Re: Spam tagging not happening
Dominic, Ok it seems like SAEximDebug is set to 1, but I don't see anything similar like in your example log My /var/log/exim4/mainlog : 2010-10-19 08:13:50 1P85Q4-0003iH-Gw = p...@decordeli.com H= wblv-ip-mesg-2-3.saix.net [196.25.240.101] P=esmtp S=26973403 id= c865a021-d0c2-4859-a538-ae67b5626...@decordeli.com 2010-10-19 08:13:52 1P85Q4-0003iH-Gw = paul p...@mydomain.com R=local_user T=maildir_home 2010-10-19 08:13:52 1P85Q4-0003iH-Gw Completed Surely I'm missing something here and when I do a grep sa-exim /var/lib/exim4/config.autogenerated, the output is null. Does this mean I don't have sa-exim configured properly? I really appreciate the help guys:-) Jerry On Mon, Oct 18, 2010 at 5:48 PM, Dominic Benson domi...@lenny.cus.orgwrote: On 18/10/10 16:11, Jeremy Van Rooyen wrote: Thanks for the quick reply Dominic, I just checked and the SApermreject is set sensible for now. The latter part of your email refers to SA-Flagged messages, how do I make sure this is working, as I have enabled rewrite_header in /etc/spamassassin/local.cf. http://local.cf/ If rewite_header is enabled, and you don't see the *SPAM* (or alternative you specified) in the subject line, then it didn't get processed. Could you set SAEximDebug: 1 in /etc/exim4/sa-exim.conf, and then paste the output of a message in /var/log/exim4/mainlog, e.g.: 2010-10-18 16:26:48 1P7rbr-0007e3-NS SA: Debug: SAEximRunCond expand returned: 'true' 2010-10-18 16:26:48 1P7rbr-0007e3-NS SA: Debug: check succeeded, running spamc 2010-10-18 16:26:51 1P7rbr-0007e3-NS SA: Action: permanently rejected message: score=15.7 required=5.0 trigger=12.0 (scanned in 3/3 secs | Message-Id: 1P7rbr-0007e3-NS). From e...@cambridge-union.orge...@cambridge-union.org(host=NULL [117.5.37.103]) for e...@cambridge-union.org Then we should be able to see what is actually happening. Also, could you check the output of grep sa-exim /var/lib/exim4/config.autogenerated - if you use Exim in unsplit configuration, sa-exim doesn't get used by default. exim4-daemon-heavy has an alternative way of using SpamAssassin (exiscan_acl), which is powerful, but not so convenient. How do I add a message rule that subject starts with *SPAM* ? Do I add to my local.cf? I'm sure I did this already. I mean you should do this in either your mail client, or e.g. a Cyrus sieve. This is about using the data that SpamAssassin/Exim have added to the message to classify it in your inbox, rather than a mail routing decision. (e.g. in Thunderbird you would go Tools - Message Filters - New) Dominic -- There is therefore now no condemnation to them which are in Christ Jesus, who walk not after the flesh, but after the Spirit. Romans 8
Re: Spam tagging not happening
Surely I'm missing something here and when I do a grep sa-exim /var/lib/exim4/config.autogenerated, the output is null. Does this mean I don't have sa-exim configured properly? It means that it isn't being used by exim. We're veering away from SA-Users topics, but: if you dpkg-reconfigure exim4-config and select Yes to the question Split configuration into small files, then you should find that SA-Exim is used; it [sa-exim] installs a config file at /etc/exim4/conf.d/main/15_sa-exim_plugin_path - the /etc/exim4/conf.d directory is what gets compiled [by the exim4 init script] into /var/lib/exim4/config.autogenerated if you select the small files config method. Otherwise it uses the monolithic config template at /etc/exim4/exim4.conf.template - which doesn't get the SA-Exim stuff added automatically. I really appreciate the help guys:-) Jerry Dominic
Re: Spam tagging not happening
