I'd suggest that not routing the Exchange syncing messages through SA would be a much, much better solution.
C Jason Haar wrote: > Date: Thu, 14 Mar 2002 15:58:26 +1300 > From: Jason Haar <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: [SAtalk] More falsies with SA in an M$ Exchange network > > I reported a few weeks ago how SA was marking ALL our Exchange-to-Exchange > mail as spam. We run an Exchange network internally, but route the "Exchange > Site Connector" via our Qmail servers so that they can be virus/spam > checked. > > These mail messages are used by Exchange to route "non-mail" Exchange server > synchronization data: - i.e they definitely don't have much in common with > "normal" mail, and SA marks them as major spam. > > I have currently whitelisted our internal domains to get around this, but > was thinking that this could probably be fixed within SA instead. > > An example message follows as an attachment. > > SA 2.20 gives it big bad marks for having an empty To: line and "Message > text disguised using base-64 encoding". > > The only base64 encoding is of a TNEF attachment - so I don't think that's > right for a start... Looking at the code, it looks like > check_for_base64_enc_text erroneously flows through the initial empty > text/plain attachment and notices the base64 content of the TNEF attachment? > > There's one thing about this msg type that make it look pretty uniquely like > an Exchange Site Connector message. The From line would always contain > "/cn=Configuration/cn=Servers/" (maybe language specific - but that would be > all). > > I've added the following to our /etc/mail/spamassassin/local.cf which > appears to do a good job. > > score EXCHANGE_SITE_CONNECTOR -5.0 > describe EXCHANGE_SITE_CONNECTOR Microsoft Exchange Site Connector message > header EXCHANGE_SITE_CONNECTOR From =~ /\/cn=Configuration\/cn=Servers\// > > I can't say I've ever seen spam from that type of address, so could we add > that as a permanent rule? > > Thanks > > _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
