Daniel Quinlan wrote:
>> I think that might be *way* too enticing for spammers. The solution is
>> to just exempt SAtalk and other spam-related mailing lists from spam
>> filtering.
Jan Korger <[EMAIL PROTECTED]> writes:
> That's not a good solution, it's a workaround. I understand the
> distinguishing between spam and spam related/quoting mails is hard, if not
> impossible but I don't want to workaround this by whitelisting (or
> not passing to SA at all) SAtalk because this allows any spam sent to the
> list to reach me unfiltered and so far this was my first false positive
> on SAtalk, so it isn't a big problem anyways. I'll keep the rules in my
> personal SA config, so no spammer will know anyways.
Well, since you brought it up, I think the solution for mailing lists,
especially ones like SpamAssassin (where recipients can't really
filter) is to combine SpamAssassin-style filtering with a TMDA-style
password system. Basically:
- if a message sent to list scores high enough, have the list software
reject it, sending a TMDA-style auto-response with a "bypass" password
- resent email can be accepted into mailing list if it has the password
- add in a whitelist system (also like TMDA otherwise people would be
sending passwords until the end of time on mailing lists like SA)
It's important to use a TMDA-style password system rather than relying
on the list admin. List admins of non-moderated lists tend to be rather
slow about approving messages that have been held over by list software
(such as mailman).
An aside: I find TMDA to be obnoxious and egotistic when used by
individuals on everyone else regardless of the content of the message
(in fact, I don't think I've ever responded to a TMDA auto-response from
an individual), but I think it's acceptable to unleash it on suspicious
(meaning, high-scoring) email sent to entire mailing lists.
Dan
--
Daniel Quinlan Linux, open source, and
http://www.pathname.com/~quinlan/ anti-spam consulting
-------------------------------------------------------
This SF.net email is sponsored by: ApacheCon, November 18-21 in
Las Vegas (supported by COMDEX), the only Apache event to be
fully supported by the ASF. http://www.apachecon.com
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