Hi Dominic and Users, I was not using the split configuration of exim4, I'm using the monolithic config at /etc/exim4/exim4.conf.template. So I added this line to my /etc/exim4/exim4.conf.template config file right at the top local_scan_path = /usr/lib/exim4/local_scan/sa-exim.so restarted exim4 and I'm seeing SA entries in my /var/log/exim4/main.log. I then did a grep sa-exim /var/lib/exim4/config.autogenerated and the results obviously was local_scan_path = /usr/lib/exim4/local_scan/sa-exim.so. I really appreciate the help here guys, and I'm very happy that I'm one step forward now. Thanks Jerry On Tue, Oct 19, 2010 at 4:10 PM, Dominic Benson domi...@lenny.cus.orgwrote: Surely I'm missing something here and when I do a grep sa-exim /var/lib/exim4/config.autogenerated, the output is null. Does this mean I don't have sa-exim configured properly? It means that it isn't being used by exim. We're veering away from SA-Users topics, but: if you dpkg-reconfigure exim4-config and select Yes to the question Split configuration into small files, then you should find that SA-Exim is used; it [sa-exim] installs a config file at /etc/exim4/conf.d/main/15_sa-exim_plugin_path - the /etc/exim4/conf.d directory is what gets compiled [by the exim4 init script] into /var/lib/exim4/config.autogenerated if you select the small files config method. Otherwise it uses the monolithic config template at /etc/exim4/exim4.conf.template - which doesn't get the SA-Exim stuff added automatically. I really appreciate the help guys:-) Jerry Dominic -- There is therefore now no condemnation to them which are in Christ Jesus, who walk not after the flesh, but after the Spirit. Romans 8
Spam tagging not happening
Hi all, I need help with my spamassasin configuration. Setup is as follows: Ubuntu (OS), Exim4 (MTA), Spamassasin (Spam Filter). When I look at my logs I can see messages been identified as spam, but it does not get tagged on the email client side. I did look at some forums and I also made the necessary changes to my local.cf file, but have no luck. Can Anybody assist me? Thanks in advance Jerry
Re: Spam tagging not happening
On Mon, 18 Oct 2010, Jeremy Van Rooyen wrote: Hi all, I need help with my spamassasin configuration. Setup is as follows: Ubuntu (OS), Exim4 (MTA), Spamassasin (Spam Filter). When I look at my logs I can see messages been identified as spam, but it does not get tagged on the email client side. I did look at some forums and I also made the necessary changes to my local.cf file, but have no luck. Can Anybody assist me? One more piece is needed: how is SA glued onto Exim? Procmail scripts? A milter (or Exim's equivalent native API)? Are _no_ SA-related X-Spam-* headers present in processed messages? -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Sheep have only two speeds: graze and stampede. -- LTC Grossman --- 60 days until TRON Legacy
Re: Spam tagging not happening
Thanks for your reply John, I'm really new to Exim and Spamassassin, there is no procmail scripts and I don't know how to glue SA onto Exim? Can you help me with that? When I look at the rejected emails in the rejected logs for Exim it looks like this: F From: pharmacyl1fe.lo...@yahoo.com Received-SPF: none X-SPF-Guess: neutral X-Spam-Score: 23.9 (+++) X-Spam-Report: Spam detection software So as far a I know, the tagging happens here, but I don't see anything in the email though. On Mon, Oct 18, 2010 at 3:46 PM, John Hardin jhar...@impsec.org wrote: On Mon, 18 Oct 2010, Jeremy Van Rooyen wrote: Hi all, I need help with my spamassasin configuration. Setup is as follows: Ubuntu (OS), Exim4 (MTA), Spamassasin (Spam Filter). When I look at my logs I can see messages been identified as spam, but it does not get tagged on the email client side. I did look at some forums and I also made the necessary changes to my local.cf file, but have no luck. Can Anybody assist me? One more piece is needed: how is SA glued onto Exim? Procmail scripts? A milter (or Exim's equivalent native API)? Are _no_ SA-related X-Spam-* headers present in processed messages? -- John Hardin KA7OHZ http://www.impsec.org/~jhardin/http://www.impsec.org/%7Ejhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Sheep have only two speeds: graze and stampede. -- LTC Grossman --- 60 days until TRON Legacy -- There is therefore now no condemnation to them which are in Christ Jesus, who walk not after the flesh, but after the Spirit. Romans 8
