On 13 Oct 2006, at 11:24, Philip Hazel wrote:
> On Fri, 13 Oct 2006, Stuart Gall wrote:
>
>> The documentation on the spam = acl condition is a bit sparse.
>
> This is the start of what it says in the manual:
>
> ----------------------------------------------------------------------
> --
> Here is a simple example of the use of the spam condition in a DATA
> ACL:
>
> deny message = This message was classified as SPAM
> spam = joe
>
> The right-hand side of the spam condition specifies the username that
> SpamAssassin should scan for. If you do not want to scan for a
> particular user,
> but rather use the SpamAssassin system-wide default profile, you
> can scan for
> an unknown user, or simply use "nobody". However, you must put
> something on the
> right-hand side.
BUT then is says
The username allows you to use per-domain or per-user antispam
profiles. The right-hand side is expanded before being used, so you
can put lookups or conditions there. When the right-hand side
evaluates to “0” or “false”, no scanning is done and the condition
fails immediately
But it does not explain how to do this
Moreover I suspect that it is not really possible, per domain or user
anything is a problem in the data acl
say postmaster@??? expands to jon@??? and stuart@???
so in the data acl what is it going to scan for
postmaster, jon, stuart
foo.bar, something.com, my.domain
>
> <snip>
>
> The spam condition returns true if the threshold specified in the
> user's
> SpamAssassin profile has been matched or exceeded. If you want to
> use the spam
> condition for its side effects (see the variables below), you can
> make it
> always return "true" by appending ":true" to the username.
> ----------------------------------------------------------------------
> --
>
>> It claims you can implement a per domain or per user spam setting.
>>
>> spam = X
>>
>> What is X is it envelope to local part ?
>
> As quoted above, "The right-hand side of the spam condition specifies
> the username that SpamAssassin should scan for." In other words, the
> user whose SpamAssassin profile is to be used.
Ahhh
I see the error in my logic
"scan for" as in scan on behalf of I was reading "scan for" as in
look for
therefore I assume that spamassassin is called each time a new spam =
user is encountered
>
>> How then do I do per domain filtering?
>
> Probably by setting up some suitable SpamAssassin profile, but I am
> not
> knowledgeable about SA.
>
>> I tried
>> accept spam = postmaster
>>
>> in a data ACL I would expect this to allow all mail to the
>> postmaster,
>
> No. It will scan using "postmaster"'s profile (if there is one) and
> accept if the "spam" condition is true, which it will be if the
> message's spam score is over the default threshold.
>
>> however it appeared to allow all mail to everyone.
>> i.e. it functions as
>> accept spam=nobody would
>
> "accept spam = nobody" should accept all *spam* but reject non-spam.
>
>> There are basically two things I want to do
>> 1) Set specific reject levels per virtual domain
>> 2) set a higher level for the postmaster
>
> You need advice from someone who knows more about SA than I do, about
> setting up individual SA profiles. For (2) you could put, *before* the
> other tests, something like
>
> accept local_part = postmaster
> spam = whatever:true
> condition = ${if < {$spam_score_int}{10}}
>
> to accept mail to postmaster if the score is less than 10. This is off
> the top of my head and completely untested. Actually, you could
> probably
> do (1) in a similar way, using a file of levels indexed by domain. And
> of course you could write the statments using "deny" instead of
> "accept"
> if that is easier.
>
> --
> Philip Hazel University of Cambridge Computing Service
> Get the Exim 4 book: http://www.uit.co.uk/exim-book
>
