SpamAssasin - только отмечать письма

EXIM, sendmail, postfix, Dovecot и прочие. Решение проблем связанных с работой электронной почты

Модератор: xM

Правила форума
Убедительная просьба юзать теги [code] при оформлении листингов.
Сообщения не оформленные должным образом имеют все шансы быть незамеченными.
100matolog
ст. сержант
Сообщения: 309
Зарегистрирован: 2008-05-30 12:11:16
Откуда: kiev
Контактная информация:

SpamAssasin - только отмечать письма

Непрочитанное сообщение 100matolog » 2011-06-14 20:48:25

Задача - не реджектить письма со спамом - а принимать их , но добавляя в сабж письма метку ***SPAM***
Подскажите как пожалуйста?

Код: Выделить всё

[root@gate /var/spool/exim/SApermreject/new]# spamassassin -V
SpamAssassin version 3.3.1
  running on Perl version 5.10.1

Код: Выделить всё

[root@gate /var/spool/exim/SApermreject/new]# exim --version
Exim version 4.76 #0 (FreeBSD 8.2) built 09-Jun-2011 14:49:45
Copyright (c) University of Cambridge, 1995 - 2007
Probably Berkeley DB version 1.8x (native mode)
Support for: crypteq iconv() use_setclassresources PAM Perl Expand_dlfunc OpenSSL Content_Scanning DKIM Old_Demime
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch nis nis0 passwd
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /usr/local/etc/exim/configure
configure

Код: Выделить всё

.....
acl_check_data:


warn  message         = X-Quarantine-Me-Malware: $malware_name
        log_message     = malware: $malware_name
        demime          = *
        malware         = */defer_ok

    warn    message       = X-Quarantine-Me-Spam: SA score $spam_score\n\
    X-SA-Report: $spam_report
    log_message   = Spam score $spam_score > 5
    spam          = spamd/defer_ok
    condition     = ${if >{$spam_score_int}{50}{1}{0}}


  # Accept the message.

  accept



######################################################################
#                      ROUTERS CONFIGURATION                         #
#               Specifies how addresses are handled                  #
######################################################################
#     THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT!       #
# An address is passed to each router in turn until it is accepted.  #
######################################################################

begin routers

check_malware:
    driver                = redirect
    condition             = ${if def:h_X-Quarantine-Me-Malware: {1}{0}}
    headers_add           = X-Quarantined-Malware: $h_X-Quarantine-Me-Malware:
    headers_remove        = X-Quarantine-Me-Malware
    data                  = /var/quarantine/malware/malware.$tod_logfile
    file_transport        = address_file

check_spam:
    driver                = redirect
    condition             = ${if def:h_X-Quarantine-Me-Spam: {1}{0}}
    headers_add           = X-Quarantined-Spam: $h_X-Quarantine-Me-Spam:
    headers_remove        = X-Quarantine-Me-Spam
    data                  = /var/quarantine/spam/spam.$tod_logfile
    file_transport        = address_file
    no_more

dnslookup:
  driver = dnslookup
  domains = ! +local_domains
  transport = remote_smtp
  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
  no_more



system_aliases:
  driver = redirect
  allow_fail
  allow_defer
  data = ${lookup{$local_part}lsearch{/etc/aliases}}
  user = mailnull
  group = mail
  file_transport = address_file
  pipe_transport = address_pipe




userforward:
  driver = redirect
  check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
  file = $home/.forward
# allow_filter
  no_verify
  no_expn
  check_ancestor
  file_transport = address_file
  pipe_transport = address_pipe
  reply_transport = address_reply
  condition = ${if exists{$home/.forward} {yes} {no} }


# This router matches local user mailboxes. If the router fails, the error
# message is "Unknown user".

# If you want this router to treat local parts with suffixes introduced by "-"
# or "+" characters as if the suffixes did not exist, uncomment the two local_
# part_suffix options. Then, for example, xxxx-foo@your.domain will be treated
# in the same way as xxxx@your.domain by this router.

localuser:
  driver = accept
  check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
  transport = local_delivery
  cannot_route_message = Unknown user
......

