exim + spamassassin subject rewriting on symbiosis

One customer of mine has an Bytemark Symbiosis based exim mailserver which uses SpamAssassin. It works pretty well – however the :

rewrite_header Subject *****SPAM*****

directive in spamassassin (/etc/spamassassin/local.cf) seemed to be being ignored – and the only effect of the mail being classified as spam is/was a couple of additional headers added (X-Spam-Status: spam). For the customer in question this wasn’t of much use – as they’re reasonably non-technical and probably couldn’t create a client side mail filter. And they also thought the spamfiltering wasn’t working.

I found adding the following to /etc/exim4/system_filter results in the subject being appropriately modified :

if $h_X-Spam-Status: contains "spam"
    headers add "Old-Subject: $h_subject"
    headers remove "Subject"
    headers add "Subject: *** SPAM *** $h_old-subject"
    headers remove "Old-Subject"

And if you want to tag virus-ey emails … add this in as well :

# X-Anti-Virus: infected
if $h_X-Anti-Virus: contains "infected"
    headers add "Old-Subject: $h_subject"
    headers remove "Subject"
    headers add "Subject: *** VIRUS *** $h_old-subject"
    headers remove "Old-Subject"

Seeing as how that took about 2 hours to figure out – hopefully this will be of use to others.

I started looking at SpamAssassin and wondering why IT wasn’t doing it… I still don’t know why – but assume it’s an Exim ‘feature’.


  1. Hi David

    I expect that the SA wasn’t rewriting because it only gives the score back to Exim when the scan takes place, not a modified message.

    The way you’ve done it is (probably) the only way that this is going to happen, barring individual filters for each mailbox.

    Hope this makes sense!


  2. Yes indeed – that’s what eventual Googling etc implied.

    I’m used to a Postfix/Amavis style solution where SA isn’t as integrated; so found it a bit strange that Exim does things differently.

  3. Thanks, this just helped me! (5 years on from your initial message). SA is so mis-leading with what it has in the local.cf file, as it leads you to believe *it* will rewrite the message :/

Leave a comment

Your email address will not be published.