Re: [exim] X-Spam-Report for Clean messages

Góra strony
Delete this message
Reply to this message
Autor: Gordon
Data:  
Dla: W B Hacker
CC: exim users
Temat: Re: [exim] X-Spam-Report for Clean messages


On 5/2/2008 7:43 PM, W B Hacker wrote:
> Gordon wrote:
>> I have a need for more detail in my log. We are using exim as an
>> inbound relay and pre-filtering before delivering to our mail system.
>>
>> The reject.log file is very useful but would be more helpful if it had
>> CLEAN messages logged also. Now obviously CLEAN messages should not be
>> part of reject.log so the best solution would be a log just for
>> X-Spam-Report (SPAM and CLEAN)
>>
>> Searching for these terms is pretty rough since they are in so many conf
>> files uploaded....
>>
>> --snip--
>> warn   add_header = X-Spam-Score: $spam_score ($spam_bar)\n\
>>             X-Spam-Report: $spam_report
>> deny    condition = ${if >{$spam_score_int}{90} {1}}
>>             message   = Your message was RejecteD as Spam
>> accept
>> --snip--

>>
>> I know log size will increase, but I do not expect the logs to grow more
>> than %33 considering yesterday we
>> rejected 167,000 Unknown User
>> rejected 133,000 spam
>> and
>> delivered 91,000 messages
>>
>>
>>
>>
>
> Not a problem. You have a number of available tools, some seldom used:
>
> 1) log_selector =
>
> lets you activate or supress various 'built-in' details - listed in docs.
>
> 2) log_message =
>
> activates when an acl triggers
>
> 3) logwrite =
>
> activates when an acl is traversed - triggered or not
>
> 4) adding a specifier as to *which* log, as in the use of :panic: below
>
>     logwrite  = :panic:,VRL,$sender_host_address,$tod_epoch

>
> Lets you put things into the log *you* choose, even if contrarian to
> inbuilt log assignment.
>
> N.B.
>
> In a 'healthy' Exim environment, the 'panic' log is the least used,
> hence not a bad place to do custom writes for cron'ed 'harvesting'.
>
> Other options include writes to other-than the bespoke logfiles or to
> SQL DB's, as in:
>
>    set acl_c19 = ${lookup pgsql{INSERT into ... <whatever>

>
>
> SQL brings its own set of overhead & 'challenges', responsibility to
> admin - but can be read-from or written-to from *anywhere* in Exim -
> main section thru acl's thru router/transport sets.
>
> HTH,
>
> Bill
>
>


Thank you!

4) adding a specifier as to *which* log, as in the use of :panic: below

      logwrite  = :panic:,VRL,$sender_host_address,$tod_epoch


Lets you put things into the log *you* choose, even if contrarian to
inbuilt log assignment.


Works with two caveats, and a question.

Question the VRL in the example, I can not find any detail so I assume
it is simple text...

1)
I got excited about choosing my own log and only succeed in logging to
panic.log When I choose from defined exim logs it works as expected.

...:saheaders: and :/var/log/exim/saheaders: both failed...

Success logging to reject.log, some messages may not in fact be rejects
but... If I put the messages in main.log my logwatch scripts will never
finish. As it stands they take up to 12 hours to run now.

2)
I have not weighed the impact of this yet, but I am leaning towards
leaving it as is...

logwrite        =:reject:X-Spam-Score: $spam_score, X-Spam-Report: 
$spam_report


is writing the entire entry on a single line. Useful for grep, not so
useful for reading. Example entry below

2008-05-05 10:22:51 1Jt1aa-000170-7V X-Spam-Score: 17.8, X-Spam-Report: 
----\n  Content preview:  Our researchers have made something that will 
keep you ahead\n of the game! Perform the most amazing change in your 
body! http://likamen.com/\nfor the second time. After the controversial 
winningleg kept him out of the\n    main squad for nearly a 
year.school's website, the lockdown was canceled.\n      Our researchers 
have made something that will keep you ahead of the game!\n     Perform 
the most amazing change in your body! [...] \n   ----\n  Content 
analysis details:   (17.8 points, 29.0 required)\n       ----\n  pts 
rule name              description\n        ---- ---------------------- 
--------------------------------------------------\n 2.0 
DATE_IN_PAST_96_XX     Date: is 96 hours or more before Received: date\n 
    0.0 UNPARSEABLE_RELAY      Informational: message has unparseable 
relay lines\n  0.1 HTML_50_60             BODY: Message is 50% to 60% 
HTML\n    0.0 HTML_MESSAGE           BODY: HTML included in message\n 
   0.0 BAYES_50               BODY: Bayesian spam probability is 40 to 
60%\n        [score: 0.5000]\n       3.8 URIBL_AB_SURBL         Contains 
an URL listed in the AB SURBL blocklist\n    [URIs: likamen.com]\n   4.1 
URIBL_JP_SURBL         Contains an URL listed in the JP SURBL 
blocklist\n   [URIs: likamen.com]\n    3.0 URIBL_OB_SURBL 
Contains an URL listed in the OB SURBL blocklist\n   [URIs: 
likamen.com]\n    4.5 URIBL_SC_SURBL         Contains an URL listed in 
the SC SURBL blocklist\n   [URIs: likamen.com]\n   0.3 MIME_