Auto-Reply a Spam Mail, and cause our IP blacklisted.

[ccto]

Hello everyone,

We recently encounter a small problem -

One mailbox user created an auto-reply (or vacation the same).

Then, a spammer send a spam mail (with fake sender address of course),
SpamAssassin classified it as spam.
But the exim make an auto-reply to the fake sender, and fall into spam-trap,
so it cause our Exim SMTP IP address RBL-listed.

Q: Do you think we may include any condition (i.e. tag as spam) not auto-reply?

Thank you very much for your kind attention.

Regards
George

 

[zEitEr]

Hello,

You should enable this:

http://help.directadmin.com/item.php?id=145

to prevent exim from including the original email in a bounce message.

And check this:

http://help.directadmin.com/item.php?id=471

 

[nobaloney]

zEitEr:

Thinking about the logic involved, I'm not sure anything in either of these links will help much (with the exception of course of SpamBlocker blocklists (which probably won't help much). My guess is that the Vaction and AutoRespondes are processing the email before it's checked by SpamAssassin.

I'm not even sure if anything forwarded or auto-responded to is checked by SpamAssassin first.

I don't have time to check right now but if someone well check we can look at the order of checks in exim.conf before my next rewrite, scheduled for this summer.

Jeff

 

[PBilodeau]

Hello,

My exim.conf clearly specify the spamcheck_director BEFORE the majordomo, uservacation and userautoreply sections, but it still sends a reply to any email received, be it spam or not.

Here is a copy of the related sections in my exim.conf file. If someone could tell me what's wrong, it would be mucho appreciated!

Thanks!

######################################################################
#                      DIRECTORS CONFIGURATION                       #
#             Specifies how local addresses are handled              #
######################################################################
#                          ORDER DOES MATTER                         #
#   A local address is passed to each in turn until it is accepted.  #
######################################################################

# Local addresses are those with a domain that matches some item in the
# "local_domains" setting above, or those which are passed back from the
# routers because of a "self=local" setting (not used in this configuration).

# Spam Assassin
spamcheck_director:
  driver = accept
  condition = "${if and { \
      {!def:h_X-Spam-Flag:} \
      {!eq {$received_protocol}{spam-scanned}} \
      {!eq {$received_protocol}{local}} \
      {exists{/home/${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}/.spamassassin/user_prefs}} \
      {exists{/etc/virtual/${domain}/passwd}} \
      { \
      or \
        { \
          {!eq {}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/passwd}}}} \
          {eq {$local_part} {${lookup{$domain}lsearch{/etc/virtual/domainowners}}}} \
        } \
      } \
      {<{$message_size}{500k}} \
    } {1}{0}}"
  retry_use_local_part
  transport = spamcheck
  no_verify

# Added, but then removed to avoid creation of Maildir under forwarder name
#        {!eq {}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}}}} \

majordomo_aliases:
  driver = redirect
  allow_defer
  allow_fail
  data = ${if exists{/etc/virtual/${domain}/majordomo/list.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/list.aliases}}}}
  domains = lsearch;/etc/virtual/domainowners
  file_transport = address_file
  group = daemon
  pipe_transport = majordomo_pipe
  retry_use_local_part
  no_rewrite
  user = majordomo

majordomo_private:
  driver = redirect
  allow_defer
  allow_fail
  #condition = "${if eq {$received_protocol} {local} {true} {false} }"
  condition = "${if or { {eq {$received_protocol} {local}} \
                         {eq {$received_protocol} {spam-scanned}} } {true} {false} }"
  data = ${if exists{/etc/virtual/${domain}/majordomo/private.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/private.aliases}}}}
  domains = lsearch;/etc/virtual/domainowners
  file_transport = address_file
  group = daemon
  pipe_transport = majordomo_pipe
  retry_use_local_part
  user = majordomo

domain_filter:
  driver = redirect
  allow_filter
  no_check_local_user
  condition = "${if exists{/etc/virtual/${domain}/filter}{yes}{no}}"
  user = "${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}"
  group = "mail"
  file = /etc/virtual/${domain}/filter
  directory_transport = address_file
  pipe_transport = virtual_address_pipe
  retry_use_local_part
  no_verify

