Hi,
I've already got short-circuit setup, and it works, but not for mail
that goes like this:
gmail user sends to a mailing list on a mailing list server we
host, that server does some spamassassin scanning, and if it passes it
then delivers to our users subscribed to that mailing list, which is
sent via our internal mx server and then to our internal storage server,
where spamassassin scans it again.
The final stage I thought would be short-circuited, because it was
relayed through our internal network, and we already do spam filtering
at the list server stage, we don't want to do it again.
I've set: add_header all RelaysUntrusted _RELAYSUNTRUSTED_
and see that the final SA looks at the message that is delivered and
sees that it is coming from gmail, so internal_networks,
trusted_networks, and whitelist_to do not apply.
Is there a way I can actually short-circuit this?
This is what I have configured for short-circuit:
ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
#
# default: strongly-whitelisted mails are *really* whitelisted now, if the
# shortcircuiting plugin is active, causing early exit to save CPU load.
# Uncomment to turn this on
#
shortcircuit USER_IN_WHITELIST on
shortcircuit USER_IN_DEF_WHITELIST on
shortcircuit USER_IN_ALL_SPAM_TO on
shortcircuit SUBJECT_IN_WHITELIST on
# the opposite; blacklisted mails can also save CPU
shortcircuit USER_IN_BLACKLIST on
shortcircuit USER_IN_BLACKLIST_TO on
shortcircuit SUBJECT_IN_BLACKLIST on
# if you have taken the time to correctly specify your "trusted_networks",
# this is another good way to save CPU
#
shortcircuit ALL_TRUSTED on
score ALL_TRUSTED -5
# simple, non-network-based whitelists, locally-generated messages,
# messages via a trusted relay chain, simple
meta SC_HAM (USER_IN_WHITELIST||USER_IN_DEF_WHITELIST||USER_IN_ALL_SPAM_TO||NO_RELAYS||ALL_TRUSTED)
priority SC_HAM -1000
shortcircuit SC_HAM ham
score SC_HAM -30
meta SC_SPAM (USER_IN_BLACKLIST_TO||USER_IN_BLACKLIST)
priority SC_SPAM -950
shortcircuit SC_SPAM spam
score SC_SPAM 20
# slower, network-based whitelisting -- need to enable DKIM/SPF stuff before we can short circuit here
meta SC_NET_HAM (USER_IN_DKIM_WHITELIST||USER_IN_DK_WHITELIST||USER_IN_SPF_WHITELIST||USER_IN_DEF_DK_WL||USER_IN_DEF_DKIM_WL||USER_IN_DEF_SPF_WL)
priority SC_NET_HAM -500
shortcircuit SC_NET_HAM ham
score SC_NET_HAM -20
# bounce messages: always ignored if the vbounce plugin is active
priority ANY_BOUNCE_MESSAGE -700
shortcircuit ANY_BOUNCE_MESSAGE spam
score ANY_BOUNCE_MESSAGE 20
# ClamAV support: no need to scan viruses/malware
priority CLAMAV -900
shortcircuit CLAMAV spam
score CLAMAV 20
endif # Mail::SpamAssassin::Plugin::Shortcircuit
--
micah
I've already got short-circuit setup, and it works, but not for mail
that goes like this:
gmail user sends to a mailing list on a mailing list server we
host, that server does some spamassassin scanning, and if it passes it
then delivers to our users subscribed to that mailing list, which is
sent via our internal mx server and then to our internal storage server,
where spamassassin scans it again.
The final stage I thought would be short-circuited, because it was
relayed through our internal network, and we already do spam filtering
at the list server stage, we don't want to do it again.
I've set: add_header all RelaysUntrusted _RELAYSUNTRUSTED_
and see that the final SA looks at the message that is delivered and
sees that it is coming from gmail, so internal_networks,
trusted_networks, and whitelist_to do not apply.
Is there a way I can actually short-circuit this?
This is what I have configured for short-circuit:
ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
#
# default: strongly-whitelisted mails are *really* whitelisted now, if the
# shortcircuiting plugin is active, causing early exit to save CPU load.
# Uncomment to turn this on
#
shortcircuit USER_IN_WHITELIST on
shortcircuit USER_IN_DEF_WHITELIST on
shortcircuit USER_IN_ALL_SPAM_TO on
shortcircuit SUBJECT_IN_WHITELIST on
# the opposite; blacklisted mails can also save CPU
shortcircuit USER_IN_BLACKLIST on
shortcircuit USER_IN_BLACKLIST_TO on
shortcircuit SUBJECT_IN_BLACKLIST on
# if you have taken the time to correctly specify your "trusted_networks",
# this is another good way to save CPU
#
shortcircuit ALL_TRUSTED on
score ALL_TRUSTED -5
# simple, non-network-based whitelists, locally-generated messages,
# messages via a trusted relay chain, simple
meta SC_HAM (USER_IN_WHITELIST||USER_IN_DEF_WHITELIST||USER_IN_ALL_SPAM_TO||NO_RELAYS||ALL_TRUSTED)
priority SC_HAM -1000
shortcircuit SC_HAM ham
score SC_HAM -30
meta SC_SPAM (USER_IN_BLACKLIST_TO||USER_IN_BLACKLIST)
priority SC_SPAM -950
shortcircuit SC_SPAM spam
score SC_SPAM 20
# slower, network-based whitelisting -- need to enable DKIM/SPF stuff before we can short circuit here
meta SC_NET_HAM (USER_IN_DKIM_WHITELIST||USER_IN_DK_WHITELIST||USER_IN_SPF_WHITELIST||USER_IN_DEF_DK_WL||USER_IN_DEF_DKIM_WL||USER_IN_DEF_SPF_WL)
priority SC_NET_HAM -500
shortcircuit SC_NET_HAM ham
score SC_NET_HAM -20
# bounce messages: always ignored if the vbounce plugin is active
priority ANY_BOUNCE_MESSAGE -700
shortcircuit ANY_BOUNCE_MESSAGE spam
score ANY_BOUNCE_MESSAGE 20
# ClamAV support: no need to scan viruses/malware
priority CLAMAV -900
shortcircuit CLAMAV spam
score CLAMAV 20
endif # Mail::SpamAssassin::Plugin::Shortcircuit
--
micah