Re: Spam tagging not happening
On 18/10/10 15:22, Jeremy Van Rooyen wrote: When I look at the rejected emails in the rejected logs for Exim it looks like this: F From: pharmacyl1fe.lo...@yahoo.com mailto:pharmacyl1fe.lo...@yahoo.com Received-SPF: none X-SPF-Guess: neutral X-Spam-Score: 23.9 (+++) X-Spam-Report: Spam detection software So as far a I know, the tagging happens here, but I don't see anything in the email though. Spamassassin is obviously being used then. I would expect that it is being accessed through sa-exim; what you probably want to do is edit /etc/exim4/sa-exim.conf and set SApermreject to a sensible value (fairly high, as this will bounce messages so that they never get to your inbox). 20 would probably be a reasonably good start; you can (cautiously) reduce it from there if you find that you are getting no ham above some value. (You'll need to restart Exim after this) There is a separate question implicit in your post: that you want to filter SA-flagged messages into a junk folder in your MUA. There are a few options for this. The easiest (not necessarily best!) is to enable rewrite_header in /etc/spamassassin/local.cf and then add a message rule that subject starts with *SPAM* gets moved to a folder. It isn't a great plan if you are resending to a mailing list (breaks DKIM etc.), so the alternative is to inspect the X-Spam-Status header directly. How to / if you can do that is strongly MUA dependent. Dominic
Re: Spam tagging not happening
On Mon, 18 Oct 2010, Jeremy Van Rooyen wrote: Thanks for your reply John, I'm really new to Exim and Spamassassin, there is no procmail scripts and I don't know how to glue SA onto Exim? Can you help me with that? I'm not an Exim guru, sorry. When I look at the rejected emails in the rejected logs for Exim it looks like this: F From: pharmacyl1fe.lo...@yahoo.com Received-SPF: none X-SPF-Guess: neutral X-Spam-Score: 23.9 (+++) X-Spam-Report: Spam detection software So as far a I know, the tagging happens here, but I don't see anything in the email though. Did this email make it to the user's mailbox? If so, was the subject line altered, and are the X-Spam-* headers present? Note that you may have to explicitly ask the mail client to display all headers to see them. I doubt any mail client will display them by default - mail clients tend to hide useful information like this to avoid scaring nontechnical users. If the message made it to the user's mailbox and the subject line was not altered, then look at the report_safe SA configuration option. Depending on how SA is glued onto your Exim, this may or may not help - Exim may be ignoring any changes SA makes to the message headers. If the message made it to the user's mailbox, and the X-Spam-* headers are present, then the user's mail client needs to be told to look at them in order to flag the message as spam. How to do this is client-specific and is a matter for that client's support channels. There is probably a way to tell Exim to deliver rejected messages to a per-user spam inbox folder rather than to their regular inbox. That's a question for the Exim list. On Mon, Oct 18, 2010 at 3:46 PM, John Hardin jhar...@impsec.org wrote: On Mon, 18 Oct 2010, Jeremy Van Rooyen wrote: Hi all, I need help with my spamassasin configuration. Setup is as follows: Ubuntu (OS), Exim4 (MTA), Spamassasin (Spam Filter). When I look at my logs I can see messages been identified as spam, but it does not get tagged on the email client side. I did look at some forums and I also made the necessary changes to my local.cf file, but have no luck. Can Anybody assist me? One more piece is needed: how is SA glued onto Exim? Procmail scripts? A milter (or Exim's equivalent native API)? Are _no_ SA-related X-Spam-* headers present in processed messages? -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Windows Genuine Advantage (WGA) means that now you use your computer at the sufferance of Microsoft Corporation. They can kill it remotely without your consent at any time for any reason; it also shuts down in sympathy when the servers at Microsoft crash. --- 60 days until TRON Legacy
