[Exim] exim v4, null envelope sender, 4xx from spamassassin

Top Page
Delete this message
Reply to this message
Author: Alan J. Flavell
Date:  
To: Exim users list
Subject: [Exim] exim v4, null envelope sender, 4xx from spamassassin
(This may have an obvious general solution, but I haven't spotted it
yet and we're quite new to using spamassassin).

Consider this scenario: there's an incoming mail with a null
envelope-sender, whose content is rated by SA to be in the twilight
zone, where it issues a 4xx waiting for inspiration from the admin.

The sending MTA responds by handing this off to our secondary
MX. The secondary MX offers us the item again and, as it happens, the
SA rating again falls into the twilight zone. The secondary MX then
continues re-offering the item until it times out, unless we take some
action.

I can't whitelist the sender because there isn't one. I can't apply a
selective bonus (or malus) to the sending MTA, because the MTA is now
our secondary MX (hi Chris). The item might be a bounce, or it might
be a spam which is pretending to be a bounce: in a specific case, of
course, I can view the SA-captured content and look at it - in fact in
the particular instance which prompted this mail I _can_ see one way
of killing it - but I can't see a measure which would be any
more-generally applicable to future incidents. So I thought I would
raise the more general question.

Maybe, instead of returning 4xx to items which have a null envelope
sender in this kind of situation, we might be better advised to accept
and freeze them for inspection - and subsequent thaw or discard?
Other thoughts, please?

cheers