Re: [Exim] ClamAV and Exim4

Top Page
Delete this message
Reply to this message
Author: Brian Dessent
Date:  
To: exim-users
Subject: Re: [Exim] ClamAV and Exim4
Jim Archer wrote:

> Okay, but where does sa get its conf parameters from in this case? For
> example, using exiscan-acl I have sa marking spam with headers and such,
> but how does it know what score above which to mark? I specified the
> rejection/deny score of 10 points, so I can see how that works. But the
> configuration below only marks the subject line and adds the special
> Is-Spam header sometimes (I think above 5 points).


When you specify "spam = nobody" then that means "Scan this message
using preferences for the user 'nobody' (which really means use the
system preferences) and return true if the spam score exceeds whatever
score is configured in SpamAssassin."

When you specify "spam = nobody:true" that means "Scan the message using
preferences for the user 'nobody' and always return true."

You'd use the former if you want to make decisions based on the
threshold defined in the user's "required_hits" value set in
~/.spamassassin/user_prefs, or in /usr/share/spamassassin/*.cf if you're
using a non-existant user such as nobody.

You'd use the latter if you want to just scan the message for the side
effects of setting the '$' replacement variables such as $spam_report or
$spam_score_int. I.e. if you want to set a threshold in the exim
configuration and ignore whatever SpamAssassin thinks the threshold is.

Finally, realize that SpamAssassin itself cannot modify the message in
this type of configuration. Any headers that you want added must be
done with exim rules. This is a little confusing since SA's default
report format assumes that it's going to be defanging the spam, but it
doesn't know that it's running through exiscan-acl. It makes a lot more
sense redefine the report format in /etc/spamassassin/local.cf, such as
the following:

report_safe    0
clear_report_template
report _HITS_/_REQD_ ---- Start SpamAssassin results _REPORT_
report ---- End SpamAssassin results


>   # put headers in all messages (no matter if spam or not)
>   warn  message = X-Spam-Score: $spam_score ($spam_bar)
>       spam = nobody:true

>
>   warn  message = X-Spam-Report: $spam_report
>       spam = nobody:true


These headers should be added for every message.

>   # add second subject line with [SPAM] marker when message
>   # is over threshold
>   warn  message = X-New-Subject: [SPAM] $h_Subject:
>       spam = nobody


This will be added if the score exceeds "required_hits", which defaults
to 5. Note that this just adds another header. If you want the subject
changed you'll need another rule somewhere else that looks for an
X-New-Subject header and replaces the Subject header if found.

>   warn message = X-Is-Spam: YES
>     spam = nobody:true


This will be added to every message. Probably not what you wanted.

>   # reject spam at high scores (> 10)
>   deny   message = This message scored $spam_score spam points.
>        spam = nobody:true
>        condition = ${if >{$spam_score_int}{100}{1}{0}}


This will reject messages scoring higher than 10.0, regardless of
"required_hits".

Brian