[SA-exim] exim not acting on SpamAssassin config

Discussion:

Paul

2006-12-19 02:17:58 UTC

Hi,

I have having problems with sa-exim running on debian. When email is
scanned by sa-exim the settings in /etc/spamassassin/local.cf do not
have any affect on sa-exim. If a file is scanned by spamc manually
the setting are used.

For example, this line in : etc/spamassassin/local.cf
version_tag spike1

Here are some of the headers from an email scanned by sa-exim:
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Mail-From: ***@domains.textdriven.com
Subject: sa-config
X-SA-Exim-Version: 4.2 (built Thu, 03 Mar 2005 10:44:12 +0100)
X-SA-Exim-Scanned: Yes (on spike)

sa-exim seems to completely ignore my settings. What have I done wrong?

Thanks,

Paul

Magnus Holmgren

2006-12-19 09:03:12 UTC

Permalink

Post by Paul
I have having problems with sa-exim running on debian. When email is
scanned by sa-exim the settings in /etc/spamassassin/local.cf do not
have any affect on sa-exim. If a file is scanned by spamc manually
the setting are used.
For example, this line in : etc/spamassassin/local.cf
version_tag spike1
X-SA-Exim-Connect-IP: 127.0.0.1
Subject: sa-config
X-SA-Exim-Version: 4.2 (built Thu, 03 Mar 2005 10:44:12 +0100)
X-SA-Exim-Scanned: Yes (on spike)
sa-exim seems to completely ignore my settings. What have I done wrong?

The header fields with names beginning with X-SA-Exim- are added by SA-Exim
before passing the mail to spamc. They have nothing to do with local.cf. When
the processed mail comes back, SA-Exim unfortunately can't just replace the
entire mail header with a single function call. Instead it checks for
X-Spam-* fields and adds those, as well as changing the Subject if it has
been rewritten.

The only header field that should be affected by "version_tag spike1" is
X-Spam-Version. Have you checked that?

--
Magnus Holmgren ***@lysator.liu.se
(No Cc of list mail needed, thanks)

"Exim is better at being younger, whereas sendmail is better for
Scrabble (50 point bonus for clearing your rack)" -- Dave Evans

Magnus Holmgren

2006-12-19 11:19:35 UTC

Permalink

Please send followups to the list, so that others may give their input too.
And please don't top post.

Post by Magnus Holmgren
The header fields with names beginning with X-SA-Exim- are added by SA-Exim
before passing the mail to spamc. They have nothing to do with local.cf. When
the processed mail comes back, SA-Exim unfortunately can't just replace the
entire mail header with a single function call. Instead it checks for
X-Spam-* fields and adds those, as well as changing the Subject if it has
been rewritten.
The only header field that should be affected by "version_tag spike1" is
X-Spam-Version. Have you checked that?

The only X-Spam headers are ones added by other mail servers which
our mail is fetched from using fetchmail. They do a very bad job of
X-Spam-Score: 0
X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[none]
No X-Spam headers from our mail server are added. I know from logs
that tests are defiantly being performed, also, when I try spamc it
outputs the correct headers.

It is possible that something fails when spamc is run as the exim user by
SA-Exim. Did you run spamc as Debian-exim when it worked?

Raise the SAEximDebug setting in /etc/exim4/sa-exim.conf, possibly all the way
up to 9. Then, after mail has been received, check your Exim logs for clues.

Paul

2006-12-21 00:57:20 UTC

Permalink

Post by Magnus Holmgren
Please send followups to the list, so that others may give their input too.

Oops, sorry.

Post by Magnus Holmgren
It is possible that something fails when spamc is run as the exim user by
SA-Exim. Did you run spamc as Debian-exim when it worked?

I changed to shell for Debian-exim to /bin/sh (from /bin/false). It
ran fine with the correct headers (according to the SA local.cf).

Post by Magnus Holmgren
Raise the SAEximDebug setting in /etc/exim4/sa-exim.conf, possibly all the way
up to 9. Then, after mail has been received, check your Exim logs for clues.

mail.info:

Dec 21 13:29:05 spike spamd[8122]: connection from spike [127.0.0.1]
at port 35946
Dec 21 13:29:05 spike spamd[8122]: info: setuid to Debian-exim succeeded
Dec 21 13:29:05 spike spamd[8122]: processing message
<80E040F5-564D-48A3-BCC2-***@solutions.co.nz> for Debian-
exim:106.
Dec 21 13:29:05 spike spamd[8122]: clean message (0.0/5.0) for Debian-
exim:106 in 0.2 seconds, 1389 bytes.
Dec 21 13:29:05 spike spamd[8122]: result: . 0 -
scantime=0.2,size=1389,mid=<80E040F5-564D-48A3-
BCC2-***@solutions.co.nz>,autolearn=ham
Dec 21 13:29:05 spike fetchmail[7569]: flushed

exim4/mainlog:

2006-12-21 13:32:27 1GxBrH-00028z-3A SA: Debug6: Extracted header X-
Spam-Checker-Version in buffer X-Spam-Checker-Version: SpamAssassin
3.0.3-spike1 (2005-04-27) on spike

So sa-exim runs spamc then parses the output? It seems to find the
correct version (SpamAssassin 3.0.3-spike1). Can sa-exim be
configured to pass on/inject the SA headers into the email message?

Many Thanks.

Paul

Magnus Holmgren

2006-12-21 17:27:13 UTC

Permalink

Post by Paul

Post by Magnus Holmgren
Raise the SAEximDebug setting in /etc/exim4/sa-exim.conf, possibly all the way
up to 9. Then, after mail has been received, check your Exim logs for clues.

2006-12-21 13:32:27 1GxBrH-00028z-3A SA: Debug6: Extracted header X-
Spam-Checker-Version in buffer X-Spam-Checker-Version: SpamAssassin
3.0.3-spike1 (2005-04-27) on spike
So sa-exim runs spamc then parses the output? It seems to find the
correct version (SpamAssassin 3.0.3-spike1). Can sa-exim be
configured to pass on/inject the SA headers into the email message?

SA-Exim can't be configured *not* to inject the SA headers... Which is why it
is strange. Aren't there any other "Debug6: Extracted header" lines
in /var/log/exim4/mainlog? You aren't filtering out the lines again in a
system filter?