--
On Mon, May 06, 2002 at 04:37:01PM -0700, David Gardner wrote:
| The trouble I'm having is that although the SpamAssassin router comes
| before the "forwarding" in the configuration, it looks like the message
| is "forwarded" and is filtered by the SA router in parallel. For
| example, when I send an email from an external account to my office
| account, the exim_mainlog shows the following for that message:
|
| "...snip..."
| 2002-05-06 14:15:05 174pp3-0005Ml-00 <= dgardner@???
| H=easystreet.com
| (smtp.easystreet.com) [206.26.36.40] P=esmtp S=999
| id=3CD6F257.7B61C8BD@easystr
| eet.com
| 2002-05-06 14:15:05 174pp3-0005Mo-00 <= dgardner@??? U=mail
| P=spam-sc
| anned S=1154 id=3CD6F257.7B61C8BD@???
| 2002-05-06 14:15:05 174pp3-0005Mo-00 => dgardner@???
| R=hubbed_hosts T=re
| mote_smtp H=ares [192.168.254.11]
| 2002-05-06 14:15:05 174pp3-0005Mo-00 Completed
| 2002-05-06 14:15:05 174pp3-0005Ml-00 => dgardner@???
| R=spamcheck_router
| T=spamcheck
| 2002-05-06 14:15:05 174pp3-0005Ml-00 Completed
| "...snip..."
This log snippet looks normal. The first delivery isn't complete
until the pipe is closed and the child exits successfully. The child
opens a pipe to exim (to give it the modified message back) which is
why a "new" incoming message is logged before the first delivery is
shown as completed. It's also why each message gets 2 ids -- one is
the original message and one is the post-scanning message. The
delivery also is logged in "reverse" order. I suppose that the child
exim is performing the routing and starting the delivery before it
terminates, thus the original exim hasn't completed delivery until
after the second one has.
The setup works without any source-level modification of exim, but it
is not high on the efficiency scale.
| My exim.filter file looks for $h_X-Spam-Flag to contain "yes" for
| logging and saving the file. It seems clear to me that I am missing some
| little detail. Can someone help me out here?
Is the system filter used for non-local deliveries? I don't know. If
it isn't, then that's why the spams would still be passed on to the
other MTA. You could use a condition on the "forward" router to have
it decline handling of spam messages.
Marc Merlin's new local_scan may be better for you, though. It avoids
the double-handling of each message, and allows you to reject the
messages without even accepting them at SMTP time.
HTH,
-D
--
If we confess our sins, He is faithful and just and will forgive us our
sins and purify us from all unrighteousness.
I John 1:9
GnuPG key :
http://dman.ddts.net/~dman/public_key.gpg
--
[ Content of type application/pgp-signature deleted ]
--