Not sure how to get exim to pass the initial scan to spamd using a different user. I've gone through my exim.conf file and changed every single "user = " entry to a known user and it still insists on using "nobody" for the first pass.
Another thing that intrigues me is the wording of the log entries. In the first pass, spamd says that it's "checking" the message. In the second pass it says "processing" the message. Steve -----Original Message----- From: Stuart Johnston [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 26, 2006 3:05 PM To: [email protected] Subject: Re: exim4 + forwarding + spamassassin Your first scan is running as nobody (that's bad) but the second is running as szinski. That would explain the BAYES_99. I'm not sure about the FORGED_RCVD_HELO and HTML_50_60 though. Zinski, Steve wrote: > I need some help trying to figure out why spamassassin scores the same > message differently. > > I am using an ACL with exim4 to scan email during the actual smtp > connection (so I can reject spam before my server accepts it). It's > pretty straightforward. My ACL looks like this: > > # Reject messages with a SpamAssassin score >7 > deny message = Rejected: Flagged as spam ($spam_score). > spam = nobody:true > condition = ${if >{$spam_score_int}{70}{1}{0}} > > Everything works just fine for mail destined to local accounts, but > there seems to be a discrepancy in spamassassin when mail is delivered > to a forwarded account (the forwarder directs mail to another local > account; i.e., [EMAIL PROTECTED] --> [EMAIL PROTECTED]). What > happens is that spamassassin scores the message low (non-spam) when it > accepts it from the Internet, but then scores it higher (as spam) when > the message is rerouted to the local mailbox. Here is a snippet from > maillog that illustrates this: > > Jul 26 07:58:20 vps spamd[7361]: spamd: connection from localhost > [127.0.0.1] at port 56458 > Jul 26 07:58:20 vps spamd[7361]: spamd: setuid to nobody succeeded > Jul 26 07:58:20 vps spamd[7361]: spamd: checking message > <[EMAIL PROTECTED]> for nobody:99 > Jul 26 07:58:20 vps spamd[7361]: spamd: clean message (2.6/5.0) for > nobody:99 in 0.1 seconds, 2230 bytes. > Jul 26 07:58:20 vps spamd[7361]: spamd: result: . 2 - > HTML_MESSAGE,URIBL_SBL,URIBL_WS_SURBL > scantime=0.1,size=2230,user=nobody,uid=99,required_score=5.0,rhost=local > host,raddr=127.0.0.1,rport=56458,mid=<[EMAIL PROTECTED] > 8>,autolearn=no > Jul 26 07:58:20 vps spamd[26587]: prefork: child states: II > Jul 26 07:58:21 vps spamd[7361]: spamd: connection from localhost > [127.0.0.1] at port 56459 > Jul 26 07:58:21 vps spamd[7361]: spamd: setuid to szinski succeeded > Jul 26 07:58:21 vps spamd[7361]: spamd: processing message > <[EMAIL PROTECTED]> for szinski:503 > Jul 26 07:58:21 vps spamd[7361]: spamd: identified spam (7.5/5.0) for > szinski:503 in 0.6 seconds, 2183 bytes. > Jul 26 07:58:21 vps spamd[7361]: spamd: result: Y 7 - > BAYES_99,FORGED_RCVD_HELO,HTML_50_60,HTML_MESSAGE,URIBL_SBL,URIBL_WS_SUR > BL > scantime=0.6,size=2183,user=szinski,uid=503,required_score=5.0,rhost=loc > alhost,raddr=127.0.0.1,rport=56459,mid=<[EMAIL PROTECTED] > hn8>,bayes=0.999997051713734,autolearn=no > > As you can see, during the initial smtp pass (accepting from remote > host) the message is deemed "clean" with a score of 2.6. Then, when the > same message is delivered to the local account, it's identified as spam > with a score of 7.5. Unfortunately, my ACL only kicks in during the > first pass so the message gets accepted and delivered instead of > rejected. Anyone know what I might be doing wrong here? > > Any help would be greatly appreciated. > > Steve Zinski > University of Richmond
