| Welcome to the Zimbra :: Forums! | |
Welcome, if you would like to post a comment please register.
We also encourage you to explore all things Zimbra with our team and members of the community.
|
 | 
01-07-2009, 05:59 PM
| | |  Custom SpamAssassin Rules
Hi,
I have exim running in a DMZ relaying for zimbra. I run SA on the DMZ box so that exim can 550 messages that score particularly high. I've modified the exim conf so that messages that are flagged as spam but accepted get a X-Spam-Flag-Ext header.
On the zimbra box I've added: Code: bayes_ignore_header X-Spam-Flag-Ext
header EXT_SA X-Spam-Flag-Ext =~ /yes/
describe EXT_SA DMZ SA claimed it is spam
score EXT_SA 3.0 to /opt/zimbra/conf/salocal.cf.in, restarted zimbra and verified that the lines appear in /opt/zimbra/conf/salocal.cf.
However, the rule is never applied. Example headers post-amavisd on zimbra: Code: Return-Path: foo@bar.com
Received: from zimbra.foo.org (LHLO zimbra.foo.org) (192.168.5.200) by
zimbra.foo.org with LMTP; Thu, 8 Jan 2009 01:27:31 +0000 (GMT)
Received: from localhost (localhost.localdomain [127.0.0.1])
by zimbra.foo.org (Postfix) with ESMTP id 1BDD8534002
for <a@foo.org>; Thu, 8 Jan 2009 01:27:31 +0000 (GMT)
X-Virus-Scanned: amavisd-new at foo.org
X-Spam-Flag: YES
X-Spam-Score: 5.885
X-Spam-Level: *****
X-Spam-Status: Yes, score=5.885 tagged_above=-10 required=5 tests=[AWL=-0.214,
BAYES_50=0.001, DRUGS_ERECTILE=0.282, DRUG_ED_CAPS=0.322,
HTML_MESSAGE=0.001, IMPOTENCE=1.886, LOW_PRICE=0.001,
SUBJ_ALL_CAPS=2.077, SUBJ_BUY=0.001, UPPERCASE_75_100=1.528]
Received: from zimbra.foo.org ([127.0.0.1])
by localhost (zimbra.foo.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id wdqtjEafFGSm; Thu, 8 Jan 2009 01:27:30 +0000 (GMT)
Received: from mail.foo.org (mail.foo.org [192.168.0.3])
by zimbra.foo.org (Postfix) with ESMTP id AE591534001
for <a@foo.org>; Thu, 8 Jan 2009 01:27:30 +0000 (GMT)
Received: from bay0-omc1-s4.bay0.hotmail.com ([65.54.246.76])
by mail.foo.org with esmtp (Exim 4.69)
(envelope-from <foo.bar.com>)
id 1LKjfh-0002HN-VL
for a@foo.org; Thu, 08 Jan 2009 01:27:08 +0000
Received: from BAY102-W33 ([64.4.61.133]) by bay0-omc1-s4.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
Wed, 7 Jan 2009 17:26:07 -0800
Message-ID: <BAY102-W33CEFD4EABAA3334DACC5A86DC0@phx.gbl>
Content-Type: multipart/alternative;
boundary="_7f86a7e1-4c4b-4f58-8f27-99b18f503e2f_"
X-Originating-IP: [2.3.4.5]
From: foo <foo@bar.com>
To: <a@foo.org>
Subject: SPAM:This message is spam
Date: Thu, 8 Jan 2009 01:26:07 +0000
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 08 Jan 2009 01:26:07.0801 (UTC) FILETIME=[14CB5A90:01C97130]
X-Spam-Flag-Ext: yes Any clues as to why the custom rules aren't applied or how I might debug this?
Last edited by foobum; 01-07-2009 at 06:31 PM..
|
01-08-2009, 12:07 AM
| | |
Welcome to the forums 
I think you need to match whether it is uppercase or lowercase eg.
header EXT_SA X-Spam-Flag-Ext =~ /yes/i
__________________  |
01-08-2009, 02:43 AM
| | |
Thanks.
The added X-Spam-Flag-Ext value is in lowercase - see the last line of the example headers. The regex should definitely match as-is but I'll try adding the modifier later just in case. |
01-20-2009, 12:58 PM
| | Zimbra Employee | |
Posts: 604
| |
As far as I know Spamassassin strips all X-Spam* headers prior to processing the message so you can not write customer rules based on other X-Spam* headers. You can change X-Spam-Flag-Ext to something like X-Ext-Spam-Flag and it will likely work. |
01-20-2009, 02:57 PM
| | |
Brian,
Thanks for the assistance. The headers shown above are from "Show Original" in the zimbra inbox, i.e. after zimbra's SA has processed them. The X-Spam-Flag-Ext headers inserted by the DMZ MTA remain intact (see the last line).
Just in case SA ignores rather than strips, I tried X-Ext-Spam-Flag but got the same result  .
Regards,
foobum |
10-26-2009, 02:15 PM
| | | same problem in 5.0.19
I have the same problem. The following worked on 5.0.10, but since upgrading to 5.0.19 recently, I noticed it no longer has any affect. salocal.cf.in modification Code: header CAMPUS_FLAGGED_AS_SPAM X-UCD-Spam-Score =~ /^.*\(\*\*\*\*\*/
describe CAMPUS_FLAGGED_AS_SPAM Campus claims it is spam over 5
score CAMPUS_FLAGGED_AS_SPAM 5.0 Result in 5.0.10 Code: X-Spam-Score: 13.034
X-Spam-Level: *************
X-Spam-Status: Yes, score=13.034 tagged_above=-10 required=6.6
tests=[BAYES_99=3.5, CAMPUS_FLAGGED_AS_SPAM=5,
RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_SORBS_WEB=0.619,
URIBL_BLACK=1.955]
...
X-UCD-Spam-Score: 14.1 (**************) MISSING_DATE,RCVD_IN_UCDXBL,RCVD_IN_PBL,URIBL_UCD_BLACK,BAYES_50,DCC_CHECK,RDNS_NONE
X-UCD-MS-Spam-Score: ************** Result in 5.0.19 Code: X-Spam-Score: 6.02
X-Spam-Level: ******
X-Spam-Status: No, score=6.02 tagged_above=-10 required=6.6
tests=[BAYES_99=3.5, HTML_MESSAGE=0.001, INVALID_MSGID=1.9,
RCVD_IN_SORBS_WEB=0.619]
...
X-UCD-Spam-Score: 9.0 (*********) RCVD_IN_UCDXBL,HTML_MESSAGE,BAYES_95,RDNS_NONE,INVALID_MSGID
X-UCD-MS-Spam-Score: *********  | | Thread Tools | Search this Thread | | | | | Display Modes |  Linear Mode | | Why Join? Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.   |
Bugzilla
Wiki
Source
