Re: [exim] HELO checks and spamassassin

Pàgina inicial
Delete this message
Reply to this message
Autor: Alan J. Flavell
Data:  
A: Chris Lear
CC: Exim users list
Assumpte: Re: [exim] HELO checks and spamassassin
On Tue, 12 Apr 2005, Chris Lear wrote:

> * Alan J. Flavell wrote (12/04/2005 16:07):
> >
> > Is that a "message" or a "log_message"? If it's a message (i.e it's
> > going to cut an additional log header),


Apologies for posting without due care and attention - I *intended*
to type "to cut an additional header". The word "log" crept in there
uninvited :-{

> It's a log_message, but there's also a message (header), which is
> similar to what you suggest.


OK.

> As far as I can see, this can contribute to spamassassin's bayesian
> analysis, but doesn't seem to trigger a rule like FORGED_RCVD_HELO,


Well, we have stanzas in the RCPT ACL which cut extra headers,
and they are successfully rated by spamassassin. Here's an example:

message = X-HELO-warning: That's a nasty HELO: $sender_helo_name

which gets rated by a rule called NASTY_HELO, and here's a snippet
from the rejection log:

X-PHYSCI-Spam-Report: 19.2/5.0
        3.6 NASTY_HELO             Nasty-looking HELO
        0.2 NO_REAL_NAME           From: does not include a real name
        3.6 NO_HOST_LUP            Host IP did not look up in DNS
        4.0 IN_SPAMCOP_BLACKLIST   RBL: Blacklisted at spamcop
        0.8 DEAR_SOMETHING         BODY: Contains 'Dear (something)'
        1.3 MILLION_USD            BODY: Talks about millions of dollars
        2.9 NIGERIAN_BODY1         Message body looks like a Nigerian 


[and so on...]

The NO_HOST_LUP is another case where we're cutting a custom header at
RCPT time, and rating it at spamassassin time. So I'm confident that
it works.

> which is what I'd prefer


indeed

> (and which isn't being triggered).


Then I'd suggest taking another look at your rule that's meant to
match it. (Don't forget to run "spamassassin --lint"). Unless I've
misunderstood what you're doing, I reckon you should be able to make
it work, just as we do.

But as I said, if the ACL rule needs access to material that's only
available at the DATA stage (the mail headers or body, say) then this
approach doesn't work, when SA is used in the way that we're
discussing it here.