This is a multi-part message in MIME format.
--
[ Picked text/plain from multipart/alternative ]
Hi
I am trying to get exiscan ACL to redirect mail to another account for all the mail that its spam. I have noticed that the messages that get redirected have a spam score lower than the threshold!! All mail seems to be getting filtered correctly - but the spam redirects are not right. It seems to be flagging the message as spam when technically it isn't below the spam score and redirecting it and the mail that has a highter value 7+ get dropped. I have included all my ACL's at the bottom. I have also included a message that has been redirected to the spam user but is below the threshold. The threshold is greater that 6 and the message scored 5.2!!
I have added the following to the DATA ACL section of the config file
warn message = X-Redirect-To: spam@???
spam = nobody
I have been watching the log files and only one email all day of all the spam that has been coming in has been redirected to the spam account.
Interestingly enough the message that got redirected appeared in the mainlog as a regular message - no mention about being spam. All the messages that are spam are getting logged and presumable dropped.
I have also added the following router as the first router in my config file.
begin routers
### GDM 24/08/2003 Exiscan Redirect Router ###
scan_redirect:
driver = redirect
condition = ${if def:h_X-Redirect-To: {1}{0}}
headers_add = X-Original-Recipient: $local_part@$domain
data = $h_X-Redirect-To:
headers_remove = X-Redirect-To
### Change 'redirect_router' to name of next router ###
redirect_router = send_to_gateway
###############################################
### GDM Sendmail to mail.blueyonder.co.uk from AOL and Freeserve
send_to_gateway:
Does anyone have any ideas what could be wrong?
Many thanks
Gordon
acl_check_content:
### GDM - 21 08 2003 - Don't scan your outgoing mail ###
accept hosts = 127.0.0.1 : +relay_from_hosts
# First unpack MIME containers and reject serious errors.
deny message = This message contains a MIME error ($demime_reason)
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
# Reject typically wormish file extensions. There is almost no
# sense in sending such files by email.
deny message = This message contains an unwanted file extension ($found_exten
sion)
demime = exe:scr:vbs:bat:lnk:pif
# Reject virus infested messages.
deny message = This message contains malware ($malware_name)
demime = *
malware = *
# Reject messages containing "via**ra" in all kinds of whitespace/case
# combinations
deny message = This message matches a blacklisted regular expression
# ($regex_match_string)
regex = ****
# Always add X-Spam-Score and X-Spam-Report headers,
# using SA system-wide settings
# (user "nobody"), no matter if over threshold or not.
warn message = X-Spam-Score: $spam_score ($spam_bar)
spam = nobody:true
warn message = X-Spam-Report: $spam_report
spam = nobody:true
# Add X-Spam-Flag if spam is over system-wide threshold
warn message = X-Spam-Flag: YES
spam = nobody
### GDM 24/08/2003 - Redirect ACL ###
warn message = X-Redirect-To: spam@???
spam = nobody
# Reject spam messages with score over 10, using an extra condition.
### GDM Set to 6 - X by 10 to get value for $spam_score_int ###
deny message = This message scored $spam_score points. Congratulations!
spam = nobody:true
condition = ${if >{$spam_score_int}{60}{1}{0}}
# finally accept all the rest
accept
Return-path: <idealizes@???>
Envelope-to: barbara@???
Delivery-date: Wed, 27 Aug 2003 11:25:38 +0100
Received: from mx0.123-reg.co.uk ([212.67.202.215] helo=mx5.123-reg.co.uk)
by gdmckee.com with esmtp (Exim 4.22)
id 19rxUA-000M8L-Ob
for barbara@???; Wed, 27 Aug 2003 11:25:06 +0100
Received: from gibraltar.mstanea.org ([12.110.125.250])
by mx5.123-reg.co.uk with esmtp (Exim 3.36 #2)
id 19rxTS-0006Je-00
for barbara@???; Wed, 27 Aug 2003 11:24:23 +0100
Received: from hqnt_pdc.pgcea.org by gibraltar.mstanea.org
via smtpd (for mx0.123-reg.co.uk [212.67.202.215]) with ESMTP; Wed, 27 Aug 2003 06:24:22 -0400
Received: from gibraltar.mstanea.org ([12.110.125.193]) by hqnt_pdc.pgcea.org with Microsoft SMTPSVC(5.0.2195.5329);
Wed, 27 Aug 2003 06:24:10 -0400
Received: from [218.70.138.40] by gibraltar.mstanea.org
via smtpd (for hqnt_pdc.pgcea.org [10.140.105.30]) with ESMTP; Wed, 27 Aug 2003 06:24:14 -0400
From: "Charlene Sabino"<idealizes@???>
To: barbara@???
Subject: Now - Powerful Anti-Aging Breakthrough
Date: Wed, 27 Aug 2003 10:23:26 GMT
Mime-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 7bit
Message-ID: <HQNT_PDCzOdnjQ8vjqu00002998@hqnt_pdc.pgcea.org>
X-OriginalArrivalTime: 27 Aug 2003 10:24:12.0352 (UTC) FILETIME=[5BD32400:01C36C85]
X-Spam-Score: 5.2 (+++++)
X-Spam-Report: 5.2/5.0
This mail is probably spam. The original message has been attached
along with this report, so you can recognize or block similar unwanted
mail in future. See http://spamassassin.org/tag/ for more details.
Content preview: Have you tried just about every diet out there-but
nothing seems to work?! Then don't miss this important message! please
visit our web site URI:http://www.indebtnomor.net/ click here
URI:http://domianss2.com/hgh/rm.html Remove mail
idealizingboyexpectedlyterminable [...]
Content analysis details: (5.20 points, 5 required)
HTML_LINK_CLICK_HERE (0.1 points) BODY: HTML link text says "click here"
BAYES_60 (1.1 points) BODY: Bayesian classifier says spam probability is 60 to 70%
[score: 0.6301]
HTML_50_60 (0.1 points) BODY: Message is 50% to 60% HTML
FORGED_YAHOO_RCVD (2.7 points) 'From' yahoo.com does not match 'Received' headers
RCVD_IN_RFCI (1.1 points) RBL: Received via a relay in ipwhois.rfc-ignorant.org
[RBL check: found 40.138.70.218.ipwhois.rfc-ignorant.org., type: 127.0.0.6]
CLICK_BELOW (0.0 points) Asks you to click below
MIME_HTML_ONLY (0.1 points) Message only has text/html MIME parts
X-Spam-Flag: YES
X-Original-Recipient: barbara@???
--
