Sounds to me as if the iXhash mechanism might be what you need. The iXhash plugin you find on the SA wiki works on the body of a mail, removes (redundant) parts of it and computes a hash value from the rest. The results have been found to be quite a reliable indicator for spam mails. I feed two DNS zones with the input of several spamtraps (this is what the plugins queries against), but I see no reason why you shouldn't use a modified version that stores its hashes differently. You'd need a modified version of the plugin then as well, of course.
Alternatively you could use the relevant parts of the original procmail code to compute the hashes and check your incoming mails against that data. See http://www.ix.de for that. Knowing some German might help. The fine thing is that you can use the iXhash plugin along razor, pyzor and dcc. (I don't know if it's possible to use two pyzor servers from within spamassassin, I think if you set up your own server you automatically lose the capabilty to use the public one). HTH Dirk On Sat, 11 Nov 2006 03:58:00 -0500 "Paul Aviles" <[EMAIL PROTECTED]> wrote: > Hi there, is there a way to create a "signature" or rule more or less > automatically based on new spam you get? I used MessageLabs in the past and > for those new messages you got they asked to forward the headers of the > email to a particular account so that they could create a "signature" for > those emails. > > Anything similar? > > Regards, > > Paul Aviles