On Mon, Oct 28, 2013 at 3:20 AM, Odhiambo Washington <[email protected]> wrote: > On 28 October 2013 13:08, soumya tr <[email protected]> wrote: >> Has anyone tried spamassassin with exim exim for checking outgoing mails? > Well, without a specific rule to exempt certain mails, all mails are > scanned - incoming and outgoing. That's how it happens on my servers,
I have two users which run spamassassin, and a different spamassassin configuration for both. user1 scans inbound email: - lower spam score, 4.5 - full network tests (i.e. RBL checks, URIBL checks, razor, etc) - some local, specific rules to block some crap that always seems to get by user2 scans outbound email: - higher spam score, 6.0 - disable network tests because it's webmail or an authenticated user Some may scoff at the higher spam score allowed for outbound mail. The outbound spam score is higher because a lot of the Direct From Outlook or More Than X% HTML type rules tend to get matched, which elevates the score somewhat. It is important that you not allow abusive email behavior, so you must monitor your users and keep track of their activity. I strictly monitor volume and block smtp auth users based on max volume per hour and max volume per 24 hours. I also check for multiple IP addresses using smtp auth, and if it gets above $LIMIT, I change the password on the account to prevent further logins. I also use Lena's suggested routines for monitoring smtp auth brute force attacks. ...Todd -- The total budget at all receivers for solving senders' problems is $0. If you want them to accept your mail and manage it the way you want, send it the way the spec says to. --John Levine -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
