I've just been playing with the exim spamassassin config I have and made
an interesting change that might be useful to people.
This config is for an SA picking up all incoming mail, no per user
specials (because all mail goes through once and SA can't handle
multiple configs in a single pass).
The difference is that I push mail through a piped BSMTP transport with
spamc as a transport filter. This overcomes all the problems of having
to have multi stage pipelines in a pipe transport, ensuring your quoting
is right (to prevent shell exploits), special casing bounces etc.
Anyhow, this is the transport and director.
# in main config - add spamkill to trusted users
trusted_users = "root:exim:spamkill"
# in transports....
# Spam Assassin
spamcheck:
driver = pipe
command = /usr/sbin/exim -oMr spam-scanned -bS
transport_filter = /usr/bin/spamc -s 500000
home_directory = "/home/spamkill"
current_directory = "/home/spamkill"
# must use a privileged user to set $received_protocol on the way back in!
user = spamkill
group = spamkill
log_output = true
return_fail_output = true
bsmtp = all
return_path_add = false
# in directors
# Spam Assassin
spamcheck_director:
# When to scan a message :
# - it isn't already flagged as spam
# - it isn't already scanned
# - it didn't originate locally (as long as I don't harbor spammers :-))
condition = "${if and { {!def:h_X-Spam-Flag:} {!eq {$received_protocol}{spam-scanned}}} {1}{0}}"
driver = smartuser
transport = spamcheck
One other subtle point. Your spamd must have the "-F 0" flag added to
stop it adding and messing around with From_ headers.
Hope this is of interest.
Nigel.
--
[ Nigel Metheringham Nigel.Metheringham@??? ]
[ - Comments in this message are my own and not ITO opinion/policy - ]