uservacation:
   driver = accept
   condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/vacation.conf}{yes}{no}}
   require_files = /etc/virtual/${domain}/reply/${local_part}.msg
   transport = uservacation
   unseen

userautoreply:
   driver = accept
   condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/autoresponder.conf}{yes}{no}}
   require_files = /etc/virtual/${domain}/reply/${local_part}.msg
   transport = userautoreply
   unseen

virtual_aliases_nostar:
  driver = redirect
  allow_defer
  allow_fail
  data = ${if exists{/etc/virtual/${domain}/aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}}}}
  file_transport = address_file
  group = mail
  pipe_transport = virtual_address_pipe
  retry_use_local_part
  unseen
  #include_domain = true

virtual_user:
  driver = accept
  #condition = ${if eq {}{${if exists{/etc/virtual/${domain}/passwd}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/passwd}}}}}{no}{yes}}
  condition = ${perl{save_virtual_user}}
  domains = lsearch;/etc/virtual/domainowners
  group = mail
  retry_use_local_part
  transport = virtual_localdelivery

virtual_aliases:
  driver = redirect
  allow_defer
  allow_fail
  condition = ${if eq {}{${if exists{/etc/virtual/${domain}/aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}}}}}{yes}{no}}
  data = ${if exists{/etc/virtual/$domain/aliases}{${lookup{$local_part}lsearch*{/etc/virtual/$domain/aliases}}}}
  file_transport = address_file
  group = mail
  pipe_transport = virtual_address_pipe
  retry_use_local_part
  #include_domain = true

#if we have an alias, but no passwd entry we have to drop the email because the
#first alias is unseen (so that you can forward as well as save it)
#The save part is "seen" (virtual_user), but the forward before it isn't.  This
#will be the spot where we "see" the email so that it doesn't send a bounce if
#we have an alias but no pop.
drop_solo_alias:
  driver = redirect
  allow_defer
  allow_fail
  data = ${if exists{/etc/virtual/$domain/aliases}{${lookup{$local_part}lsearch{/etc/virtual/$domain/aliases}}}}
  file_transport = devnull
  group = mail
  #pipe_transport = virtual_address_pipe
  pipe_transport = devnull
  retry_use_local_part
  #include_domain = true


# This director handles forwarding using traditional .forward files.
# If you want it also to allow mail filtering when a forward file
# starts with the string "# Exim filter", uncomment the "filter" option.
# The check_ancestor option means that if the forward file generates an
# address that is an ancestor of the current one, the current one gets
# passed on instead. This covers the case where A is aliased to B and B
# has a .forward file pointing to A. The three transports specified at the
# end are those that are used when forwarding generates a direct delivery
# to a file, or to a pipe, or sets up an auto-reply, respectively.

userforward:
  driver = redirect
  allow_filter
  check_ancestor
  check_local_user
  no_expn
  file = $home/.forward
  file_transport = address_file
  pipe_transport = address_pipe
  reply_transport = address_reply
  no_verify

system_aliases:
  driver = redirect
  allow_defer
  allow_fail
  data = ${lookup{$local_part}lsearch{/etc/aliases}}
  file_transport = address_file
  pipe_transport = address_pipe
  retry_use_local_part
  # user = exim

localuser:
  driver = accept
  check_local_user
  condition = "${if eq {$domain} {$primary_hostname} {yes} {no}}"
  transport = local_delivery

# This director matches local user mailboxes.

######################################################################
#                      TRANSPORTS CONFIGURATION                      #
######################################################################
#                       ORDER DOES NOT MATTER                        #
#     Only one appropriate transport is called for each delivery.    #
######################################################################

# A transport is used only when referenced from a director or a router that
# successfully handles an address.


# Spam Assassin
begin transports

spamcheck:
  driver = pipe
  batch_max = 100
  command = /usr/sbin/exim -oMr spam-scanned -bS
  current_directory = "/tmp"
  group = mail
  home_directory = "/tmp"
  log_output
  message_prefix = 
  message_suffix = 
  return_fail_output
  no_return_path_add
  transport_filter = /usr/bin/spamc -u ${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}
  use_bsmtp
  user = mail
  # must use a privileged user to set $received_protocol on the way back in!


