exim + spamassassin subject rewriting on symbiosis

One customer of mine has an Bytemark Symbiosis based exim mailserver which uses SpamAssassin. It works pretty well – however the :

rewrite_header Subject *****SPAM*****

directive in spamassassin (/etc/spamassassin/local.cf) seemed to be being ignored – and the only effect of the mail being classified as spam is/was a couple of additional headers added (X-Spam-Status: spam). For the customer in question this wasn’t of much use – as they’re reasonably non-technical and probably couldn’t create a client side mail filter. And they also thought the spamfiltering wasn’t working.

I found adding the following to /etc/exim4/system_filter results in the subject being appropriately modified :

if $h_X-Spam-Status: contains "spam"
then
    headers add "Old-Subject: $h_subject"
    headers remove "Subject"
    headers add "Subject: *** SPAM *** $h_old-subject"
    headers remove "Old-Subject"
endif

And if you want to tag virus-ey emails … add this in as well :

# X-Anti-Virus: infected
if $h_X-Anti-Virus: contains "infected"
then
    headers add "Old-Subject: $h_subject"
    headers remove "Subject"
    headers add "Subject: *** VIRUS *** $h_old-subject"
    headers remove "Old-Subject"
endif

Seeing as how that took about 2 hours to figure out – hopefully this will be of use to others.

I started looking at SpamAssassin and wondering why IT wasn’t doing it… I still don’t know why – but assume it’s an Exim ‘feature’.


Posted

in

,

by

Comments

4 responses to “exim + spamassassin subject rewriting on symbiosis”

  1. Patrick Cherry Avatar
    Patrick Cherry

    Hi David

    I expect that the SA wasn’t rewriting because it only gives the score back to Exim when the scan takes place, not a modified message.

    The way you’ve done it is (probably) the only way that this is going to happen, barring individual filters for each mailbox.

    Hope this makes sense!

    Patrick

  2. David Goodwin Avatar

    Yes indeed – that’s what eventual Googling etc implied.

    I’m used to a Postfix/Amavis style solution where SA isn’t as integrated; so found it a bit strange that Exim does things differently.

  3. Ed Johnson Avatar
    Ed Johnson

    Spent all weekend trying to figure this out.. thanks.

  4. Andrew Newby Avatar
    Andrew Newby

    Thanks, this just helped me! (5 years on from your initial message). SA is so mis-leading with what it has in the local.cf file, as it leads you to believe *it* will rewrite the message :/

Leave a Reply

Your email address will not be published. Required fields are marked *