From fred at ringwald.org Sat Jun 4 22:07:28 2005 From: fred at ringwald.org (fred) Date: Sun, 05 Jun 2005 01:07:28 -0400 Subject: [SA-exim] SAEximRunCond expanded to false Message-ID: Hello, I am new to exim4 and sa-exim, and I am struggling to get sa-exim to scan my incoming email using spamassassin. I would greatly appreciate some help getting this working. I have studied the documentation and searched the web to get as far as having sa-exim "wake up" and look at my incoming email. However, it does not scan for spam because SAEximRunCond: ${if and {{def:sender_host_address} {!eq {$sender_host_address}{127.0.0.1}} {!eq {$h_X-SA-Do-Not-Run:}{Yes}} } {1}{0}} is evaluated as false and decides not to scan. Even after raising SAEximDebug: to 3, my /var/log/exim4/mainlog entries don't tell me much more that I have already said here: 2005-06-05 01:01:01 1DenFt-0002ap-2J SA: Action: Not running SA because SAEximRunCond expanded to false (Message-Id: 1DenFt-0002ap-2J). From (host=localhost [127.0.0.1]) for fred at localhost I am guessing that my exim4 configuration is telling sa-exim that all incoming mail is coming from 127.0.0.1. However, I can't figure out how to tell it otherwise. My /etc/exim4/update-exim4.conf.conf file contains: # /etc/exim4/update-exim4.conf.conf # # Edit this file and /etc/mailname by hand and execute update-exim4.conf # yourself or use 'dpkg-reconfigure exim4-config' dc_eximconfig_configtype='smarthost' dc_other_hostnames='' dc_local_interfaces='127.0.0.1' dc_readhost='newskate.ringwald.org' dc_relay_domains='' dc_minimaldns='false' dc_relay_nets='' dc_smarthost='smtp-server.twcny.rr.com' CFILEMODE='644' dc_use_split_config='true' dc_hide_mailname='true' dc_mailname_in_oh='true' based on debian's debconf questions. I am running a debian testing installation, and getting my mail using fetchmail. All outgoing mail is being routed to a smarthost. I am not relaying any mail anywhere. Any help would be greatly appreciated! Thank you, Fred Ringwald New Haven, NY From lists at timj.co.uk Mon Jun 6 14:36:22 2005 From: lists at timj.co.uk (Tim Jackson) Date: Mon, 6 Jun 2005 22:36:22 +0100 Subject: [SA-exim] SAEximRunCond expanded to false In-Reply-To: References: Message-ID: On Sun, 05 Jun 2005 01:07:28 -0400 fred wrote: > SAEximRunCond: ${if and {{def:sender_host_address} {!eq > {$sender_host_address}{127.0.0.1}} {!eq {$h_X-SA-Do-Not-Run:}{Yes}} } > {1}{0}} > is evaluated as false and decides not to scan. [...] > 2005-06-05 01:01:01 1DenFt-0002ap-2J SA: Action: Not running SA > because SAEximRunCond expanded to false (Message-Id: > 1DenFt-0002ap-2J). From I4Q5w3dB40 at bounces.amazon.com> (host=localhost [127.0.0.1]) for > fred at localhost Right, so all your messages are coming from localhost. That's why SAEximRunCond evaluates to false. You say later on that you are using fetchmail, which explains it, because fetchmail is receiving the mails and then passing them to Exim - thus, the mails naturally originate from localhost (because fetchmail is running on your local machine). > I am guessing that my exim4 configuration is telling sa-exim that all > incoming mail is coming from 127.0.0.1. It's not your Exim configuration telling SAExim anything; it's a matter of fact that the mail *IS* coming from 127.0.0.1. > However, I can't figure out how to tell it otherwise. You don't. You need to change your SAEximRunConf so that it *does* scan mail coming from 127.0.0.1, if you're going to carry on using fetchmail. If you do this, however, please make sure you configure fetchmail such that it doesn't create bounces when SA-Exim rejects mail, because otherwise you will spam third parties who have been unlucky enough to have their addresses forged in the envelope senders of spam. This will, unfortunately, have the side effect of meaning that any mails incorrectly rejected by SA-Exim will disappear into a blackhole without anyone knowing about it. This just illustrates the fact that