#majordomo
majordomo_pipe:
  driver = pipe
  group = daemon
  return_fail_output
  user = majordomo

# This transport is used for local delivery to user mailboxes in traditional
# BSD mailbox format. By default it will be run under the uid and gid of the
# local user, and requires the sticky bit to be set on the /var/mail directory.
# Some systems use the alternative approach of running mail deliveries under a
# particular group instead of using the sticky bit. The commented options below
# show how this can be done.

local_delivery:
  driver = appendfile
  delivery_date_add
  envelope_to_add
  directory = /home/$local_part/Maildir/
  directory_mode = 770
  create_directory = true
  maildir_format
  group = mail
  mode = 0660
  return_path_add
  user = ${local_part}

## for delivering virtual domains to their own mail spool

virtual_localdelivery:
  driver = appendfile
  create_directory
  delivery_date_add
  directory_mode = 770
  envelope_to_add
  directory = /home/${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}/imap/${domain}/${local_part}/Maildir
  maildir_format
  group = mail
  mode = 660
  return_path_add
  user = "${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}"
  quota = ${if exists{/etc/virtual/${domain}/quota}{${lookup{$local_part}lsearch*{/etc/virtual/${domain}/quota}{$value}{0}}}{0}}
  
## vacation transport
uservacation:
  driver = autoreply
  file = /etc/virtual/${domain}/reply/${local_part}.msg
  from = "${local_part}@${domain}"
  log = /etc/virtual/${domain}/reply/${local_part}.log
  no_return_message
  subject = "${if def:h_Subject: {Autoreply: ${quote:${escape:$h_Subject:}}} {I am on vacation}}"
  text = "\
	------                                                           ------\n\
	Ceci est un message automatique. Votre courriel sera livre normalement. \n\
	This is an automated message.    Your email will still be delivered.\n\
	------                                                           ------\n\n"
  to = "${sender_address}"
  user = mail
  #once re-added May 16, 2008:
  once = /etc/virtual/${domain}/reply/${local_part}.once
  once_file_size = 100K
  once_repeat = 2d

userautoreply:
  driver = autoreply
  bcc = ${lookup{${local_part}} lsearch {/etc/virtual/${domain}/autoresponder.conf}{$value}}
  file = /etc/virtual/${domain}/reply/${local_part}.msg
  from = "${local_part}@${domain}"
  log = /etc/virtual/${domain}/reply/${local_part}.log
  no_return_message
  subject = "${if def:h_Subject: {Autoreply: ${quote:${escape:$h_Subject:}}} {Autoreply Message}}"
  to = "${sender_address}"
  user = mail
  #once re-added May 16, 2008:
  once = /etc/virtual/${domain}/reply/${local_part}.once
  once_file_size = 100K
  once_repeat = 2d


devnull:
  driver = appendfile
  file = /dev/null

# This transport is used for delivering messages over SMTP connections.

remote_smtp:
  driver = smtp

# This transport is used for handling pipe deliveries generated by alias
# or .forward files. If the pipe generates any standard output, it is returned
# to the sender of the message as a delivery error. Set return_fail_output
# instead of return_output if you want this to happen only when the pipe fails
# to complete normally. You can set different transports for aliases and
# forwards if you want to - see the references to address_pipe in the directors
# section below.

address_pipe:
  driver = pipe
  return_output

virtual_address_pipe:
  driver = pipe
  group = nobody
  return_output
  user = "${lookup{$domain}lsearch* {/etc/virtual/domainowners}{$value}}"

# This transport is used for handling deliveries directly to files that are
# generated by aliasing or forwarding.

address_file:
  driver = appendfile
  delivery_date_add
  envelope_to_add
  return_path_add

# This transport is used for handling autoreplies generated by the filtering
# option of the forwardfile director.

address_reply:
  driver = autoreply

######################################################################
#                      RETRY CONFIGURATION                           #
######################################################################

# This single retry rule applies to all domains and all errors. It specifies
# retries every 15 minutes for 2 hours, then increasing retry intervals,
# starting at 1 hour and increasing each time by a factor of 1.5, up to 16
# hours, then retries every 8 hours until 4 days have passed since the first
# failed delivery.

