signature direction confusion (solved)

[mattch]

Hey Guys, i hope this isnt duplicate ive scoured google and the forum, makes me think my install is wonky, or i just dont get it.

My problem is the direction of the inline signature. the EFA filters domain.com spam and forward it to local MTA, nothing special.

i went to EFA-configure and enable signatures, added domain.

my problem is that im expecting an email coming into EFA for domain.com to apply inline.sig.in.txt/html to messages deliverer into users inbox, so they have click here if spam. im getting it reversed, emails coming into users mailbox have inline.sig.out.txt.

i dont really want out sigs so i just make the file empty (with a test string so i know what it is)

sig.text.rules(html)
To: default /etc/MailScanner/reports/en/inline.sig.out.txt
To: *@domain.com /etc/MailScanner/reports/en/inline.sig.in.txt

i cant for the life of me understand why emails deliver to domain.com are being seen as default or outbound. i look at mailscanner examples and many use FROM: *@domain but that doesn't change anything.

Any pointers or reference will be greatly appreciated! thanks

[mattch]

Ok some follow up. its funny how right after i make a post i have a stroke of luck... i hope anyway.

Maybe someone can confirm this but the order seems to matter. also whitelisted emails dont get in sig, which i think is by design.

making "default" last seem to help. changing from:
sig.text.rules(html)
To: default /etc/MailScanner/reports/en/inline.sig.out.txt
To: *@domain.com /etc/MailScanner/reports/en/inline.sig.in.txt

to this:
sig.text.rules(html)
To: *@domain.com /etc/MailScanner/reports/en/inline.sig.in.txt
To: default /etc/MailScanner/reports/en/inline.sig.out.txt