[Mimedefang] MySQL/SA and mimedefang

Chris Myers chris at by-design.net
Fri Jul 4 09:59:00 EDT 2003 

----- Original Message ----- 
From: "Mike Smith" <mike at ftl.com>
To: <mimedefang at lists.roaringpenguin.com>
Sent: Thursday, July 03, 2003 3:55 PM
Subject: Re: [Mimedefang] MySQL/SA and mimedefang


>  I concur with most of what you said. The main request I'm getting is to
allow a
> means for them to add/delete whitelists/blacklists. Not so much
blacklists, but
> whitelists to account for the false positives. I think the global
thresholds are
> fine. I too reject at mimedefang anything over 10. Anything over 5 is
flagged as
> SPAM and sent into the SPAM sub-folder.
>
>  I'll come up with something. Maybe just a better plugin to manage the
.procmailrc
> and the user_prefs file.

What I did in my early filters was to run spamassassin on every message
entering
the system.

1) Don't do whitelist/blacklist in spamassassin, just use the standard
rules.
2) Tag every message with a newly added header or two:

    # Get rid of headers from other folks scanners and from nasty fakers.
    action_delete_all_headers("X-Spam-Score");
    action_delete_all_headers("X-Spam-Status");

    # Generate a string of #s with as many #s as the score of the message,
    # or - if < 1.0.
    my($score) = $hits > 1.0 ? "#" x $hits : "-";
    action_add_header("X-Spam-Status", "Yes, hits=$hits required=$req");
    action_add_header("X-Spam-Score", "$hits ($score) $names");

3) Use procmail to look for either of those headers:

    :0 E
    * ^X-Spam-Status: (Yes|Probable)
    * !?egrep --silent --file /home/USER/.procmail-whitelist
    mail/Spam

    :0 E
    * ?egrep --silent --file /home/USER/.procmail-blacklist
    mail/Spam

OR if the user doesn't like the default scores used for "Yes" and "Probable"
spam,

    :0 E
    * ^X-Spam-Score: .*########
    * !?egrep --silent --file /home/USER/.procmail-whitelist
    mail/Spam

    :0 E
    * ?egrep --silent --file /home/USER/.procmail-blacklist
    mail/Spam

Just replace '########' with as many '#'s as desired.  Personally I don't
recommend filing anything with a score < 5.0 as spam, the false positive
rate will climb quickly.

Stream_by_recipient and stream_by_domain not required.  No databases
required.  Users can easily manipulate their own whitelists and blacklists.

This is actually almost exactly what the example filter does.  You can get
more complex by playing with the definition and handling of Probable
spam, I left that code out as an exercise for the reader. :-)

Chris Myers

More information about the MIMEDefang mailing list