rewriting header so I get a blind copy of spam

["Lina, Patrick" <Pa...@itsmaxeda.com>]

Hi,

I'm a new user to this mailinglist and beginning SA learner.
We have a site-wide postfix/spamassassin server, which tags
spam and sends it to our internal Exchange server.
Currently I'd like to train our bayes database with spam/ham
but don't have a sufficient recent supply of either.
I'd like to gather a bunch of emails which get tagged by the
current 'rules only' SA config, with a big score (say 15 and
more) and feed those to bayes.
To get these mails, I somehow have to redirect them to a
seperate inbox.

Is there some way for SA to rewrite the header of mail with
a 15+ score so I get a copy (Bcc:) of those emails?

Greetings,

   Patrick

Re: rewriting header so I get a blind copy of spam

[Ken A <ka...@pacific.net>]

Bill McGonigle wrote:
> On Jul 6, 2007, at 08:03, Lina, Patrick wrote:
> 
>> Is there some way for SA to rewrite the header of mail with
>> a 15+ score so I get a copy (Bcc:) of those emails?
> 
> How about doing it the other way around?  Set up postfix's always_bcc to 
> send a copy of all messages to a special account, then run SpamAssassin 
> (if they're not already tagged by e.g. MailScanner) and procmail to 
> filter them into appropriate buckets.

Well, if you are running MailScanner with SA, you can have it do the 
bcc'ing, only on high scoring spam if you like.
Ken

> 
> -Bill
> 
> -----
> Bill McGonigle, Owner           Work: 603.448.4440
> BFC Computing, LLC              Home: 603.448.1668
> bill@bfccomputing.com           Cell: 603.252.2606
> http://www.bfccomputing.com/    Page: 603.442.1833
> Blog: http://blog.bfccomputing.com/
> VCard: http://bfccomputing.com/vcard/bill.vcf
> 


-- 
Ken Anderson
Pacific.Net

Re: rewriting header so I get a blind copy of spam

[Bill McGonigle <bi...@mcgonigle.us>]

On Jul 6, 2007, at 08:03, Lina, Patrick wrote:

> Is there some way for SA to rewrite the header of mail with
> a 15+ score so I get a copy (Bcc:) of those emails?

How about doing it the other way around?  Set up postfix's always_bcc  
to send a copy of all messages to a special account, then run  
SpamAssassin (if they're not already tagged by e.g. MailScanner) and  
procmail to filter them into appropriate buckets.

-Bill

-----
Bill McGonigle, Owner           Work: 603.448.4440
BFC Computing, LLC              Home: 603.448.1668
bill@bfccomputing.com           Cell: 603.252.2606
http://www.bfccomputing.com/    Page: 603.442.1833
Blog: http://blog.bfccomputing.com/
VCard: http://bfccomputing.com/vcard/bill.vcf

Re: rewriting header so I get a blind copy of spam

[Matt Kettler <mk...@verizon.net>]

Lina, Patrick wrote:
> Hi,
>
> I'm a new user to this mailinglist and beginning SA learner.
> We have a site-wide postfix/spamassassin server, which tags
> spam and sends it to our internal Exchange server.
> Currently I'd like to train our bayes database with spam/ham
> but don't have a sufficient recent supply of either.
> I'd like to gather a bunch of emails which get tagged by the
> current 'rules only' SA config, with a big score (say 15 and
> more) and feed those to bayes.
> To get these mails, I somehow have to redirect them to a
> seperate inbox.
>
> Is there some way for SA to rewrite the header of mail with
> a 15+ score so I get a copy (Bcc:) of those emails?
>   
No. In general SA has absolutely no power to directly alter message
delivery. It cannot delete, bounce, redirect, copy or an email.

SA could rewrite the headers all it wants and it will not directly alter
delivery of the message. It could even over-write the To: header and it
would change nothing.

Despite appearances, the headers have nothing to do with message
delivery, that's all handled by the envelope, which is merely contents
of the 'rcpt to' SMTP  command. That's how Bcc actually works. There is
no Bcc header, a Bcc is just a recipient that exists in the 'rcpt to'
command, but never appears in the To: or Cc: text headers. The To, and
Cc headers are essentially nothing but decorative text generated by the
sender.

However, SA has no access to the envelope, so what you need to do is get
some other part of your mail chain that has control of the envelope, ie:
postfix, to change the recipient list based on the presence of SA tagging.