Robby Balona wrote: > > I have Exim purring away and doing well and Spamasassin seems to work nicely > to. I would like to drop or quarantine mails marked as spam by Spamasassin . > I know all the arguments about doing this but I would like to block the spam > never the less.
Magnus has already put you on the right path to how to do what you want. You should give a bit of thought to what you want to do here, because I'm not sure what exactly you're trying to accomplish. There's a handful of different things you can do with spam once you've identified it; some are better than others. Exim can be configured to implement all of them, so you have to decide which you want to do according to your own local policy: - Reject the spam in the SMTP conversation, using a "drop" or "deny" acl verb; this is the best thing to do when the spamassassin score is high, because for legitimate false positives, the sender will get a bounce from their own mail server, but for spam with fake headers, the spamware will usually just ignore the rejection message - Blackhole the spam, telling the sender that you've accepted it, but not delivering it anywhere. This is widely considered to be a bad thing to do, because no-one on either end knows that the message wasn't delivered, so it's impossible to find false positives. - Quarantine the spam; accept it at SMTP time, but deliver it to a quarantine instead of the recipients normal mailbox (using a router and transport in the config). This is a good thing to do with spam that scores between two thresholds, but only if someone's checking the quarantine on a regular basis, otherwise it's no different than a blackhole - Mark the spam; accept it at SMTP time, but mark it in some way (either with X-Spam* headers like you are currently doing, or with a tag added to the subject header). It's then up to the users' MUA to filter the spam however they like. - Bounce the spam; accept it at SMTP time, and then promptly reject it in a router. This is universally reviled as stupid and bad for the internet, as it generates bounce messages to faked senders (collateral spam). I'm only including it in the list for completeness; don't do this! I think if you poll most people here and in other MTA admin communities, you'll find that best practice is to reject above a certain score threshold, and then either quarantine or mark messages that fall in a lower score range where it's probably spam, but you can't be certain. - Marc -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
