[Pkg-exim4-users] spamassassin headers

Dermot Paikkos dermot at sciencephoto.com
Thu Apr 20 07:27:23 UTC 2006 

What does your local.cf have for report_safe? I thought that this 
controlled the X-Spam-headers

...man spamassassin.conf

"If this option is set to 0, incoming spam is only modified by adding 
some X-Spam- headers and no changes will be made to the body. In 
addition, a header named X-Spam-Report will be added to spam. You can 
use the remove_header option to remove that header after setting 
report_safe to 0"

Or am I barking up the wrong tree?
Dp.

On 20 Apr 2006 at 6:58, Chris wrote:

> I have set up exim4-daemon-heavy/clamd/spamd on unstable. 
> 
> Debian Sid GNU/linux 2.6.16-1-k7
> clamav              0.88.1-1            antivirus scanner for Unix
> clamav-base         0.88.1-1            base package for clamav,
> clamav-daemon       0.88.1-1            antivirus scanner daemon
> clamav-docs         0.88.1-1            documentation package
> clamav-freshclam    0.88.1-1            downloads clamav virus
> database exim4-base          4.61-1              support files for all
> exim MTA exim4-config        4.61-1              configuration for the
> exim MTA exim4-daemon-heavy  4.61-1              exim MTA (v4) daemon
> spamassassin        3.1.0a-2            Perl-based spam filter using
> 
> 
> After a bit of fiddling the basic setup works really well: outgoing
> mail gets send out and incoming mail is tested by clamav and spamd
> before being filtered by ~/.forward and subsequently delivered into a
> Maildir-folder. Kinda like advertised ;-)
> 
> Something seems to go wrong with the headers, reporting and ultimately
> delivery of spam-positives though.
> 
> I have a similar setup running exim4-light with spamassassin via
> router-transport on Sarge/Debian-stable. There the "X-Spam-Flag: YES"
> header is inserted and the spam-body of a positive is kept out of view
> and attached to a warning message.
> 
> Here exim has the protective message hiding in the headers under
> "X-Spam_report" (see below), leaving the spam-body unshielded in the
> Inbox, in full view for the unsuspecting user. This is neither a good
> nor a pretty thing.
> 
> Not setting the header "X-Spam-Flag: YES" on spam breaks the filtering
> with .forward and Spam gets delivered into the inbox. I cannot seem to
> set this header manually: adding "X-Spam-Flag: YES\n\" to the
> ACL(below) ends up as header: "X-ACL-Warn: X-Spam-Flag: YES"
> 
> Negatives get no X-Spam headers at all by default, which is confusing
> since it took a trip to /var/log/syslog (or /var/log/mail.info) to
> find out that spamd actually processed the message. Is it exim that
> doesn't pass on the X-Spam headers set by spamassassin? Why? I sure
> didn't override that in order to have to set different ones manually
> in exim. Is it a bug or a feature?
> 
> Example of ACL + SPAM
> 
> ACL: 
>  warn
>  spam = Debian-exim
>  message =  X-Spam_score: $spam_score\n\
>         X-Spam_score_int: $spam_score_int\n\
>         X-Spam_bar: $spam_bar\n\
>         X-Spam_report: $spam_report                                   
> 
> SPAM (full message source):
> 
> ------begin message source------
> Return-path: <nws at cevnet.mine.nu>
> Envelope-to: nws at cevnet.mine.nu
> Received: from localhost ([127.0.0.1]) by cevnet.mine.nu with esmtp
> (Exim 4.61) (envelope-from <nws at cevnet.mine.nu>) id 1FWNSh-0004NS-Vh
> for nws at cevnet.mine.nu; Thu, 20 Apr 2006 02:56:00 +0200 Subject: test
> From: Chris <nws at cevnet.mine.nu> To: nws at cevnet.mine.nu Content-Type:
> text/plain Date: Thu, 20 Apr 2006 02:55:59 +0200 Message-Id:
> <1145494559.20239.2.camel at cevnet> Mime-Version: 1.0 X-Mailer:
> Evolution 2.6.0 Content-Transfer-Encoding: 7bit X-Spam_score: 998.4
> X-Spam_score_int: 9984 X-Spam_bar:
> +++++++++++++++++++++++++++++++++++++++++++++++++++ X-Spam_report:
> Spam detection software, running on the system "cevnet.mine.nu", has
> identified this incoming email as possible spam. The original message
> has been attached to this so you can view it (if it isn't spam) or
> label similar future email.  If you have any questions, see the
> administrator of that system for details. Content preview:
> CUT--->GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL<---CUT Chris
> <nws at cevnet.mine.nu> [...]  Content analysis details:   (998.4 points,
> 5.0 required) pts rule name              description ----
> ----------------------
> -------------------------------------------------- -1.8 ALL_TRUSTED  
> Passed through trusted hosts only via SMTP 1000 GTUBE         BODY:
> Generic Test for Unsolicited Bulk Email 2.5 BAYES_40       BODY:
> Bayesian spam probability is 20 to 40% [score:0.3348] -2.3 AWL        
>   AWL: From: address is in the auto white-list X-Evolution-Source:
> imap://chris@localhost/ 
> 
> 
> CUT--->GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL<---CUT
> 
> 
> -----end message source------
> 
> 
> please cc me
> 
> Thanks,
> -- 
> Chris <nws at cevnet.mine.nu>
> 
> 
> _______________________________________________
> Pkg-exim4-users mailing list
> Pkg-exim4-users at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users
>

More information about the Pkg-exim4-users mailing list