Re: [exim] Logging Spam Report In Rejectlog for Investigatio…

Top Page
Delete this message
Reply to this message
Author: Brian Spraker
Date:  
To: George L. Yermulnik via Exim-users
Subject: Re: [exim] Logging Spam Report In Rejectlog for Investigation


    On Tuesday, February 27, 2018, 3:30:06 PM CST, George L. Yermulnik via Exim-users <exim-users@???> wrote:  


Hello!

On Tue, 27 Feb 2018 at 21:00:06 (+0000), Brian Spraker via Exim-users wrote:

> Using Spamassassin with Exim.
> When an email is accepted and goes by the spam checking, the $spam_report variable is added to the X-Spam_report header.
> However, if the spam is flat-out denied, information is logged in the rejectlog.  However, I'd like to be able to inspect these better.
> Is there something that can be added to the ACL to also write the $spam_report to the rejectlog so I can see what rules were triggered in spamassassin to get to the score?


I'd expect the ACL to be quoted... Elsewise I presume you're looking for:
        log_message = SpamAssassin reported spam: $spam_report

I personally transform it like this to make it parsable and readable:
        log_message    = SpamAssassin reported spam: score $spam_score [rcpts: $recipients] (report: [${sg{${sg{${sg{$spam_report}{\N\n\s*\[\N}{ [}}}{\N\n\s*\N}{\] \[}}}{\N(\s{2,}|\t)\N}{ == }}])

Looks weird but produces output like this:
2018-02-27 05:31:55 [96148] 1eqVzS-000P0m-UA H=ec2-52-65-190-205.ap-southeast-2.compute.amazonaws.com (DanicaK.aimai24.com) [52.65.190.205]:53850 F=<DanicaK@???> rejected after DATA: SpamAssassin reported spam: score 10.0 [rcpts: yz@???] (report: [host=my.spamassassin.host score=10.0] [1.7 URIBL_BLACK == Contains an URL listed in the URIBL blacklist [URIs: 9iwj.com]] [0.1 URIBL_SBL_A == Contains URL's A record listed in the SBL blocklist [URIs: yz.kiev.ua]] [7.0 BAYES_99 == BODY: Bayes spam probability is 99 to 100% [score: 1.0000]] [0.2 BAYES_999 == BODY: Bayes spam probability is 99.9 to 100% [score: 1.0000]] [0.0 HTML_MESSAGE == BODY: HTML included in message] [1.0 RDNS_DYNAMIC == Delivered to internal network by host with] [dynamic-looking rDNS] [0.0 T_DKIM_INVALID == DKIM-Signature header exists but is not valid] [0.0 T_REMOTE_IMAGE == Message contains an external image])
Works great, just tested it.  Only question - is there a way that the output is put in the rejectlog instead of the mainlog?

> Thank you!
> Brian S.


--
George L. Yermulnik
[YZ-RIPE]

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/