[Mimedefang] Spamassassin and MimeDefang custom rules

Paul Murphy pjm at ousekjarr.org
Mon Oct 20 15:45:42 EDT 2008


> Below is the output from the above command ... but if I execute the line
above as 
> suggested by Paul or Steffan it just returns to the prompt with the shell
set to 
> \bin\false but does give output when set to \bin\sh

Correct - you have to have a valid shell to test SA.

> This is a little confusing but it seems to suggest that this is spam but
that it 
> only scores overall 1.8 (I presume because of local whitelist etc).

It suggests that it scores 1.8 - whether you consider this to be spam or not
depends on your own site rules, so while the defaults for MD are 5 and 10 for
possibly spam and definitely spam respectively, they are arbitrary figures
which work for most people.  If you wanted, you could change them to 4 and
12, or 6 and 20, if that worked for you.

> Can someone tell me, is my procedure sufficient to prove or disprove that
MD and SA 
> are using local rules or not?

Yes - your local test (BAD_TEST, which checks for xyzzy in a header) is
included in the summary and in the debug output.

> Is there some way to be able to force a score of
> a) under 5 but greater than zero - so I can add an SA report

Not easily, as you need something which either only matches on one rule, or
where the rule matches are known to be repeatable with the same content.  You
would then send crafted messages featuring more key text strings to be
matched until you had the score you wanted, so for example, you could have
tests for:

1.  XYZZYX = 2.0
2.  QWWWWQ = 3.0
3.  QXQXQX = 5.0

And then include these as necessary to make the score in the range you
wanted.  However, watch out for the auto-whitelist (AWL) rule, and use the
defang account to remove your test address from the whitelist between tests.

> b) over 5 but under 10 - so I can change subject
> c) over 10 - so I can reject the mail

As above, plus the >10 test is easy - add the sender address to the SA
blacklist, which will guarantee a score of +100 on top of the other rules.

Best Wishes,


