>> Perhaps something like: >> >> - a higher priority MX is up >> - the mail was delivered from a secondary MX with little or no delay
Kenneth Porter <[EMAIL PROTECTED]> writes: > My concern was primarily for the secondary, where you don't know the delay > until you forward. Are you saying that the first rule runs on the > secondaries, and the second rule runs on all but the lowest-priorty MX? No, it's a logical "and" rule. Both need to match for it to be spamsign. If the filter is actually run *on* the secondary, it still works since the delay will be just about zero. However, a lot of places just run the spam filter on the primary and have secondaries forward it to, or on an internal host to which all MXes deliver their mail. You can't assume every MX is running SpamAssassin independently. > I've got a secondary which receives very little traffic for itself, and > virtually all of the remaining traffic is spam destined for a primary > elsewhere. It's running SA from MIMEDefang, configured to reject anything > scoring 10 or more. Giving it a rule like the one proposed here would allow > it to reject more instead of queuing it to the primary. The rule should work regardless of where it's run. It also should ideally work for forwarded email (assuming trusted_networks is set up, I don't expect it to check every relay hop, just the untrusted->trusted one. Daniel -- Daniel Quinlan http://www.pathname.com/~quinlan/