Hi Ted,
>> I could use some clarification on the following issue. In my RCPT ACL, I
>> have:
>>
>> deny message = Sender verification failed
>> !verify = sender
>>
>> My first router is this:
>>
>> bounce_spam:
>> driver = redirect
>> domains = !+spam_domains
>> allow_fail
>> condition = ${if >{$spam_score_int}{65}{1}{0}}
>> data = :fail: This message was classified as SPAM
>> repeat_use = false
>>
>> This router bounces SPAM that was not stopped at SMTP time as a result
>> of per-domain filtering settings.
>>
>> Now, today, some messages were refused with the following messages:
>>
>> 550-Verification failed for <masg44klim@???>
>> 550-This message was classified as SPAM
>> 550 Sender verification failed
>>
>> This indicates that routing during sender verification failed in the
>> router mentioned above. My question: how could this happen? How could
>> the $spam_score_int condition ever be true at this time, before any data
>> is received and the 'spam' condition has not yet run?
>>
>> Now, I added 'verify = false' the router to prevent failure during
>> verification, I hope this is sufficient.
>>
>
> That's not how it's usually set up ... where on earth did you pick up
> that config?
>
> http://www.exim.org/exim-html-current/doc/html/spec_html/ch41.html#SECID206
> has all the correct details and you might be well of reading it to
> understand a little bit more of what is going on.
>
> To fix the problem, remove the entire "bounce_spam" router.
>
> Next, find a nice place in your DATA ACL (acl_smtp_data = XXXXXXXX near
> the top of your config file - if it doesn't exist... have a look at the
> default config that comes with Exim), and put something like the
> following in it .. "spamc" is whatever SA user you run under, or
> whatever you set it to.
[removed config snippet]
> The $spam_score_int variable is set when the spam = thingy is used.
> This does all the spam reject type stuff at RCPT time and wont stuff up
> your address verification.
I am sorry, I understand I haven't been entirely clear on this, but I
hoped that wasn't necessary.
I have a data ACL that contains all the Spamassassin stuff and usually
identified SPAM is bounced at SMTP time. However, the 'bounce_spam'
router is part of a mechanism to allow per-domain spam filtering settings.
I have a domain list called 'spam_domains' that contains all domains
that want to receive their spam instead of having it rejected. In the
rpct acl I set an acl variable if one of the recipients is listed in
'spam_domains':
warn message = X-Spam-Reject: no
domains = +spam_domains
set acl_m0 = $local_part@$domain
In the data ACL, I reject SPAM, unless acl_m0 is set:
deny message = This message was classified as SPAM
(score $spam_score)
log_message = DENY - Identified SPAM (score $spam_score)
condition = ${if >{$spam_score_int}{70}{1}{0}}
condition = ${if def:acl_m0 {0}{1}}
spam = nobody:true
Finally, during routing, the SPAM that made it that far is bounced by
the 'bounce_spam' router, for all the domains that do NOT want their spam.
I realize that failing those messages leads to collateral spamming and
blackholing might be better, but this only happens when:
- a message has multiple recipients in multiple domains
- one recipient wants to receive spam, while others don't
and this is quite rare in my setup.
So, still believing my configuration isn't all that weird ;-) my
question remains: how can $spam_score_int be set during sender
verification from the rcpt ACL?
Best regards,
Martijn Grendelman