----- Original Message ----- From: "Thomas Kinghorn" thomask@mtnns.net
where OB_URI_RBL is the default name of a SURBL rule. Will that work for you? If not you may be able to use exim or some other mail processing utility to look for headers like that and add other headers more to your liking.
I am looking along the lines at, for example, X-SURBL-TAG: URL:http://www.blahblah.tld found in XX.surbl.org.
Depending whether you are using spamc/spamd or some other utility to spawn spamassassin, you can get the report added to the headers. In local.cf, you can add "report_safe 0". This from http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Conf.tx...: ===== report_safe { 0 | 1 | 2 } (default: 1) if this option is set to 1, if an incoming message is tagged as spam, instead of modifying the original message, SpamAssassin will create a new report message and attach the original message as a message/rfc822 MIME part (ensuring the original message is completely preserved, not easily opened, and easier to recover).
If this option is set to 2, then original messages will be attached with a content type of text/plain instead of message/rfc822. This setting may be required for safety reasons on certain broken mail clients that automatically load attachments without any action by the user. This setting may also make it somewhat more difficult to extract or view the original message.
If this option is set to 0, incoming spam is only modified by adding some "X-Spam-" headers and no changes will be made to the body. In addition, a header named X-Spam-Report will be added to spam. You can use the remove_header option to remove that header after setting report_safe to 0.
See report_safe_copy_headers if you want to copy headers from the original mail into tagged messages. =====
Which should give you report headers like: ===== pts rule name description ---- ---------------------- ------------------------------------------------ -- 6.6 FH_HAS_X_UIDL FH_HAS_X_UIDL 0.0 HTML_90_100 BODY: Message is 90% to 100% HTML 1.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME 0.0 HTML_MESSAGE BODY: HTML included in message 3.0 HTML_IMAGE_ONLY_08 BODY: HTML: images with 400-800 bytes of words 0.1 MPART_ALT_DIFF BODY: HTML and text parts are different 1.9 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.0000] 2.0 DNS_FROM_SECURITYSAGE RBL: From: sender listed in SECURITYSAGE 3.0 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL [66.115.52.118 listed in sbl-xbl.spamhaus.org] 3.0 URIBL_SBL_XBL Contains a URL listed in the SBL-XBL blocklist [URIs: saturnmailer.com] 4.0 URIBL_JP_SURBL Contains a URL listed in the JP SURBL blocklist [URIs: saturnmailer.com] 1.0 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist [URIs: saturnmailer.com] 3.0 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist [URIs: saturnmailer.com] 0.5 URIBL_SS_RHSBL Contains a URL listed in the SS URIBL blocklist [URIs: saturnmailer.com] -3.6 AWL AWL: From: address is in the auto white-list =====
If you are using amavisd-new to spawn spamassassin, you will need to enable this in the amavisd.conf file rather than local.cf. The requirements may be different for MailScanner, procmail or milters.
Bill