micah anderson wrote: > > Hi, > > I've got some machines that are running logcheck, they periodically send > mail to us with reports. Sometimes those mails have some spammy stuff in > them, because they are mail server logs, or web logs with some spammy > stuff in them. > > I don't want spamassassin to deal with these messages,
The best way to not have SA mistag log mail like this is to not pass it to SA in the first place. It's usually possible to put some conditions in the glue layer that calls SA so that SA will be bypassed entirely. On my personal server/account, I call SA from procmail, so I can do whatever prefiltering I like before passing the remainder to SA. At work, we have a custom delivery agent that checks a whitelist and blacklist before passing a message to SA; the same principle applies. I'm pretty sure there's a bypass mechanism in most of the SMTP-level content filter systems as well (I *know* there is in MIMEDefang, and IIRC in amavisd-new). > # simple, non-network-based whitelists, locally-generated messages, > # messages via a trusted relay chain, simple > meta SC_HAM > (USER_IN_WHITELIST||USER_IN_DEF_WHITELIST||USER_IN_ALL_SPAM_TO||NO_RELAYS||ALL_TRUSTED) > priority SC_HAM -1000 > shortcircuit SC_HAM ham > score SC_HAM -20 > shortcircuit ALL_TRUSTED on > > yet, the high scoring due to the URIBLs caused this to get classified as > Spam. Axb's comment about making the score for SC_HAM a lot stronger should help, and I'd recommend shortcircuit USER_IN_WHITELIST on shortcircuit USER_IN_DKIM_WHITELIST on shortcircuit USER_IN_SPF_WHITELIST on as well. (I have those set here, although for other reasons.) -kgd
