Re: Spamassassin and Exim4

To: debian-user@lists.debian.org
Subject: Re: Spamassassin and Exim4
From: Daniel D Jones <ddjones@riddlemaster.org>
Date: Sun, 23 Sep 2007 18:40:58 -0400
Message-id: <[🔎] 200709231840.59008.ddjones@riddlemaster.org>
In-reply-to: <[🔎] 20070924195058.GC17869@localhost.localdomain>
References: <[🔎] 200709231536.45437.ddjones@riddlemaster.org> <[🔎] 20070924195058.GC17869@localhost.localdomain>

On Monday 24 September 2007 15:50:58 Andrew Sackville-West wrote:
> On Sun, Sep 23, 2007 at 03:36:45PM -0400, Daniel D Jones wrote:

> SA should log to /var/log/mail.info, and that's a good place to look
> for info...

I have two spamd entries in mail.info:

Sep 24 14:51:09 etch spamd[10151]: spamd: connection from localhost 
[127.0.0.1] at port 43270
Sep 24 14:51:11 etch spamd[10151]: spamd: bad protocol: header error: 
at /usr/sbin/spamd line 1671, <GEN4> line 1.
Sep 24 14:51:12 etch spamd[10150]: prefork: child states: II

and

Sep 24 15:26:20 etch spamd[10151]: spamd: connection from localhost 
[127.0.0.1] at port 60337
Sep 24 15:26:26 etch spamd[10151]: spamd: bad protocol: header error: ÿôÿý_ 
at /usr/sbin/spamd line 1671, <GEN5> line 1.
Sep 24 15:26:26 etch spamd[10150]: prefork: child states: II

If I'm interpreting this correctly, this was a couple of malformed messages 
which caused spamd to choke.  Apparently, then, spamd is being called and 
passed the messages for examination.

> A great resource for info on this is:
>
> http://www.exim.org/exim-html-current/doc/html/spec_html/ch41.html

Yes, this is one of the sites I used.

> what I learned:
> >   warn
> >     spam = nobody
>
> this only performs the actions below when the mail is actually spam,
> otherwise its ignored. use nobody:true to force it to always put the

I had that backwards.  I thought nobody:true meant to only perform the actions 
below when the check WAS true.  So the colon signifies an OR, not an IF.

> headers on, because the :true will override the results of checking
> for spam content.
>
> >     add_header = X-Spam-Score: $spam_score ($spam_bar)
> >     add_header = X-Spam-Report: $spam_report
>
> the $spam_report can be very long and you probably don't want to put
> that on mail that is *not* spam, so set up two tests for spam... see
> below:
>
>   # this test will always return true and will put the scores and bars
>   # on *every* mail
>   warn    spam      = nobody:true
>           message   = X-Spam_score: $spam_score\n\
>                       X-Spam_score_int: $spam_score_int\n\
>                       X-Spam_bar: $spam_bar\n\
>
>   # this is supposed to post the spam status and report only for actual
>   # spam for later procmail processing
>   # note that exim caches the results of the original spam=nobody call
>   # so there is little overhead associated with the second call.
>   warn   spam       = nobody
>          message    = X-Spam_status: YES\n\
>                       X-Spam_report: $spam_report

I've reconfigured the file with your recommendations and restarted exim.  I'm 
still not getting any headers in any email, including obvious spam.  Not sure 
what's going on.  Do you know of any way to verify that ACLs are actually 
running?

Reply to:

Follow-Ups:
- Re: Spamassassin and Exim4
  - From: Andrew Sackville-West <andrew@farwestbilliards.com>

References:
- Spamassassin and Exim4
  - From: Daniel D Jones <ddjones@riddlemaster.org>
- Re: Spamassassin and Exim4
  - From: Andrew Sackville-West <andrew@farwestbilliards.com>

Prev by Date: Re: [OT] Vituperation(s) [WAS] Re: Etch + USB Modem -- Supported?
Next by Date: Re: trying to do an upgrade to my debian etch system
Previous by thread: Re: Spamassassin and Exim4
Next by thread: Re: Spamassassin and Exim4
Index(es):
- Date
- Thread