Richard Hobbs wrote:
> Hello,
>
> I have found our latest problem - we have a mail loop! Here's the command
> used to send the mail back to exim once it's been checked (I think):
>
> /usr/sbin/exim4 -oMr spam-scanned -bS
>
> And here are the router and transport in full, which I am using:
>
> THE ROUTER:
> # spamassassin stuff
> sa_router:
> no_verify
> check_local_user
> # When to scan a message :
> # - it isn't already flagged as spam from Spamassassin
> # - it isn't already scanned
> # - it isn't local
> # - it isn't from one internal domain user to another
> condition = "${if and { \
> {!def:h_X-Spam-Flag:} \
> {!eq {$received_protocol}{spam-scanned}} \
> {!eq {$received_protocol}{local}} \
> {!eq {$sender_address_domain}{$domain}} \
> } \
> {1}{0}}"
> driver = accept
> transport = sa_spamcheck
> local_parts = /etc/spamassassinUsers
> # end of spamassassin stuff
>
> THE TRANSPORT:
> # spamassassin stuff
> sa_spamcheck:
> driver = pipe
> command = /usr/sbin/exim4 -oMr spam-scanned -bS
> use_bsmtp = true
> transport_filter = /usr/bin/spamc
> home_directory = "/tmp"
> current_directory = "/tmp"
> user = spamcheck
> group = spamcheck
> log_output = true
> return_fail_output = true
> return_path_add = false
> message_prefix =
> message_suffix =
> # end of spamassassin stuff
>
> Also, we are using exim-daemon-light as our MTA.
>
> Any ideas??
>
> Thanks in advance,
> Richard.
>
Is "spamcheck" a trusted user? If not it won't be able to set the protocol
on the exim command.
Also, I would not skip checking if the X-Spam-Flag header is present. That
means all the spammer has to do is insert this header and your spam checking
will be bypassed completely.
--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw@???
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
