Spamassassin calculates a Spam-Score and a Spam-Score-Integer where the Spam-Score-Integer = Spam_Score * 10.� If you google "spamassassin Spam-Score Spam-Score-Integer"� You will see lots of other folks discussing this.� Yes, it seems confusing but its just the way that Spamassassin does things.� Here is an explanation from a post that I found on a cPanel forum thread:

What happens is that the spam score people are used to dealing with are decimal values, and not integer values (e.g. 1.5, 30.9, 6.4, etc.). When SpamAssassin passes the value to whatever, it passes it as an integer, but to do that without losing any part of the score, it multiplies that decimal value, by 10. So when it does that, your score then becomes a 15 instead of 1.5, or a 309 instead of a 30.9 and so on.

I think that your concerns here are mostly all related to Spamassassin.� You will see alot more logging info from Spamassasssin in /var/log/maillog in addition to that which is included in the exim logs so I recommend that you watch /var/log/maillog as well. The only other recommendation that I would have is to learn all of the whitelisting options that are available in Spamassassin.�� Also, keep in mind that greylisting is based (in part) on Spam-Score and that you can exempt a given email address or domain from greylisting based on Spam-Score by simply whitelisting in Spamassassin.

FYI,

Gordon


On 07/12/2016 12:31 PM, Helmut Fritz wrote:

The queue is empty�

Once I saw the messages I thought to see if they were in the queue.�

It is interesting that:

A message from the same host that forwarded one of the failed messages to my client went through.� So emails from a person were coming through � I have 2 instances of that in my logs.� The emails that are not making it and correspond with the reject message, the files in the input and scan directories, and the spam warning message.

I put that domain in my whitelist for spamassassin, and viola the message got through (it is a deposit confirmation for my client and his back � he runs a business that deposits almost daily � so not a long time to wait).� So the message says spam score of 1 and reject of 990, but I think one of those numbers is off by a magnitude of 10 or?� I have not really figured out the combined spam scoring methodology in exim4u.� it seems there are two and their order of magnitude as an integer are different?

So interesting that it seems to have been rejected by spam score.� Is there something I can do on my end to log better to help figure this out?� any docs to help me understand the spam scoring better?

Thx much!

Helmut

From: users [mailto:users-bounces@exim4u.org] On Behalf Of Gordon Dickens
Sent: Tuesday, July 12, 2016 5:11 AM
To: Exim4U General Discussion
Subject: Re: [Exim4U] help with DEFER errors

Strange... I periodically see a file or two in these directories but never hundreds or thousands of files. These are obviously undelivered messages of some type.� Are the dates on the files recent?� Run "exim -bp" to see what messages that exim reports in your queue.�


On 07/11/2016 06:05 PM, Helmut Fritz wrote:

Not sure if it is related, but my /var/spool/exim/scan and /var/spool/exim/input directories have a lot of files in them.

Input: 2223 files

Scan: 2223 files

I am sure it is not a coincidence.� The queue is empty.� The files names definitely seem to correspond between the two directories.� All the files in inpur are �D files (I believe that means body, -H is header).� Interestingly there are n o corresponding �H header files in input.

I was notified of this issue by a client who has not received any emails from the below mentioned mx.sendinghost.com [xxx.xxx.xxx.xxx].

They do get a reject message on their end of:

Generating server: mx.sendinghost.com

client@hisdomain.com
#< #4.4.2 X-Proprietary; lost connection with my.host.com [xxx.xxx.xxx.xxx] while sending end of data -- message may be sent more than once> #SMTP#

I did run a:

exim -bh xxx.xxx.xxx.xxx

and it ends up at an ACCEPT.

From: Helmut Fritz [mailto:helmut@fritz.us.com]
Sent: Monday, July 11, 2016 12:48 PM
To: 'Exim4U General Discussion'
Subject: help with DEFER errors

Guys,

1.������ I have a lot of these type of messages in my mainlog:

H=(mx.sendinghost.com) [xxx.xxx.xxx.xxx] Warning: ACL "warn" statement skipped: condition test deferred: failed to expand ACL string "${lookup dnsdb{a=$smtp_active_hostname}}": lookup of "a=my.host.com" gave DEFER:

I am trying to look through the configs to see if I can determine where and why I am getting these.

Are they a cause for any real concer?� What causes them and can it be recified?

I am not running a multi-ip host, but do host multiple virtual domains.

2.������ I am not sure if it is related (I think not), but I also get messages that correspond with the sending host that is in some of the above messages but the emails do NOT seem to come through to the users mailbox.� I (think I) do see the actual emails in the /var/spool/exim/scan directory though.� The only thing I find in the logs is this message:

1b4BZC-0005p9-Ek H= mx.sendinghost.com [xxx.xxx.xxx.xxx] Warning: spam-score-int: 1 (/). spamreject: 990.

Any help, ideas or thoughts would be welcome.� I did a google search that did not seem to provide an useful help.

Thx.

Helmut

P.S. not yet updated to latest release of exim4u.




_______________________________________________
users mailing list
users@exim4u.org
https://exim4u.org/mailman/listinfo/users



_______________________________________________
users mailing list
users@exim4u.org
https://exim4u.org/mailman/listinfo/users