[Pkg-exim4-users] spamassassin headers
Chris
nws at cevnet.mine.nu
Thu Apr 20 04:58:13 UTC 2006
I have set up exim4-daemon-heavy/clamd/spamd on unstable.
Debian Sid GNU/linux 2.6.16-1-k7
clamav 0.88.1-1 antivirus scanner for Unix
clamav-base 0.88.1-1 base package for clamav,
clamav-daemon 0.88.1-1 antivirus scanner daemon
clamav-docs 0.88.1-1 documentation package
clamav-freshclam 0.88.1-1 downloads clamav virus database
exim4-base 4.61-1 support files for all exim MTA
exim4-config 4.61-1 configuration for the exim MTA
exim4-daemon-heavy 4.61-1 exim MTA (v4) daemon
spamassassin 3.1.0a-2 Perl-based spam filter using
After a bit of fiddling the basic setup works really well: outgoing mail
gets send out and incoming mail is tested by clamav and spamd before
being filtered by ~/.forward and subsequently delivered into a
Maildir-folder. Kinda like advertised ;-)
Something seems to go wrong with the headers, reporting and ultimately
delivery of spam-positives though.
I have a similar setup running exim4-light with spamassassin via
router-transport on Sarge/Debian-stable. There the "X-Spam-Flag: YES"
header is inserted and the spam-body of a positive is kept out of view
and attached to a warning message.
Here exim has the protective message hiding in the headers under
"X-Spam_report" (see below), leaving the spam-body unshielded in the
Inbox, in full view for the unsuspecting user. This is neither a good
nor a pretty thing.
Not setting the header "X-Spam-Flag: YES" on spam breaks the filtering
with .forward and Spam gets delivered into the inbox.
I cannot seem to set this header manually: adding "X-Spam-Flag: YES\n\"
to the ACL(below) ends up as header: "X-ACL-Warn: X-Spam-Flag: YES"
Negatives get no X-Spam headers at all by default, which is confusing
since it took a trip to /var/log/syslog (or /var/log/mail.info) to find
out that spamd actually processed the message. Is it exim that doesn't
pass on the X-Spam headers set by spamassassin? Why? I sure didn't
override that in order to have to set different ones manually in exim.
Is it a bug or a feature?
Example of ACL + SPAM
ACL:
warn
spam = Debian-exim
message = X-Spam_score: $spam_score\n\
X-Spam_score_int: $spam_score_int\n\
X-Spam_bar: $spam_bar\n\
X-Spam_report: $spam_report
SPAM (full message source):
------begin message source------
Return-path: <nws at cevnet.mine.nu>
Envelope-to: nws at cevnet.mine.nu
Received: from localhost ([127.0.0.1]) by cevnet.mine.nu with esmtp
(Exim 4.61) (envelope-from <nws at cevnet.mine.nu>) id 1FWNSh-0004NS-Vh for
nws at cevnet.mine.nu; Thu, 20 Apr 2006 02:56:00 +0200
Subject: test
From: Chris <nws at cevnet.mine.nu>
To: nws at cevnet.mine.nu
Content-Type: text/plain
Date: Thu, 20 Apr 2006 02:55:59 +0200
Message-Id: <1145494559.20239.2.camel at cevnet>
Mime-Version: 1.0
X-Mailer: Evolution 2.6.0
Content-Transfer-Encoding: 7bit
X-Spam_score: 998.4
X-Spam_score_int: 9984
X-Spam_bar: +++++++++++++++++++++++++++++++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system
"cevnet.mine.nu", has identified this incoming email as possible spam.
The original message has been attached to this so you can view it (if it
isn't spam) or label similar future email. If you have any questions,
see the administrator of that system for details. Content preview:
CUT--->GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL<---CUT
Chris <nws at cevnet.mine.nu> [...] Content analysis details: (998.4
points, 5.0 required) pts rule name description ----
----------------------
--------------------------------------------------
-1.8 ALL_TRUSTED Passed through trusted hosts only via SMTP
1000 GTUBE BODY: Generic Test for Unsolicited Bulk Email
2.5 BAYES_40 BODY: Bayesian spam probability is 20 to 40%
[score:0.3348]
-2.3 AWL AWL: From: address is in the auto white-list
X-Evolution-Source: imap://chris@localhost/
CUT--->GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL<---CUT
-----end message source------
please cc me
Thanks,
--
Chris <nws at cevnet.mine.nu>
More information about the Pkg-exim4-users
mailing list