On Mon, 2011-04-25 at 18:18 +0100, Paul Hugill wrote: > On Mon, 25 Apr 2011 16:59:22 +0200, Karsten Bräckelmann wrote:
> > > I would like to include an extra one so that this header > > > 'X-hMailServer-ExternalAccount' is also included in the report > > > headers. [...] add this one too so that I can tell which account is > > > getting all the spam. > > > > I am not absolutely sure which "external account" you are referring to > > here, but it appears this is either specific to hMailServer, or your > > particular environment (like fetching external mail accounts). In both > > these cases, this information is not available to SA. So, no, SA can not > > add such a header. > > > > You might want to elaborate on what that "external account" actually is, > > though, just in case someone has an idea... > > I have hMailServer running and passing the emails to spamd when emails > are received. > > The header 'X-hMailServer-ExternalAccount:<NAME OF ACCOUNT>' is added > to incoming email if it is pulled from a pop account and put into the > mailbox. hMailServer adds the header before passing the email to SA > (the original email attached to the spam report includes this header) > so I would assume that SA sees this header at the time of processing. Ah, so you don't want to add that header, but to inherit it from the attached, original mail. Got ya. :) So, from your description and the issue being an issue at all, it appears you have set the report_safe option to the default of 1, or possibly even 2. This means, a report message will be created by SA for identified spam, the original mail attached unaltered, and just a very few essential headers are inherited to the report. See the M::SA::Conf [1] docs, section Miscellaneous Options. The option you want is report_safe_copy_headers X-hMailServer-ExternalAccount An alternative solution to your specific issue would be, to set report_safe 0 -- in that case, SA does generate a new reporting message, but simply adds its own X-Spam headers to the original, otherwise still unaltered. This gets rid of the wrapper mail, which makes handling and reviewing spam easier. Additionally, it solves your issue because the original message and its headers are not wrapped in an attachment -- and thus available in the message headers after SA processing. On a related note, since you are processing mail fetched from a POP3 account, you should make sure your trusted networks are set up properly, or correctly auto-detected by SA. These external mail servers should be included, so SA checks the correct IP addresses against DNSBLs. [1] http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Conf.html -- char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
