On Tue, 12 Apr 2005, Chris Lear wrote:
> * Alan J. Flavell wrote (12/04/2005 16:07):
> >
> > Is that a "message" or a "log_message"? If it's a message (i.e it's
> > going to cut an additional log header),
Apologies for posting without due care and attention - I *intended*
to type "to cut an additional header". The word "log" crept in there
uninvited :-{
> It's a log_message, but there's also a message (header), which is
> similar to what you suggest.
OK.
> As far as I can see, this can contribute to spamassassin's bayesian
> analysis, but doesn't seem to trigger a rule like FORGED_RCVD_HELO,
Well, we have stanzas in the RCPT ACL which cut extra headers,
and they are successfully rated by spamassassin. Here's an example:
message = X-HELO-warning: That's a nasty HELO: $sender_helo_name
which gets rated by a rule called NASTY_HELO, and here's a snippet
from the rejection log:
X-PHYSCI-Spam-Report: 19.2/5.0
3.6 NASTY_HELO Nasty-looking HELO
0.2 NO_REAL_NAME From: does not include a real name
3.6 NO_HOST_LUP Host IP did not look up in DNS
4.0 IN_SPAMCOP_BLACKLIST RBL: Blacklisted at spamcop
0.8 DEAR_SOMETHING BODY: Contains 'Dear (something)'
1.3 MILLION_USD BODY: Talks about millions of dollars
2.9 NIGERIAN_BODY1 Message body looks like a Nigerian
[and so on...]
The NO_HOST_LUP is another case where we're cutting a custom header at
RCPT time, and rating it at spamassassin time. So I'm confident that
it works.
> which is what I'd prefer
indeed
> (and which isn't being triggered).
Then I'd suggest taking another look at your rule that's meant to
match it. (Don't forget to run "spamassassin --lint"). Unless I've
misunderstood what you're doing, I reckon you should be able to make
it work, just as we do.
But as I said, if the ACL rule needs access to material that's only
available at the DATA stage (the mail headers or body, say) then this
approach doesn't work, when SA is used in the way that we're
discussing it here.
