[luau] SpamAssassin and Exchange Webmail

Warren Togami warren at togami.com
Tue Jul 1 23:00:01 PDT 2003


On Tue, 2003-07-01 at 22:42, R. Scott Belford wrote:
> > Also more informative for the user because of the very clear message
> > body describing why the message was scored to be spam, and it prevents
> > the user from accidentally previewing the message and getting cracked 
> > by
> > an Outlook/Internet Explorer security hole due to script execution.
> > Otherwise it prevents the user from alerting the spammer when Outlook
> > downloads images that your e-mail address is valid and active, meaning
> > "spam more!"
> >
> > Warren
> 
> In defense of debian stable's implementation of SpamAssassin, please 
> find below the beginning of a tagged message that has been rendered 
> safe for viewing by an html compatible mail viewer and as such safe 
> from either opening a hyperlink or executing a script.  It does not 
> handle spam like my redhat boxes, but I for one like the whole thing in 
> the message rather than as an attachment tempting me to click it.  The 
> key is that the html email not be executed in any way.  I guess it is 
> not "best", but I have been pleased with how debian-stable tags and 
> neuters my spam; I'll have to try pinning to the unstable version.  
> Thanks for the info and feedback.
> 
> -scott
> 

The only drawback to this is that it is confusing and difficult to read
for the legitimate HTML mail that is marked as spam.  The new "make into
attachment" behavior totally does not modify the message, so it is at
least possible and easy to read the original message for inexperienced
users.  For the windows and mac users that I have given a choice, they
much preferred the attachment option to the old report_safe behavior, or
no body modification at all.

Be aware that spamassassin-2.2 is extremely old and its spam detection
ability would be far less precise than recent versions.  Even 2.4 has
problems in marking legitimate mail scores too high, and spam scores too
low.  Spammers found that they could easily add several MUA headers to a
message and force spamassassin scores wayyy low.  This was fixed in
2.55.  2.55 also has the benefit of bayesian filtering, making the
filter learn and become more precise over time.

(2.55 has a flaw where it poisons your bayes database if you use the -r
option though.  Let me know if you plan on using -r to report spam, and
I'll send you a patch to fix this problem.)

Warren




More information about the LUAU mailing list