When you use MS Exchange as your Mailserver there is the problem that Exchange removes some of the mail headers when re-sending an email (as attachment or as an reply) or if a user puts the message into a public folder that is pulled via IMAP for retraining (retrain-as-spam or retrain-as-innocent e.g.).
I use dspam with virtual-UIDs and I configured my exim sitting in front of Exchange to circumvent this header-remove problem. Exim adds the dspam signature to the Received: header and when this message is presented for retraining the dspam signature is extracted from this Received: header and the original X-DSPAM-Signature is reconstructed (btw in exim header variable names are caseless, so $header_x-dspam-signature: is the same as $header_X-DSPAM-Signature:): Store signature in Received: header: ==================================== received_header_text = Received: \ ${if def:sender_rcvhost {from $sender_rcvhost\n\t}\ {${if def:sender_ident \ {from ${quote_local_part:$sender_ident} }}\ ${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}\ by $primary_hostname \ ${if def:received_protocol {with $received_protocol}} \ ${if def:tls_cipher {($tls_cipher)\n\t}}\ (MTA)\n\t\ id $message_exim_id\ ${if def:header_x-dpam-signature: { (dssig $header_x-dspam-signature:)}}\ ${if def:received_for {\n\tfor $received_for}} Result looks like this ====================== Received: from dspam by nospam.sdm.de with dspam-scanned (MTA) id 1IKYNF-00019x-DH (dssig 42345,46c0448944501530714789) for [EMAIL PROTECTED]; Mon, 13 Aug 2007 13:46:17 +0200 Retreive signature and reconstruct when delivering locally: =========================================================== # alias Router system_aliases: driver = redirect domains = +local_domains allow_fail allow_defer data = ${lookup{$local_part}dbm{/var/db/aliases.db}} # user = exim file_transport = address_file pipe_transport = address_pipe # get the dspam signature that is saved in the Received: header lines and place # it as a normal header so that dspam can read and interpret it correctly0 headers_add = ${if and{\ {match {$header_Received:}{dssig ([^)]*)}}\ {!def:header_x-dspam-signature:}\ }\ {X-DSPAM-Signature: $1}{}\ } # localuser Router localuser: driver = accept domains = +local_domains check_local_user transport = local_delivery # get the dspam signature that is saved in the Received: header lines and place # it as a normal header so that dspam can read and interpret it correctly headers_add = ${if and{\ {match {$header_Received:}{dssig ([^)]*)}}\ {!def:header_x-dspam-signature:}\ }\ {X-DSPAM-Signature: $1}{}\ } Additional information: ======================= I use fetchmail (very nice) to fetch messages out of a public folder from Exchange for retraining. My .fetchmailrc looks like this: set no bouncemail set syslog set invisible set no spambounce set properties "" poll mda.foo.com proto imap user '<your-user>' password '<your-user-password>' batchlimit 100 folder "Public Folders/Antispam/Retrain-As-Spam" fetchall no rewrite mda "/bin/exim -i -oem -f [EMAIL PROTECTED] [EMAIL PROTECTED]" poll mda.foo.com proto imap user '<your-user>' password '<your-user-password>' batchlimit 100 folder "Public Folders/Antispam/Retrain-As-Innocent" fetchall no rewrite mda "/bin/exim -i -oem -f [EMAIL PROTECTED] [EMAIL PROTECTED]" ################# A simple crontab entry will retrain you token base. My alias file looks like this: # aliases spam-retrain: "|/bin/dspam --user [EMAIL PROTECTED] --class=spam --source=error" ham-retrain: "|/bin/dspam --user [EMAIL PROTECTED] --class=innocent --source=error" Dspam will retreive the correct signature from the message to retrain the token base. It is better to use "mda" than "smtpname [EMAIL PROTECTED]" because "mda" rewrites the sender address to a local one ([EMAIL PROTECTED]) so the original sender of the message will not get a DSN in case of a delivery error what would be awkward. Best regards Joerg Pichel sd&m - 25 years expertice in software engineering -- Joerg Pichel [EMAIL PROTECTED] sd&m AG http://www.sdm.de/ software design & management Carl-Wery-Str. 42, 81739 Muenchen, Germany Tel +49 89 63812-112, Fax -555 Management board: Edmund Küpper (chairman), Burkhard Kehrbusch, Rüdiger Azone, Dr. Uwe Dumslaff, Kai Grambow, Dr. Michael Rading Chairman of the board of directors: Pierre Hessler Location and county court: München HRB 126057