Exim: difference between received with spam-scanned and received with esmtps

fmortara

Verified User
Joined
Jul 4, 2006
Messages
87
Hi to all!

As in subject, I don't know what is the difference between the two mode that exim use for receiving the email.

In the second case, Spamassassin do NOT scan message for spam.

How can I setup exim for scan all incoming email?

This is a line of log. This email was not scanned for spam.

2018-11-11 11:22:01 1gLmsT-0006Bn-BD <= [email protected] H=66-220-155-156.mail-mail.facebook.com (mx-out.facebook.com) [66.220.155.156] P=esmtps X=UNKNOWN:AES128-SHA:128 S=14857 id=91dd999a745710f02e068c5d6457e3aa@c2eca9eea82fcb8a76fe1f543047de03dca48bdb9d61d2a196fb14e344d2a155 T="xxxxxx xxxxxx ti ha menzionato su Facebook" from <[email protected]> for [email protected]
 
Last edited:
Hello,

Provide all details from the logs:

Code:
exigrep [COLOR=#333333]1gLmsT-0006Bn-BD /var/log/exim/mainlog*
[/COLOR]
 
Here the log details.

This is a legitimate email from Facebook
Code:
2018-11-11 11:22:01 1gLmsT-0006Bn-BD DKIM: d=facebookmail.com s=s1024-2013-q3 c=relaxed/simple a=rsa-sha256 t=1541931718 [verification succeeded]
2018-11-11 11:22:01 1gLmsT-0006Bn-BD <= [email][email protected][/email] H=66-220-155-156.mail-mail.facebook.com (mx-out.facebook.com) [66.220.155.156] P=esmtps X=UNKNOWN:AES128-SHA:128 S=14857 id=91dd999a745710f02e068c5d6457e3aa@c2eca9eea82fcb8a76fe1f543047de03dca48bdb9d61d2a196fb14e344d2a155 T="xxx xxx ti ha menzionato su Facebook" from <[email protected]> for myemail@mydomain
2018-11-11 11:22:02 1gLmsT-0006Bn-BD => facebook <myemail@mydomain> F=<[email protected]> R=spamcheck_director T=spamcheck S=15279
2018-11-11 11:22:02 1gLmsT-0006Bn-BD Completed

This is a spam message
Code:
2018-11-16 17:18:11 1gNgot-0006oq-Qq <= [email protected] H=mx.x.commerciante-automatico.tk [51.75.89.157] P=esmtps X=UNKNOWN:AES256-GCM-SHA384:256 S=545648 [email protected] T="<U+1F680> La beta è iniziata! Invito per te Info." from <[email protected]> for [email protected]
2018-11-16 17:18:12 1gNgot-0006oq-Qq => info <[email protected]> F=<[email protected]> R=virtual_user T=virtual_localdelivery S=545780
2018-11-16 17:18:12 1gNgot-0006oq-Qq Completed
 
Last edited:
Is a recipient domain the same in the both cases?

Is SpamAssassin enabled for the domains if they differ?

Do you have domains whitelisted? IPs whitelisted in SpamAssassin and in whitelists under /etc/virtual/ ?
 
Is a recipient domain the same in the both cases?

Is SpamAssassin enabled for the domains if they differ?

Do you have domains whitelisted? IPs whitelisted in SpamAssassin and in whitelists under /etc/virtual/ ?

No.

Domains are different with same SA setup, and I have not domains whitelisted.
 
According to /etc/exim.spamassassin.conf (version 1.2)

Code:
#  cat /etc/exim.spamassassin.conf
#1.2
# Spam Assassin
spamcheck_director:
  driver = accept
  condition = ${if !eq{$acl_m_spam_assassin_has_run}{1}}
  condition = "${if and { \
                        {!eq {$received_protocol}{spam-scanned}} \
                        {!eq {$received_protocol}{local}} \
                        {exists{/home/${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}/.spamassassin/user_prefs}} \
                        {<{$message_size}{500k}} \
                } {1}{0}}"
  retry_use_local_part
  headers_remove = X-Spam-Flag:X-Spam-Report:X-Spam-Status:X-Spam-Level:X-Spam-Checker-Version
  transport = spamcheck
  no_verify

to get an email checked with SA you r email should satisfy the following requirements:

- not spam-scanned locally with any earlier attempts or ACLs
- incoming from outside
- domain should exist in /etc/virtual/domainowners
- a file /home/USERNAME/.spamassassin/user_prefs should exist.
- filesize of an email should be lower than 500K
 
Back
Top