On 01/18/2011 04:20 PM, Martin Gregorie wrote: > On Tue, 2011-01-18 at 09:00 -0500, Bowie Bailey wrote: >> On 1/18/2011 4:13 AM, J4 wrote: >>> I have Dovecot LDA so Sieve might well be a good idea, but I would >>> like to inform the sender that the Email was dropped as spam, and >>> avoid backscatter. I don't think I can do this with Sieve/Dovecot LDA. >> You cannot do this from the delivery agent without creating >> backscatter. If you want to inform the sender, the only reliable way to >> do it is to scan the message when it first comes in and simply reject >> the spam. This way, you never accept the message and the sending system >> is responsible for notifying the sender that the message did not go through. >> > If you're thinking of detecting spam at SMTP time you should consider > greylisting. When my ISP implemented it the spam I get dropped > immediately from 80% of my mail to 8%, where its remained ever since. > After that you can take a view whether you want to: > > - scan the remaining mail at SMTP time (and reject spam as you > originally described) > > - use SA as an MTA filter and let the recipient's MUA put it in a spam > folder or bin depending on what the user decides. Or your MTA filter > could silently bin spam or feed it to Bayes to be learned as spam. > Your choice: you just can't reject it at this stage. > > - use a procmail recipe to scan mail and either reject spam or pass it > to the recipient's MUA as above. Use this if you want the recipients > to have some control over spam recognition, individual Bayes filters, > etc. > > Martin > > Hi!
Right - I've moved the SA scanning to the front of postfix, and it scans accordingly and adds headers. What is odd, is that :- It seems that the AWL white-lists the email addresses that were black-listed. Additionally, the shortcircuit should have classes these as blacklisted addresses. Tue Jan 18 17:07:18 2011 [28825] info: spamd: clean message (-0.1/6.0) for nobody:5002 in 0.9 seconds, 2231 bytes. Tue Jan 18 17:07:18 2011 [28825] info: spamd: result: . 0 - AWL,HTML_MESSAGE,SPF_HELO_PASS scantime=0.9,size=2231,user=nobody,uid=5002,required_score=6.0,rhost=localhost,raddr=127.0.0.1,rport=51653,mid=<4d35babb.8020...@abc.com>,autolearn=ham,shortcircuit=no The mysql spamassassin.userpref table has the entry in it: | username | preference | value | prefid | | t...@test.info | blacklist_from | a...@abc.com | 19 | +----------------------------+--------------------------------+------------------------------------------------------------------------------------------------------+--------+ Here is the entry it added to the awl table: select * from awl; +-------------------------+------------------------+-------+-------+----------+ | username | email | ip | count | totscore | +-------------------------+------------------------+-------+-------+----------+ | si...@simonloewen.info | a...@abc.com | 62.58 | 1 | -0.7 | | nobody | b...@blah.com | 62.58 | 7 | -0.7 | +-------------------------+------------------------+-------+-------+----------+ My testing was based on rejecting spam using a blacklist, and now this test method has been circumvented :D Brought a smile to my face. I could simply disable AWL for testing purposes... Q) I would like to understand why a blacklisted address in the userpref table is overridden. Does anyone know? Cheers.