28.06.2014 04:43, David B Funk kirjoitti:
> Looking at my mail streams I see evidence that spammers sometimes
> add faked "SpamAssassin" headers to their messages (I assume to try
> to trick recipients into thinking that the message has already been
> given a clean bill-of-health).
>
> I wrote a few test rules to look for these pre-existing "X-Spam-"
> headers to test to see if it could be used as a spam detector.
> However I got no hits on these rules even on hand crafted test
> messages that contained such stuff.
>
> Checking the SA source I found in PerMsgStatus.pm a line of code:
> $self->{msg}->delete_header('X-Spam-.*');
> that ran before any tests. So looking for SA headers inside of SA
> is pointless.
>
> So does anybody have any ideas how to test for evidence of a
> prior SA pass?
>
>
>
This is my script /etc/maildroprc
# IF ALREADY SCANNED AND FOUND SPAM, DO NOT RE-SCAN
if (/^X-Spam-Status: Yes/:h)
{
# strip markup, and re-test
if (/^X-FredSpamComment\: SpamAssassin called at jarif\.iki\.fi\./)
{
# Already scanned by us, this is when spam resends mail to
users when they are clean.
SCAN_SPAM=0
}
else
{
xfilter "/usr/bin/spamassassin --remove-markup --nocreate-prefs"
}
}
--
jarif.bit
signature.asc
Description: OpenPGP digital signature
