[Fwd: Re: getting bogofilter feedback to the mail server.]

Tom Allison tallison at tacocat.net
Thu Sep 21 00:49:54 CEST 2006 

fell off list, thought it might do well to keep it on list..


-------- Original Message --------
Subject: Re: getting bogofilter feedback to the mail server.
Date: Wed, 20 Sep 2006 09:48:19 -0500
From: Tom Allison <tallison at tacocat.net>
To: Chris Wilkes <cwilkes-bf at ladro.com>

On 9/20/2006, "Chris Wilkes" <cwilkes-bf at ladro.com> wrote:

>On Wed, Sep 20, 2006 at 05:51:23AM -0400, Tom Allison wrote:
>> I currently use:
>> postfix for my mail server,
>> postgresql for managing various filter rules in postfix,
>> (postfix uses many - postgresql is only one)
>> postgrey,
>> bogofilter.
>>
>> The thought is to take the filtering results from bogofilter, pull the
>> 'Return-Path' header information from the spam and use that to insert
>> blacklist/whitelist entries into the postfix server configuration.
>
>What happens when someone spams you with your own email address listed
>in the header?  Or the postmaster of your own site?  I suppose you could
>make up rules to stop that from accidently being added to a forbidden
>list.
>

        In the case of maildir delivery, the local daemon prepends
        an  optional  Delivered-To: header with the final envelope
        recipient address, prepends an X-Original-To: header  with
        the  recipient address as given to Postfix, and prepends a
        Return-Path: header with the envelope sender address.

Maybe I misread this (from the postfix man pages).  I was thinking that
the 'envelope sender address' was the HELO address and not the MAIL
FROM part of the protocol.

In any event, the notion is to capture the HELO addresses and use
bogofilter to identify the ones that you just want to ignore.  I already
require a valid DNS lookup on the HELO, so a blink IP address without
DNS will fail anyways.  I haven't run into a problem with that to date.

So I'm thinking the data element I want is in the Received headers.  To
use you as an example:

Received: from ladro.com (dsl231-057-097.sea1.dsl.speakeasy.net
[216.231.57.97])
	by janus.tacocat.net (Postfix) with ESMTP id 6830A4C047
	for <tallison at tacocat.net>; Wed, 20 Sep 2006 10:11:57 -0400 (EDT)


I would use the token: dsl231-057-097.sea1.dsl.speakeasy.net...
If that token has a spamicity of >= 0.9999 then I would add your DSL
address to the black list.  Then I really don't care what alias you
use...

Sane?

More information about the Bogofilter mailing list