You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Xavier <xa...@rootshell.be> on 2004/08/21 09:43:35 UTC

Skip mail already checked mails?

Hi gurus,

Here is a setup:

domain.com MX 10 relay1.domain.com
           MX 20 relay2.domain.com

relay1 & relay2 have booth a SpamAssassing running.

Problem: when a mail is received on relay2, it's being check by SA
and tagged as spam. Later, relay2 sent it to relay1.
relay1 don't mark it as spam???
How to re-use the tags added by relay2?

Any idea?

Regards,
Xavier
--
$ cd /pub
$ more beer

Re: Skip mail already checked mails?

Posted by Loren Wilton <lw...@earthlink.net>.

> How to re-use the tags added by relay2?

You can't do exactly what you want with that setup, but you can do something
that is "good enough" in most cases.

Using something like procmail on relay2, look to see if the mail has
X-Spam-Status: Yes in it, or one of the other signs that the first SA pass
has marked the message as spam.  If it is marked as spam, bypass the SA scan
on the second machine.

If the message was marked as ham by the first SA pass, or not scanned at
all, scan it with SA on the second relay machine.  This will prevent a
spammer putting X-Spam-Status: No in their fake headers and bypassing your
second scan.

        Loren

Re: Skip mail already checked mails?

Posted by Matt Kettler <mk...@evi-inc.com>.

At 03:43 AM 8/21/2004, Xavier wrote:
>relay1 & relay2 have booth a SpamAssassing running.
>
>Problem: when a mail is received on relay2, it's being check by SA
>and tagged as spam. Later, relay2 sent it to relay1.
>relay1 don't mark it as spam???
>How to re-use the tags added by relay2?

How do you call SA? Via procmail? If so, create a procmail rule that looks 
for "X-Spam-Status: Yes," and bypass SA if it's present.

However, be sure to not skip mails which have a No for the spam status. 
Spammers could abuse that as a free-ride past your scanners.

Re: Skip mail already checked mails?

Posted by Matt Kettler <mk...@comcast.net>.

At 09:43 AM 8/21/2004 +0200, you wrote:
>Here is a setup:
>
>domain.com MX 10 relay1.domain.com
>            MX 20 relay2.domain.com
>
>relay1 & relay2 have booth a SpamAssassing running.
>
>Problem: when a mail is received on relay2, it's being check by SA
>and tagged as spam. Later, relay2 sent it to relay1.
>relay1 don't mark it as spam???
>How to re-use the tags added by relay2?

Depends on how you are set up to call SA, which you left unspecified.

If you're using something like procmail, you can merely configure a 
procmail rule on relay1 to bypass any email which has "X-Spam-Status: Yes". 
Be sure to not bypass anything with "X-Spam-Status: No" as this would allow 
a spammer to bypass your scanning by faking a scan.

However, I would also consider checking the root cause of the problem. Why 
did one tag it, but not the other. Look at your maillogs (use the SMTP id 
from the Received: headers for hints) and see what the hits of the message 
was on each server. What rules matched on server2 but not server1?

If your difference is that server1 doesn't see dialup lists, adjust your 
trusted_networks setting to include <ip of relay2>/32 and <ip of relay1>/32.

If your difference is bayes, perhaps you should revisit your training a bit.