Paul, Fred and others who might wonder:
Since SA is only running on my primary relay, and the secondary is located on
an internal network (though physically distant), I simply look for mail that
includes the internal IP of the secondary in the last "hop".
header FROM_M2 Received =~ /192\.168\.6\.15.{1,20}by
mail1\.mydomain\.com/
describe FROM_M2 relayed by mail2.mydomain.com
score FROM_M2 1.0
"mail1.mydomain.com" is the primary relay running SA, and "192.168.6.15" is the
IP of the secondary. Make these match what you see in your headers and the
rule should work.
As far as "when the primary is up", that is not entirely accurate. This rule
is always in effect. Of course, if the primary really went down it would need
manual intervention, including setting this rule's score to zero until all mail
stored and forwarded by the secondary is processed. I have only done this once
in a couple years of operation; our primary is running a very stable OS distro
and we are on a redundant fiber loop. Besides, 1 point won't cause an FP
disaster in our scoring scenario.
I suppose I could write a script that checks for loss of connectivity on the
primary and adjusts the score accordingly. But I haven't felt the need.
Regards,
Pierre
-----Original Message-----
From: Pettit, Paul [mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 12, 2005 2:28 PM
To: users@spamassassin.apache.org
Subject: RE: OT: Do spammers have a sense of humor?
> Pierre Thomson wrote:
>
> Fortunately SA (2.64)
> saw through it and nailed this using Bayes, DCC, and a custom
> rule that penalizes mail coming through the secondary relay
> when the primary is up.
>
Would you be willing to post that custom rule? I get a number of those kind
of spams and haven't been able to figure out how to tag them correctly. I
use 2.64 as well so compatibility is not an issue. :)