Код: Выделить всё

[root@gate /usr/local/etc/exim]# cat sa-exim.conf
# Options for spamassassin running in exim's local_scan (SA Exim)
# By Marc MERLIN <marc_soft@merlins.org> - Initial version: April 2002
# Sander Smeenk <ssmeenk@freshdot.net> - Improvements: March 2004
#
# Sample file version 1.16 for SA-Exim 4.1 - 2005/01/10 
#
# The parse routine is minimalistic. It expects "option: value" (exactly
# one space after the colon, and none before). You should put long lines
# on one line. The parser isn't capable of parsing multiline values.
#
# SA threshold values are parsed as floats and other numerical options
# are ints. String options have to be set. To unset them, comment out the
# variable, don't set it to nothing.
#
# READ THIS:
# ---------
# Watch your logs, you will get errors and your messages will get
# temporarily bounced if expansions fail. Watch your logs!
#
# If you are afraid that spammers might use a header that is used here
# as a default, have exim set it to another value than 'Yes' and check
# here for that other value.
#
# For every expansion, anything that doesn't expand to "" or "0"
# (without quotes) will be considered true. If you set the string to 1,
# it will be true without going through exim's condition evaluator (and
# if you leave it unset, it will default to 0)
#
# You should not put double quotes around expressions!
# --- snip ---

# Enable basic verbose output by default. Watch your logs!
SAEximDebug: 1


# Default path is /usr/local/bin/spamc, but you can change it here
SAspamcpath: /usr/local/bin/spamc

# Which characters are retained from a Message-Id header (for safety, we
# remove characters that might cause problems with shell parsing)
# Change the default at your own risk (you also have to change this in
# the SA greylisting patch if you use that)
#SAsafemesgidchars: !#%( )*+,-.0123456789:<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_abcdefghijklmnopqrstuvwxyz{|}~

# If SAspamcSockPath is set spamc uses socket to connect to spamd,
# use --socketpath pathname as argument to spamd (new in SA 2.60).
# Leave it unset if you want spamc to connect(AF_INET) to spamd at
# 127.0.0.1 (this is the default shown in the options below), but if
# you set it, it will override the two TCP connect options below
#SAspamcSockPath: /var/run/spamd.sock

# SAspamcHost / SAspamcPort: TCP socket where your spamd is listening
# Shown below are the defaults:
SAspamcHost: 127.0.0.1
SAspamcPort: 783


# Exim configuration string to run before running SA against the message
# This decides whether SA gets run against the message or not.  This
# default will not reject messages if the message had SA headers but
# they weren't added by us.
SAEximRunCond: ${if and {{def:sender_host_address} {!eq {$sender_host_address}{127.0.0.1}} {!eq {$h_X-SA-Do-Not-Run:}{Yes}} } {1}{0}}
# Remove or comment out the following line to enable sa-exim
#SAEximRunCond: 0

# If and only if SAEximRunCond was true, and we did run SA, this
# expression decides whether we actually consider acting upon SAdevnull,
# SApermreject, and SAtempreject if you have them set.
#
# Use this to tag messages that you shouldn't reject (messages sent to
# abuse or postmaster for instance).
#
# X-SA-Do-Not-Rej should be set as a warn header if mail is sent to
# postmaster and abuse (in the RCPT ACL), this way you're not bouncing
# spam abuse reports sent to you. This is a RFC guideline.
SAEximRejCond: ${if !eq {$h_X-SA-Do-Not-Rej:}{Yes} {1}{0}}


# How much of the body we feed to spamassassin (in bytes)
# Default is 250KB
SAmaxbody: 256000

# Do you want to feed SAmaxbody's worth of the message body if it is too big?
# Either, you skip messages that are too big and not scan them, or you can
# truncate the body and feed that to SA.
# Note that SA will sometimes raise the spam score if it can't parse
# the message correctly (since the end is missing, decoding will fail)
# Default is 0: do not scan messages that are too big
# (note that this is parsed as a condition)
SATruncBodyCond: 0

# If you want SA to report_safe you need sa-exim to rewrite the body of
# the message since SA encapsulates the spam as a mime attachment.
# You probably want SATruncBodyCond to be 0 or else you'll end up with a
# partial message if it's larger than SAmaxbody and it's spam
#
# Also note that if you enable this option, any saved message will be saved
# after the body has been modified by SA.
# (this is not a condition as SA's report_safe is not conditional)
SARewriteBody: 0

# Prepend saved messages with an fake From-header to make the file look like a
# valid mbox file
SAPrependArchiveWithFrom: 1

# If you are archiving messages that are rejected, how much do you want
# to archive? Default is 20MB.
SAmaxarchivebody: 20971520

# On errors, if you are saving messages, you probably want the entire message
# Default size saved (if you are saving errors) is 1GB
SAerrmaxarchivebody: 1073741824

