mouss <mo...@ml.netoyen.net> writes:
> Gerald Turner a écrit :
>> Hello, I have been using SpamAssassin integrated with Postfix via
>> spampd SMTP proxy and I have the following header_checks file:
>>
>> /^X-Spam-Level: \*{8,}/ DISCARD Spam score 8+
>> /^X-Spam-Level: \*{4,}/ REJECT Spam score 4+
>>
>> There are cases where I'd rather DISCARD the low score mail (>= 4, <
>> 8) than REJECT, for instance:
>>
>> When the mail contains mailing-list headers - some mailing lists
>> unsubscribe after too many bounces, particularly Debian with
>> open/unmoderated lists.
>>
>> When the mail was sent to a quasi-spamtrap address - I'm aliased
>> on a few hosts with webmas...@example.com type addresses, some of
>> which will generate bounce warnings to mailer-daemon who is
>> aliased to several people, evil!
>>
>> Unfortunately Postfix header_checks can only process one header at a
>> time, there's no way to compound conditions of multiple headers.
>> I've searched and can't seem to come up with any possibility of
>> configuring Postfix to conditionally discard rather than bounce. I'm
>> on the verge of customizing an example Perl milter to do the job, but
>> it seems like something that should be built-in to either Postfix,
>> spampd, or perhaps amavisd-new - any suggestions?
>>
>
> first, add an SA rule to detect mailing lists. for example
>
> header H_FROM_ML ...
> score H_FROM_ML 0.01
>
> (actually, you will need multiple rules, then combine them with a
> meta).
>
> then your header checks would become
>
> /^X-Spam-Status: Yes, score=([8-9]|\d{2}).*H_FROM_ML/ ....
>
Excellent! Checking X-Spam-Status rather than X-Spam-Level totally
escaped me, thanks.
> some notes:
>
> - unless you are calling SA during the smtp transaction, you should
> not reject mail (ie after it was queued by postfix)
>
It is before-queue while the SMTP connection is still active. I like to
bounce in case legitimate people that have yet to be whitelisted trigger
a false-positive.
> - discarding mail is risky.
>
Other than possibly dropping a false-positive is there anything else I
should know of?
> - spammers can forge list headers...
>
Yes but I think I'm getting what I want in this case: list spam is
discarded, whether forged or not.
> - There are other cases when you don't want to reject (mail to
> ab...@example.com, ... etc).
That's the other problem I'm trying to solve (don't reject mail sent to
these "quasi-spamtrap" addresses, simply discard) - I can see how to do
it now with custom rules checked in X-Spam-Status header. Thanks for
the suggestion.
--
Gerald Turner Email: gtur...@unzane.com JID: gtur...@jabber.unzane.com
GPG: 0xFA8CD6D5 21D9 B2E8 7FE7 F19E 5F7D 4D0C 3FA0 810F FA8C D6D5
