I am using ACLs with exim4 to scan email during the actual smtp
connection (so I can reject spam before my server accepts it). It's
pretty straightforward. My ACL looks like this:
# Reject messages with a SpamAssassin score >7
deny message = Rejected: Flagged as spam ($spam_score).
spam = nobody:true
condition = ${if >{$spam_score_int}{70}{1}{0}}
Everything works just fine for mail destined to local accounts, but
there seems to be a discrepancy in spamassassin when mail is delivered
to a forwarded account (the forwarder directs mail to another local
account; i.e., webmaster@??? --> szinski@???). What
happens is that spamassassin scores the message low (non-spam) when it
accepts it from the Internet, but then scores it higher (is spam) when
the message is rerouted to the local mailbox. Here is a snippet from
maillog that illustrates this:
Jul 26 07:58:20 vps spamd[7361]: spamd: connection from localhost
[127.0.0.1] at port 56458
Jul 26 07:58:20 vps spamd[7361]: spamd: setuid to nobody succeeded
Jul 26 07:58:20 vps spamd[7361]: spamd: checking message
<000001c6b0aa$37161200$c465a8c0@nhn8> for nobody:99
Jul 26 07:58:20 vps spamd[7361]: spamd: clean message (2.6/5.0) for
nobody:99 in 0.1 seconds, 2230 bytes.
Jul 26 07:58:20 vps spamd[7361]: spamd: result: . 2 -
HTML_MESSAGE,URIBL_SBL,URIBL_WS_SURBL
scantime=0.1,size=2230,user=nobody,uid=99,required_score=5.0,rhost=local
host,raddr=127.0.0.1,rport=56458,mid=<000001c6b0aa$37161200$c465a8c0@nhn
8>,autolearn=no
Jul 26 07:58:20 vps spamd[26587]: prefork: child states: II
Jul 26 07:58:21 vps spamd[7361]: spamd: connection from localhost
[127.0.0.1] at port 56459
Jul 26 07:58:21 vps spamd[7361]: spamd: setuid to szinski succeeded
Jul 26 07:58:21 vps spamd[7361]: spamd: processing message
<000001c6b0aa$37161200$c465a8c0@nhn8> for szinski:503
Jul 26 07:58:21 vps spamd[7361]: spamd: identified spam (7.5/5.0) for
szinski:503 in 0.6 seconds, 2183 bytes.
Jul 26 07:58:21 vps spamd[7361]: spamd: result: Y 7 -
BAYES_99,FORGED_RCVD_HELO,HTML_50_60,HTML_MESSAGE,URIBL_SBL,URIBL_WS_SUR
BL
scantime=0.6,size=2183,user=szinski,uid=503,required_score=5.0,rhost=loc
alhost,raddr=127.0.0.1,rport=56459,mid=<000001c6b0aa$37161200$c465a8c0@n
hn8>,bayes=0.999997051713734,autolearn=no
As you can see, during the initial smtp pass (accepting from remote
host) the message is deemed "clean" with a score of 2.6. Then, when the
same message it delivered to the local account, it is identified as spam
with a score of 7.5. Unfortunately, my ACL only kicks in during the
first pass so the message is delivered instead of rejected.
Any help would be greatly appreciated.
Steve Zinski
University of Richmond
