[Exim] EXIM 4.22, SA 2.63, SCO 5.0.6 .forward always trigger…

Top Page
Delete this message
Reply to this message
Author: Frank S. Bernhardt
Date:  
To: Exim Users List
Subject: [Exim] EXIM 4.22, SA 2.63, SCO 5.0.6 .forward always triggered even for non-spam
This is a multi-part message in MIME format.
--
In late March I upgraded my spamassassin from 2.43 to 2.63. Since then
SA has been working but had a dismal performance even after sa-learn'ing
over 1000 ham/spam.

Based on a previous post I updated my .cf to try to get better
performance. These are the rules I added:

99_sare_adult.cf
99_SARE_Random.cf
antidrug.cf
bigevil.cf
bogus-virus-warnings.cf
drugs_diet.cf
evilnumbers.cf
midevil.cf
sa-blacklist.current.uri.cf

I also lowered my threshold to 3. This was done on April 16th.

Something went SNAP!

Since that time most of the e-mail, but not all, has gone into the spam
folder. Fair enough. I figured that 3 was too low so I added specific
domains to the /etc/mail/spamassassin/local.cf whitelist. That did
nothing. I raised the threshold back to 5. Nada. On further
investigation I noticed that the e-mail in the spam folder had
X-Spam-Status: No . I ran some tests like sending mail to myself from
the command line. Every one of those mails went to the spam folder even
though the status was no and the hits was < 0!

I removed the .forward file and of course the e-mail came through.

I de-installed SA 2.36, renamed /var/share/spamassassin and re-made and
re-installed it also renaming the .spamassassin directories in the user
directories. Same. I removed the spamcheck router and transport in
exim's configure. That helped. So the problem had to be with SA (duh).

I reverted back to SA 2.43. It worked no problem.

So why all of a sudden does 2.63 cause EXIM to pretty much always cause
the .forward rules to fire? From what I gather, it was the new .cf's
that did it but after removing them and re-installing 2.63 the problem
was still there.

I've spent half a day trying to troubleshoot this and this is as far as
I got. I've gone through the BOOK but am not sure what to even look for
at this point. This is beyond me. If anyone out there has any ideas or
suggestions (constructive ones, please) I'd sure appreciate it.

I've loaded the above new .cf's at a customer site with a similar setup
(sort of) and everything there runs fine (so far, touch wood). The major
difference is that I use fetchmail to download; they have a static IP.
The other differences are their threshold is at 5 and I never ran
sa-learn for any of the users.

I've attached my .forward file and the router and transport lines.

Thank you for your time.

--

Regards

Frank S. Bernhardt
b.c.s.i.
14 Halton Court
Markham, ON. Canada
L3P 6R3

905-471-1691 Voice
905-471-3016 FAX

frank@???

Registered Linux-User #312398 with the Linux Counter, http://counter.li.org.
--
# Exim filter
if
$h_X-Spam-Status: contains "Yes"
or
"${if def:h_X-Spam-Flag {def}{undef}}" is "def"
then
save $home/spam
finish
endif
--
# The remaining routers handle addresses in the local domain(s).

# bcsi - Spam Assassin
spamcheck_router:
# When to scan a message :
# - it isn't already flagged as spam
# - it isn't already scanned
# - it didn't originate locally (as long as I don't harbor spammers :-))
condition = ${if and { {!def:h_X-Spam-Flag:} {!eq {$received_protocol}{spam-scanned}}} {1}{0}}
driver = accept
check_local_user
cannot_route_message = Unknown user
transport = spamcheck

--
# bcsi - Spam Assassin
spamcheck:
driver = pipe
batch_max = 100
command = /usr/exim/bin/exim -oMr spam-scanned -bS
current_directory = /usr/spamkill
group = spamkill
home_directory = /usr/spamkill
log_output
return_fail_output
no_return_path_add
# 43
transport_filter = /usr/local/bin/spamc -s 500000
# 63
# transport_filter = /usr/bin/spamc -s 500000
use_bsmtp
# must use a privileged user to set $received_protocol on the way back in!
user = spamkill

--