Blue Flower

Monday, 06 July 2015 00:32

How to bypass Spamassasin for certain source IPs

Written by
Rate this item
(0 votes)

Sometimes messages come across that list that Spamassassin considers spam.
Then the question is should I relearn it as ham, or leave it as spam,
because it obviously has characteristics of a spam (because someone
has FW'd a real spam), but also has characteristics of a ham as well.
The recommendation from the Spamassassin folk is to not have spamassasin
scan emails from this list.

I checked out the header and saw that the messages always come from
hermes.apache.org ( 209.237.227.199 ). I edited /etc/tcp.smtp and added:

209.237.227.199:allow, QMAILQUEUE="/var/qmail/bin/qmail-queue"

After rebuilding the tcp.smtpd.cdb file, this told qmail-smtpd to skip
qmail-scanner-queue.pl and to just run qmail-queue right away. This
worked, and I was now not scanning the message for spam. However, its
bypassing clamav as well. This was not acceptable.

I checked out the source of qmail-scanner-queue.pl and found this as
part of the sub spamassassin and sub spamassassin_alt routines:

#Only run SA if mail is from a "remote" SMTP client, or QS_SPAMASSASSIN
#is defined via tcpserver...
if (defined($ENV{'RELAYCLIENT'}) && !defined($ENV{'QS_SPAMASSASSIN'})) {
&debug("spamassassin: don't scan as RELAYCLIENT implies this was
sent by a local user");
&minidebug("SA: don't scan as RELAYCLIENT implies this was sent by a
local user");
return;
}

So I added the following peice right below the above code:

if (defined($ENV{'IGNORE_SA'})) {
&debug("spamassassin: don't scan as IGNORE_SA is set");
&minidebug("SA: don't scan as IGNORE_SA is set");
return;
}

Make sure you change it in both routines.

Saved the file, edited /etc/tcp.smtp to instead say:

209.237.227.199:allow,IGNORE_SA="yes"

Recompile tcp.smtp.cdb, and you're done! Now any mail coming from that
IP will bypass your spam filters. Since that server is run by apache and
the spamassassin guys, I figure its save to bypass the spam filter for
other mails that may possibly come from there.

Hope this might be useful to someone..

Special thanks to Roman Volf
Also avalabile as a patch at http://thevolf.com/qmail/patches/qmail-scanner-skip-sa.patch

Read 2353 times Last modified on Wednesday, 08 July 2015 01:44

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.