Autor: Lee Forster Datum: To: tom CC: exim-users Betreff: Re: [exim] Exim 4 & SpamAssassin problem
Thanks for the reply.
I'm not entirely sure what the syntax would be for adding a condition
to my data ACL.. I thought I could add the domains to a white list in
the local.cf file in this way: whitelist_from *.gov.uk
*.messagelabs.com - I picked that up from a Google search earlier on but
obviously it didn't work..
Can you tell me what the procedure would be?
The messages are all the same as the examples I posted, they all seem
to be coming from SA according to Exim's main.log.
SA's log has hundreds of these lines from my problem domain:
Sep 11 03:03:00 mail spamd[21446]: checking message
<E1C54Ar-00050Y-Tn@???> for nobody:99.
Sep 11 03:03:00 mail spamd[21429]: connection from mail [127.0.0.1] at
port 45246
Sep 11 03:03:00 mail spamd[21447]: info: setuid to nobody succeeded
Sep 11 03:03:00 mail spamd[21447]: checking message
<E1C54Ar-00050Y-Tn@???> for nobody:99.
Sep 11 03:03:00 mail spamd[21429]: connection from mail [127.0.0.1] at
port 45247
Sep 11 03:03:00 mail spamd[21448]: info: setuid to nobody succeeded
Cheers.
>>> Tom Kistner <tom@???> 22/09/2004 14:23:44 >>> Lee Forster wrote:
> The panic.log has multiple entries for "spam acl condition: cannot
> parse spamd output"
I should have worded that more generic. I fact it means "general spamd
fuckup" and is mostly caused by spamd going away without providing ANY
output (that is, crashing).
> It's only messages from this particular domain (other mail is being
> delivered fine), we've tried adding the domain to a 'white list' as a > temporary fix, but I'm not certain that we're putting it in the right > place (SpamAssassin's local.cf file). There were 2000+ entries in the > main.log yesterday for messages from this domain (obviously most were > retries).
For immediate relief, exempt the sender domain from spamd scanning by
adding a condition to your DATA ACL in the appropriate place.
Are these messages supposedly all the same (or generated by the same
software)? If not, I rather suspect that SAs additional network-based
facilities (RBLs, SPF) crap out.