From wogri at wogri.com Wed Jul 5 02:05:57 2006 From: wogri at wogri.com (Wolfgang Hennerbichler) Date: Wed, 5 Jul 2006 11:05:57 +0200 Subject: [SA-exim] external spamassassin Message-ID: <19955371-B2C2-4A56-83EC-83B9BC05C75A@wogri.com> Hi! I'm using sa-exim for some days now, works nearly perfect. The only drawback is my spamassassin-version (debian stable). I'd like to use spamassassin from debian unstable, which would be more effective I guess. So I installed debian unstable on a separate machine. The new 'external' spamassassin itself is working already (with sa-exim module loaded), but I guess this won't work in combination with greylisting, as I would net the same /var/spool/sa-exim directory as the receiving mailserver (running exim4 with sa-exim) runs. Any hints on that? Should I share that directory via NFS or something? Is there any plan on implementing all that greylisting-informational- stuff in mysql? other than that - sa-exim is: GREAT! wogri -- wogri at wogri.com http://www.wogri.com From marc at merlins.org Tue Jul 11 17:01:14 2006 From: marc at merlins.org (Marc MERLIN) Date: Tue, 11 Jul 2006 17:01:14 -0700 Subject: [SA-exim] external spamassassin In-Reply-To: <19955371-B2C2-4A56-83EC-83B9BC05C75A@wogri.com> References: <19955371-B2C2-4A56-83EC-83B9BC05C75A@wogri.com> Message-ID: <20060712000114.GF32347@merlins.org> On Wed, Jul 05, 2006 at 11:05:57AM +0200, Wolfgang Hennerbichler wrote: > Hi! > > I'm using sa-exim for some days now, works nearly perfect. The only > drawback is my spamassassin-version (debian stable). I'd like to use > spamassassin from debian unstable, which would be more effective I > guess. So I installed debian unstable on a separate machine. The new > 'external' spamassassin itself is working already (with sa-exim > module loaded), but I guess this won't work in combination with > greylisting, as I would net the same /var/spool/sa-exim directory as > the receiving mailserver (running exim4 with sa-exim) runs. Any hints > on that? Should I share that directory via NFS or something? Yeah, this is not a supported configuration. You could NFS export it if you wanted > Is there any plan on implementing all that greylisting-informational- > stuff in mysql? I'm not going to as I don't want my mail to depend on mysql, but it's a small piece of code in perl in the SpamAssassin module that comes with SA-Exim. There is a switch statement at the top that is meant for people to add other storage methods than local files Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ From nomad at null.net Tue Jul 18 06:21:27 2006 From: nomad at null.net (Mark Lawrence) Date: Tue, 18 Jul 2006 15:21:27 +0200 (CEST) Subject: [SA-exim] external spamassassin In-Reply-To: <20060712000114.GF32347@merlins.org> References: <19955371-B2C2-4A56-83EC-83B9BC05C75A@wogri.com> <20060712000114.GF32347@merlins.org> Message-ID: On Tue, 11 Jul 2006, Marc MERLIN wrote: > On Wed, Jul 05, 2006 at 11:05:57AM +0200, Wolfgang Hennerbichler wrote: >> module loaded), but I guess this won't work in combination with >> greylisting, as I would net the same /var/spool/sa-exim directory as >> the receiving mailserver (running exim4 with sa-exim) runs. Any hints >> on that? Should I share that directory via NFS or something? > > Yeah, this is not a supported configuration. You could NFS export > it if you