December 14, 2009 – 2:09 pm
I was having trouble with Exim not adding headers to SpamAssassin-checked emails. One day, when I should have really been doing something else, I read Chapter 40 of Exim’s specification, and all became clear.
Here’s what my appropriate ACL (in /etc/mail/exim.conf) looks now, almost completely by-the-book:
acl_check_data:
# ...
# malware section
# ...
# Add headers to a message if it is judged to be spam. Before enabling this,
# you must install SpamAssassin. You may also need to set the spamd_address
# option above.
# spams are never big and spamassassin can die on big emails, so we
# limit its use under 100kb
accept condition = ${if >={$message_size}{100k}{yes}{no}}
# put headers in all messages (no matter if spam or not)
warn spam = spamd:true
add_header = X-Spam-Score: $spam_score ($spam_bar)
add_header = X-Spam-Report: $spam_report
# add second subject line with *SPAM* marker when message
# is over threshold
warn spam = spamd
add_header = Subject: *SPAM* $h_Subject:
# reject spam at high scores (> 20)
deny message = This message scored $spam_score spam points.
spam = spamd:true
condition = ${if >{$spam_score_int}{200}{1}{0}}
# Accept the message.
accept
September 17, 2009 – 6:34 am
Here’s what exim caught:
> 2009-09-15 23:59:31 SMTP protocol synchronization error (input sent without waiting for greeting):
+rejected connection from H=[220.139.127.112] input="GET http://www.scanproxy.com:80/p-25.html
+HTTP/1.0\r\nContent-Type: text/html\r\nProxy-Connection: keep-alive\r\nHost: www.scanproxy.com\r\nAccept:
+image/gif,"
> 2009-09-15 23:59:32 SMTP protocol synchronization error (input sent without waiting for greeting):
+rejected connection from H=[220.139.127.112] input="0401"
> 2009-09-15 23:59:33 SMTP protocol synchronization error (input sent without waiting for greeting):
+rejected connection from H=[220.139.127.112] input="0501"
220.139.127.112 is Chunghwa Telecom Co., Ltd. in Taiwan.
August 22, 2009 – 12:35 pm
I had this happen – SA wasn’t reading user_prefs out of a proper home dir:
[12071] info: spamd: creating default_prefs: //.spamassassin/user_prefs
[12071] dbg: config: using "/.spamassassin" for user state dir
[12071] dbg: config: mkdir /.spamassassin failed: mkdir /.spamassassin: Permission denied at /usr/share/perl5/vendor_perl/Mail/SpamAssassin.pm line 1577
[12071] dbg: config: Permission denied
[12071] warn: config: cannot write to //.spamassassin/user_prefs: No such file or directory
[12071] info: spamd: failed to create readable default_prefs: //.spamassassin/user_prefs
[12071] dbg: config: read_scoreonly_config: cannot open "//.spamassassin/user_prefs": No such file or directory
I thought this was due to the way spamassassin was invoked, so I tried specifying the user and homedir explicitly. It didn’t work. I tried creating a ‘spamd’ user, a homedir, changing the invocation to that:
sudo spamd -c --max-children 3 --username spamd -H "/var/lib/spamassassin/" -s stderr -D
Didn’t help.
Then I RTFMed some. That reminded me of writing something about user ‘nobody’ in exim.conf. That’s the user for which spam filtering is invoked; so if you allow per-user configuration, it doesn’t really matter that you specify “/var/lib/spamassassin” as a homedir, that’s just for the parent spamd process. For every child, the directory will be changed; for ‘nobody’ it’s ‘/’.
So I changed that line to have ‘spamd’ instead, and voila!
[12071] info: spamd: creating default_prefs: /var/lib/spamassassin/.spamassassin/user_prefs
[12071] dbg: config: using "/var/lib/spamassassin/.spamassassin" for user state dir
[12071] warn: config: created user preferences file: /var/lib/spamassassin/.spamassassin/user_prefs
[12071] dbg: conf: finish parsing
August 15, 2009 – 12:12 pm
There’s a lot of outdated stuff floating on the internets. This one was most useful to me.
Basically, if you install Exim and SA from pacman, you’ve already got everything enabled. Filtering spam is done via an Access Control List (the last one in exim.conf). Don’t bother with transports unless you’re sure you want them.
Add spamd to daemons in rc.conf. If you want reject logging, append
-s /var/log/spamd.log -D check
to the string in /etc/config.d/spamd.