Re: [exim] Issues with (gnu)tls

Top Page

Reply to this message
Author: W B Hacker
Date:  
To: exim users
Subject: Re: [exim] Issues with (gnu)tls
Janne Snabb wrote:
> On 2012-05-17 11:09, W B Hacker wrote:
>
>> Before I did ANYTHING else I'd rename all of the 'X-Spam<wotever>'
>> headers you add to something unique to your own server.
>>
>> Many a Sysadmin has chased ghosts that turned out to be the same
>> header-names already present on the *incoming* traffic - either added by
>> the submitting server - or even spoofed.
>
> IMHO the best solution is to add the X-Spamwhatever headers in the
> system filter based on ACL variables. In system filter it is possible to
> remove pre-existing header lines first, but in ACL it is not possible. I
> have something such as the following in my system filter:
>
> # Exim filter
>
> if first_delivery then
>    headers remove X-Spam-Score:X-Spam-Report:X-Spam-Flag

>
>    if $acl_m_spam_score is not "" then
>      headers add "X-Spam-Score: $acl_m_spam_score ($acl_m_spam_bar)"

>
>      if $acl_m_spam_score_int is not below 50 then
>        headers add "X-Spam-Flag: YES"
>        headers add "X-Spam-Report: $acl_m_spam_report"
>      endif
>    endif
> endif

>
> For some reason all the spamd ACL examples add the headers in the ACL.
>


I've always preferred to use acl_m's, add as few headers as possible,
strip as many as practical in router/transport sets.

Tradeoffs, as always....

That said, we're drifting off-topic.

I'm still waiting for better evidence that the original problem is
actually GNUTLS driven.

Haven't needed or used SA for several years now, but ISTR it did now and
then get its knickers caught in the geartrain..

Bill
--
韓家標