Re: [exim] HELO checks and spamassassin

Etusivu
Poista viesti
Vastaa
Lähettäjä: Alan J. Flavell
Päiväys:  
Vastaanottaja: Chris Lear
Kopio: Exim users list
Aihe: Re: [exim] HELO checks and spamassassin
On Tue, 12 Apr 2005, Chris Lear wrote:

> xxxxxx-xxxxxx-xx H=(ns.citynet.ru) [62.118.250.132] Warning: HELO
> argument does not match calling host


Is that a "message" or a "log_message"? If it's a message (i.e it's
going to cut an additional log header), you might want the text to
start with a distinctive header name string, like X-HELO-warning: or
whatever you choose.

> I want to give these e-mails a spamassassin score. I'm running
> spamassassin at smtp time, so, as far as I can see, spamassassin's
> HELO checks can't pick up the mismatch (the headers aren't there to
> work on).


Headers which are written in the RCPT phase can surely be rated at
the spamassassin stage (well, they can in the way we've got this set
up, and it's nothing unusual).

But if you cut headers at the DATA stage, then they won't be seen by
spamassassin in this setup. You can either reprogram the tests from
your ACL into the spamassassin rules; or you can compute some bonus
points in the DATA ACL, and add them to the answer that you get back
from spamassassin (remember that the $spam_score_int spamassassin
score is x10 relative to the values that get reported, e.g reported
score of 5.0 (typical spam threshold) corresponds to an internal score
of 50).

> Is there anything I can do in exim.conf that will affect the
> spamassassin score? I guess the answer may be to use an acl variable.


indeed - along the lines of (having calculated some spam bonus in
acl_m7):

  deny [...]
      spam = nobody:true
      condition = ${if \
          >{${eval:$spam_score_int+$acl_m7}}{80}{yes}{no}}



> It's possible that the root of my problem is that I'm running
> spamassassin with network tests, which changes the scoring. Should I
> turn off spamassassin's network tests? Exim should be able to do them
> anyway (HELO/RBL checks), and spamassassin's scores might be better
> without them. What's the best way to do this?


Sorry, I don't feel I've got enough experience of the options that we
don't use, to be able to offer any generalised advice on which is
best. What we're doing works well enough for us - but that says
rather little about how it might work for you.