wanted Hmmm? Is this actually the case? * The sa-exim plugin for SA writes tuplets to the SA machine filesystem. The ISWHITE rule is also run on the SA machine. * Greylisting happens inside sa-exim based on the results returned through the spamc interface to SA. No need to see /var/spool/sa-exim/tuplets/ SApermreject and SAtempreject are kept on the exim machine as normal. So I think in fact this configuration does work and is what I actually have running... Cheers, Mark. -- Mark Lawrence From nomad at null.net Tue Jul 18 07:41:33 2006 From: nomad at null.net (Mark Lawrence) Date: Tue, 18 Jul 2006 16:41:33 +0200 (CEST) Subject: [SA-exim] external spamassassin In-Reply-To: References: <19955371-B2C2-4A56-83EC-83B9BC05C75A@wogri.com> <20060712000114.GF32347@merlins.org> Message-ID: On Tue, 18 Jul 2006, Mark Lawrence wrote: > So I think in fact this configuration does work and is what I actually > have running... I should also point out that I did this with Debian. Installed exim and sa-exim on the SA machine in order to get the Debian-exim user and the /var/spool/sa-exim/ directory created. I had to create /var/spool/sa-exim/tuplets/ directory manually (and change ownership). I then stopped exim from being started at boot time with "update-rc.d -f exim4 remove" (since exim is running on another machine). Mark. -- Mark Lawrence From marc at merlins.org Tue Jul 18 07:47:29 2006 From: marc at merlins.org (Marc MERLIN) Date: Tue, 18 Jul 2006 07:47:29 -0700 Subject: [SA-exim] external spamassassin In-Reply-To: References: <19955371-B2C2-4A56-83EC-83B9BC05C75A@wogri.com> <20060712000114.GF32347@merlins.org> Message-ID: <20060718144729.GU13647@merlins.org> On Tue, Jul 18, 2006 at 03:21:27PM +0200, Mark Lawrence wrote: > On Tue, 11 Jul 2006, Marc MERLIN wrote: > > >On Wed, Jul 05, 2006 at 11:05:57AM +0200, Wolfgang Hennerbichler wrote: > > >>module loaded), but I guess this won't work in combination with > >>greylisting, as I would net the same /var/spool/sa-exim directory as > >>the receiving mailserver (running exim4 with sa-exim) runs. Any hints > >>on that? Should I share that directory via NFS or something? > > > >Yeah, this is not a supported configuration. You could NFS export > >it if you wanted > > Hmmm? Is this actually the case? > > * The sa-exim plugin for SA writes tuplets to the SA machine filesystem. > The ISWHITE rule is also run on the SA machine. > > * Greylisting happens inside sa-exim based on the results returned through > the spamc interface to SA. No need to see /var/spool/sa-exim/tuplets/ > > SApermreject and SAtempreject are kept on the exim machine as normal. > > So I think in fact this configuration does work and is what I actually > have running... Argh. You are absolutely correct, and I should wait until I've actually woken up before starting to answer Email. For a while, I was thinking about having sa-exim look at tuplets on the filesystem, but I never did that and indeed put everything in the perl SA plugin itself Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ From jason-saexim at lixfeld.ca Sun Jul 23 23:58:22 2006 From: jason-saexim at lixfeld.ca (Jason Lixfeld) Date: Mon, 24 Jul 2006 02:58:22 -0400 Subject: [SA-exim] Using rewrite_header Message-ID: <58A2D006-FF45-4068-9015-0945F23165DD@lixfeld.ca> I'm a little confused about something I read: