Re: [exim] Spam bypassing spamassassin et al

Top Page
Delete this message
Reply to this message
Author: Klaus Ethgen
Date:  
To: exim-users
Subject: Re: [exim] Spam bypassing spamassassin et al
Hi John,

it is hard to guess without any information about what acl you are using
for calling spamassassin.

Am Di den 1. Sep 2015 um 14:44 schrieb John Mc Murray:
> Agreed, and that is what I'm trying to achieve with this in the RCPT ACL
> (just logging at the moment, not actually dropping or denying):
>
>
> warn log_message   = HELO Policy Restriction: HELO is not an FQDN.
>      condition = ${if match{$sender_helo_name}{\N^\[\N}{no}{yes}}
>      condition = ${if match{$sender_helo_name}{\N[^.]\N}{no}{yes}}
>      add_header = X-Spam-Note: HELO Policy Restriction: HELO is not an FQDN
> at 1
> warn log_message   = HELO Policy Restriction: HELO is not an FQDN.
>      condition = ${if match{$sender_helo_name}{\N^\[\N}{no}{yes}}
>      condition = ${if match{$sender_helo_name}{\N\.\N}{no}{yes}}
>      add_header = X-Spam-Note: HELO Policy Restriction: HELO is not an FQDN
> at 2


I don't know where you use this ACLs. However, in this case, there is an
/and/ correlation between the two conditions, not an /or/ correlation.

> This logs and adds the headers for spam in general, but the spam that I
> quoted in my original mail bypasses all of those ACLs, including
> spamassassin..


Again, as long as you don't give us the ACLs where you do the
spamassassin checks (better all ACLs), it is hard to guess.

Regards
   Klaus
- -- 
Klaus Ethgen                              http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16   Klaus Ethgen <Klaus@???>
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C