[luau] SpamAssassin and Exchange Webmail

R. Scott Belford sctinc at flex.com
Tue Jul 1 22:40:01 PDT 2003


On Tuesday, July 1, 2003, at 10:27 PM, Warren Togami wrote:

> On Tue, 2003-07-01 at 22:03, Vince Hoang wrote:
>> On Tue, Jul 01, 2003 at 05:56:46PM -1000, R. Scott Belford wrote:
>>> Debian stable uses SpamAssassin 2.2 While not a recent version,
>>> it does format the tagged mail so that I can read it at a later
>>> time even with an html enabled reader. The spam is not put into
>>> an attachment making its sordid contents easy to look over.
>>
>> FWIW, one of the developers for SA is the maintainer for the
>> Debian SA package. Since SA is such a moving target, I would
>> really recommend moving to testing, if possible, and pinning SA
>> to use the unstable package. The version of SA in stable works,
>> but the version in unstable is vastly improved.
>>
>> Warren mentioned earlier that the entire message is now an
>> attachment in recent versions of SA rather than just the message
>> portion of the message. I believe this was because the developers
>> realized that the new approach was much less error prone.
>
> Also more informative for the user because of the very clear message
> body describing why the message was scored to be spam, and it prevents
> the user from accidentally previewing the message and getting cracked 
> by
> an Outlook/Internet Explorer security hole due to script execution.
> Otherwise it prevents the user from alerting the spammer when Outlook
> downloads images that your e-mail address is valid and active, meaning
> "spam more!"
>
> Warren

In defense of debian stable's implementation of SpamAssassin, please 
find below the beginning of a tagged message that has been rendered 
safe for viewing by an html compatible mail viewer and as such safe 
from either opening a hyperlink or executing a script.  It does not 
handle spam like my redhat boxes, but I for one like the whole thing in 
the message rather than as an attachment tempting me to click it.  The 
key is that the html email not be executed in any way.  I guess it is 
not "best", but I have been pleased with how debian-stable tags and 
neuters my spam; I'll have to try pinning to the unstable version.  
Thanks for the info and feedback.

-scott


From: "Elvin Rutherford" <h3q1dt7c2h0a at excite.com>
Date: Wed Jul 2, 2003  12:44:06 AM Pacific/Honolulu
To: <scott at belford.net>
Subject: *****SPAM***** Re: Important Info Enclosed
Reply-To: "Elvin Rutherford" <h3q1dt7c2h0a at excite.com>

SPAM: -------------------- Start SpamAssassin results 
----------------------
SPAM: This mail is probably spam.  The original message has been altered
SPAM: so you can recognise or block similar unwanted mail in future.
SPAM: See http://spamassassin.org/tag/ for more details.
SPAM:
SPAM: Content analysis details:   (14 hits, 5 required)
SPAM: Hit! (-1.4 points) Sent with 'X-Msmail-Priority' set to high
SPAM: Hit! (2.0 points)  From: contains numbers mixed in with letters
SPAM: Hit! (1.7 points)  Sent with 'X-Priority' set to high
SPAM: Hit! (2.1 points)  BODY: Talks about opting in
SPAM: Hit! (-0.3 points) URI: Includes a link to send a mail with a 
subject
SPAM: Hit! (4.8 points)  BODY: Frontpage used to create the message
SPAM: Hit! (2.1 points)  BODY: FONT Size +2 and up or 3 and up
SPAM: Hit! (3.0 points)  BODY: Includes a form which will send an email
SPAM: Hit! (0.0 points)  BODY: Includes a URL link to send an email
SPAM:
SPAM: -------------------- End of SpamAssassin results 
---------------------


--43_EB.06_._FE..9FB1E_38
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable

<html>

<head>
<meta http-equiv=3D"Content-Language" content=3D"en-us">
<meta http-equiv=3D"Content-Type" content=3D"text/html; 
charset=3Dwindows-=
1252">
<meta name=3D"GENERATOR" content=3D"Microsoft FrontPage 4.0">
<meta name=3D"ProgId" content=3D"FrontPage.Editor.Document">
<title>EARN</title>
</head>

<body>

.... more spam below. ...




More information about the LUAU mailing list