http://marc.merlins.org/linux/exim/files/sa-exim-4.2.1/README Under "CONFIGURING SPAMASSASSIN" it says: "Since SA is usually configured to pass messages on that are beyond the SA spam threshold, it can make sense to rewrite the subject line." I have told SA to rewrite my subject: rewrite_header Subject ***** _HOSTNAME_ thinks this is spam (_SCORE_/ _REQD_) ***** But the subject doesn't seem to be rewritten when a message is marked as spam: X-First-Run-SpamCheck: Checked on SMTP Transfer X-First-Run-SpamScore: 4.7 X-First-Run-is-Spam: Yes X-SA-Exim-Connect-IP: 216.7.194.254 X-SA-Exim-Mail-From: never at home.com Subject: product for you... but i think u need to buy it X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on ricky.example.ca X-Spam-Level: **** X-Spam-Status: Yes, score=4.7 required=4.0 tests=DRUGS_ERECTILE, MISSING_HEADERS,MISSING_MIMEOLE,NO_PRESCRIPTION,TO_CC_NONE, UNPARSEABLE_RELAY autolearn=no version=3.1.3 Content-Type: multipart/mixed; boundary="----------=_44C46B44.F0D18FEE" X-SA-Exim-Version: 4.2 X-SA-Exim-Scanned: Yes (on mail.example.ca) Am I missing something somewhere? From marc at merlins.org Mon Jul 24 00:39:48 2006 From: marc at merlins.org (Marc MERLIN) Date: Mon, 24 Jul 2006 00:39:48 -0700 Subject: [SA-exim] Using rewrite_header In-Reply-To: <58A2D006-FF45-4068-9015-0945F23165DD@lixfeld.ca> References: <58A2D006-FF45-4068-9015-0945F23165DD@lixfeld.ca> Message-ID: <20060724073948.GB18089@merlins.org> On Mon, Jul 24, 2006 at 02:58:22AM -0400, Jason Lixfeld wrote: > I'm a little confused about something I read: > > http://marc.merlins.org/linux/exim/files/sa-exim-4.2.1/README > > Under "CONFIGURING SPAMASSASSIN" it says: > > "Since SA is usually configured to pass messages on that are beyond > the SA > spam threshold, it can make sense to rewrite the subject line." > > I have told SA to rewrite my subject: > > rewrite_header Subject ***** _HOSTNAME_ thinks this is spam (_SCORE_/ > _REQD_) ***** I have 'rewrite_header Subject SPAM: _HITS_:' and it works for me Have you tried passing a spam message to SA directly from the command line? like so: spamassassin -t -D < /tmp/mail Does the subject line get rewritten then? If not, it's an SA configuration problem. Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ From jason-saexim at lixfeld.ca Mon Jul 24 07:49:45 2006 From: jason-saexim at lixfeld.ca (Jason Lixfeld) Date: Mon, 24 Jul 2006 10:49:45 -0400 Subject: [SA-exim] Using rewrite_header In-Reply-To: <20060724073948.GB18089@merlins.org> References: <58A2D006-FF45-4068-9015-0945F23165DD@lixfeld.ca> <20060724073948.GB18089@merlins.org> Message-ID: On 24-Jul-06, at 3:39 AM, Marc MERLIN wrote: > On Mon, Jul 24, 2006 at 02:58:22AM -0400, Jason Lixfeld wrote: >> I'm a little confused about something I read: >> >> http://marc.merlins.org/linux/exim/files/sa-exim-4.2.1/README >> >> Under "CONFIGURING SPAMASSASSIN" it says: >> >> "Since SA is usually configured to pass messages on that are beyond >> the SA >> spam threshold, it can make sense to rewrite the subject line." >> >> I have told SA to rewrite my subject: >> >> rewrite_header Subject ***** _HOSTNAME_ thinks this is spam (_SCORE_/ >> _REQD_) ***** > > I have 'rewrite_header Subject SPAM: _HITS_:' and it works for me > > Have you tried passing a spam message to SA directly from the > command line? > like so: spamassassin -t -D < /tmp/mail > > Does the subject line get rewritten then? Yes, the subject does get re-written when I run SA as above, > If not, it's an SA configuration problem. Where else do I look? I don't see anything in sa-exim.conf pertaining to subject, so I'm not sure where to go next. > Marc > -- > "A mouse is a device used to point at the xterm you want to type > in" - A.S.R. > Microsoft is to operating systems & security .... > .... what McDonalds is to > gourmet cooking > Home page: http://marc.merlins.org/ > From marc at merlins.org Mon Jul 24 08:10:35 2006 From: marc at merlins.org (Marc MERLIN) Date: Mon, 24 Jul 2006 08:10:35 -0700 Subject: [SA-exim] Using rewrite_header In-Reply-To: References: <58A2D006-FF45-4068-9015-0945F23165DD@lixfeld.ca> <20060724073948.GB18089@merlins.org> Message-ID: <20060724151035.GD18089@merlins.org> On Mon, Jul 24, 2006 at 10:49:45AM -0400, Jason Lixfeld wrote: > >Does the subject line get rewritten then? > > Yes, the subject does get re-written when I run SA as above, > > >If not, it's an SA configuration problem. > > Where else do I look? I don't see anything in sa-exim.conf > pertaining to subject, so I'm not sure where to go next. Ok, let's see this: grep -Ev "^(#|$)" sa-exim.conf Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ From jason-saexim at lixfeld.ca Mon Jul 24 08:30:28 2006 From: jason-saexim at lixfeld.ca (Jason Lixfeld) Date: Mon, 24 Jul 2006 11:30:28 -0400 Subject: [SA-exim] Using rewrite_header In-Reply-To: <20060724151035.GD18089@merlins.org> References: <58A2D006-FF45-4068-9015-0945F23165DD@lixfeld.ca> <20060724073948.GB18089@merlins.org> <20060724151035.GD18089@merlins.org> Message-ID: <66F4F4CD-21DD-4637-8C84-87D0741BB8DF@lixfeld.ca> On 24-Jul-06, at 11:10 AM, Marc MERLIN wrote: > grep -Ev "^(#|$)" sa-exim.conf SAEximDebug: 0 SAspamcpath: /usr/local/bin/spamc SAspamcHost: 127.0.0.1 SAspamcPort: 783 SAEximRunCond: ${if and {{def:sender_host_address} {!eq {$sender_host_address}{127.0.0.1}} {!eq {$h_X-SA-Do-Not-Run:}{Yes}} } {1}{0}} SAEximRunCond: 1 SAEximRejCond: ${if !eq {$h_X-SA-Do-Not-Rej:}{Yes} {1}{0}} SAmaxbody: 256000 SATruncBodyCond: 0 SARewriteBody: 1 SAPrependArchiveWithFrom: 1 SAmaxarchivebody: 20971520 SAerrmaxarchivebody: 1073741824 SAmaxrcptlistlength: 0 SAaddSAEheaderBeforeSA: 1 SAtimeoutsave: /var/spool/exim/SAtimeoutsave SAtimeoutSavCond: 1 SAerrorsave: /var/spool/exim/SAerrorsave SAerrorSavCond: 1 SAtemprejectonerror: 0 SAteergrube: ${if and { {!eq {$sender_host_address}{127.0.0.1}} {!eq {$sender_host_address}{206.223.182.66}} } {25}{1048576}} SAteergrubetime: 900 SAteergrubeSavCond: 1 SAteergrubesave: /var/spool/exim/SAteergrube SAteergrubeoverwrite: 1 SAdevnullSavCond: 1 SAdevnullsave: /var/spool/exim/SAdevnull SApermreject: 12.0 SApermrejectSavCond: 1 SApermrejectsave: /var/spool/exim/SApermreject SAtempreject: 9.0 SAtemprejectSavCond: 1 SAtemprejectsave: /var/spool/exim/SAtempreject SAtemprejectoverwrite: 1 SAgreylistiswhitestr: GREYLIST_ISWHITE SAgreylistraisetempreject: 3.0 SAspamacceptsave: /var/spool/exim/SAspamaccept SAspamacceptSavCond: 0 SAnotspamsave: /var/spool/exim/SAnotspam SAnotspamSavCond: 0 SAmsgteergrubewait: Wait for more output SAmsgteergruberej: Please try again later SAmsgpermrej: Rejected SAmsgtemprej: Please try again later SAmsgerror: Temporary local error while processing message, please contact