[Exim] Fighting fake spam headers

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Ben Giddings
Datum:  
To: exim-users
Betreff: [Exim] Fighting fake spam headers
I used to have this in my exim configuration file:

# SpamAssassin
spamcheck_router:
no_verify
check_local_user
# When to scan a message :
# - it isn't already flagged as spam
# - it isn't already scanned
condition = "${if and { {!def:h_X-Spam-Status:} {!eq
{$received_protocol}{spam-scanned}}} {1}{0}}"
driver = accept
transport = spamcheck

Unfortunately, I found that some clever spammer *ssh*les are putting in
fake Spamassassin headers, marking their spam as not spam. So, what I
want to do is make sure my machine always scans messages.

I thought a good way to do that would be to make sure my machine's name
was in the X-Spam-Checker-Version header, but everything I tried to do
to use that ended up messing everything up, and creating a mail loop.

My condition line looked like:

condition = "${if and { {!match
{${escape:$h_X-Spam-Checker-Version:}} {'myhost.com'}} {!eq
{$received_protocol}{spam-scanned}}} {1}{0}}"

No matter what I tried to put in that second string, I never got a
match. I thought it might be a newline in the header, so I tried
escaping it, I tried matching against 'SpamAssassin'... nothing.

What am I doing wrong? How do I properly do what I'm trying to do?

Ben Giddings