spamrule on recipient

[josefb]

Hi,

I want to give spam points on special recipients. The reason is, this special recipients are spamtraps, if they get mail it is for sure spam and spamassassin (bayes, AWL) could learn.

The biggest problem is to get the real envelope recipient to spamassassin. My first guess was to make a mail filter rule which adds a special header (X-Spamtrap: YES) if the recipient is in a Spamtrap WHO-Object. A spamassassin rule (in custom.cf) could then match this header and give the extra points. But this doesn't work, because to my understanding spamassassin is evaluated before the mail filter rules are processed.

To you have any ideas, how else I can implement the idea of a "learning" spamtrap in PMG?

bye Josef

 

[dcsapak]

if you have a list of spamtrap emails, why would you want spamassassin to learn them?
simply add a rule with the who object that contains your list and block/quarantine them

 

[josefb]

Because spamassassin could train the bayes database with the text from the spamtrap mails, also the spam sender gets easier on the AWL blacklist.
If I only block/quarantine them with a mail filter rule, this don't help for the same spam to legit recipients.

 

[kalachev_89]

Hi.
You can create spamassasin rule to find this email in full message. If it find them, than add extra points.
Example:

full spamtrap /spamtrap@contoso\.com/i
score spamtrap 5.0
describe spamtrap "test"

 

[josefb]

Hi.
You can create spamassasin rule to find this email in full message. If it find them, than add extra points.
Example:

full spamtrap /spamtrap@contoso\.com/i
score spamtrap 5.0
describe spamtrap "test"

View attachment 50254

Hi,
thanks for your suggestion, that is a similar method I currently use.
I use a header To rule (header MY_SPAMTRAP To =~ /spamtrap@bla\.fasel/i), but this won't match if there is no To header (which sometimes occurs on spam mails). So I tried to set a X-Envelope-To (which I can search) with a PMG mail filter rule, but this want appear because spamassassin is evaluated before the mail filter rules. Final option would as you suggest a "full" rule, which is maybe a little bit to much, or a header rule which examines the Received headers for a "for <recpient-address>" match.
But anyway I thought maybe there is a nicer way to manage the spamtrap recipients via the PMG web interface.

 

[josefb]

I've found now a nice solution, just put the spam trap-addresses to the spamassassin blacklist and the will automatically get per default 10 points.
/etc/mail/spamassassin/custom.cf
blacklist_to lovespam@firstdomain.com spamme@otherdomain.com ...