[SA-exim] SA-exim issue or SA issue?

Discussion:

Jason Lixfeld

2007-04-18 16:23:35 UTC

Hi,

I've got MX1 and MX2, both running SA-Exim 4.2/Exim 4.6.6/SA 3.1.8.
MX1 is where all the mail ends up and where mail is POP'd/IMAP'd,
etc. MX2 is simply a backup MX. I've got a couple of issues, but
I'm not 100% sure if they are SA-Exim issues or SA issues, so forgive
me if I'm off topic.

First, I'm seeing an issue where mail tagged as spam by SA-Exim on
MX2 is tagged again by MX1. This leads to the rewrite_header being
applied twice; once on MX2 and again on MX1. I assume this is a SA
issue, but I figure I'd see if anyone here can confirm that, or
suggest it may be something obscure with SA-Exim.

Secondly, I think this is more about clarification for me: I see
some cases where the X-First-Run-Spamscore and the score in the X-
Spam-Status are different. I haven't been able to find a pattern yet
on when exactly that happens, but I'm wondering if anyone has seen
this behavior before if they can give me an idea about where to look.

Thanks in advance.

Jonathan Armitage

2007-04-18 19:10:28 UTC

Permalink

Post by Jason Lixfeld
First, I'm seeing an issue where mail tagged as spam by SA-Exim on
MX2 is tagged again by MX1. This leads to the rewrite_header being
applied twice; once on MX2 and again on MX1.

You need to tell sa-exim on MX1 not to scan mail from MX2.

I do it like this, which is probably not the recommended way:

Set up a hostlist of trusted IPs (trusted_hosts) in your main exim
config file. Then, in your recipient acl, add a suitable header.

# Do not run SpamAssassin on messages from these.
warn message = X-SA-Trusted-Sender: Yes
hosts = +trusted_hosts

Then, in sa-exim.conf, define SAEximRunCond like this (should be all on
one line):

SAEximRunCond: ${if and {{def:sender_host_address} \
{!eq {$sender_host_address}{127.0.0.1}} \
{!eq {$h_X-SA-Trusted-Sender:}{Yes}} \
} {1}{0}}

This sets the condition to false (0) for localhost and trusted_hosts,
and true (1) for everyone else.

Of course, I am as paranoid as the next man, and the example is not the
actual header that I use :)

Post by Jason Lixfeld
Secondly, I think this is more about clarification for me: I see
some cases where the X-First-Run-Spamscore and the score in the X-
Spam-Status are different

I'm not quite sure what this means. If you are saying that the SA score
on the two machines differs, there could be a number of reasons---the
Bayes databases are different, an extra DNS blacklist could have kicked
in between the checks, or you might simply be running different rulesets
or are scoring rules differently.

HTH

Jon

Sander Smeenk

2007-04-19 19:59:34 UTC

Permalink

Jonathan Armitage

2007-04-19 20:31:01 UTC

Permalink

Post by unknown

Post by Jason Lixfeld
Secondly, I think this is more about clarification for me: I see
some cases where the X-First-Run-Spamscore and the score in the X-
Spam-Status are different.

Besides what Jonathan Armitage wrote, the 'X-First-Run-Spamscore'-header
is not a header i have ever seen in the years i'm running sa-exim. Are
you sure you are using sa-exim, and not the exiscan patch? (of which i
have absolutely no knowledge)

Sorry, my first reply wasn't clear. What I meant to say was that I'd
never seen it either, so I really didn't understand the question, but
was guessing that sa-exim on his two MXs inserts different headers.

Perhaps Jason could let the list know if he's satisfied with the
answers. I don't think they will help him much if he is using exiscan.

Jon

unknown

1970-01-01 00:00:00 UTC

Permalink

Post by Jason Lixfeld
Secondly, I think this is more about clarification for me: I see
some cases where the X-First-Run-Spamscore and the score in the X-
Spam-Status are different.

--
| "Weird. It doesn't need a license if you change 5 bytes at 0x8cec94 to 0x90!"
| -- Someone on IRC about licensed software
| 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D