* Chris Lear wrote (04/12/05 17:37):
> * Alan J. Flavell wrote (12/04/2005 16:59):
[...]
>>
>> Well, we have stanzas in the RCPT ACL which cut extra headers,
>> and they are successfully rated by spamassassin. Here's an example:
>>
>> message = X-HELO-warning: That's a nasty HELO: $sender_helo_name
>>
>> which gets rated by a rule called NASTY_HELO, and here's a snippet
>> from the rejection log:
>>
>> X-PHYSCI-Spam-Report: 19.2/5.0
>> 3.6 NASTY_HELO Nasty-looking HELO
>> 0.2 NO_REAL_NAME From: does not include a real name
>> 3.6 NO_HOST_LUP Host IP did not look up in DNS
>> 4.0 IN_SPAMCOP_BLACKLIST RBL: Blacklisted at spamcop
>> 0.8 DEAR_SOMETHING BODY: Contains 'Dear (something)'
>> 1.3 MILLION_USD BODY: Talks about millions of dollars
>> 2.9 NIGERIAN_BODY1 Message body looks like a Nigerian
>>
>> [and so on...]
>>
>> The NO_HOST_LUP is another case where we're cutting a custom header at
>> RCPT time, and rating it at spamassassin time. So I'm confident that
>> it works.
>>
I've got it all working as I want now. I just moved the writing
of the header from the DATA to the RCPT ACL, and added a custom
spamassassin rule (which turned out to be very easy). I was thinking
that spamassassin's default rules would have something more or less
identical to the exim verify=helo check, but it seems that it doesn't.
Chris
