Hi all, For clarification I'll sketch the flow of our mail to sa-learn.
Internet -> 2 redundant Exim mailservers with SA -> 2 redundant Notes server -> User -> Spam DB on Notes server -> via fetchmail back to the Exim server -> sa-learn That will of course add at least a new received: line (for fetchmail) and various other headerlines by Notes. Additionally the message might already have a subject tag added by exim relays when the message already scored high enough on its initial receiving. Note that this tag is _not_ added by SA, but by the MTA itself. A sample message: Received: from nsext02.abit.de [10.150.1.42] by localhost with POP3 (fetchmail-6.2.5) for [EMAIL PROTECTED] (single-drop); Wed, 21 Dec 2005 09:35:43 +0100 (CET) Received: from mx01.abit.de ([10.150.1.52]) by nsext02.abit.de (Lotus Domino Release 6.5.4FP1) with ESMTP id 2005110406561735-1513 ; Fri, 4 Nov 2005 06:56:17 +0100 Received: from [61.97.149.100] (helo=easynet.co.uk) by mx01.abit.de with smtp (Exim 4.52) id 1EXuYn-0002Jd-5B for [EMAIL PROTECTED]; Fri, 04 Nov 2005 06:56:22 +0100 Received: from 233.208.214.174 by smtp.covlink.co.uk; Fri, 04 Nov 2005 05:54:33 +0000 Message-ID: <[EMAIL PROTECTED]> From: "Annabelle Osborn" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Date: Fri, 04 Nov 2005 01:54:04 -0400 MIME-Version: 1.0 X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Spam-Score: 5.1 (+++++) X-Spam-Report: Software zur Erkennung von "Spam" auf dem Rechner mx02.abit.de hat die eingegangene E-mail als mögliche "Spam"-Nachricht identifiziert. Die ursprüngliche Nachricht wurde an diesen Bericht angehängt, so dass Sie sie anschauen können (falls es doch eine legitime E-Mail ist) oder ähnliche unerwünschte Nachrichten in Zukunft markieren können. Bei Fragen zu diesem Vorgang wenden Sie sich bitte an the administrator of that system Vorschau: Online pharmacy - Visit our online store and save. Save up to 80% compared to normal rates. All popular drugs are available! [...] Inhaltsanalyse im Detail: (5.1 Punkte, 3.0 benötigt) Pkte Regelname Beschreibung ---- ---------------------- -------------------------------------------------- 0.1 RAZOR2_CF_RANGE_51_100 BODY: Razor2 Spam-Bewertung liegt zwischen 51 und 100 [cf: 100] 3.5 BAYES_99 BODY: Spamwahrscheinlichkeit nach Bayes-Test: 99-100% [score: 1.0000] 1.5 RAZOR2_CHECK Gelistet im "Razor2"-System (http://razor.sf.net/) X-Spam-Flag: YES X-Spam-Category: REDIRECT Subject: XX_SPAM_REDIRECT_XX (score 5.1) Top 10 popular pharmacy drugs X-MIMETrack: Itemize by SMTP Server on NSEXT02/ABIT(Release 6.5.4FP1|June 19, 2005) at 04.11.2005 06:56:17, Serialize by POP3 Server on NSEXT02/ABIT(Release 6.5.4FP1|June 19, 2005) at 21.12.2005 09:35:43 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable [content of the message would come here] Now the big question: Will those subject tags or the notes headerlines confuse sa-learn and lead to wrong bayes tokens? Especially subject-tags that I added via our MTA and the fact that the message has more received lines than it had in first place when arriving at our MTA. I already added the following lines to the local.cf for SA: bayes_auto_learn 0 bayes_ignore_header X-Spam-Score bayes_ignore_header X-Spam-Report bayes_ignore_header X-Spam-Flag bayes_ignore_header X-Spam-Category bayes_ignore_header X-MIMETrack bayes_auto_expire 0 If my assumptions are correct, that leaves the additional received line and the subject tag. Should I take measures to filter those out via a script before injecting them into sa-learn or can I safely ignore them? I hope my message was not too confusing, but it's still early ;) regards sash -------------------------------------------------- Sascha Runschke Netzwerk Administration IT-Services ABIT AG Robert-Bosch-Str. 1 40668 Meerbusch Tel.:+49 (0) 2150.9153.226 Mobil:+49 (0) 173.5419665 mailto:[EMAIL PROTECTED] http://www.abit.net http://www.abit-epos.net --------------------------------- Sicherheitshinweis zur E-Mail Kommunikation / Security note regarding email communication: http://www.abit.net/sicherheitshinweis.html