Re: Spam tagging not happening
Thanks for the quick reply Dominic, I just checked and the SApermreject is set sensible for now. The latter part of your email refers to SA-Flagged messages, how do I make sure this is working, as I have enabled rewrite_header in /etc/spamassassin/local.cf. http://local.cf/ How do I add a message rule that subject starts with *SPAM* ? Do I add to my local.cf? I'm sure I did this already. On Mon, Oct 18, 2010 at 4:40 PM, Dominic Benson domi...@lenny.cus.orgwrote: On 18/10/10 15:22, Jeremy Van Rooyen wrote: When I look at the rejected emails in the rejected logs for Exim it looks like this: F From: pharmacyl1fe.lo...@yahoo.com Received-SPF: none X-SPF-Guess: neutral X-Spam-Score: 23.9 (+++) X-Spam-Report: Spam detection software So as far a I know, the tagging happens here, but I don't see anything in the email though. Spamassassin is obviously being used then. I would expect that it is being accessed through sa-exim; what you probably want to do is edit /etc/exim4/sa-exim.conf and set SApermreject to a sensible value (fairly high, as this will bounce messages so that they never get to your inbox). 20 would probably be a reasonably good start; you can (cautiously) reduce it from there if you find that you are getting no ham above some value. (You'll need to restart Exim after this) There is a separate question implicit in your post: that you want to filter SA-flagged messages into a junk folder in your MUA. There are a few options for this. The easiest (not necessarily best!) is to enable rewrite_header in /etc/spamassassin/local.cf and then add a message rule that subject starts with *SPAM* gets moved to a folder. It isn't a great plan if you are resending to a mailing list (breaks DKIM etc.), so the alternative is to inspect the X-Spam-Status header directly. How to / if you can do that is strongly MUA dependent. Dominic -- There is therefore now no condemnation to them which are in Christ Jesus, who walk not after the flesh, but after the Spirit. Romans 8
Re: Spam tagging not happening
On 18/10/10 16:11, Jeremy Van Rooyen wrote: Thanks for the quick reply Dominic, I just checked and the SApermreject is set sensible for now. The latter part of your email refers to SA-Flagged messages, how do I make sure this is working, as I have enabled rewrite_header in /etc/spamassassin/local.cf. http://local.cf/ If rewite_header is enabled, and you don't see the *SPAM* (or alternative you specified) in the subject line, then it didn't get processed. Could you set SAEximDebug: 1 in /etc/exim4/sa-exim.conf, and then paste the output of a message in /var/log/exim4/mainlog, e.g.: 2010-10-18 16:26:48 1P7rbr-0007e3-NS SA: Debug: SAEximRunCond expand returned: 'true' 2010-10-18 16:26:48 1P7rbr-0007e3-NS SA: Debug: check succeeded, running spamc 2010-10-18 16:26:51 1P7rbr-0007e3-NS SA: Action: permanently rejected message: score=15.7 required=5.0 trigger=12.0 (scanned in 3/3 secs | Message-Id: 1P7rbr-0007e3-NS). From e...@cambridge-union.org (host=NULL [117.5.37.103]) for e...@cambridge-union.org Then we should be able to see what is actually happening. Also, could you check the output of grep sa-exim /var/lib/exim4/config.autogenerated - if you use Exim in unsplit configuration, sa-exim doesn't get used by default. exim4-daemon-heavy has an alternative way of using SpamAssassin (exiscan_acl), which is powerful, but not so convenient. How do I add a message rule that subject starts with *SPAM* ? Do I add to my local.cf http://local.cf? I'm sure I did this already. I mean you should do this in either your mail client, or e.g. a Cyrus sieve. This is about using the data that SpamAssassin/Exim have added to the message to classify it in your inbox, rather than a mail routing decision. (e.g. in Thunderbird you would go Tools - Message Filters - New) Dominic
