procmail
[Top] [All Lists]

Re: reprocessing SA false positives (aka despamming)

2004-11-23 07:01:55
Justin Gombos wrote:

[...] This script nearly works.  The problem is that the spamassassin
auto-whitelisting capability is broken. It fails to whitelist the sender, so it is then flagged and filtered as spam.

The spamassassin whitelist features can be "interesting" at times. Have
you used the check_whitelist program to see exactly how those addresses
are being ranked?

I found some unexpected leftover weighting, particularly if an address
had been previously black/whitelisted, which would cause the score to
remain skewed for some time. Something like:

check_whitelist ~/.spamassassin/auto-whitelist | grep <address>

before and after a message is whitelisted may be revealing.

Some whitelist issues have been covered on the spamassassin list in the
recent past. Worth reading are the discussions regarding
"autowhitelisting" being more of a weighting rather than explicit
white/blacklist. I recommend reviewing those!

I'm about to give up on this somewhat elegant approach, and go with a
different strategy; that is, using formail to insert a header field (such as x-spam-status: immunity) that will later prevent the message from being SA processed at all. But I'm not sure I like that approach, so I'd first like to discover why the script above doesn't work as it should.

As part of my retraining scripts, I wound up simply removing any
existing whitelist entries to reset the skewed weighting:

spamassassin --remove-addr-from-whitelist="$SPAMADDR"

(being careful to do so as the actual user running SA/spamd)

Also be aware that spamassassin may not play as expected with the same
headers -- I believe it now strips "old" markup that uses bogus SA
headers as an evasion technique. You may find your X-Spam-Status
messages ignored or stripped by SA. If you're branching around calling
SA, it's not a problem, but worth noting.

Hope this helps! Good luck with it.

- Bob





____________________________________________________________
procmail mailing list   Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail

<Prev in Thread] Current Thread [Next in Thread>