# You can have SA-Exim add a X-SA-Exim-Rcpt-To header, which will list all
# the receipients for the Email, unless the list gets bigger than 
# SAmaxrcptlistlength bytes.
# The default value of 0 disables the header for privacy reasons (the header
# exposes Bcced receipients)
# Any value bigger than 8000 will be ignored because there is a limit on the
# size of headers that you can have and exim's string_sprintf
# Note that if you are planning to use greylisting, you should set this
# value to 8000 since SA's greylisting code needs the recipients.
SAmaxrcptlistlength: 0

# Add X-SA-Exim-Rcpt-To and X-SA-Exim-Mail-From headers before SA scans
# the message.
# If this option is enabled, SARewiteBody is true, and safe_mode is
# enabled in SA, you end up with the X-SA-Exim-Rcpt-To/X-SA-Exim-Mail-From in
# the attatched message as well without the ability to remove them later in an
# exim transport (think privacy). 
# In real life this is usually not a problem because the message is spam anyway,
# and if you turn this off, you lose the option to use those headers to score
# the message with SA.
SAaddSAEheaderBeforeSA: 1

# How many seconds you want to allow spamc to run. Exim 4.04 and better will
# kill us after a default of 5 minutes. This however is not great, because the
# mail gets temporarily rejected
# You should set this and have SA Exim handle the timeout itself and accept the
# message if spamc takes too long (instead of timing out)
# A value of 0 means no timeout, and we run until exim stops us. 
# I know of at least one mail server (nanog's merit.edu) that will not
# wait a full 5mn (which causes tempreject and resends), so the default is 4mn
#SAtimeout: 240

# Do you want to save mails that were accepted because spamc timed out?
# Specify a directory to enable the feature.
# SA-Exim will try to create the directory if it has the permissions to do so,
# check your maillog for failures (or create the directory yourself and make it
# writeable by exim)
SAtimeoutsave: /var/spool/exim/SAtimeoutsave

# You can optionally save or not save messages that matched the above rule
SAtimeoutSavCond: 1


# You should really create this directory for local_scan to save messages that
# created an error. If you don't want this, comment out this variable
# Make sure all these directories are owned by the exim user
# SA-Exim will try to  create the directory if it has  the permissions to do
# so, check your maillog for failures  (or create the directory yourself and
# make it writeable by exim)
SAerrorsave: /var/spool/exim/SAerrorsave

# You can optionally save or not save messages that matched the above rule
# You should not put double quotes around the expression
SAerrorSavCond: 1

# If you set to 1, SA will temporarily reject messages that generated an error
# while they were processed (they'll still be saved if SAerrorsave is set).
# Otherwise (0 = false), the messages are just accepted, which seems like a
# more sensible default
SAtemprejectonerror: 0


###############################################################################
# NOTE: Spamd needs to tell sa-exim that the message SA-Exim gave spamd
# is spam before sa-exim will consider the SA tresholds.
# In other words, you cannot reject mails on SA scores if you set that
# threshold to a lower threshold than SA's required_hits value.
# The one exception to this rule is SAtempreject (in order to let you
# temporarily reject mail when you are doing greylisting, see
# README.greylisting in the documentation for details)
###############################################################################

# SA score when you start stalling the sender by sending many continuation
# lines for up to SAteergrubetime
# This is now a string (without quotes) that gets evaluated at runtime by exim
# but you can still assign a simple float value to it
# Note that this is an obvious abuse of SMTP, but eh, they started it :-)
# Of course, this means that each incoming spam with the right score threshold
# will keep an exim process busy on your machine. Make sure you can afford it.
# Default value is 2^20, which should disable the behavior

# Please, don't teergrube people who relay for you or your own MXes :-)
# This option is left behind for backward compatibility, but you can now
# get the same result by putting a condition string in SAteergrube
# The trick is to list your score if the condition succeeds, and a really 
# high score otherwise.
#SAteergrube: ${if and { {!eq {$sender_host_address}{127.0.0.1}} {!eq {$sender_host_address}{127.0.0.2}} } {25}{1048576}}

# SAteergrubecond is deprecated (replaced by SAteergrube)
# You used to be say whether you would apply the teergrubing score with this
# condition, but now that scores are conditions, it is obsolete
#SAteergrubecond: ${if and { {!eq {$sender_host_address}{127.0.0.1}} {!eq {$sender_host_address}{127.0.0.2}} } {1}{0}}

# How long do you want to stall the sender (in seconds)
# If you set the value too high, you might get too many exim processes running
# and run out of process slots
# Remember, don't come crying if playing with this "feature" causes your mail
# server to catch fire :-)
SAteergrubetime: 900

