On Tue, 26 Apr 2011 04:38:36 +0200, Karsten Bräckelmann wrote:
> Please keep the thread on-list, unless you definitely intend to contact > me personally. Even "topic solved" posts like this are worthwhile to > have on the list. > > On Mon, 2011-04-25 at 19:58 +0000, Paul Hugill wrote: > >> Looks like that will do the job perfectly, thanks for pointing me in the right direction. I only skimmed the Report Safe section and missed that so sorry. > > Unfortunately, they are not in the same section of the docs, so it is > easy to overlook the header specific one. But then again it's a really > esoteric option, I believe not discussed in years on the list. > > Anyway, both report_safe_copy_headers as well as report_safe should > solve your issue, depending on your preference. > >> Thanks for pointing out the trusted network too, I'll take a look at that when I get a chance but dont think I get enough traffic to worry about that too much yet. > > It's not actually about traffic or volume. Point is, with missing mail > relays like in this forwarder case, almost none of the highly valuable > RCVD_IN_* network tests are going to work, just like a whole lot of > Received specific rules. > > They only will work if the forwarders are included in the trusted > network (or auto-detected, as with fetchmail headers) -- in the POP3 > harvesting case, this includes the POP3 server, internal infrastructure > if any, and the MX if different from the POP3 server. > Ah, so you don't want to add that header, but to inherit it from the attached, original mail. Got ya. :) So, from your description and the issue being an issue at all, it appears you have set the report_safe option to the default of 1, or possibly even 2. This means, a report message will be created by SA for identified spam, the original mail attached unaltered, and just a very few essential headers are inherited to the report. See the M::SA::Conf [1] docs, section Miscellaneous Options. The option you want is report_safe_copy_headers X-hMailServer-ExternalAccount > 00%"> Thanks Karsten, solved perfectly. Also, thanks for the pointers on keeping it on-list. This is my first posting to a usergroup list so not quite up on the etiquette yet.