# Domain               Error       Retries
# ------               -----       -------


begin retry

*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,8h


# End of Exim 4 configuration

 

[LawsHosting]

Old post I know.......

http://help.directadmin.com/item.php?id=471

Ironically, they give us a warning but DA still lets external forwarders get added.

This is why I want some sort of option to disable external forwarders, but seems no-one wants it. Surely most suffer from the same issues as me and OP? Or is it just us?

 

[ditto]

@Peter Laws, Yes, we suffer from this. Customer add external forwarder, SpamAssassin is setup to delete spam, however spam detected by SpamAssassin is still forwarded to external email address.

I don't want a option to disable forwarders, because we need to offer this to shared hosting clients. However what we need is that DirectAdmin make changes so that email spam detected by SpamAssassin is not forwarded to external forwarders. I wish DirectAdmin could make such change. It is very problematic at the moment. But most competition offer external email forwarders, so we need to do the same, if not we will loose clients.

 

[ditto]

However it seems like the is a difference if the email forwarder created does not have a email account in DirectAdmin, if there is a existing email account in DirectAdmin for that email address, and the user set up a email forwarder, then for sure ALL spam, even high scoring spam wich is set in settings to be deleted, will be forwarded to external email address.

I am a little confused about what happens if it does not exist any email account in DirectAdmin for the email forwarder, it might seem like high scoring spam then is deleted, but I am not 100% sure. So maybe the problem with spam being forwarded only happen if it exist a email account for the email address that is being forwarded. Either way this must be fixed. We can't go on like this much longer.

Edit: I sent DirectAdmin support a email about this with a link to this forum thread. I hope they can be able to fix the problem at the same time they add the new SpamAssassin version 3.4.0 to custombuild: http://forum.directadmin.com/showthread.php?t=48344&p=248246 - we need this fix.

 

[DirectAdmin Support]

This is a related guide.... specifically, the 2nd code box referring to way to get SA to scan your forwarders:
http://help.directadmin.com/item.php?id=156

This may be worth adding to the default SA settings if it works in all cases (but may slow down the server somewhat, but better than getting blacklisted)
I've updated the id=147 guide to mention the id=156 guide, as it should have been there.

John

 

[ditto]

This is a related guide.... specifically, the 2nd code box referring to way to get SA to scan your forwarders:
http://help.directadmin.com/item.php?id=156

This may be worth adding to the default SA settings if it works in all cases (but may slow down the server somewhat, but better than getting blacklisted)
I've updated the id=147 guide to mention the id=156 guide, as it should have been there.

The 2nd code box to scan forwarders at http://help.directadmin.com/item.php?id=156 have problems and does not work. Please help. Here is description of the problem:

I am running custombuild 2.0. Before doing any changes, I sent a test email from external email account to a regular email account at my server, and SpamAssasssin works and have this in the headers (I have changed the hostname and email address):

Received: from mail by server.hostname.com with spam-scanned (Exim 4.82)
 (envelope-from <[email protected]>) id 1WGBSK-0008Nq-Pf for [email protected]; Wed, 19
 Feb 2014 19:01:18 +0100
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on server.hostname.com
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.2

Then I do the change at the the 2nd code at http://help.directadmin.com/item.php?id=156 , I add this line to /etc/exim.spamassassin.conf

{!eq {}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}}}} \

Then my /etc/exim.spamassassin.conf looks like this:

#1.0
# Spam Assassin
spamcheck_director:
  driver = accept
  condition = "${if and { \
			{!def:h_X-Spam-Flag:} \
			{!eq {$received_protocol}{spam-scanned}} \
			{!eq {$received_protocol}{local}} \
			{exists{/home/${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}/.spamassassin/user_prefs}} \
			{!eq {}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}}}} \
			{<{$message_size}{500k}} \
		} {1}{0}}"
  retry_use_local_part
  transport = spamcheck
  no_verify

Then I restart exim and dovecot and send a new test email from external email account to a regular email account at my server, and then I check the headers, and SpamAssassin does not work anymore, there is absolutely no lines about "X-Spam-Checker-Version" and "X-Spam-Status", nothing about it in the header.

