[Exim] Re: Exiscan and Spamassassin

Top Page
Delete this message
Reply to this message
Author: David S. Madole
Date:  
To: Exim Users Mailing List
CC: cjackson
Subject: [Exim] Re: Exiscan and Spamassassin
>> cjackson <cjackson@???> wrote:
>>> cjackson writes:
>>>
>>> This is an update to my original post and a continued request for
>>> assistance. As it turns out, spamd is working fine. The problem
>>> appears to be with Exiscan. Exiscan is working because it scans with
>>> Clamav. And it scans with spamd. A spam score is reported in the log
>>> and the acl succeeds for spam email. The problem is that no header is
>>> added for spam email. See acl below:
>>
>> 1. You don't have a headers_remove directive somewhere in a router or
>> transport which is removing the header, do you?
>>
>> 2. Try exim -d -bh, this will show you the headers being added by the

ACL, a
>
> Yes, thanks. Exiscan is adding the header.
>
> check spam = mail
> warn: condition test succeeded
> processing "accept"
> accept: condition test succeeded
> >>Headers added by DATA ACL:
> X-Spam-Score: 5.8
> X-Spam-Report: Yes, hits=5.8, required=5.0, version=2.64;


Ok, so you know the header was added at one point, so it seems to me it
would help to try to narrow down at what point it is disappearing. Maybe try
the following:

1. Cause the message to freeze and examine the spool files directly. You
could fake up an email that would naturally freeze, or setup a system filter
or redirect router with a "freeze" command in the filter file.

2. Try saving a copy of the message enroute with a system filter with an
"unseen save" command and compare that copy to what gets delivered.

3. I notice the trace is of a remote delivery. Is it possible the receiving
system is removing the headers? Maybe try a tcpdump on the connection and
see what really gets sent.

4. Arrange for a local delivery to a file rather than remote. You could do
it for just the one address with a redirect router with data = /filename and
local_part and domain conditions.

This way you can try to "divide and conquer" and at least narrow down where
the behaviour is occurring in the process.

David