Re: [exim] anti-spam pointers please

[Larry Rosenman via Exim-users]

On 04/01/2019 2:01 pm, Rory Campbell-Lange via Exim-users wrote:
Hi
It's some years since I've spent time tweaking my exim setup to receive
spam. I've forgotten any skills I might once have had in this area.

I've gotten sick of getting 30+ spam emails a day and need to do 
something
about it! I'd be grateful for some pointers to the state-of-the-art 
setup.

right now relay blocks, cram_md5 rejects and spamhaus blocks account 
for about
500-1000 rejections a day (no wonder everyone has gone to Google 
mail!).

I'm running Exim 4.89-2+deb9u3 under Debian, with spamassassin/spamc 
3.4.2.1

Spamd is reporting along the following lines.

        spamd: result: . 0 - BAYES_00,
                                DKIMWL_WL_HIGH,
                                DKIM_SIGNED,
                                DKIM_VALID,
                                DKIM_VALID_EF,
                                FORGED_MUA_MOZILLA,
                                HEADER_FROM_DIFFERENT_DOMAINS,
                                MAILING_LIST_MULTI,
                                SPF_PASS,
                                URIBL_BLOCKED scantime=0.5,
                                size=5448,
                                user=mail,
                                uid=8,
                                required_score=3.0,
                                rhost=127.0.0.1,
                                raddr=127.0.0.1,
                                rport=59670,
                                mid=<example.mail.com>,
                                bayes=0.000000,
                                autolearn=disabled

Pointers much appreciated.

Rory

I use the following in my content check ACL:

  warn  message = X-Spam-Score: $spam_score ($spam_bar)
        ! authenticated = *
        spam = smmsp:true
  warn  message = X-LERCTR-Spam-Score: $spam_score ($spam_bar)
        ! authenticated = *
        spam = smmsp:true
  warn  message = X-Spam-Report: $spam_report
        ! authenticated = *
        spam = smmsp:true
  warn  message = X-LERCTR-Spam-Report: $spam_report
        ! authenticated = *
        spam = smmsp:true
  # Add X-Spam-Flag if spam is over system-wide threshold
  warn message = X-Spam-Flag: YES
        ! authenticated = *
        spam = smmsp:true
        condition = ${if >={$spam_score_int}{50}{1}{0}}
  warn message = X-LERCTR-Spam-Flag: YES
        ! authenticated = *
        spam = smmsp:true
        condition = ${if >={$spam_score_int}{50}{1}{0}}

  #warn  message = DomainKey-Status: $dkim_status
#       !condition = ${if eq{$dkim_status}{}{1}{0}}
  # Reject spam messages with score over 7, using an extra condition.
  deny  message = This message scored $spam_score points. 
Congratulations!
        ! authenticated = *
        spam = smmsp:true
        condition = ${if >{$spam_score_int}{70}{1}{0}}

With having spamd_address set to 127.0.0.1 783 in the first section.

--
Larry Rosenman                     http://www.lerctr.org/~ler
Phone: +1 214-642-9640                 E-Mail: l...@lerctr.org
US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/