So then I remove the line I added to /etc/exim.spamassassin.conf so that file is reverted to the way it was before, and then restart exim and dovecot, and then it works again. I have not yet tested email forwarders with this solution, because I first wanted to test if it breaks regular email accounts, and it does, they are not scanned by SpamAssasssin after the new line is added.

So is it because I added the following line at the wrong place in the file, or is there something wrong with the code in the line in the 2nd code at http://help.directadmin.com/item.php?id=156 ?

 

[LawsHosting]

However it seems like the is a difference if the email forwarder created does not have a email account in DirectAdmin, if there is a existing email account in DirectAdmin for that email address, and the user set up a email forwarder, then for sure ALL spam, even high scoring spam wich is set in settings to be deleted, will be forwarded to external email address.

Another option I'd like to see is an option to NOT to store email in a mailbox (if exist) when there's an external forwarder configured for it. Like, why still store emails when they want to use an external forwarder? The mailbox will get full, thus, not sure if mail would continue to get forwarded?

I do try to persuade clients to set up POP fetching from within GMail, Hotmail, etc, but still....

 

[DirectAdmin Support]

FYI, this should be how it looks (the guide is probably not perfectly clear):

[COLOR=#000000][FONT=courier new]# Spam Assassin[/FONT][/COLOR]
[COLOR=#000000][FONT=courier new]spamcheck_director:[/FONT][/COLOR]
[COLOR=#000000][FONT=courier new]  driver = accept[/FONT][/COLOR]
[COLOR=#000000][FONT=courier new]  condition = "${if and { \[/FONT][/COLOR]
[COLOR=#000000][FONT=courier new]      {!def:h_X-Spam-Flag:} \[/FONT][/COLOR]
[COLOR=#000000][FONT=courier new]      {!eq {$received_protocol}{spam-scanned}} \[/FONT][/COLOR]
[COLOR=#000000][FONT=courier new]      {!eq {$received_protocol}{local}} \[/FONT][/COLOR]
[COLOR=#000000][FONT=courier new]      {exists{/home/${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}/.spamassassin/user_prefs}} \[/FONT][/COLOR]
[COLOR=blue][FONT=courier new]     {exists{/etc/virtual/${domain}/passwd}} \
     { \
     or \
        { \
          {!eq {}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/passwd}}}} \
          [COLOR=#0000ff][B]{!eq {}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}}}} \[/B][/COLOR]
          {eq {$local_part} {${lookup{$domain}lsearch{/etc/virtual/domainowners}}}}  \
        } \
      } \[/FONT][/COLOR]
[COLOR=#000000][FONT=courier new]    } {1}{0}}"[/FONT][/COLOR]
[COLOR=#000000][FONT=courier new]  retry_use_local_part[/FONT][/COLOR]
[COLOR=#000000][FONT=courier new]  transport = spamcheck[/FONT][/COLOR]
[COLOR=#000000][FONT=courier new]  no_verify[/FONT][/COLOR]

Basically just needs to be in the "or" statement, or else it means only scan anything if everything matches, which would rarely trigger.

John

 

[ditto]

Thanks. But I don't want to use the first part of the guide at http://help.directadmin.com/item.php?id=156 , because I have disabled catch-all, so thats not needed.

All I want is to add this line to the default custombuild 2.0 code:

{!eq {}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}}}} \

I don't want to add the other lines. Can you please help showing how/where to add that line? Where to add that line in this code? (because there is no "or" statement in the default cb 2.0 code):

#1.0
# Spam Assassin
spamcheck_director:
  driver = accept
  condition = "${if and { \
			{!def:h_X-Spam-Flag:} \
			{!eq {$received_protocol}{spam-scanned}} \
			{!eq {$received_protocol}{local}} \
			{exists{/home/${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}/.spamassassin/user_prefs}} \
			{<{$message_size}{500k}} \
		} {1}{0}}"
  retry_use_local_part
  transport = spamcheck
  no_verify

So to be clear, I don't want to "Change SpamAssassin to only scan local mailboxes", only to add the line that make it scan email forwarders too.

