Re: Forward to learn spam and ham?

Tue, 04 Oct 2005 03:50:37 -0700 

Jorgen Lundman a écrit :




I would assume someone has already solved this, but it seems hard to 
search for.



I would like to setup SA site wide, so that all the users can use it. 
However, users are not very technical, so it would be nice if they 
could have an easy method to train their own DBs.



I envisioned that a "[EMAIL PROTECTED]" user could forward said mail to 
something like "[EMAIL PROTECTED]" (forward to themselves, 
with instructions) to train SA. Naturally also 
"[EMAIL PROTECTED]". The syntax/method is not so important.



you can also use a transport: user just submits spam/ham to 
[EMAIL PROTECTED] and [EMAIL PROTECTED] respectively. This has been 
discussed recently (last month?). this way you don't need procmail at all.





I would imagine I could do this in procmail, but I would have to make 
sure:



1) Procmail drops the enclosing email, which is from the user 
themselves, so that isn't part of the training.


2) The spam/ham email might be inline, or attached, so deal with both.



the real problem is that the resubmitted message will differ from the 
original message. most people only know to do classical "forward".
- if the user's MUA supports resend/bounce/forward as attachment, then 
you can
- you can ask them to  view source -> copy -> paste ....  Not very user 
friendly (and people will generally forget, so don't count on that)

- imap users can move/copy message to specific folders
- webmail users can have specific buttons.


I don't know if there is a way to train using only the body (well, some 
mime parts may have been removed by the MUA...).



An overkill way is to keep a copy of all mail, then when users forwards 
a spam/ham, find it. either use msg-id (if MUA puts it in References)+a 
combination of other headers/fields; or use a local ID that you insert 
at delivery time (and hope it won't be removed by the MUA. so X headers 
won't work for instance). putting such an ID in the body requires 
correct handling of mime parts (and will pollute the message....). 
[dspam does so].




Already been done? Or just plain bad idea?


Ultimately, it would be nice if there was a global DB that I/sysadmin 
to could train, as well as, each user's own DB that they train. That 
way I can globally add spam when I am sure that it is spam.



for spam, you can setup trap addresses. The problem is for ham.























					Reply via email to