On Tue, May 07, 2002 at 10:39:37PM -0500, dman wrote:
> | > You can find the code (source and pre-built debian package) here:
> | > http://marc.merlins.org/linux/exim/sa.html
>
> The code looks pretty good to me. It is quite readable, followable,
> and well commented.
(blush)
I was expecting worse feedback than that considering how rusty my C is :-)
(mind you, I know about programming and security, but after so many years of
perl, C felt very alien :-D)
I've made the code a bit better and added more comments.
> Could you extend it to handle subject mangling too? I found that
> setting the subject mangling to ***SA:_HITS_*** and sorting on the
> subject is rather nice for gauging the level of the scores in the spam
> folder.
Yep. I happen to do that too. It just hadn't occured to me since my test
config rejects the tagged mails, so they don't end up in my mailbox :-)
I've added this feature as you know.
In order not to bore people here, I've also created a mailing list:
http://lists.merlins.org/lists/listinfo/sa-exim
If you downloaded the code, you may want to subscribe, I'll send my
announcements there from now on.
(the quick version is that version 1.1 was released last night, see
changelog on the web page:
http://marc.merlins.org/linux/exim/sa.html )
> Hmm, I could replace the spamc command with my own program and do
> other sorts of checks too (klez, etc) as long as my output looks like
> it came from SA. I think I'll do this instead of using exiscan.
I'll look into this idea some more, but in the meantime, you can obviously
trivially modify the source to do what you need.
> | The code worked so well, that I blocked my previous announcement since it
> | contained a spam example and enough keywords to get the message flagged :-)
>
> Yeah, it hit my junk folder too. I'm glad I found it before dropping
> it in the circular file :-).
(it ended up as a temp reject on my side, so I tweaked the SA config so that
the next send attempt worked)
> After reading it and thinking about exiscan too I have some comments
> and ideas for Philip to consider. Much of the work of exiscan and
Me too, see my comments at the end of the file. I wanted to wait for him to
come back and settle down first :-)
> A function to convert the entire message into a RFC2822 stream would
> be helpful. A fair amount of Marc's code deals with converting the
> in-memory message to a stream to feed to spamc. exiscan does this
> too.
Yep :-)
> Dynamic loading of local_scan. This would allow the various
Yes, that's a big one.
> A routine for reading specific headers back from a stream. Marc does
> this to set the X-Spam: headers. Other local_scans might want to do
> this too.
It was a little pain to do right (especially with caseless headers and
multiline ones)
> I'd also like to see a hook added for a filter that would be run after
> accepting the message but before routing it. This facilitate
> development of a program to clean up the junk too many messages
> contain. For example legal notices, mailling list trailers (which are
> duplicated in the List-* headers), virus-clean notices, and mailling
> list subject munging could all be cleaned up before delivery to the
> user. If this filter is applied before routing is done then the
> filter could add flags to the message that would affect the routing of
> it. This filter would be an external command that would operate in
> the traditional UNIX sense of a filter.
Yeah, that could be useful too.
Marc
--
Microsoft is to operating systems & security ....
.... what McDonalds is to gourmet cooking
Home page:
http://marc.merlins.org/ | Finger marc_f@??? for PGP key