 

[DirectAdmin Support]

Hello,

I've gone over things and re-tested again.

1) If you've disabled catch-all's then the default settings should be sufficient.
With the default, the only real requirement for SA to run on the forwarder is that the domain is local.

With that, the SA is run on the forwarder, and the domain_filter is run on it.
So as long as it's flagged as spam and the domain_filter drops the message.. then spam will not be relayed.

These are the default settings:

[COLOR=#000000][FONT=courier new]# Spam Assassin[/FONT][/COLOR]
[COLOR=#000000][FONT=courier new]spamcheck_director:[/FONT][/COLOR]
[COLOR=#000000][FONT=courier new]  driver = accept[/FONT][/COLOR]
[COLOR=#000000][FONT=courier new]  condition = "${if and {  \[/FONT][/COLOR]
[COLOR=#000000][FONT=courier new]      {!def:h_X-Spam-Flag:}  \[/FONT][/COLOR]
[COLOR=#000000][FONT=courier new]      {!eq {$received_protocol}{spam-scanned}}  \[/FONT][/COLOR]
[COLOR=#000000][FONT=courier new]      {!eq {$received_protocol}{local}}  \[/FONT][/COLOR]
[COLOR=#000000][FONT=courier new]      {exists{/home/${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}/.spamassassin/user_prefs}}  \[/FONT][/COLOR]
[COLOR=#000000][FONT=courier new]      {<{$message_size}{100k}} \[/FONT][/COLOR]
[COLOR=#000000][FONT=courier new]    } {1}{0}}"[/FONT][/COLOR]
[COLOR=#000000][FONT=courier new]  retry_use_local_part[/FONT][/COLOR]
[COLOR=#000000][FONT=courier new]  transport = spamcheck[/FONT][/COLOR]
[COLOR=#000000][FONT=courier new]  no_verify[/FONT][/COLOR]

Note it just checks for the message to be from the outside, must be local, and must be smaller than 500k.
A forwarder logically does fall into that category.


2) As well, I tested it with auto-replies. As long as the message is fully discarded by the domain_filter (which is how messages are dropped in SA).. then on auto-reply is sent.
If mail is tagged as spam (eg: in the subject) but is set to continue on to the inbox, then yes, the forwarder will still make it to the external address.


So unless I'm missing something.. everything seems to be working.
Again, spam must be dropped, else it will continue to go where it's told.

And easy way to test yourself is to setup a "Spam Filter" to block a certain word, like "thisisspam" and include that in your message.
Ensure you set the Spam Filter to drop the emails.
You can compare:
/etc/virtual/domain.com/filter
to make sure you see "seen finish" after both the high-scoring block, as well as the Spam Filter "word" block... thus, it's the same difference (just confirm you are seeing SA in the headers to make the test fair)


3) Another option, which is not implemented... If you want to stop anything with the hader "X-Spam-Status: Yes,*" from leaving your server.. you could edit the /etc/system_filter.exim.. in a similar fashion to this guide:
http://help.directadmin.com/item.php?id=357
but instead of the lookup{}, you'd instead do a check on the filter.. in a similar manner to the domain_filter.
I've not tested it, but it might look like this:

[COLOR=#000000][FONT=courier new]if $sender_address is ""[/FONT][/COLOR]
[COLOR=#000000][FONT=courier new]then[/FONT][/COLOR]
[COLOR=#000000][FONT=courier new]     if
[/FONT][/COLOR][COLOR=#000000][FONT=courier new]     $h_X-Spam-Status: contains "Yes,"
[/FONT][/COLOR][COLOR=#000000][FONT=courier new]     then
[/FONT][/COLOR][COLOR=#000000][FONT=courier new]         noerror fail text "Dropping outbound spam"[/FONT][/COLOR]
[COLOR=#000000][FONT=courier new]    seen finish
[/FONT][/COLOR][COLOR=#000000][FONT=courier new]     endif[/FONT][/COLOR]
[COLOR=#000000][FONT=courier new]endif[/FONT][/COLOR]

Again, not sure if that works, but it does it my head.

