Discussion:
[SA-exim] Using rewrite_header
Jason Lixfeld
2006-07-24 06:58:22 UTC
Permalink
I'm a little confused about something I read:

http://marc.merlins.org/linux/exim/files/sa-exim-4.2.1/README

Under "CONFIGURING SPAMASSASSIN" it says:

"Since SA is usually configured to pass messages on that are beyond
the SA
spam threshold, it can make sense to rewrite the subject line."

I have told SA to rewrite my subject:

rewrite_header Subject ***** _HOSTNAME_ thinks this is spam (_SCORE_/
_REQD_) *****

But the subject doesn't seem to be rewritten when a message is marked
as spam:

<snip>
X-First-Run-SpamCheck: Checked on SMTP Transfer
X-First-Run-SpamScore: 4.7
X-First-Run-is-Spam: Yes
X-SA-Exim-Connect-IP: 216.7.194.254
X-SA-Exim-Mail-From: ***@home.com
Subject: product for you... but i think u need to buy it
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on
ricky.example.ca
X-Spam-Level: ****
X-Spam-Status: Yes, score=4.7 required=4.0 tests=DRUGS_ERECTILE,
MISSING_HEADERS,MISSING_MIMEOLE,NO_PRESCRIPTION,TO_CC_NONE,
UNPARSEABLE_RELAY autolearn=no version=3.1.3
Content-Type: multipart/mixed; boundary="----------=_44C46B44.F0D18FEE"
X-SA-Exim-Version: 4.2
X-SA-Exim-Scanned: Yes (on mail.example.ca)
</snip>

Am I missing something somewhere?
Marc MERLIN
2006-07-24 07:39:48 UTC
Permalink
Post by Jason Lixfeld
http://marc.merlins.org/linux/exim/files/sa-exim-4.2.1/README
"Since SA is usually configured to pass messages on that are beyond
the SA
spam threshold, it can make sense to rewrite the subject line."
rewrite_header Subject ***** _HOSTNAME_ thinks this is spam (_SCORE_/
_REQD_) *****
I have 'rewrite_header Subject SPAM: _HITS_:' and it works for me

Have you tried passing a spam message to SA directly from the command line?
like so: spamassassin -t -D < /tmp/mail

Does the subject line get rewritten then?
If not, it's an SA configuration problem.

Marc
--
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
.... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/
Jason Lixfeld
2006-07-24 14:49:45 UTC
Permalink
Post by Marc MERLIN
Post by Jason Lixfeld
http://marc.merlins.org/linux/exim/files/sa-exim-4.2.1/README
"Since SA is usually configured to pass messages on that are beyond
the SA
spam threshold, it can make sense to rewrite the subject line."
rewrite_header Subject ***** _HOSTNAME_ thinks this is spam (_SCORE_/
_REQD_) *****
I have 'rewrite_header Subject SPAM: _HITS_:' and it works for me
Have you tried passing a spam message to SA directly from the
command line?
like so: spamassassin -t -D < /tmp/mail
Does the subject line get rewritten then?
Yes, the subject does get re-written when I run SA as above,
Post by Marc MERLIN
If not, it's an SA configuration problem.
Where else do I look? I don't see anything in sa-exim.conf
pertaining to subject, so I'm not sure where to go next.
Post by Marc MERLIN
Marc
--
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
.... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/
Marc MERLIN
2006-07-24 15:10:35 UTC
Permalink
Post by Jason Lixfeld
Post by Marc MERLIN
Does the subject line get rewritten then?
Yes, the subject does get re-written when I run SA as above,
Post by Marc MERLIN
If not, it's an SA configuration problem.
Where else do I look? I don't see anything in sa-exim.conf
pertaining to subject, so I'm not sure where to go next.
Ok, let's see this:
grep -Ev "^(#|$)" sa-exim.conf

