Return-Path: <Junk@tnt.be>
Received: from mail.tnt.be ([194.78.3.228] verified)
  by mail.tffenterprises.com (CommuniGate Pro SMTP 5.2.14)
  with ESMTP id 13979416 for cgpsa-discuss@mail.tffenterprises.com; Thu, 18 Nov 2010 12:58:37 -0800
Received-SPF: pass
 receiver=mail.tffenterprises.com; client-ip=194.78.3.228; envelope-from=Junk@tnt.be
X-TNT-Attach: Scanned
X-CGP-ClamAV-Result: CLEAN
X-VirusScanner: Niversoft's CGPClamav Helper v1.13 (ClamAV engine v0.96.3)
X-TNT-VirScan1: Scanned
X-TNT-VirScan2: Scanned
Received: from [84.193.34.49] (account junk HELO [192.168.162.108])
  by mail.tnt.be (CommuniGate Pro SMTP 5.1.16)
  with ESMTPA id 21896013 for cgpsa-discuss@mail.tffenterprises.com; Thu, 18 Nov 2010 21:58:16 +0100
Content-Type: text/plain; charset=windows-1252
Mime-Version: 1.0 (Apple Message framework v1082)
Subject: Re: [CGPSA] CGPSA rule for redirect messages
From: "Jona Tallieu (T & T nv)" <Junk@tnt.be>
In-Reply-To: <list-13979135@mail.tffenterprises.com>
Date: Thu, 18 Nov 2010 21:58:19 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <7A13E77C-E51B-45D4-BB31-791312FA9658@tnt.be>
References: <list-13979135@mail.tffenterprises.com>
To: "CGPSA Discussion List" <cgpsa-discuss@mail.tffenterprises.com>
X-Mailer: Apple Mail (2.1082)


On 18 Nov 2010, at 20:03, Daniel M. Zimmerman wrote:

> --On 18 November 2010 14:09:34 +0100 "Jona Tallieu (T & T nv)" =
<Junk@tnt.be> wrote:
>=20
>> Hi all,
>>=20
>> we're using CGPSA on OSX Server 10.5.8 and CGP 5.1.16 in =
Full-Featured
>> Mode. We now received complaints from a big provider/ISP that we send =
out
>> spam to their servers.
>>=20
>> After examining the headers of those messages, it seems they are all
>> messages coming from groups on our server that are configured to =
redirect
>> mail to a mailbox at that provider.
>>=20
>> we have added the domainname of the people who forward their mail =
using
>> the groups into the "scan_domains" list in the CGPSA config file. Now =
I'm
>> trying to catch all the messages that are spam into a central =
quarantine
>> mailbox.
>>=20
>> I'm using this rule:
>>=20
>> (
>>      ("Header Field", is, "X-Autogenerated: group"),
>>      ("Header Field", is, "X-Spam-Flag: YES"),
>>      (
>>        "Header Field",
>>        in,
>>        "X-Spam-Checker-Version: mailscanner"
>>      )
>>    ),
>>    (("Store in", "~spambox@domain.com/QUARAN"), (Discard))
>>  ),
>>=20
>>=20
>> But it does not work.
>> If I look at the headers of those messages delivered in the mailbox =
of
>> the provider, we can see that there is a X-Spam-Flag: YES header =
added by
>> CGPSA.
>>=20
>> Any ideas what I'm missing?
>=20
> Do they also have "X-Spam-Checker-Version: mailscanner" in them? =
Certainly that's not a version string CGPSA would put there; did you =
customize that for your installation?


Dear Dan,

Yes, the messages arriving at the ISP contain that header=85.


Best,


J.=