* Zinski, Steve wrote (27/07/06 02:50):
Not sure how to get exim to pass the initial scan to spamd using a
different user. I've gone through my exim.conf file and changed every
single "user = " entry to a known user and it still insists on using
"nobody" for the first pass.
Another thing that intrigues me is the wording of the log entries.
In the first pass, spamd says that it's "checking" the message. In the
second pass it says "processing" the message.
I think exim only puts the message through spamassassin once (then
subsequently caches the result, if required), and uses the username set
up in the acl:
# Reject messages with a SpamAssassin score >7
deny message = Rejected: Flagged as spam ($spam_score).
spam = nobody:true
^^^^^^ <- **here**
condition = ${if >{$spam_score_int}{70}{1}{0}}
I have a similar setup, except that I run spamc as a user called spamd.
This gives site-side bayes, and works fine.
Is it possible that the second run through spamd is from you running
spamc after the message is delivered? Ie, not from exim?
There's an exim-users mailing list that's probably a better place for
these questions.
Chris
-----Original Message-----
From: Stuart Johnston [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 26, 2006 3:05 PM
To: users@spamassassin.apache.org
Subject: Re: exim4 + forwarding + spamassassin
Your first scan is running as nobody (that's bad) but the second is
running as szinski. That would explain the BAYES_99. I'm not sure
about the FORGED_RCVD_HELO and HTML_50_60 though.
Zinski, Steve wrote:
I need some help trying to figure out why spamassassin scores the same
message differently.
I am using an ACL with exim4 to scan email during the actual smtp
connection (so I can reject spam before my server accepts it). It's
pretty straightforward. My ACL looks like this:
# Reject messages with a SpamAssassin score >7
deny message = Rejected: Flagged as spam ($spam_score).
spam = nobody:true
condition = ${if >{$spam_score_int}{70}{1}{0}}
Everything works just fine for mail destined to local accounts, but
there seems to be a discrepancy in spamassassin when mail is delivered
to a forwarded account (the forwarder directs mail to another local
account; i.e., [EMAIL PROTECTED] --> [EMAIL PROTECTED]). What
happens is that spamassassin scores the message low (non-spam) when it
accepts it from the Internet, but then scores it higher (as spam) when
the message is rerouted to the local mailbox. Here is a snippet from
maillog that illustrates this:
Jul 26 07:58:20 vps spamd[7361]: spamd: connection from localhost
[127.0.0.1] at port 56458
Jul 26 07:58:20 vps spamd[7361]: spamd: setuid to nobody succeeded
Jul 26 07:58:20 vps spamd[7361]: spamd: checking message
<[EMAIL PROTECTED]> for nobody:99
Jul 26 07:58:20 vps spamd[7361]: spamd: clean message (2.6/5.0) for
nobody:99 in 0.1 seconds, 2230 bytes.
Jul 26 07:58:20 vps spamd[7361]: spamd: result: . 2 -
HTML_MESSAGE,URIBL_SBL,URIBL_WS_SURBL
scantime=0.1,size=2230,user=nobody,uid=99,required_score=5.0,rhost=local
host,raddr=127.0.0.1,rport=56458,mid=<[EMAIL PROTECTED]
8>,autolearn=no
Jul 26 07:58:20 vps spamd[26587]: prefork: child states: II
Jul 26 07:58:21 vps spamd[7361]: spamd: connection from localhost
[127.0.0.1] at port 56459
Jul 26 07:58:21 vps spamd[7361]: spamd: setuid to szinski succeeded
Jul 26 07:58:21 vps spamd[7361]: spamd: processing message
<[EMAIL PROTECTED]> for szinski:503
Jul 26 07:58:21 vps spamd[7361]: spamd: identified spam (7.5/5.0) for
szinski:503 in 0.6 seconds, 2183 bytes.
Jul 26 07:58:21 vps spamd[7361]: spamd: result: Y 7 -
BAYES_99,FORGED_RCVD_HELO,HTML_50_60,HTML_MESSAGE,URIBL_SBL,URIBL_WS_SUR
BL
scantime=0.6,size=2183,user=szinski,uid=503,required_score=5.0,rhost=loc
alhost,raddr=127.0.0.1,rport=56459,mid=<[EMAIL PROTECTED]
hn8>,bayes=0.999997051713734,autolearn=no
As you can see, during the initial smtp pass (accepting from remote
host) the message is deemed "clean" with a score of 2.6. Then, when
the
same message is delivered to the local account, it's identified as
spam
with a score of 7.5. Unfortunately, my ACL only kicks in during the
first pass so the message gets accepted and delivered instead of
rejected. Anyone know what I might be doing wrong here?
Any help would be greatly appreciated.
Steve Zinski
University of Richmond
