info about spam messages
Tom Anderson
tanderso at oac-design.com
Fri Jun 11 15:37:31 CEST 2004
From: "David Relson" <relson at osagesoftware.com>
> It's likely not too hard for bogofilter to cache some more info about
> the message and make it available via the formatting mechanism. I'm
> thinking of additional format specifications:
>
> I - ip address
> F - From: address
>
> And you could then change your bogofilter.cf file to include:
>
> log_header_format = %h: %c, spamicity=%p, version=%v, ipaddr=%I,
> fromaddr=%F
>
> Sound reasonable?
Looks like the emails I sent from home this morning didn't get out of my
outbox, because now I'm going to repeat myself. Be very, very careful using
any information in the header to block out emails at the MTA level. Spams
use spoofed headers more often than not. Never ever rely on a "From"
address. You have to use the "Received" lines, and those can be spoofed
too. The only trustworthy one is the one set by your own server, but even
in that line, you have to be careful... don't rely on the HELO string, only
the IP address or rDNS address provided by your own mail server. The logic
to verify you have valid information can be somewhat complex. I'd recommend
it not be in bogofilter itself, but in your external script called from
procmail. See http://orderamidchaos.com/bogofilter/spamitarium for similar
functionality.
Tom
More information about the Bogofilter
mailing list