RE: plugin to test attachments from unknown senders - SpamAssassin

This is a discussion on RE: plugin to test attachments from unknown senders - SpamAssassin ; Aren't spammer tuples in the AWL too? I thought that it averaged both ways; Country AND Western. Dan -----Original Message----- From: Eric A. Hall [mailto:ehall@ehsco.com] Sent: Saturday, July 14, 2007 3:49 PM To: users@spamassassin.apache.org Subject: plugin to test attachments from ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: RE: plugin to test attachments from unknown senders

  1. RE: plugin to test attachments from unknown senders

    Aren't spammer tuples in the AWL too? I thought that it averaged both ways;
    Country AND Western.

    Dan

    -----Original Message-----
    From: Eric A. Hall [mailto:ehall@ehsco.com]
    Sent: Saturday, July 14, 2007 3:49 PM
    To: users@spamassassin.apache.org
    Subject: plugin to test attachments from unknown senders


    Like other folks I've been getting hit with the PDF spam pretty hard. I
    think the way to solve this and the image spam in general is to do a plugin
    that does two things:

    1) looks in the message to see if there is a binary attachment

    2) looks in the AWL to see if the sender tuple is known

    3) if (1==true) && (2==false) fire a score

    I've been meaning to adapt my SAGREY plugin [1] for this but have not had
    time and may not have time for a while yet, so I thought I'd throw this out
    there to see if anybody else is interested in doing it

    [1] http://www.ntrg.com/misc/sagrey/

    --
    Eric A. Hall http://www.ehsco.com/
    Internet Core Protocols http://www.oreilly.com/catalog/coreprot/


  2. RE: plugin to test attachments from unknown senders

    On Sun, 15 Jul 2007 05:30:51 +0800, Dan Barker wrote:

    > Aren't spammer tuples in the AWL too? I thought that it averaged both ways;
    > Country AND Western.
    > Dan


    Not really. Most spam is not in the AWL. They use different email addresses.

    > -----Original Message-----
    > From: Eric A. Hall [mailto:ehall@ehsco.com]
    > Sent: Saturday, July 14, 2007 3:49 PM
    > To: users@spamassassin.apache.org
    > Subject: plugin to test attachments from unknown senders
    >
    >
    > Like other folks I've been getting hit with the PDF spam pretty hard. I
    > think the way to solve this and the image spam in general is to do a plugin
    > that does two things:
    >
    > 1) looks in the message to see if there is a binary attachment
    >
    > 2) looks in the AWL to see if the sender tuple is known
    >
    > 3) if (1==true) && (2==false) fire a score
    >
    > I've been meaning to adapt my SAGREY plugin [1] for this but have not had
    > time and may not have time for a while yet, so I thought I'd throw this out
    > there to see if anybody else is interested in doing it
    >
    > [1] http://www.ntrg.com/misc/sagrey/


    The following seems to work.

    mimeheader LOCAL_PDF_ATTACH Content-Type =~ /application\/pdf/i
    score LOCAL_PDF_ATTACH 0.1
    describe LOCAL_PDF_ATTACH Has PDF attachment

    meta LOCAL_SAGRAY_PDF_SPAM (LOCAL_PDF_ATTACH && SAGREY)
    priority LOCAL_SAGRAY_PDF_SPAM 1002
    score LOCAL_SAGRAY_PDF_SPAM 2.5
    describe LOCAL_SAGRAY_PDF_SPAM PDF attachment from unknown sender

    -jeff



+ Reply to Thread