[esd-l] Need To Build Reports Of all Mail in mbox

Vadim Pushkin wiskbroom at hotmail.com
Tue Jan 17 10:05:00 PST 2006

Thank you for your thoughts David, pretty much what I am looking to do plus.

Conceptualizing this is the easy part though ;-)


>From: "David Gilligan, NYFIX O'Seas" <dgilligan at nyfix.co.uk>
>To: "'Vadim Pushkin'" <wiskbroom at hotmail.com>, <esd-l at impsec.org>
>Subject: RE: [esd-l] Need To Build Reports Of all Mail in mbox
>Date: Tue, 17 Jan 2006 17:53:14 -0000
>MIME-Version: 1.0
>Received: from linux.trinitech.co.uk ([]) by 
>bay0-mc12-f17.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); Tue, 
>17 Jan 2006 09:53:28 -0800
>Received: from wxpdg56 (w-xpdg-56.trinitech.co.uk [])by 
>linux.trinitech.co.uk (8.11.6/ with ESMTP id k0HHrLG32335;Tue, 
>17 Jan 2006 17:53:22 GMT
>X-Message-Info: JGTYoYF78jEHjJx36Oi8+Z3TmmkSEdPtfpLB7P/ybN8=
>Organization: NYFIX Overseas Inc
>X-Mailer: Microsoft Office Outlook, Build 11.0.6353
>Thread-Index: AcYbiPlgBhe+RAk/TjyvXAYGAWp3hwAA/Tmw
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
>Return-Path: dgilligan at nyfix.co.uk
>X-OriginalArrivalTime: 17 Jan 2006 17:53:29.0192 (UTC) 
>Hello Vadim
>One implementation I have seen - and use myself (only) for Virus reports - 
>is to send all tagged SPAM/VIRUS/EXPLOIT mails to a
>separate mailbox and access that mailbox as an IMAP store.  One ~could~ use 
>one's normal mail client for this (and I do for the
>Virus reports) but in the 3rd-party implementation I describe, the system 
>sent a reminder-mail once per week inviting the users to
>use a specially provided webmail client to check their SPAM box.
>There were internal-only  'HAM-for-sure' and 'SPAM-for-sure' mail addresses 
>that users were requested to bounce their messages to.
>This worked for a 50 client installation so with your small site you should 
>find this idea reasonably straight forward.
>The ?value? of this was that the sysadmin was spreading the load onto his 
>users and they were pleased have an authority to be
>assisting in the clean-up process.
>Bob courage!
>-----Original Message-----
>From: esd-l-bounces at impsec.org [mailto:esd-l-bounces at impsec.org] On Behalf 
>Of Vadim Pushkin
>Sent: 17 January 2006 16:50
>To: esd-l at impsec.org
>Subject: [esd-l] Need To Build Reports Of all Mail in mbox
>First, I'd like to thank Mr. Hardin for his work on this project and
>especially for ressurecting it.
>My Problem:
>The amount of spam that I am capturing using bayes, spamassassin and/or the
>Sanitizer has grown to over 20,000 per day!  this is the great news, the 
>news is that I still find myself parsing through the spam mbox file that
>gets created (using procmail to redir).  I still have to look at this
>mailbox for all email that was addressed to me and other legitimate email
>addresses (we have 12 email addresses that are valid, very small site).
>What I am hoping to achieve is to print out a report, one per user/email
>address, that would be sent showing the user who sent an email, when and
>what the subject was (it was already tagged as spam).  If the user sees
>something that could possibly be ham, then that user would send me the
>report with a flag, or just an email stating that message #XXX from todays
>report is NOT spam, allowing me the opportunity to retrain spamass/bayes,
>then send this message back to the user.
>Does anyone have a similiar setup that they would like to share?  I ca't be
>the only one with this problem :-)
>Thank you all,
>Vadim A. Pushkin
>esd-l mailing list
>esd-l at impsec.org

More information about the esd-l mailing list