Sa-learn spam

[kentur]

Hi, so I've looked through the forum, as well as I think I could, and couldn't find an answer to this.

We get a few mails each day, that passes through proxmox, which are spam, however not tagged as such.
How do we get them tagged/trained for the future?

Should we scp them from mailserver to proxmox server to then sa-learn the mails there, or is there somehow a list of all mails that went through proxmox, saved as a form of has, and can be used to train SA?

Is there a best practice here for learning from specific emails?

Blacklisting is for emailaddresses, and doesn't really help sa-learn, so we'd prefer to skip blacklisting as spam isn't always from same sender anyway.

 

[kalachev_89]

Hi. In this situation i did next:
1) create 2 mailbox spam@contoso.com and notspam@contoso.com (ham is not understanding for users) on e-mail server.
2) send manual to user, if they recieve spam emails, that resend it to spam mail, and vice versa for ham mail, that marked as spam.
3) daily via script get mail from this mboxes via imap2mbox, and sa-learn on directory with e-mails.

 

[kentur]

Hi. In this situation i did next:
1) create 2 mailbox spam@contoso.com and notspam@contoso.com (ham is not understanding for users) on e-mail server.
2) send manual to user, if they recieve spam emails, that resend it to spam mail, and vice versa for ham mail, that marked as spam.
3) daily via script get mail from this mboxes via imap2mbox, and sa-learn on directory with e-mails.

Will this not change the headers though, as you forward the email from end-user?
In my case I run proxmox mgw on a separate machine, so I would still need to scp/copy the mail files over to pxm to be able to sa-learn

 

[kalachev_89]

Will this not change the headers though, as you forward the email from end-user?
In my case I run proxmox mgw on a separate machine, so I would still need to scp/copy the mail files over to pxm to be able to sa-learn

My bad. I do it some years ago, so forget all details.
Now i write all flow. All this work only with Exchange.
1) Recipient get spam/ham e-mail and resend to necessary internal e-mail
2) Every night via powershell i found all new e-mails in this mboxes, get original subject (remove RE:, get internal sender, and than via Search-Mailbox cmdlet found origial message in original recipient mbox and copy that ORIGINAL message to spam/ham mbox in separatly directory.
3) After that script on PMG server connect via imap to exchange server, download that e-mails from subfolder
4) sa-learn learns on original e-mails on PMG server.

 

[kentur]

So, what I ended up doing in lack of other solutions, was to map up the mailservers filesystem over sshfs.
sshfs root@host.mailserver:/var/virtual /mnt/mailserver_emails

sshfs is the filesystem over ssh.
root@.. is the user at the mailserver you want to use for accessing filesystem, root might be the most logical.
:/var/virtual is where all my mailusers maildirs are located in
/mnt/mailserver_emails is the folder you'll map/use locally to reach the remote filesystem.

After which I can run..
sa-learn --spam /mnt/mailserver/kent@domain.tld/.TrainSpam/cur/
and it'll train on all messages in that specific folder.

sa-learn --spam /mnt/mailserver/kent@domain.tld/cur/mail-ID
or similar, for specific mail.

i.e. you can do with specific mail, or a folder.
Just be careful so you actually train on spam messages, not a folder of genuine pass email.