Marc
--
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
.... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/
Jason Lixfeld
2006-07-24 15:30:28 UTC
Permalink
Post by Marc MERLIN
grep -Ev "^(#|$)" sa-exim.conf
SAEximDebug: 0
SAspamcpath: /usr/local/bin/spamc
SAspamcHost: 127.0.0.1
SAspamcPort: 783
SAEximRunCond: ${if and {{def:sender_host_address} {!eq
{$sender_host_address}{127.0.0.1}} {!eq {$h_X-SA-Do-Not-Run:}{Yes}} }
{1}{0}}
SAEximRunCond: 1
SAEximRejCond: ${if !eq {$h_X-SA-Do-Not-Rej:}{Yes} {1}{0}}
SAmaxbody: 256000
SATruncBodyCond: 0
SARewriteBody: 1
SAPrependArchiveWithFrom: 1
SAmaxarchivebody: 20971520
SAerrmaxarchivebody: 1073741824
SAmaxrcptlistlength: 0
SAaddSAEheaderBeforeSA: 1
SAtimeoutsave: /var/spool/exim/SAtimeoutsave
SAtimeoutSavCond: 1
SAerrorsave: /var/spool/exim/SAerrorsave
SAerrorSavCond: 1
SAtemprejectonerror: 0
SAteergrube: ${if and { {!eq {$sender_host_address}{127.0.0.1}} {!eq
{$sender_host_address}{206.223.182.66}} } {25}{1048576}}
SAteergrubetime: 900
SAteergrubeSavCond: 1
SAteergrubesave: /var/spool/exim/SAteergrube
SAteergrubeoverwrite: 1
SAdevnullSavCond: 1
SAdevnullsave: /var/spool/exim/SAdevnull
SApermreject: 12.0
SApermrejectSavCond: 1
SApermrejectsave: /var/spool/exim/SApermreject
SAtempreject: 9.0
SAtemprejectSavCond: 1
SAtemprejectsave: /var/spool/exim/SAtempreject
SAtemprejectoverwrite: 1
SAgreylistiswhitestr: GREYLIST_ISWHITE
SAgreylistraisetempreject: 3.0
SAspamacceptsave: /var/spool/exim/SAspamaccept
SAspamacceptSavCond: 0
SAnotspamsave: /var/spool/exim/SAnotspam
SAnotspamSavCond: 0
SAmsgteergrubewait: Wait for more output
SAmsgteergruberej: Please try again later
SAmsgpermrej: Rejected
SAmsgtemprej: Please try again later
SAmsgerror: Temporary local error while processing message, please
contact postmaster.
Marc MERLIN
2006-07-24 16:15:43 UTC
Permalink
Post by Jason Lixfeld
Post by Marc MERLIN
grep -Ev "^(#|$)" sa-exim.conf
SAEximDebug: 0
SAspamcpath: /usr/local/bin/spamc
SAspamcHost: 127.0.0.1
SAspamcPort: 783
SAEximRunCond: ${if and {{def:sender_host_address} {!eq
{$sender_host_address}{127.0.0.1}} {!eq {$h_X-SA-Do-Not-Run:}{Yes}} }
{1}{0}}
SAEximRunCond: 1
SAEximRejCond: ${if !eq {$h_X-SA-Do-Not-Rej:}{Yes} {1}{0}}
SAmaxbody: 256000
SATruncBodyCond: 0
SARewriteBody: 1
If you are using report_safe, try turning that off and setting SARewriteBody to
0, but it should work in the configuration you have, unless I'm missing something.

At this point, all I can offer is that you set SAEximDebug to 9, and look at the SA
logs after you accept a message that's spam.
It should tell you that it's rewriting the subject header witt a new value,
and what that value is

Marc
--
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
.... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/
Jason Lixfeld
2006-07-24 17:04:11 UTC
Permalink
I think I figured it out. I didn't realize I had to restart exim and
spamd if I made respective changes to their config files. I thought
the configs were read each time spamd/local_scan was called.
Post by Marc MERLIN
Post by Jason Lixfeld
Post by Marc MERLIN
grep -Ev "^(#|$)" sa-exim.conf
SAEximDebug: 0
SAspamcpath: /usr/local/bin/spamc
SAspamcHost: 127.0.0.1
SAspamcPort: 783
SAEximRunCond: ${if and {{def:sender_host_address} {!eq
{$sender_host_address}{127.0.0.1}} {!eq {$h_X-SA-Do-Not-Run:}{Yes}} }
{1}{0}}
SAEximRunCond: 1
SAEximRejCond: ${if !eq {$h_X-SA-Do-Not-Rej:}{Yes} {1}{0}}
SAmaxbody: 256000
SATruncBodyCond: 0
SARewriteBody: 1
If you are using report_safe, try turning that off and setting
SARewriteBody to
0, but it should work in the configuration you have, unless I'm missing something.
At this point, all I can offer is that you set SAEximDebug to 9, and look at the SA
logs after you accept a message that's spam.
It should tell you that it's rewriting the subject header witt a new value,
and what that value is
Marc
--
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
.... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/
Loading...