Please keep the thread on-list, unless you definitely intend to contact
me personally. Even "topic solved" posts like this are worthwhile to
have on the list.
On Mon, 2011-04-25 at 19:58 +0000, Paul Hugill wrote:
> Looks like that will do the job perfectly, thanks for pointing me in
> the right direction.
> I only skimmed the Report Safe section and missed that so sorry.
Unfortunately, they are not in the same section of the docs, so it is
easy to overlook the header specific one. But then again it's a really
esoteric option, I believe not discussed in years on the list.
Anyway, both report_safe_copy_headers as well as report_safe should
solve your issue, depending on your preference.
> Thanks for pointing out the trusted network too, I'll take a look at
> that when I get a chance but dont think I get enough traffic to worry
> about that too much yet.
It's not actually about traffic or volume. Point is, with missing mail
relays like in this forwarder case, almost none of the highly valuable
RCVD_IN_* network tests are going to work, just like a whole lot of
Received specific rules.
They only will work if the forwarders are included in the trusted
network (or auto-detected, as with fetchmail headers) -- in the POP3
harvesting case, this includes the POP3 server, internal infrastructure
if any, and the MX if different from the POP3 server.
> On Mon, 25 Apr 2011 19:52:47 +0200, Karsten Bräckelmann wrote:
> > Ah, so you don't want to add that header, but to inherit it from the
> > attached, original mail. Got ya. :)
> >
> > So, from your description and the issue being an issue at all, it
> > appears you have set the report_safe option to the default of 1, or
> > possibly even 2. This means, a report message will be created by SA for
> > identified spam, the original mail attached unaltered, and just a very
> > few essential headers are inherited to the report.
> >
> > See the M::SA::Conf [1] docs, section Miscellaneous Options. The option
> > you want is
> >
> > report_safe_copy_headers X-hMailServer-ExternalAccount
> > On a related note, since you are processing mail fetched from a POP3
> > account, you should make sure your trusted networks are set up properly,
> > or correctly auto-detected by SA. These external mail servers should be
> > included, so SA checks the correct IP addresses against DNSBLs.
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
