spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From b..@proulx.com (Bob Proulx)
Subject Re: mandgled spam
Date Thu, 08 May 2008 04:06:28 GMT
Jon L. Miller wrote:
> I'm new to SA so bear with me.

You have posted to the right place for SA questions.  Welcome!

> I've got a Debian server as a gateway server that has SA installed.
> I tried to release some mail that was marked as spam.

If it was marked as spam it would have had the report markup on it.
When you say "release" it does this mean that you forwarded it along
from a holding quarantine area directly without removing any of the
markup?  (It's okay.  I wouldn't do it that way.  But I need to ask so
that we know what was going on.)  If so then the user can open the
attachment and get to the original message.

> When the user got the mail it was a merged email with the attachment
> and the original email.

We wouldn't normally called it merged.  We would say that it has been
reported safely.

Normally SpamAssassin uses the 'report_safe 1' setting with this effect,
from the 'man Mail::SpamAssassin::Conf' page:

           report_safe ( 0 | 1 | 2 )     (default: 1)
               if this option is set to 1, if an incoming message is tagged as
               spam, instead of modifying the original message, SpamAssassin
               will create a new report message and attach the original mes-
               sage as a message/rfc822 MIME part (ensuring the original mes-
               sage is completely preserved, not easily opened, and easier to
               recover).

               If this option is set to 2, then original messages will be
               attached with a content type of text/plain instead of mes-
               sage/rfc822.  This setting may be required for safety reasons
               on certain broken mail clients that automatically load attach-
               ments without any action by the user.  This setting may also
               make it somewhat more difficult to extract or view the original
               message.

               If this option is set to 0, incoming spam is only modified by
               adding some "X-Spam-" headers and no changes will be made to
               the body.  In addition, a header named X-Spam-Report will be
               added to spam.  You can use the remove_header option to remove
               that header after setting report_safe to 0.

               See report_safe_copy_headers if you want to copy headers from
               the original mail into tagged messages.

> How do I instruct SA not to merge attachments with email?  I also
> use MailWatch on the frontend.

The default setting of 'report_safe 1' is the most popular setting.
It means that the original message is not mangled and can be retrieved
easily but the reasoning displayed.  By reading the above you can see
the effects of 0 and 2 on it.

The missing piece probably is that when putting messages tagged as
spam back into service as a non-spam message the markup probably
should be removed.  By running the message through 'spamassassin -d'
(aka 'spamassassin --remove-markup') it will remove the tagging and
restore the message to the previous state.

       -d, --remove-markup
           Remove SpamAssassin markup (the "SpamAssassin results" report,
           X-Spam-Status headers, etc.) from the mail message.  The resulting
           message, which will be more or less identical to the original, pre-
           SpamAssassin input, will be output to STDOUT.

           (Note: the message will not be exactly identical; some headers will
           be reformatted due to some features of the Mail::Internet package,
           but the body text will be.)

Therefore depending upon your instance you may want to loop through
each of the mail messages and apply 'spamassassin -d' to it to remove
the markup before releasing the message.

There are many ways to do this.  I like to use the procmail set of
tools for this and 'formail' is the tool designed to loop through
mailboxes.  I have a procmail config file that delivers the mail to
the user's mailbox as if it were delivered normally.  I would then use
formail to loop through every message and process the mail with
procmail.  In the procmail config file have it process the message
through 'spamassassin -d' clean it.

  formail -s procmail procmail-config-file < oldmailbox >> newmailbox

Or if maildirs are used then the messages are in individual files and
you can simply run on them directly.

Hope this helps,
Bob

Mime
View raw message