spam scanning is better done at the "front line" rather than after the mail has been accepted and delivered to a mailbox. In other words, you would be better getting your upstream provider to do the scanning. If they can't or won't, consider whether you would be better using a tool such as spam tools built into your e-mail client, rather than using SA-Exim, which was really intended for use on frontline e- mail servers. Or, you could just tag the mails and filter them into a separate folder or something. Tim From jay at skimmilk.net Mon Jun 13 07:54:40 2005 From: jay at skimmilk.net (Jay Milk) Date: Mon, 13 Jun 2005 09:54:40 -0500 Subject: [SA-exim] New to sa-exim Message-ID: <051c01c57027$d783ed30$64fea8c0@gbox.us> Hello, I have a Cpanel installation of Exim on a dedicated server running about 60 domains. We receive literally thousands of spam-messages each day, and while the pre-installed version of Spam-Assassin is "nice", it's not effective as all the spam still gets through. I've been looking at SA-exim for well over a year now, but I can't seem to find any references to anyone who installed it on a WHM/Cpanel server. Has anyone on this list done it? I'm a bit apprehensive to try as I know near-nothing about Exim, and I can't afford to lose my mail-handler. Any insight is appreciated. Regards, -- JM From jgtez at previtep.com.mx Tue Jun 14 12:27:09 2005 From: jgtez at previtep.com.mx (Jose de Jesus Gutierrez Ramirez) Date: Tue, 14 Jun 2005 14:27:09 -0500 Subject: [SA-exim] Rejecting mails Message-ID: Hi, I've just installed sa-exim, looking at the logs I see the next line 2005-06-14 13:54:06 1DiGXd-000797-4Q SA: Action: flagged as Spam but accepted: score=8.3 required=5.0 (scanned in 25/25 secs | Message-Id: 4284525100009983 at cpfe5.be.tisc.dk). From (host=smtp230.tiscali.dk [62.79.79.115]) for me at mydomain.com Why this message wasn't rejected? How can I reject messages flagged as Spam? TIA Jesus Gutierrez From ssmeenk at freshdot.net Tue Jun 14 12:33:53 2005 From: ssmeenk at freshdot.net (Sander Smeenk) Date: Tue, 14 Jun 2005 21:33:53 +0200 Subject: [SA-exim] Rejecting mails In-Reply-To: References: Message-ID: <20050614193353.GD27738@freshdot.net> Quoting Jose de Jesus Gutierrez Ramirez (jgtez at previtep.com.mx): > 2005-06-14 13:54:06 1DiGXd-000797-4Q SA: Action: flagged as Spam but > accepted: score=8.3 required=5.0 (scanned in 25/25 secs | Message-Id: > 4284525100009983 at cpfe5.be.tisc.dk). From > (host=smtp230.tiscali.dk [62.79.79.115]) for me at mydomain.com > Why this message wasn't rejected? How can I reject messages flagged as Spam? Probably because your SApermreject values aren't set at all, or set at a higher score than 8.3. eg. have required_hits set to 10 in SA/local.cf, and SApermreject set to 12. A message with score 5 is not considered spam, a message with score 11 is considered spam, but accepted, and a message with score 12 or up will be rejected. Try to read the docs :) Regards, Sander. -- | How many weeks are there in a light year? | 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D From marc at merlins.org Tue Jun 14 13:49:21 2005 From: marc at merlins.org (Marc MERLIN) Date: Tue, 14 Jun 2005 13:49:21 -0700 Subject: [SA-exim] Rejecting mails In-Reply-To: References: Message-ID: <20050614204921.GI29556@merlins.org> On Tue, Jun 14, 2005 at 02:27:09PM -0500, Jose de Jesus Gutierrez Ramirez wrote: > Hi, > > I've just installed sa-exim, looking at the logs I see the next line > > 2005-06-14 13:54:06 1DiGXd-000797-4Q SA: Action: flagged as Spam but > accepted: score=8.3 required=5.0 (scanned in 25/25 secs | Message-Id: > 4284525100009983 at cpfe5.be.tisc.dk). From > (host=smtp230.tiscali.dk [62.79.79.115]) for me at mydomain.com > > Why this message wasn't rejected? How can I reject messages flagged as Spam? You didn't reach or set SApermreject: / SApermrejectSavCond: right Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f at merlins.org for PGP key