I have a server running cPanel/WHM with exim and SpamAssassin. I've been noticing an issue where emails coming in with forged spamassassin headers bypassing some of the filtering. I want to strip out all SpamAssassin headers before it goes through spamassassin and then filtered into the inbox/spam folders.
Searching the net, the only similar instance I could find was from 2004. However, the exim config by that user and by me are very different. I am not sure how to apply it. I can run formail against a file containing the message to remove the headers, but I don't know how to make exim do that.
Just to provide an example, a message will come in with headers like this:
X-Spam-Status: No, score=1.3
X-Spam-Score: 13
X-Spam-Bar: +
X-Ham-Report: Spam detection software, running on the system "serv02.example.com", has
identified this incoming email as possible spam. The original message *snip*
X-Spam-Flag: NO
My SpamAssassin will add these headers to the message:
X-Spam-Status: Yes, score=6.8
X-Spam-Score: 68
X-Spam-Bar: ++++++
X-Spam-Report: Spam detection software, running on the system "serv02.example.com", has
identified this incoming email as possible spam. The original message *snip*
X-Spam-Flag: YES
But because the exim vfilter rules read the first X-Spam headers, the email ends up in the user's inbox instead of in the spam folder.
Check out if SpamAssassins
remove_headerorclear_headersconfiguration file options will do what you want.Exim for cPanel uses vfilters stored in /etc/vfilters and relies on the X-Spam-Bar header. Other systems may use X-Spam-Flag-Status or the Score to determine whether to save the message in the inbox, a spam folder, or delete it. Unfortunately, vfilter will use the very first match, which is the crux of this issue.
Outdated solution found http://wiki.exim.org/ExiscanExamples#Replacing_foreign_Spamassassin_headers_with_local_ones
Add into ACL's somewhere warn spam = exiscan:true set acl_m0 = ($spam_bar) $spam_score set acl_m1 = $spam_report
This will set ACL variables appropriately for the following processing in the system filter:
Add into system filter:
In cPanel, the system filter is /etc/cpanel_exim_system_filter and the acl_mX variables are different, so lets figure those out. Add this to the end of cpanel_exim_filters
--- did this and got: X-acl-m1: user1 X-acl-m2: 1 X-acl-m3: X-acl-m4: X-acl-m5: X-acl-m6: X-acl-m7:
So i find the section of exim.conf that adds headers and see all the $spam variables. I wonder if they carry over? Let's find out.
So $spam_score_int is carried over along with $h_subject, but not spam_bar, which is vital
But.. I realized that headers carry through, which might work
results in:
So the $h headers have both the headers received and headers added.
Solution?
Add custom spam filters into exim.conf and then swap them out in cpanel_exim_filter
Ok, now to make this more persistent. First, copy your cpanel_exim_system filter:
Log into WHM Main >> Service Configuration >> Exim Configuration Editor, and click Advanced Editor
Scroll down and change the spam header section to look like below. Note that you're just changing X-Spam headers to X-989Spam headers (you can of course use any custom name you like as long as your custom-exim-system-filters match. Since the configuration file may change over time, make sure you are modifying only the add_header lines.
-- and --
Save your configuration and wait for WHM to refresh.
Go back to Main >> Service Configuration >> Exim Configuration Editor >> Filters
Change the system filter file to point to /etc/custom_exim_system_filter
The accepted answer may have been the best you could do in 2012, or with the commonly available exim versions in 2012, but nowadays exim does have a
remove_headerdirective that can be used in ACLs. It was added with version 4.82: