Thx Gordon. I think I got it. So in my message my spam-score-int of 1 is actually 10 compared to the spam reject of 990? Or is that 9.9? if the former, I have no idea why it would be rejected and I find the body in the input directory (but no header) and a binary of the same message id in scan directory. If the spam reject is 9.9 then I get it. In exim4u_global_spam_virus my SpamRejectScore is set at 99. So I believe that translates to 9.9, which compared to the 10 above then makes sense for the discard to /dev/null. I am not sure why the log message shows 990, it should show 9.9 if I understand everything correctly. 990 is far higher than the default 100 that is in the exim4u_global_spam_virus file. I will see if I can suss out some more about SpamAssassin, I am familiar with all the options but the way it works with exim in the smtp connection and the difference in scoring is new to me. There seems to be something in that translation that is odd (I.e. reporting 990 instead of 99 or 9.9). I can deal with it, just want to really understand the integer vs decim score thing and how it is reported. Any ideas on the files in the directories? Why the header file is missing from input? Should I check exim list/people for that? I did not find much in my google searching for that. I changed the subject in case it helps people find this discussion in the future. Helmut From: users [mailto:users-bounces(a)exim4u.org] On Behalf Of Gordon Dickens Sent: Tuesday, July 12, 2016 4:56 PM To: Exim4U General Discussion Subject: Re: [Exim4U] help with DEFER errors Spamassassin calculates a Spam-Score and a Spam-Score-Integer where the Spam-Score-Integer = Spam_Score * 10. If you google "spamassassin Spam-Score Spam-Score-Integer" You will see lots of other folks discussing this. Yes, it seems confusing but its just the way that Spamassassin does things. Here is an explanation from a post that I found on a cPanel forum thread: What happens is that the spam score people are used to dealing with are decimal values, and not integer values (e.g. 1.5, 30.9, 6.4, etc.). When SpamAssassin passes the value to whatever, it passes it as an integer, but to do that without losing any part of the score, it multiplies that decimal value, by 10. So when it does that, your score then becomes a 15 instead of 1.5, or a 309 instead of a 30.9 and so on. I think that your concerns here are mostly all related to Spamassassin. You will see alot more logging info from Spamassasssin in /var/log/maillog in addition to that which is included in the exim logs so I recommend that you watch /var/log/maillog as well. The only other recommendation that I would have is to learn all of the whitelisting options that are available in Spamassassin. Also, keep in mind that greylisting is based (in part) on Spam-Score and that you can exempt a given email address or domain from greylisting based on Spam-Score by simply whitelisting in Spamassassin. FYI, Gordon On 07/12/2016 12:31 PM, Helmut Fritz wrote: "The queue is empty" Once I saw the messages I thought to see if they were in the queue. It is interesting that: A message from the same host that forwarded one of the failed messages to my client went through. So emails from a person were coming through - I have 2 instances of that in my logs. The emails that are not making it and correspond with the reject message, the files in the input and scan directories, and the spam warning message. I put that domain in my whitelist for spamassassin, and viola the message got through (it is a deposit confirmation for my client and his back - he runs a business that deposits almost daily - so not a long time to wait). So the message says spam score of 1 and reject of 990, but I think one of those numbers is off by a magnitude of 10 or? I have not really figured out the combined spam scoring methodology in exim4u. it seems there are two and their order of magnitude as an integer are different? So interesting that it seems to have been rejected by spam score. Is there something I can do on my end to log better to help figure this out? any docs to help me understand the spam scoring better? Thx much! Helmut From: users [mailto:users-bounces(a)exim4u.org] On Behalf Of Gordon Dickens Sent: Tuesday, July 12, 2016 5:11 AM To: Exim4U General Discussion Subject: Re: [Exim4U] help with DEFER errors Strange... I periodically see a file or two in these directories but never hundreds or thousands of files. These are obviously undelivered messages of some type. Are the dates on the files recent? Run "exim -bp" to see what messages that exim reports in your queue. On 07/11/2016 06:05 PM, Helmut Fritz wrote: Not sure if it is related, but my /var/spool/exim/scan and /var/spool/exim/input directories have a lot of files in them. Input: 2223 files Scan: 2223 files I am sure it is not a coincidence. The queue is empty. The files names definitely seem to correspond between the two directories. All the files in inpur are -D files (I believe that means body, -H is header). Interestingly there are n o corresponding -H header files in input. I was notified of this issue by a client who has not received any emails from the below mentioned mx.sendinghost.com [xxx.xxx.xxx.xxx]. They do get a reject message on their end of: Generating server: mx.sendinghost.com client(a)hisdomain.com #< #4.4.2 X-Proprietary; lost connection with my.host.com [xxx.xxx.xxx.xxx] while sending end of data -- message may be sent more than once> #SMTP# I did run a: exim -bh xxx.xxx.xxx.xxx and it ends up at an ACCEPT. From: Helmut Fritz [mailto:helmut(a)fritz.us.com] Sent: Monday, July 11, 2016 12:48 PM To: 'Exim4U General Discussion' Subject: help with DEFER errors Guys, 1. I have a lot of these type of messages in my mainlog: H=(mx.sendinghost.com) [xxx.xxx.xxx.xxx] Warning: ACL "warn" statement skipped: condition test deferred: failed to expand ACL string "${lookup dnsdb{a=$smtp_active_hostname}}": lookup of "a=my.host.com" gave DEFER: I am trying to look through the configs to see if I can determine where and why I am getting these. Are they a cause for any real concer? What causes them and can it be recified? I am not running a multi-ip host, but do host multiple virtual domains. 2. I am not sure if it is related (I think not), but I also get messages that correspond with the sending host that is in some of the above messages but the emails do NOT seem to come through to the users mailbox. I (think I) do see the actual emails in the /var/spool/exim/scan directory though. The only thing I find in the logs is this message: 1b4BZC-0005p9-Ek H= mx.sendinghost.com [xxx.xxx.xxx.xxx] Warning: spam-score-int: 1 (/). spamreject: 990. Any help, ideas or thoughts would be welcome. I did a google search that did not seem to provide an useful help. Thx. Helmut P.S. not yet updated to latest release of exim4u. _______________________________________________ users mailing list users(a)exim4u.org https://exim4u.org/mailman/listinfo/users _______________________________________________ users mailing list users(a)exim4u.org https://exim4u.org/mailman/listinfo/users