You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by John Hardin <jh...@impsec.org> on 2013/04/20 22:00:58 UTC

sa-learn and RFC-822 attachments

Guys:

If sa-learn is fed a message (or mailbox of messages) having an RFC-822 
attachment, does it automatically extract the attachment and learn from 
that? Or does it learn from the whole message, always?

http://wiki.apache.org/spamassassin/LearningMarkedUpMessages suggests the 
former, but it's a bit vague as to whether that occurs *always*, or only 
if the attachment was put there by SA.

Background: if users forward misclassified messages as RFC_822 attachments 
to a central mailbox, and sa-learn is trained from that mailbox, does it 
learn the local headers or does it extract the attachment? The attachment 
was not put there by SA in this situation.

-- 
  John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
  jhardin@impsec.org    FALaholic #11174     pgpk -a jhardin@impsec.org
  key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
   My sidearm is a piece of emergency equipment. It absolutely must
   be reliable, not "smart".
-----------------------------------------------------------------------
  3 days until Max Planck's 155th birthday

Re: sa-learn and RFC-822 attachments

Posted by John Hardin <jh...@impsec.org>.

On Sat, 20 Apr 2013, John Hardin wrote:

> Guys:
>
> If sa-learn is fed a message (or mailbox of messages) having an RFC-822 
> attachment, does it automatically extract the attachment and learn from that? 
> Or does it learn from the whole message, always?
>
> http://wiki.apache.org/spamassassin/LearningMarkedUpMessages suggests the 
> former, but it's a bit vague as to whether that occurs *always*, or only if 
> the attachment was put there by SA.
>
> Background: if users forward misclassified messages as RFC_822 attachments to 
> a central mailbox, and sa-learn is trained from that mailbox, does it learn 
> the local headers or does it extract the attachment? The attachment was not 
> put there by SA in this situation.

Quick review of the code suggests that this is only done in instances 
where SA wrapped the original message as an attachment. The structure of 
the code looks like it would be pretty simple to add a case where this 
unwrapping would be done if a command-line parameter was provided, but the 
unwrapping is in SpamAssassin.pm so it would affect *everything*.

Submitting a feature request so this can be debated and tracked.

-- 
  John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
  jhardin@impsec.org    FALaholic #11174     pgpk -a jhardin@impsec.org
  key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
   It is criminal to teach a man not to defend himself when he is the
   constant victim of brutal attacks.              -- Malcolm X (1964)
-----------------------------------------------------------------------
  3 days until Max Planck's 155th birthday