[Esd-l] Looking for pointers RE: SpamAssassin and ESD

Larry Young lyoung at zedak.com
Thu Jul 31 07:37:00 PDT 2003 

Mark,

I like to send it through SpamAssassin first
so that the message is in its original form,
so that SpamAssassin has the best chance of
recognizing it as a known spam via DCC or
Razor2. I haven't researched the matter,
but I assume the Sanitizer's defanging of
HTML and other changes might change the DCC
signature.

To blow it away just use /dev/null as your
procmail delivery destination.

Larry

-----Original Message-----
From: Mark Wendt [mailto:wendt at kingcrab.nrl.navy.mil] 
Sent: Thursday, July 31, 2003 10:21 AM
To: Larry Young
Subject: RE: [Esd-l] Looking for pointers RE: SpamAssassin and ESD


Hi Larry,

         Thanks for the help.  What if I just want to automatically kill

the spam and send it to the great bit bucket beyond?  What I have in
mind 
is to just blow away the spam before it even gets to the users mailbox.
I 
currently use sendmail, and have been using the Sanitizer very
successfully 
with it, and would rather my users not even see the spam to begin 
with.  Have you noticed any difference running the mail through 
SpamAssassin before or after running it through the Sanitizer?

Thanks,
Mark


At 10:07 AM 7/31/2003 -0400, you wrote:



>I just invoke it from procmailrc prior to sanitizing. But I only do it 
>if the user has a 'spam' mailbox, and I automatically divert
>spam to the mailbo. Here's how I do it.
>tmail is a delivery program for the University of Washington
>IMAP server.
>
>Larry Young
>
>
>
>
>LOGFILE=/var/log/procmail
>#VERBOSE=on
>VERBOSE=no
>#DEBUG_VERBOSE=on
>PATH="/usr/bin:/usr/sbin:/usr/local/bin"
>SHELL=/bin/sh
>LD_LIBRARY_PATH=/usr/local/BerkeleyDB.3.3/lib
>HOLDEXT=$1
>
>#:0fw
>#| /usr/local/bin/dccproc
>
>#---------------------------
>#-- Save if user has 'saveall'
>#---------------------------
>:0c
>* ? test -f /home/saveall/${LOGNAME}
>* < 150000
>/home/saveall/${LOGNAME}
>
>:0fw
>* < 250000
>| /usr/local/bin/bogofilter -p -e
>
>
>#---------------------------
>#-- Spamcheck if user has 'spam' folder
>#---------------------------
>:0
>* ? test -f /home/${LOGNAME}/mail/spam
>* < 250000
>{
>
>         #------ Filter through spamassassin
>         :0fw
>         * ? test -f /home/${LOGNAME}/mail/spam
>         * < 250000
>         | /usr/local/bin/spamc  -u spamman  -d 172.16.0.1
>
>
>         #------ Train through spamprobe if >=15
>         :0c
>         * ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
>         | /usr/local/bin/spamassassin -d | spamprobe spam
>
>
>         #------ Train through spamprobe if <=0
>         :0c
>         * !^X-Spam-Level: \*
>         | /usr/local/bin/spamassassin -d |spamprobe good
>
>         #------ Train through bogofilter if >=15
>         :0c
>         * ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
>         | /usr/local/bin/spamassassin -d |bogofilter -l -s
>
>
>         #------ Train through bogofilter if <=0
>         :0c
>         * !^X-Spam-Level: \*
>         | /usr/local/bin/spamassassin -d |bogofilter -l -n
>
>}
>
>#---------------------------
>#-- Sanitize
>#---------------------------
>
>POISONED_EXECUTABLES=/etc/procmail/poisoned
>SECURITY_NOTIFY="lyoung at zedak.com"
>SECURITY_NOTIFY_VERBOSE=
>SECURITY_NOTIFY_SENDER=YES
>SECRET="ARBALSPLART"
>
>
># this file must already exist, with proper permissions (rw--w--w-): 
>SECURITY_QUARANTINE=/var/spool/mail/quarantine
>
>POISONED_SCORE=25
>SCORE_HISTORY=/var/log/macro-scanner-scores
>
>DEFANG_WEBBUGS=YES
>SECURITY_STRIP_MSTNEF=YES
>SECURITY_POISON_WINEXE=YES
>
># Finished setting up, now run the sanitizer... 
>INCLUDERC=/etc/procmail/local-rules.procmail
>INCLUDERC=/etc/procmail/html-trap.procmail
>
>LOG = "trace extension=${EXTENSION} arg=${ARG} one=$1 HOLDEXT=$HOLDEXT 
>\n"
>
># Reset some things to avoid leaking info to
># the users...
>POISONED_EXECUTABLES=
>SECURITY_NOTIFY=
>SECURITY_NOTIFY_VERBOSE=
>SECURITY_NOTIFY_SENDER=
>SECURITY_NOTIFY_RECIPIENT=1
>SECURITY_QUARANTINE=
>SECRET=
>
>
>#---------------------------
>#-- Deliver to spam folder if spam
>#---------------------------
>
>:0 w
>*^X-Spam-Flag:
>* ? test -f /home/${LOGNAME}/mail/spam
>| tmail ${LOGNAME}+spam
>
>
>
>
>-----Original Message-----
>From: esd-l-bounces at spconnect.com [mailto:esd-l-bounces at spconnect.com]
>On Behalf Of Mark Wendt
>Sent: Thursday, July 31, 2003 9:53 AM
>To: esd-l at spconnect.com
>Subject: [Esd-l] Looking for pointers RE: SpamAssassin and ESD
>
>
>Howdy all,
>
>          Looking for pointers and/or web sites that can help me bring 
>SpamAssassin on line with our mail server, and making it play well in 
>the sandbox with the Sanitizer.
>
>Thanks,
>
>Mark Wendt
>System/Network Administrator
>Code 8140
>Naval Research Laboratory
>4555 Overlook Ave, SW
>Building 68, Room 219
>Washington DC
>202-767-0955
>202-404-8520 Fax
>
>_______________________________________________
>Esd-l mailing list
>Esd-l at spconnect.com http://www.spconnect.com/mailman/listinfo/esd-l

More information about the esd-l mailing list