[Mimedefang] .help with getting more information on spam.
Alan Williamson
alan at n-ary.com
Thu Apr 24 11:37:01 EDT 2003
I am pulling my hair out with this ... I just haven't a clue why its not
working.
At the moment the Quarantine messages suck ... they have no useful
information in them. I want the SA report to be on the end of it, so I can
see WHY it was marked as spam.
I have followed advice of putting: push(@Warnings, "$report\n");
but still nothing.
Here is my complete filter_end() .... what am I doing wrong?
thank you
sub filter_end ($) {
my($entity) = @_;
# If you want quarantine reports, uncomment next line
send_quarantine_notifications();
# IMPORTANT NOTE: YOU MUST CALL send_quarantine_notifications() AFTER
# ANY PARTS HAVE BEEN QUARANTINED. SO IF YOU MODIFY THIS FILTER TO
# QUARANTINE SPAM, REWORK THE LOGIC TO CALL
send_quarantine_notifications()
# AT THE END!!!
# No sense doing any extra work
if (message_rejected()){
action_quarantine_entire_message();
return;
}
#return if message_rejected();
# Spam checks if SpamAssassin is installed
if ($Features{"SpamAssassin"}) {
if (-s "./INPUTMSG" < 100*1024) {
# Only scan messages smaller than 100kB. Larger messages
# are extremely unlikely to be spam, and SpamAssassin is
# dreadfully slow on very large messages.
my($hits, $req, $names, $report) = spam_assassin_check();
action_add_header("X-Spam-Score", "$hits $names");
if ($hits >= $req) {
md_log('spam', $hits, $RelayAddr);
my($score);
if ($hits < 40) {
$score = "*" x int($hits);
} else {
$score = "*" x 40;
}
# We add a header which looks like this:
# X-Spam-Score: 6.8 (******) NAME_OF_TEST,NAME_OF_TEST
# The number of asterisks in parens is the integer part
# of the spam score clamped to a maximum of 40.
# MUA filters can easily be written to trigger on a
# minimum number of asterisks...
action_change_header("X-Spam-Score", "$hits ($score)
$names");
# If you find the SA report useful, add it, I guess...
action_add_part($entity, "text/plain", "-suggest",
"$report\n",
"SpamAssassinReport.txt", "inline");
push(@Warnings, "$report\n");
$NotifyAdministratorSubject = "A: $subject";
action_quarantine_entire_message("$report\n");
action_notify_administrator("Message quarantined");
send_quarantine_notifications();
} else {
# Delete any existing X-Spam-Score header?
#action_delete_header("X-Spam-Score");
}
}
}
||| -----Original Message-----
||| From: Joseph Brennan [mailto:brennan at columbia.edu]
||| Sent: 24 April 2003 14:19
||| To: mimedefang at lists.roaringpenguin.com
||| Subject: [Mimedefang] application... jpg
|||
|||
|||
||| Virusmail came with two attachments. The one named .exe was
||| successfully removed by mimedefang. The second one is
||| application/octet-stream but has a .jpg extension. I have
||| appended only two lines of the encoded data.
|||
||| The Content-Type of the whole message is multipart/alternative
||| which seems wrong for a message with one text part and two
||| application parts.
|||
||| It make me think about testing for multipart/alternative with
||| only one text part. In previous work, I noticed we get good
||| mail calling itself multipart/alternative but containing
||| exactly one part that is text. Possibly, alternative could
||| really be text and image although I've never seen that. I'm
||| wondering if any of you have tried a test like this.
|||
||| I realize a virus checker would presumably have tossed this
||| whole message. But maybe it could be tossed before going to
||| the virus checker.
|||
||| Joseph Brennan Columbia University in the City of New York
||| postmaster at columbia.edu Academic Technologies Group
|||
|||
|||
|||
||| This is a multi-part message in MIME format...
|||
||| --IK974hhM0P6L8q6u9cVJ2m1CW3u4de
||| Content-Type: text/html;
||| Content-Transfer-Encoding: quoted-printable
||| Content-Disposition: inline
|||
||| <HTML><HEAD></HEAD><BODY>
|||
||| <FONT>This is a special funny website<br>
||| I wish you would enjoy it.</FONT></BODY></HTML>
|||
||| --IK974hhM0P6L8q6u9cVJ2m1CW3u4de
||| Content-Type: text/plain; name="warning.txt"
||| Content-Disposition: inline; filename="warning.txt"
||| Content-Transfer-Encoding: 7bit
||| MIME-Version: 1.0
||| X-Mailer: MIME-tools 5.411 (Entity 5.404)
|||
||| WARNING: This message has been altered by a mail filter on
||| Columbia University's mail server, columbia.edu.
|||
||| An attachment named HEIGHT.exe
||| was removed from this message as a possible security hazard.
|||
|||
||| --IK974hhM0P6L8q6u9cVJ2m1CW3u4de
||| Content-Disposition: inline
|||
||| Content-Type: application/octet-stream;
||| name=078878983X.01.THUMBZZZ[1].jpg
||| Content-Transfer-Encoding: base64
||| Content-ID: <If7I3UVhWjf03I2l>
|||
||| /9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAUDBAQEAwUEBAQFBQUGBwwIBwcH
||| Bw8LCwkMEQ8S
||| EhEPERETFhwXExQaFRERGCEYGh0dHx8fExciJCIeJBweHx7/2wBDAQUFBQcG
||| Bw4ICA4eFBEU
|||
|||
||| _______________________________________________
||| MIMEDefang mailing list
||| MIMEDefang at lists.roaringpenguin.com
||| http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
|||
More information about the MIMEDefang
mailing list