You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Rejaine Monteiro <re...@bhz.jamef.com.br> on 2017/03/15 21:20:49 UTC
extract eml forwarded attached mail and sa-learn
Hello!!
Does anyone know of command or script in to extract an "forwarded
attached" email (eg: Forwarded.eml file attached email) on linux command
line/shell script/perl/pyton etc.. I am trying to reformime, ripmime,
but I'm not succeeding yet....
The idea is to make the user, when receiving spam, redirect mail to a
spam account (ie. spam@mydomain), like attached email, run a scritp to
extract the attached EML file and run sa-learn on it...
Thanks any tips!!
Re: extract eml forwarded attached mail and sa-learn
Posted by John Hardin <jh...@impsec.org>.
On Wed, 15 Mar 2017, Rejaine Monteiro wrote:
> Does anyone know of command or script in to extract an "forwarded attached"
> email (eg: Forwarded.eml file attached email) on linux command line/shell
> script/perl/pyton etc.. I am trying to reformime, ripmime, but I'm not
> succeeding yet....
Take a look at "formail", which is part of the procmail package, or
"munpack".
> The idea is to make the user, when receiving spam, redirect mail to a spam
> account (ie. spam@mydomain), like attached email, run a scritp to extract
> the attached EML file and run sa-learn on it...
Be careful when you say "redirect". It may not look like a forwarded
RFC-822 attachment in that case, it might instead be "resent" by the (MUA
or MTA of the) user who originally received it and just look like a
regular message that went via a few extra hops to get to you.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
[For Earth Day] Obama flew a 747 all the way to the Everglades
then rode in a massive SUV motorcade to tell you
to cut carbon emissions. -- Twitter satirist @hale_razor
-----------------------------------------------------------------------
449 days since the first successful real return to launch site (SpaceX)
Re: extract eml forwarded attached mail and sa-learn
Posted by John Hardin <jh...@impsec.org>.
On Wed, 15 Mar 2017, Kris Deugau wrote:
> You'll also get users (mis)reporting legitimate mail of all kinds as spam
> (deliberately or otherwise); hand-sort the reports *before* feeding the
> messages to sa-learn. We have a few users that regularly report pretty much
> "all the mail in my Inbox", most of which is ham, and which would seriously
> break Bayes if we just passed those reports through unsorted.
Set those users up with per-user Bayes and train whatever they send.
Negative feedback is a good engineering principle.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
W-w-w-w-w-where did he learn to n-n-negotiate like that?
-----------------------------------------------------------------------
449 days since the first successful real return to launch site (SpaceX)
Re: extract eml forwarded attached mail and sa-learn
Posted by Rejaine Monteiro <re...@bhz.jamef.com.br>.
Thank you all for the tips.
I instruct all users to always forward spam as an attachment (mta ->
forward as attachment option), but obviously there is always that user
who sends up forwarding the message purely.
I agree that there are problems with users who will end up forwarding
any unwanted email as spam and I also see it as a big problem to solve
because certain exaggerations will surely appear ... initially I am
thinking of visually analyzing the messages that will be forwarded and
try filter what really deserves to be learned by sa-learn (laborious
but necessary)
My problem is aggravated, because I do not have the user accounts
centralized in the spam gateway (it only analyzes spam and forward to
internal servers, I do not use user_prefs, for example), but I'll try ...
Ps: sorry for my bad English, I hope you can understand, I'm using
google translator to write;)
Em 15-03-2017 19:00, Kris Deugau escreveu:
> Rejaine Monteiro wrote:
>> Does anyone know of command or script in to extract an "forwarded
>> attached" email (eg: Forwarded.eml file attached email) on linux command
>> line/shell script/perl/pyton etc.. I am trying to reformime, ripmime,
>> but I'm not succeeding yet....
>>
>> The idea is to make the user, when receiving spam, redirect mail to a
>> spam account (ie. spam@mydomain), like attached email, run a scritp to
>> extract the attached EML file and run sa-learn on it...
>>
>> Thanks any tips!!
>
> I posted the code I wrote for our spam report handling address here,
> in December 2013:
>
> http://mail-archives.apache.org/mod_mbox/spamassassin-users/201312.mbox/ajax/%3C52C2E950.8070804%40vianet.ca%3E
>
>
> (It took a while to find because the Apache archives don't have a
> search function, and the other public list-archive sites all seem to
> be variously broken or awkward to search; I ended up looking back in
> the folder I file this list in.)
>
> Note this is a blob integrated in our local mail delivery handling
> chain, but that should cover the basics.
>
> Fair warning: That was the easy part. The hard part is in getting
> users to correctly forward messages as an RFC822 attachment
> (message/rfc822), if you don't have a handy webmail system with a
> "report as spam" button that Does It Right.
>
> You'll also get users (mis)reporting legitimate mail of all kinds as
> spam (deliberately or otherwise); hand-sort the reports *before*
> feeding the messages to sa-learn. We have a few users that regularly
> report pretty much "all the mail in my Inbox", most of which is ham,
> and which would seriously break Bayes if we just passed those reports
> through unsorted.
>
> -kgd
--
Rejaine da Silveira Monteiro
Suporte-TI
Tel: (31) 2102-8854
Jamef Encomendas Urgentes - Matriz - Belo Horizonte/MG
www.jamef.com.br
Re: extract eml forwarded attached mail and sa-learn
Posted by Kris Deugau <kd...@vianet.ca>.
Rejaine Monteiro wrote:
> Does anyone know of command or script in to extract an "forwarded
> attached" email (eg: Forwarded.eml file attached email) on linux command
> line/shell script/perl/pyton etc.. I am trying to reformime, ripmime,
> but I'm not succeeding yet....
>
> The idea is to make the user, when receiving spam, redirect mail to a
> spam account (ie. spam@mydomain), like attached email, run a scritp to
> extract the attached EML file and run sa-learn on it...
>
> Thanks any tips!!
I posted the code I wrote for our spam report handling address here, in
December 2013:
http://mail-archives.apache.org/mod_mbox/spamassassin-users/201312.mbox/ajax/%3C52C2E950.8070804%40vianet.ca%3E
(It took a while to find because the Apache archives don't have a search
function, and the other public list-archive sites all seem to be
variously broken or awkward to search; I ended up looking back in the
folder I file this list in.)
Note this is a blob integrated in our local mail delivery handling
chain, but that should cover the basics.
Fair warning: That was the easy part. The hard part is in getting
users to correctly forward messages as an RFC822 attachment
(message/rfc822), if you don't have a handy webmail system with a
"report as spam" button that Does It Right.
You'll also get users (mis)reporting legitimate mail of all kinds as
spam (deliberately or otherwise); hand-sort the reports *before*
feeding the messages to sa-learn. We have a few users that regularly
report pretty much "all the mail in my Inbox", most of which is ham, and
which would seriously break Bayes if we just passed those reports
through unsorted.
-kgd