# You can optionally save or not save messages that matched the above rule
SAteergrubeSavCond: 1

# Do you want to save mails that you stalled for later analysis?
# Specify a directory to enable the feature.
# SA-Exim will try to create the directory if it has the permissions to do so,
# check your maillog for failures (or create the directory yourself and make it
# writeable by exim)
SAteergrubesave: /var/spool/exim/SAteergrube

# When you stall the sender, you will probably get the mail again.
# By default, we'll  only save messages by message ID so  that we don't save
# multiple copies every time the sender tries again.
# Of course, this means someone could fake someone else's message ID to
# overwrite the saved copy of another spam. Such is life :-)
SAteergrubeoverwrite: 1



# If you reach this score, the mail is accepted and tossed (/dev/nulled).
# The default value is 2^20 which should ensure this never happens.
# This is now a string (without quotes) that gets evaluated at runtime by exim
# but you can still assign a simple float value to it
# You should be really sure that the message is spam because the sender will
# get no notification
#SAdevnull: 20.0

# You can optionally save or not save messages that matched the above rule
SAdevnullSavCond: 1

# Do you want to save mails that are tossed?
# Specify a directory to enable the feature.
# This is just in case you do want to keep a copy of the alledge spams somewhere
# Messages are saved by unixdate_Message-Id or just unix date if there is no
# Message-Id.
# SA-Exim will try to create the directory if it has the permissions to do so,
# check your maillog for failures (or create the directory yourself and make it
# writeable by exim)
SAdevnullsave: /var/spool/exim/SAdevnull



# SA score when you start rejecting Emails (this is better than the above as
# it can notify the sender in case you reject non-spam by mistake)
# This is now a string (without quotes) that gets evaluated at runtime by exim
# but you can still assign a simple float value to it
# Default value is 2^20, which should disable the behavior if you comment out
# the line below
SApermreject: 12.0

# You can optionally save or not save messages that matched the above rule
SApermrejectSavCond: 1

# Do you want to save mails that are rejected?
# Specify a directory to enable the feature.
# SA-Exim will try to create the directory if it has the permissions to do so,
# check your maillog for failures (or create the directory yourself and make it
# writeable by exim)
SApermrejectsave: /var/spool/exim/SApermreject



# SA score when you start returning a temporary reject.
# There are few reasons to use this, except if you're reading your tempreject
# save folder (see below) and ajusting scores on the fly, or if you are using
# greylisting
# This is now a string (without quotes) that gets evaluated at runtime by exim
# but you can still assign a simple float value to it
# Default value is 2^20, which should disable the behavior
SAtempreject: 9.0

# You can optionally save or not save messages that matched the above rule
SAtemprejectSavCond: 1

# Do you want to save mails that are temporarily rejected?
# Specify a directory to enable the feature.
# You could use this to analyse what SA is bouncing and adding an allow rule
# to accept the mail next time it is sent back to you
# SA-Exim will try to create the directory if it has the permissions to do so,
# check your maillog for failures (or create the directory yourself and make it
# writeable by exim)
SAtemprejectsave: /var/spool/exim/SAtempreject

# When you send back a temp reject code, you will get the mail again.
# By default, we'll only save messages by message ID so that we don't save
# multiple copies every time the sender tries again.
# Of course, this means someone could fake someone else's message ID to
# overwrite the saved copy of another spam. Such is life :-)
SAtemprejectoverwrite: 1

# See README.greylisting in the documentation for the following options
# This is the string that SpamAssassin adds if the message is whitelisted
# We use this to optionally increase the score needed for a tempreject
# (in order to let a message through when it would otherwise have been
# temprejected)
# Default value is "GREYLIST_ISWHITE" (as used in the patch provided by SA-Exim)
SAgreylistiswhitestr: GREYLIST_ISWHITE

# By how much do we temporarly raise tempreject to allow a mail in when it
# would otherwise have been temp rejected (because SA flagged it was whitelisted
# by the greylisting code provided as a patch to SA in the SA-Exim distro)
# Note that greylisting will not work in until you patch SA with the greylist
# function
# Note that you most likely want 
# SAtempreject + SAgreylistraisetempreject <= SApermreject
# Default value is 3.0 but you'd probably to lower the tempreject score and
# increase this one (see README.greylisting)
SAgreylistraisetempreject: 3.0


