[exim] problem with exim and spam processing

Pàgina inicial
Delete this message
Reply to this message
Autor: Jason Keltz
Data:  
A: exim-users
Assumpte: [exim] problem with exim and spam processing
I presently have Exim 4.51 setup for spam processing, and everything has
been going fine. I scan messages for spam during the data acl, and
reject messages that score 10 or more. I then rescan messages again on
mail delivery as the individual users to take their own personal
settings into account.

A user came to me today and said that someone sent them a message
yesterday that they did not receive. I would like to understand what
happened to it.

I checked our Exim mainlog and see that the message was received by our
system and delivered to the users procmail:

2005-05-30 15:45:53 1DcqCs-0003gp-6L => |procmail <ouruser@???>
R=userforward T=address_pipe

In my exim configuration, under address_pipe, I have:

address_pipe:
driver = pipe
transport_filter = /cs/local/bin/spamc -U /tmp/spamd.sock
return_fail_output

The user has a .procmailrc file containing:

DEFAULT=/var/mail/ouruser

:0fw
| /cs/local/bin/spamassassin


:0:
* ^X-Spam-Status: Yes
mail/spam

/cs/local/bin/spamassassin is just a wrapper that does nothing when
called on our mail server, but calls the real "spamassassin" if called
on any of our other machines. It only exists because we used to have
our users individually running spamassassin instead of using the
spamd/spamc combo, and it was easier than asking them each to personally
remove the spamassassin call from their procmailrc.

For your interest, the script is just:

#!/bin/sh

SPAMA=/cs/local/lib/spamassassin

# This script wraps spamassassin to call spamc on the mail server.

if [ -x /bin/hostname ]; then
HOST=`/bin/hostname`
else
echo >&2 "cannot find 'hostname' command"
exit 1
fi

if [ "$HOST"x = "silver"x ]; then
exec /bin/cat
else
exec $SPAMA "$@"
fi

I expect my spamd log to show the message was checked once by exim
(running as exim), and then a second time by the individual user (setuid
to that user) as it does in what seems like all cases. However, in this
case, exim calls spamd with the message in the data acl, accepts it
(score 1.3), and then I don't see anything else in the spamd log. In
other words, exim didn't call spamd with the message a second time
during the address_pipe. Interestingly enough, other messages that the
user has received on the same day do show the message passing through
spamd twice.

I can't think of how to debug why the user did not get this particular
message this one time and any suggestions would be appreciated.

Thanks for any help you can provide..

Jason.