John

 

[nobaloney]

3) Another option, which is not implemented... If you want to stop anything with the hader "X-Spam-Status: Yes,*" from leaving your server.. you could edit the /etc/system_filter.exim.. in a similar fashion to this guide:
http://help.directadmin.com/item.php?id=357

My guess is that this step is what most admins are wanting and expecting. Is there some reason why this should'nt be implemented by default? It seems it would protect sever reputation.

And allow some of our clients who forward all their email to their accounts at AOL, Yahoo, MSLive, Hotmail, etc., to avoid having us end up in their blocklists.

Any comments from anyone?

Jeff

 

[LawsHosting]

My guess is that this step is what most admins are wanting and expecting. Is there some reason why this should'nt be implemented by default? It seems it would protect sever reputation.

Not sure if my SpamAssassin is borked, but a lot of spam labeled as spam from my PC's security suit are not actually being labeled as spam by SpamAssassin, so the status check would be useless.

 

[hci]

3) Another option, which is not implemented... If you want to stop anything with the hader "X-Spam-Status: Yes,*" from leaving your server.. you could edit the /etc/system_filter.exim.. in a similar fashion to this guide:
http://help.directadmin.com/item.php?id=357
but instead of the lookup{}, you'd instead do a check on the filter.. in a similar manner to the domain_filter.
I've not tested it, but it might look like this:

Is there a way to make auto-responders ignore messages with the Spam Flag?

 

[hci]

It seems as though my forwarders are not scanned by spamassassin.

# Spam Assassin
spamcheck_director:
driver = accept
condition = "${if and { \
{!match_ip {$sender_host_address}{/etc/virtual/pophosts}} \
{eq {$authenticated_id}{}} \
{!def:h_X-Spam-Flag:} \
{!eq {$received_protocol}{spam-scanned}} \
{!eq {$received_protocol}{local}} \
{<{$message_size}{5000k}} \
{exists{/home/${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}/.spamassassin/user_prefs}} \
{exists{/etc/virtual/${domain}/passwd}} \
{ \
or \
{ \
{!eq {}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/passwd}}}} \
{eq {$local_part} {${lookup{$domain}lsearch{/etc/virtual/domainowners}}}} \
} \
} \
} {1}{0}}"
retry_use_local_part
transport = spamcheck
no_verify

How do I make sure they are scanned but not placed in spam folder?

 

[LawsHosting]

It seems as though my forwarders are not scanned by spamassassin.

Well, I've been on about this but most say "tell your clients not to forward externally".... easier said than done, they'll just go elsewhere.

 

[nobaloney]

I can look into this if there's enugh interest. It wo't resolve all the other issues with using forwarders, so it's still a good idea to not use them except when there's no other option.

Anyone care to enter a Feature Request?

Jeff

 

[hci]

I am trying to make this work.

In exim.conf I have:

# Spam Assassin
spamcheck_director:
driver = accept
condition = "${if and { \
{!match_ip {$sender_host_address}{/etc/virtual/pophosts}} \
{!match_ip {$sender_host_address}{/etc/virtual/relay_ips}} \
{eq {$authenticated_id}{}} \
{!def:h_X-Spam-Flag:} \
{!eq {$received_protocol}{spam-scanned}} \
{!eq {$received_protocol}{local}} \
{<{$message_size}{500k}} \
{exists{/home/${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}/.spamassassin/user_prefs}} \
{exists{/etc/virtual/${domain}/passwd}} \
{ \
or \
{ \
{!eq {}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/passwd}}}} \
{eq {$local_part} {${lookup{$domain}lsearch{/etc/virtual/domainowners}}}} \
} \
} \
} {1}{0}}"
retry_use_local_part
transport = spamcheck
no_verify

Will this in /etc/system_filter.exim block forwarding of messages with the SPAM flag?

if $sender_address is ""
then
if
$h_X-Spam-Status: contains "Yes,"
then
noerror fail text "Dropping outbound spam"
seen finish
endif
endif