Hi, I have for some time used 'spambouncer' http://www.spambouncer.org/
which despite being useful is I feel not too good at catching spam. I know spamassasin does a better job. However, spambouncer has one very useful feature, which is sufficient to prevent me changing to spamassasin. With spambouncer it is possible to send an automatic reply to messages considered as spam, with the request to insert a password in the subject line if they are not spam. Despite getting literally 1000's of spams (~100/day and with the recent worm 14,000 over 3-days), I've only ever had two spammers contact me by that means - and one was only semi-spam (since I'd dealt with the company before). The second one actually wanted to know what software I was using, claiming to have "accidentally spammed me"! As such I think the ability to do that would be really useful. I'd suggest it worked something like this. 1) You receive a message which is considered spam. 2) An automatic reply is sent to the sender. The automatic reply has a few lines at the top something like: "My anti-spam filter thought your message was spam. If it was not spam, will you please reply putting the $password anywhere in the SUBJECT line, so I can then receive the mail. Make sure $password in the subject line - putting it in the body will have no effect." The rest of the original message then follows, without the normal chevrons if possible. 3) A non-spammer gets the automatically generated reply, adds the password in the subject line. 4) Any replies get automatically added to a 'whitelist' of non-spammers who you accept email from. Experience has shown me. a) It's not necessary to change the password often - in fact, I never did, since only two people ever used that method to send me spam. You could of course use a one-time-only password, but I don't think that is necessary. b) Some of the autogenerated replies you send then bounce back to you, since the sender's address is invalid. But you just arrange them to go in their own folder, or /dev/null. c) Spoofed emails, where the sender's address is valid, but not the person who sent the mail was never an issue since spambouncer could detect most of them. I think a combination of the better spam detection facilities of spamassassin, with those from spambouncer, would make an excellent anti-spam filter. -- Dr. David Kirkby Ph.D CEng MIEE Author of 'atlc' http://atlc.sourceforge.net/ ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk