Re: [Exim] Removing spamassassin headers from incoming mail

Top Page
Delete this message
Reply to this message
Author: Dennis Davis
Date:  
To: Sheldon Hearn
CC: exim-users
Subject: Re: [Exim] Removing spamassassin headers from incoming mail
>From: Sheldon Hearn <sheldonh@???>
>To: exim-users@???
>Subject: [Exim] Removing spamassassin headers from incoming mail
>Date: Wed, 21 Jan 2004 15:26:09 +0200
>
>I'm noticing that it's trivial for a spammer to defeat my client spam
>filtering rules.
>
>My Exim w/ exiscan-acl server adds an X-Spam-Score header, which my
>client filter then uses to test whether a message should be filed in my
>Spam folder. I always include the X-Spam-Score, so that the scoring for
>false negatives can be analyzed.
>
>However, my filter uses the first X-Spam-Score header it sees. If
>a spammer sends me mail with an X-Spam-Score that says the message
>isn't spam, my filter believes that, because it readds the spammer's
>X-Spam-Score header before it reads the one my server added.
>
>I'm not hopeful, given that ACLs are run before routers and long before
>transports, but...
>
>Can I remove X-Spam-Score from incoming mail _before_ the ACLs add
>X-Spam-Score based on the results of the SpamAssassin dialogue?


No, and ACLs don't have the ability to remove headers. They can
only add headers.

The way to do this is to add headers with a *unique* name and do any
necessary header munging in a system filter that's run afterwards.
You can add and remove headers in a system filter.

For example, I have an ACL of:


  # Calculate and log the spam score for suitable messages.  Also
  # insert an X-Spam-score message in all suitable messages.
  warn  message = X-SPAMSCORE: $spam_score ($spam_bar)
        log_message = exiscan-acl spam score $spam_score
        condition = SPAMCHECK
        spam = nobody:true



where SPAMSCORE is a macro set to a pre-calculated unique string in
the main section:


SPAMSCORE = a5aaa22682c1c87bb3ec90eb845d703f42be234f


The system filter that's run afterwards does the header munging by:


# Munge the X-Spam-Score header.
headers remove X-Spam-Score
if "${if def:h_X-a5aaa22682c1c87bb3ec90eb845d703f42be234f: {there}}" is there
then
headers add "X-Spam-Score: $h_X-a5aaa22682c1c87bb3ec90eb845d703f42be234f:"
headers remove X-a5aaa22682c1c87bb3ec90eb845d703f42be234f
endif


I'm obviously not using "a5aaa22682c1c87bb3ec90eb845d703f42be234f"
as the "real" unique string. I use several such unique strings for
munging the spamassassin headers I include. These strings are
generated by:


dd if=/dev/urandom bs=1024 count=1 | sha1


on my OpenBSD boxes. Other variants of Unix should have an
equivalent facility.