure: 1) Procmail drops the enclosing email, which is from the user themselves, so that isn't part of the training. 2) The spam/ham email might be inline, or attached, so deal with both. Already been done? Or just plain bad idea? Ultimately, it would be nice if there was a global DB that I/sysadmin to could train, as well as, each user's own DB that they train. That way I can globally add spam when I am sure that it is spam. I think this covers what you need: http://www.stearns.org/doc/spamassassin-setup.current.html#autoreporting Cheers, - Bill --- "If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology." -- Bruce Schneier, Secrets and Lies -- William Stearns ([EMAIL PROTECTED]). Mason, Buildkernel, freedups, p0f, rsync-backup, ssh-keyinstall, dns-check, more at: http://www.stearns.org -- -- Jorgen Lundman | <[EMAIL PROTECTED]> Unix Administrator | +81 (0)3 -5456-2687 ext 1017 (work) Shibuya-ku, Tokyo| +81 (0)90-5578-8500 (cell) Japan| +81 (0)3 -3375-1767 (home)
Re: Forward to learn spam and ham?
I believe that only works with a redirect/bounce though and outlook express doesn't support it. dunno about your users but with mine that represents about 95% of the users. What about IMAP? If you have your users switch to IMAP you can just have a Spam folder for each account. Can't think of any clients that don't support IMAP. - Original Message - From: "William Stearns" <[EMAIL PROTECTED]> To: "Jorgen Lundman" <[EMAIL PROTECTED]> Cc: "ML-spamassassin-talk" ; "William Stearns" <[EMAIL PROTECTED]> Sent: Monday, October 03, 2005 10:10 PM Subject: Re: Forward to learn spam and ham? Good evening, Jorgen, On Tue, 4 Oct 2005, Jorgen Lundman wrote: I would assume someone has already solved this, but it seems hard to search for. I would like to setup SA site wide, so that all the users can use it. However, users are not very technical, so it would be nice if they could have an easy method to train their own DBs. I envisioned that a "[EMAIL PROTECTED]" user could forward said mail to something like "[EMAIL PROTECTED]" (forward to themselves, with instructions) to train SA. Naturally also "[EMAIL PROTECTED]". The syntax/method is not so important. I would imagine I could do this in procmail, but I would have to make sure: 1) Procmail drops the enclosing email, which is from the user themselves, so that isn't part of the training. 2) The spam/ham email might be inline, or attached, so deal with both. Already been done? Or just plain bad idea? Ultimately, it would be nice if there was a global DB that I/sysadmin to could train, as well as, each user's own DB that they train. That way I can globally add spam when I am sure that it is spam. I think this covers what you need: http://www.stearns.org/doc/spamassassin-setup.current.html#autoreporting Cheers, - Bill --- "If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology." -- Bruce Schneier, Secrets and Lies -- William Stearns ([EMAIL PROTECTED]). Mason, Buildkernel, freedups, p0f, rsync-backup, ssh-keyinstall, dns-check, more at: http://www.stearns.org --
Re: Forward to learn spam and ham?
Good evening, Jorgen, On Tue, 4 Oct 2005, Jorgen Lundman wrote: I would assume someone has already solved this, but it seems hard to search for. I would like to setup SA site wide, so that all the users can use it. However, users are not very technical, so it would be nice if they could have an easy method to train their own DBs. I envisioned that a "[EMAIL PROTECTED]" user could forward said mail to something like "[EMAIL PROTECTED]" (forward to themselves, with instructions) to train SA. Naturally also "[EMAIL PROTECTED]". The syntax/method is not so important. I would imagine I could do this in procmail, but I would have to make sure: 1) Procmail drops the enclosing email, which is from the user themselves, so that isn't part of the training. 2) The spam/ham email might be inline, or attached, so deal with both. Already been done? Or just plain bad idea? Ultimately, it would be nice if there was a global DB that I/sysadmin to could train, as well as, each user's own DB that they train. That way I can globally add spam when I am sure that it is spam. I think this covers what you need: http://www.stearns.org/doc/spamassassin-setup.current.html#autoreporting Cheers, - Bill --- "If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology." -- Bruce Schneier, Secrets and Lies -- William Stearns ([EMAIL PROTECTED]). Mason, Buildkernel, freedups, p0f, rsync-backup, ssh-keyinstall, dns-check, more at: http://www.stearns.org --