On Fri, Jul 20, 2007 at 07:45:52AM +1000, Daniel Rose wrote: > James Price wrote: > >I have a very quick few questions which could probably be answered just > >as quickly. > > > >Right now I operate a mail relay cluster in front of my main mail/web > >farm. The relay systems are all running Exim and are configured via > >ACL's to do a number of anti-spam/malware checks, etc. As of now I > >operate a pair of application servers for this mail farm that run ClamAV > >and Spamassassin. The Exim servers pass messages that meet the > >requirements of the ACL's off to these machines via tcp and return their > >result back to Exim, etc etc etc. This is all very common practice. > > > > OK > > >I would like to incorporate DSPAM into the picture and run it from these > >application servers, or even a dedicated DSPAM server. This is where I > >have questions. I know the various configuration options DSPAM provides > >and the one that would fit me best is running it as a stand alone > >appliance which is fed via LMTP (I believe) and if a SPAM scores above > >such and such threshold, quarantine it on that server. That is what I > >envision. Ultimately when a message is quarantined is can be released > >by the user, at least I'm assuming this capability exists. > > It does, but you need to authenticate the user if you're using the web > front end. > > >I would like > >to have the DSPAM server release the message back to the Exim cluster > >with a modified header that will in turn feed through one of various > >manual route routers and to the end destination. > > DSPAM typically adds a bunch of headers, such as > > X-DSPAM-Result: Innocent > > (or 'Spam') > > X-DSPAM-Signature > X-DSPAM-Probability > X-DSPAM-Confidence > > Is this what you mean? > > > > >Again, being a newbie to DSPAM, I'm approaching this from a generic > >standpoint and my experience with similar setups. > > > >Is there anything that I am missing as far as my approach or can anyone > >offer a good Exim/DSPAM how to that would fit my needs. There used to > >be an Exim/SA/DSPAM how to on the wiki, but seems I can't get to that > >anymore. > > It should work they way you expect, as far as I can see. I use an MTA -> > dspam -> MTA on one server by local sockets, in this setup dspam isn't > involved in any network traffic and it allows rewriting/rerouting both > before and after the dspamming.
James, I too have a similar setup, though not to your scale (yet). Exim uses various ACLs to first, then ClamAV, then SA. If the messages passes all of those tests, then DSPAM may come into the picture. At this point I feed the message to another instance of Exim running on the same server (different port). But it could easily be sent to another server via SMTP running Exim. The second Exim instance has the DSPAM routers and transports setup. That server is where the quarantine boxes live, the web interface lives, etc, etc. I think it would not be too hard to get your setup to do what you like. You would need to figure out which is the best server(s) to run DSPAM on. DSPAM can store a lot of stuff in a database, but it also needs to have things on a local file system (for the quarantine stuff). If you have NFS setup that might come in handy, but DSPAM currently stores messages in mbox format which is not too NFS friendly. The beauty of Exim and DSPAM is how configurable they are, but it will take a little experimentation to get it just right. If you email me personally I'd be happy to share relevant snippets of my exim config files. thanks, mikeS -- Michael F. Sprague | [EMAIL PROTECTED] http://www.saneinc.net | System and Network Engineering (SaNE), Inc Providers of the SpamOnion anti-spam service
