Hi everybody,
I have SpamAssassin 3.0.1 and Exim 4.43 with exiscan-acl patch revision 28 working together on FreeBSD 4.8.
My problem is how to configure SpamAssassin to make it recognize direct mail from dial-up/dsl (and the like) pools received not only by my own server, BUT BY THE TRUSTED RELAYS AS WELL. As far as I understand, SpamAssassin recognize such mail only if it is recevied by the host mentioned at the first "Received:" line of the message hearder (I guess it refers with "20_dnsbl_tests.cf").
Here is the detailed problem description.
My system is configured in the following way: - there is my own dedicated server (SERVER) - there are two trusted relays by my ISP (RELAY1,RELAY2) - MX records for all my domains look like: IN MX 10 SERVER. IN MX 30 RELAY1. IN MX 50 RELAY2.
Before I have installed SpamAssassin, I used my own anti-spam protection system based on Exim "accept/deny" rules and the Perl script executed from the Exim system filter for more elaborate check. My experience has shown that I can filter about 90% of all spam by simply rejecting direct SMTP sessions from dial-up/dsl and the like pools. I am still using this method even after installation of SpamAssassin, having "deny" rules at my Exim configuration, and having collected almost complete worldwide dial-up/dsl pools database by my own (for past two years).
But the problem is that the direct mail from dial-up/dsl pools is received at RELAY1 and RELAY2 as well, so there is needed to parse the "Received:" lines of the message headers to find it out. That's what I wrote my Perl script for (and executed it from Exim system filter).
NOW THE QUESTION. Is there any way to make SpamAssassin consider the host that has sent the message to RELAY1 or RELAY2 (in case the message passed thru RELAY1 or RELAY2) as though the message was directly received by my own SERVER?
Or maybe someone could make another suggestion based on the above problem description.
The typical "Received:" lines of the header of the mail I'm talking about is:
Received: from HOST4 ([xx.xx.xx.xx]) by SERVER with esmtp (Exim 4.43) id 1CHTYA-0001xD-00 for ...; Wed, 13 Oct 2004 00:47:14 +0400 Received: from HOST3 (HOST3 [xx.xx.xx.xx]) by HOST4 (8.12.6/8.12.6) with ESMTP id i9CKlEH6038945 for <...>; Wed, 13 Oct 2004 00:47:14 +0400 (MSD) Received: from HOST2 (HOST2 [xx.xx.xx.xx]) by HOST3 (8.9.1/8.9.1) with ESMTP id AAA06856; Wed, 13 Oct 2004 00:47:13 +0400 (MSD) Received: from HOST1 (HOST1 [xx.xx.xx.xx]) by HOST2 (8.12.9/8.12.9) with ESMTP id i9CKlDxE060674 for <...>; Wed, 13 Oct 2004 00:47:13 +0400 (MSD) Received: by HOST1 (Postfix, from userid 1000) id 56A0522F35A; Wed, 13 Oct 2004 00:47:07 +0400 (MSD) Received: from RELAY1 (RELAY1 [xx.xx.xx.xx]) by HOST1 (Postfix) with ESMTP id 50CA922F361 for <...>; Wed, 13 Oct 2004 00:47:06 +0400 (MSD) Received: from i220-221-142-101.s04.a017.ap.plala.or.jp (i220-221-142-101.s04.a017.ap.plala.or.jp [220.221.142.101]) by RELAY1 (8.12.9/8.12.9) with ESMTP id i9CKf4lF079892 for <...>; Wed, 13 Oct 2004 00:41:04 +0400 (MSD)
where: RELAY1 is trusted relay specified by the MX-record, SERVER is my dedicated server, HOST1..HOST4 are intermediate mail servers of my ISP.
I need SpamAssassin to recognize receiving mail from i220-221-142-101.s04.a017.ap.plala.or.jp by RELAY1 as "dialup sender did non-local SMTP" or something like that, so I will specify and score it at my "local.cf".
Regards,
Albert R. Timashev
St. Petersburg, Russia