postmaster. From marc at merlins.org Mon Jul 24 09:15:43 2006 From: marc at merlins.org (Marc MERLIN) Date: Mon, 24 Jul 2006 09:15:43 -0700 Subject: [SA-exim] Using rewrite_header In-Reply-To: <66F4F4CD-21DD-4637-8C84-87D0741BB8DF@lixfeld.ca> References: <58A2D006-FF45-4068-9015-0945F23165DD@lixfeld.ca> <20060724073948.GB18089@merlins.org> <20060724151035.GD18089@merlins.org> <66F4F4CD-21DD-4637-8C84-87D0741BB8DF@lixfeld.ca> Message-ID: <20060724161543.GA6743@merlins.org> On Mon, Jul 24, 2006 at 11:30:28AM -0400, Jason Lixfeld wrote: > On 24-Jul-06, at 11:10 AM, Marc MERLIN wrote: > > >grep -Ev "^(#|$)" sa-exim.conf > > SAEximDebug: 0 > SAspamcpath: /usr/local/bin/spamc > SAspamcHost: 127.0.0.1 > SAspamcPort: 783 > SAEximRunCond: ${if and {{def:sender_host_address} {!eq > {$sender_host_address}{127.0.0.1}} {!eq {$h_X-SA-Do-Not-Run:}{Yes}} } > {1}{0}} > SAEximRunCond: 1 > SAEximRejCond: ${if !eq {$h_X-SA-Do-Not-Rej:}{Yes} {1}{0}} > SAmaxbody: 256000 > SATruncBodyCond: 0 > SARewriteBody: 1 If you are using report_safe, try turning that off and setting SARewriteBody to 0, but it should work in the configuration you have, unless I'm missing something. At this point, all I can offer is that you set SAEximDebug to 9, and look at the SA logs after you accept a message that's spam. It should tell you that it's rewriting the subject header witt a new value, and what that value is Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ From jason-saexim at lixfeld.ca Mon Jul 24 10:04:11 2006 From: jason-saexim at lixfeld.ca (Jason Lixfeld) Date: Mon, 24 Jul 2006 13:04:11 -0400 Subject: [SA-exim] Using rewrite_header In-Reply-To: <20060724161543.GA6743@merlins.org> References: <58A2D006-FF45-4068-9015-0945F23165DD@lixfeld.ca> <20060724073948.GB18089@merlins.org> <20060724151035.GD18089@merlins.org> <66F4F4CD-21DD-4637-8C84-87D0741BB8DF@lixfeld.ca> <20060724161543.GA6743@merlins.org> Message-ID: I think I figured it out. I didn't realize I had to restart exim and spamd if I made respective changes to their config files. I thought the configs were read each time spamd/local_scan was called. On 24-Jul-06, at 12:15 PM, Marc MERLIN wrote: > On Mon, Jul 24, 2006 at 11:30:28AM -0400, Jason Lixfeld wrote: >> On 24-Jul-06, at 11:10 AM, Marc MERLIN wrote: >> >>> grep -Ev "^(#|$)" sa-exim.conf >> >> SAEximDebug: 0 >> SAspamcpath: /usr/local/bin/spamc >> SAspamcHost: 127.0.0.1 >> SAspamcPort: 783 >> SAEximRunCond: ${if and {{def:sender_host_address} {!eq >> {$sender_host_address}{127.0.0.1}} {!eq {$h_X-SA-Do-Not-Run:}{Yes}} } >> {1}{0}} >> SAEximRunCond: 1 >> SAEximRejCond: ${if !eq {$h_X-SA-Do-Not-Rej:}{Yes} {1}{0}} >> SAmaxbody: 256000 >> SATruncBodyCond: 0 >> SARewriteBody: 1 > > If you are using report_safe, try turning that off and setting > SARewriteBody to > 0, but it should work in the configuration you have, unless I'm > missing something. > > At this point, all I can offer is that you set SAEximDebug to 9, > and look at the SA > logs after you accept a message that's spam. > It should tell you that it's rewriting the subject header witt a > new value, > and what that value is > > Marc > -- > "A mouse is a device used to point at the xterm you want to type > in" - A.S.R. > Microsoft is to operating systems & security .... > .... what McDonalds is to > gourmet cooking > Home page: http://marc.merlins.org/ >