# Do you want to save mails that are flagged as spam by SA, but not rejected by
# any of the above thresholds?  Specify a directory to enable the feature.
# That's one way to track mails thare are going through even though they were
# flagged by SA (note that you could also save them in exim's system_filter,
# although copies saved here happen before exim makes modification to the
# message like rewriting)
# SA-Exim will try to create the directory if it has the permissions to do so,
# check your maillog for failures (or create the directory yourself and make it
# writeable by exim)
SAspamacceptsave: /var/spool/exim/SAspamaccept

# You can control which messages you want saved if you only want a subset
SAspamacceptSavCond: 0


# Do you want to save mails that are not flagged as spam by SA
# Specify a directory to enable the feature.
# This is only here for completeness, if you want to save all messages not
# flagged as spam by SA (you could also do this in system_filter)
# SA-Exim will try to create the directory if it has the permissions to do so,
# check your maillog for failures (or create the directory yourself and make it
# writeable by exim)
SAnotspamsave: /var/spool/exim/SAnotspam

# You can control which messages you want saved if you only want a subset
SAnotspamSavCond: 0

# All the following strings can take one '%s' which will be replaced by
# spamstatus: "SA score, trigger score"
SAmsgteergrubewait: Wait for more output
SAmsgteergruberej: Please try again later
SAmsgpermrej: Rejected
SAmsgtemprej: Please try again later
# This string is a static string, do not include "%s"
SAmsgerror: Temporary local error while processing message, please contact postmaster.

Хостинговая компания Host-Food.ru
Хостинг HostFood.ru
 

Услуги хостинговой компании Host-Food.ru

Хостинг HostFood.ru

Тарифы на хостинг в России, от 12 рублей: https://www.host-food.ru/tariffs/hosting/
Тарифы на виртуальные сервера (VPS/VDS/KVM) в РФ, от 189 руб.: https://www.host-food.ru/tariffs/virtualny-server-vps/
Выделенные сервера, Россия, Москва, от 2460 рублей (8 CPU, 8Gb RAM, 2x500Gb HDD, RAID 3ware 9750):
https://www.host-food.ru/tariffs/vydelennyi-server-ds/
Недорогие домены в популярных зонах: https://www.host-food.ru/domains/

Аватара пользователя
mayor
сержант
Сообщения: 215
Зарегистрирован: 2008-09-06 10:11:49
Контактная информация:

Re: SpamAssasin - только отмечать письма

Непрочитанное сообщение mayor » 2011-08-07 15:58:14

таже проблема только на Debian, работает через sa-exim как сделать чтобы просто метило перечитал конфиг sa-exim.conf чото нет там такого:

Код: Выделить всё

2011-08-07 15:52:48 1Qq2qV-0004Id-JS SA: Debug: SAEximRunCond expand returned: 'true'
2011-08-07 15:52:48 1Qq2qV-0004Id-JS SA: Debug: check succeeded, running spamc
2011-08-07 15:52:48 1Qq2qV-0004Id-JS SA: Debug: SARewriteBody == 1, rewriting message body
2011-08-07 15:52:48 1Qq2qV-0004Id-JS SA: Debug: Writing message to /var/spool/sa-exim/SApermreject/new/1312721568_4E3E8A7D.1050300@meta.ua
2011-08-07 15:52:48 1Qq2qV-0004Id-JS SA: Action: permanently rejected message: score=999.2 required=5.0 trigger=12.0 (scanned in 0/0 secs | Message-Id: 4E3E8A7D.1050

режектит сюда - нужно просто метить письма кто подскажет?

Аватара пользователя
skeletor
майор
Сообщения: 2445
Зарегистрирован: 2007-11-16 18:22:04
Откуда: Kiev
Контактная информация:

Re: SpamAssasin - только отмечать письма

Непрочитанное сообщение skeletor » 2011-08-08 10:50:34

Выставьте параметры

Код: Выделить всё

SAtempreject: 100.0
SApermreject: 100.0
и наслаждайтесь. Или вообще закоментируйте всё, что связано с reject
"Винда съела дрова и резет здесь не фурычит."
"Все говорят, что у меня /dev/hands криво и я всё делаю через /dev/ass. А у меня этих фалов вообще нет!"

Аватара пользователя
mayor
сержант
Сообщения: 215
Зарегистрирован: 2008-09-06 10:11:49
Контактная информация:

Re: SpamAssasin - только отмечать письма

Непрочитанное сообщение mayor » 2011-08-08 11:54:50

skeletor писал(а):Выставьте параметры

Код: Выделить всё

SAtempreject: 100.0
SApermreject: 100.0
и наслаждайтесь. Или вообще закоментируйте всё, что связано с reject
спс! помогло