Hi Please keep replies on-list.
On Thu, 2008-02-21 at 23:31 +0000, Steve Dobson wrote: > > I have to ask: standard *how*? > > Exim is the ETA with SpamAssassin doing the checking (via spamc) and the > following transport: > spamassassin_delivery: > driver = pipe > command = /usr/sbin/exim4 -oMr spam-scanned -bS > use_bsmtp > transport_filter = /usr/bin/spamc Ah - that too is an "old-fashioned" way of handling spam, since it means you have to deal with it once it's tagged. How you do so is up to you, whether dropping in the bitbucket, putting in a folder, or leaving the choice to your users. > What do you mean by "realtime rejection"? I don't want to reject spams > so return them the "sender" as this is probably a second target and > unlikely to be the spammer. IMHO spam should be destroyed at the first > opportunity rather than rejected. There's too much spam as it is > without adding to the problem. By "realtime rejection" I mean running SA from an ACL rather than a router/transport pair, so you can reject the message. Rejection (with a 5xx message) is *not* the same as bouncing, since it pushes the error handling back onto the sending MTA. In the case of spam farms, trojans, botnets and so on this is a good thing since it means you're not accepting the message - more modern botnets such as Storm are rumoured to have additional code to handle rejections, which then result in you getting less rubbish thrown at your machines. > > Additionally, look up the "headers_remove" option for your routers: > > > > http://www.exim.org/exim-html-4.66/doc/html/spec_html/ch44.html#SECTheadersaddrem > > I don't see any need to do this if I am using a "personal" header name. Because SA might score things down, or ignore them completely if they come in with a set of headers that instance would add after scanning. I can't comment on your SA setup, but some do. To flesh out the ACL approach - in your DATA ACL, have something like this: warn message = X-local-SpamScore: $spam_score ($spam_bar) condition = ${if <={$message_size}{500K}} spam = exim:true warn message = X-local-SpamReport: $spam_report condition = ${if <={$message_size}{500K}} spam = exim:true warn message = X-local-Spam-Flag: ${if \ >{$spam_score_int}{58}{Yes}\ {${if >{$spam_score_int}{55}{Maybe1}\ {${if >{$spam_score_int}{50}{Maybe2}{Not}}}}}} spam = exim deny message = Rejected due to spam score $spam_score, which exceeds threshold. condition = ${if <={$message_size}{500K}} spam = exim:true condition = ${if >{$spam_score_int}{60}{1}{0}} That doesn't scan if the message is over 500KB, marks it with a sequence of words according to score, and rejects if the score is over 6. Graeme -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
