Re: Spamassassin and Exim4
On Monday 24 September 2007 15:50:58 Andrew Sackville-West wrote:
> On Sun, Sep 23, 2007 at 03:36:45PM -0400, Daniel D Jones wrote:
> SA should log to /var/log/mail.info, and that's a good place to look
> for info...
I have two spamd entries in mail.info:
Sep 24 14:51:09 etch spamd[10151]: spamd: connection from localhost
[127.0.0.1] at port 43270
Sep 24 14:51:11 etch spamd[10151]: spamd: bad protocol: header error:
at /usr/sbin/spamd line 1671, <GEN4> line 1.
Sep 24 14:51:12 etch spamd[10150]: prefork: child states: II
and
Sep 24 15:26:20 etch spamd[10151]: spamd: connection from localhost
[127.0.0.1] at port 60337
Sep 24 15:26:26 etch spamd[10151]: spamd: bad protocol: header error: ÿôÿý_
at /usr/sbin/spamd line 1671, <GEN5> line 1.
Sep 24 15:26:26 etch spamd[10150]: prefork: child states: II
If I'm interpreting this correctly, this was a couple of malformed messages
which caused spamd to choke. Apparently, then, spamd is being called and
passed the messages for examination.
> A great resource for info on this is:
>
> http://www.exim.org/exim-html-current/doc/html/spec_html/ch41.html
Yes, this is one of the sites I used.
> what I learned:
> > warn
> > spam = nobody
>
> this only performs the actions below when the mail is actually spam,
> otherwise its ignored. use nobody:true to force it to always put the
I had that backwards. I thought nobody:true meant to only perform the actions
below when the check WAS true. So the colon signifies an OR, not an IF.
> headers on, because the :true will override the results of checking
> for spam content.
>
> > add_header = X-Spam-Score: $spam_score ($spam_bar)
> > add_header = X-Spam-Report: $spam_report
>
> the $spam_report can be very long and you probably don't want to put
> that on mail that is *not* spam, so set up two tests for spam... see
> below:
>
> # this test will always return true and will put the scores and bars
> # on *every* mail
> warn spam = nobody:true
> message = X-Spam_score: $spam_score\n\
> X-Spam_score_int: $spam_score_int\n\
> X-Spam_bar: $spam_bar\n\
>
> # this is supposed to post the spam status and report only for actual
> # spam for later procmail processing
> # note that exim caches the results of the original spam=nobody call
> # so there is little overhead associated with the second call.
> warn spam = nobody
> message = X-Spam_status: YES\n\
> X-Spam_report: $spam_report
I've reconfigured the file with your recommendations and restarted exim. I'm
still not getting any headers in any email, including obvious spam. Not sure
what's going on. Do you know of any way to verify that ACLs are actually
running?
Reply to: