Re: [exim] question regarding spamassassin in exim, especial…

Top Page
Delete this message
Reply to this message
Author: Todd Lyons
Date:  
To: David Mathog
CC: exim-users
Subject: Re: [exim] question regarding spamassassin in exim, especially headers
On Wed, Jul 13, 2011 at 10:14 AM, David Mathog <mathog@???> wrote:
>
> Nevertheless, none of the headers defined by "add_header" in any of
> those many configuration files actually show up in the messages.


Exim parses the response and stuffs the values into variables. It's
up to you to decide to add the headers with this info.

> Instead the only headers created are those defined in exim.conf in this
> section:


Yep.

> Is there a different exim configuration that would let spamassassin use
> the headers defined in its configuration files instead?  In particular I
> want the X-Spam-Status header that results from:
>
> add_header all Status "_YESNO_, score=_SCORE_ required=_REQD_
> tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_"


As stated above (and observed by you) your exim rules above modify the
subject line, but don't do anything else. Here is what I do with
mine:

  # Always add X-Spam-Score and X-Spam-Report headers
  # using SA system-wide settings (user "exim")
  # no matter if over threshold or not.
  warn    condition      = ${if >{$message_size}{500K}{no}{yes}}
          !authenticated = *
          spam           = exim:true
          add_header     = X-Spam-Score: $spam_score
          add_header     = X-Spam-Report: $spam_report
          message        = X-Spam-Score: $spam_score\n\
                           X-Spam-Report: $spam_report


  # Add X-Spam-Flag if spam is over system-wide threshold
  warn    condition      = ${if >{$message_size}{500K}{no}{yes}}
          !authenticated = *
          message        = X-Spam-Flag: Yes
          spam           = exim
          add_header     = X-Spam-Flag: Yes


  # Send feedback of spam score to reputation system
  warn    !authenticated = *
          acl            = acl_pygossip_feedback


  # Reject spams with score over 6
  deny    condition      = ${if >{$message_size}{500K}{no}{yes}}
          !authenticated = *
          message        = This message scored $spam_score points.  Rejected.
          spam           = exim:true
          condition      = ${if >{$spam_score_int}{60}{1}{0}}


(note that the message= lines don't really do anything except where
the rejection occurs)

I'm also working presently on implementing non RBL checking for smtp
authenticated users:

  # Always add X-Spam-Score and X-Spam-Report headers
  # using reduced settings for smtp auth users
  # (user "smtpauth") no matter if over threshold or not.
  warn    condition      = ${if >{$message_size}{500K}{no}{yes}}
          authenticated  = *
          spam           = smtpauth:true
          add_header     = X-Spam-Score: $spam_score
          add_header     = X-Spam-Report: $spam_report
          message        = X-Spam-Score: $spam_score\n\
                           X-Spam-Report: $spam_report


  # Add X-Spam-Flag if spam is over system-wide threshold
  warn    condition      = ${if >{$message_size}{500K}{no}{yes}}
          authenticated  = *
          message        = X-Spam-Flag: Yes
          spam           = smtpauth
          add_header     = X-Spam-Flag: Yes


  warn    authenticated  = *
          acl            = acl_pygossip_feedback


  # Reject authenticated user spams with score over 12
  deny    condition      = ${if >{$message_size}{500K}{no}{yes}}
          authenticated  = *
          message        = This message scored $spam_score points
(auth user).  Rejected.
          spam           = smtpauth:true
          condition      = ${if >{$spam_score_int}{120}{1}{0}}


And then /home/smtpauth/.spamassassin/user_prefs contains:

# cat /home/smtpauth/.spamassassin/user_prefs
required_hits 8.0
skip_rbl_checks 1
use_bayes 0

score BOGUS_SMTP_CMD_LOW 0
score BOGUS_SMTP_CMD_MED 0
score BOGUS_SMTP_CMD_HIGH 0

For regular inbound email, it does the full suite of SA tests, marks
it as spam at 5.0, and rejects completely at 6.0.
For smtp auth'd email, it does a lessened scan, skipping the rbl
checks (but still doing uribl checks), and zeros out some custom
rules.

So far, it's working the way I envisioned it to.

...Todd
--
If Americans could eliminate sugary beverages, potatoes, white bread,
pasta, white rice and sugary snacks, we would wipe out almost all the
problems we have with weight and diabetes and other metabolic
diseases. -- Dr. Walter Willett, Harvard School of Public Health