Re: [exim] anti-spam pointers please

Tue, 02 Apr 2019 07:13:34 -0700 

On 04/02/2019 2:20 am, Rory Campbell-Lange via Exim-users wrote:

On 01/04/19, Larry Rosenman (l...@lerctr.org) wrote:

On 04/01/2019 2:01 pm, Rory Campbell-Lange via Exim-users wrote:
> It's some years since I've spent time tweaking my exim setup to receive
> spam. I've forgotten any skills I might once have had in this area.
>
> I've gotten sick of getting 30+ spam emails a day and need to do
> something about it! I'd be grateful for some pointers to the
> state-of-the-art setup.

...

> Pointers much appreciated.

I use the following in my content check ACL:

  warn  message = X-Spam-Score: $spam_score ($spam_bar)
        ! authenticated = *
        spam = smmsp:true
  warn  message = X-LERCTR-Spam-Score: $spam_score ($spam_bar)
        ! authenticated = *
        spam = smmsp:true
  warn  message = X-Spam-Report: $spam_report
        ! authenticated = *
        spam = smmsp:true
  warn  message = X-LERCTR-Spam-Report: $spam_report
        ! authenticated = *
        spam = smmsp:true
  # Add X-Spam-Flag if spam is over system-wide threshold
  warn message = X-Spam-Flag: YES
        ! authenticated = *
        spam = smmsp:true
        condition = ${if >={$spam_score_int}{50}{1}{0}}
  warn message = X-LERCTR-Spam-Flag: YES
        ! authenticated = *
        spam = smmsp:true
        condition = ${if >={$spam_score_int}{50}{1}{0}}

  #warn  message = DomainKey-Status: $dkim_status
#       !condition = ${if eq{$dkim_status}{}{1}{0}}
  # Reject spam messages with score over 7, using an extra condition.
deny message = This message scored $spam_score points. Congratulations! 
        ! authenticated = *
        spam = smmsp:true
        condition = ${if >{$spam_score_int}{70}{1}{0}}

With having spamd_address set to 127.0.0.1 783 in the first section.


Hi Larry

Thanks very much for the suggestions.

Glancing at the docs under chapter 35, I guess my local users are
"authenticated" due to our use of cram_md5. I'm giving your rules a go!

I wonder also if my /etc/spamassasin/local.cf is right

    required_score 3.0
    score RP_MATCHES_RCVD -0.01
    bayes_auto_learn 0
    ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
    endif # Mail::SpamAssassin::Plugin::Shortcircuit

Required score seems quite a bit lower than 70 in Exim.

Thanks again
Rory

Please do *NOT* use the X-LERCTR header (that's my domain)....

Also, to get a nice compact report, I have smmsp's user_prefs set to:
⌂68% [r...@thebighonker.lerctr.org:~] # cat user_prefs
clear_report_template
report SpamScore (_SCORE_/_REQD_) _TESTSSCORES(,)_
⌂68% [r...@thebighonker.lerctr.org:~] #

(smmsp is the user exim calls spamd as).

note also that $spam_score_int is the score * 10.


--
Larry Rosenman                     http://www.lerctr.org/~ler
Phone: +1 214-642-9640                 E-Mail: l...@lerctr.org
US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Reply via email to