Re: [exim] Handling Spam in outgoing mail queue
Guys Thank you ever so much for your comments. @Dmitriy, this might actually be the most easiest to implement. Thanks Just worried about the spamassassin servers, they taking a pounding already. May need to procure more servers. Regards Brent On 2018/10/17 12:10, Dmitriy Matrosov via Exim-users wrote: On 10/16/2018 11:34 PM, Jeremy Harris via Exim-users wrote: On 16/10/2018 20:42, Jasen Betts via Exim-users wrote: We have one of the early routers check for a flag agaisnt the user-id that sent the mail (condition=${lookup...}), when something bad happens we set the flag and exim delivers all that user-id's mail to >/dev/null In similar vein, one could divert a sender's mail in ACL to a named queue which has no queue-runner - so keeping it around for manual inspection and possible manually-triggered delivery. ( ACL modifier "queue = a_queue_name", command-line "exim -qG -M " or "exim -qG -Mrm " ) Why not just use `spam` condition in `acl_not_smtp` to check outgoing mails with e.g. spamassassin or others? -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Handling Spam in outgoing mail queue
On 10/16/2018 11:34 PM, Jeremy Harris via Exim-users wrote: On 16/10/2018 20:42, Jasen Betts via Exim-users wrote: We have one of the early routers check for a flag agaisnt the user-id that sent the mail (condition=${lookup...}), when something bad happens we set the flag and exim delivers all that user-id's mail to >/dev/null In similar vein, one could divert a sender's mail in ACL to a named queue which has no queue-runner - so keeping it around for manual inspection and possible manually-triggered delivery. ( ACL modifier "queue = a_queue_name", command-line "exim -qG -M " or "exim -qG -Mrm " ) Why not just use `spam` condition in `acl_not_smtp` to check outgoing mails with e.g. spamassassin or others? -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Handling Spam in outgoing mail queue
On 2018-10-16, Christian K via Exim-users wrote: > What about freezing all or the messages in question to pick them apart > and thaw every "good" mail? Usually we have a few thousand emails from the bad account in the queue, and a few thousand from good users and some of them are locked by active delivery processes. trying to freeze the bad messages doesn't get the ones that are locked. -- Notsodium is mined on the banks of denial. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Handling Spam in outgoing mail queue
On 16/10/2018 21:58, Christian K via Exim-users wrote: > What about freezing all or the messages in question to pick them apart > and thaw every "good" mail? That works, though it doesn't scale quite so well. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Handling Spam in outgoing mail queue
What about freezing all or the messages in question to pick them apart and thaw every "good" mail? Am Di., 16. Okt. 2018 um 22:44 Uhr schrieb Jeremy Harris via Exim-users : > > On 16/10/2018 20:42, Jasen Betts via Exim-users wrote: > > We have one of the early routers check for a flag agaisnt the user-id that > > sent the mail (condition=${lookup...}), when something bad happens > > we set the flag and exim delivers all that user-id's mail to >/dev/null > > In similar vein, one could divert a sender's mail in ACL to > a named queue which has no queue-runner - so keeping it > around for manual inspection and possible manually-triggered > delivery. > > ( ACL modifier "queue = a_queue_name", command-line >"exim -qG -M " or >"exim -qG -Mrm " ) > > -- > Cheers, > Jeremy > > -- > ## List details at https://lists.exim.org/mailman/listinfo/exim-users > ## Exim details at http://www.exim.org/ > ## Please use the Wiki with this list - http://wiki.exim.org/ -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Handling Spam in outgoing mail queue
On 16/10/2018 20:42, Jasen Betts via Exim-users wrote: > We have one of the early routers check for a flag agaisnt the user-id that > sent the mail (condition=${lookup...}), when something bad happens > we set the flag and exim delivers all that user-id's mail to >/dev/null In similar vein, one could divert a sender's mail in ACL to a named queue which has no queue-runner - so keeping it around for manual inspection and possible manually-triggered delivery. ( ACL modifier "queue = a_queue_name", command-line "exim -qG -M " or "exim -qG -Mrm " ) -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Handling Spam in outgoing mail queue
On 2018-10-15, Brent Clark via Exim-users wrote: > Good day Guys > > I would just like to double check something with the community. > > I would like to ask, how do you guys handle outgoing SPAM queue? We have one of the early routers check for a flag agaisnt the user-id that sent the mail (condition=${lookup...}), when something bad happens we set the flag and exim delivers all that user-id's mail to >/dev/null We use postgresql, but memcached and redis, or just plain filesystem lookups would work too. -- Notsodium is mined on the banks of denial. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Handling Spam in outgoing mail queue
On 15/10/2018 11:59, Brent Clark via Exim-users wrote: > The problem is, when Exim is stopped, then other clients app that need > to send mail, cant. > > The question I would like to ask is, what is the correct way to manage > mail in the queue, or if someone can give a suggestion, of removing all > spam in the queue. Stop exim, move the entire queue off to another dir, start exim. Then pick apart the possibly-good/bad queue content. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Handling Spam in outgoing mail queue
On Tue, 16 Oct 2018 at 17:12, Brent Clark via Exim-users < exim-users@exim.org> wrote: > Good day Guys > > I would just like to double check something with the community. > > I would like to ask, how do you guys handle outgoing SPAM queue? > > So what happens is, we may have a client that runs a website (shared > hosting), and say it gets compromised (not the server itself), just the > app. > > Naturally we get in contact with the client and advise on best practice > etc, but this email is not about that, this is about the spam in Exims > queue that now needs to be dealt with. > > Currently what the poor support staff does is stop exim, then using > exipick / grep etc find the spam. > > The problem is, when Exim is stopped, then other clients app that need > to send mail, cant. > > The question I would like to ask is, what is the correct way to manage > mail in the queue, or if someone can give a suggestion, of removing all > spam in the queue. > > We tried stopping the exim queue runner but did not yield the results we > were expecting (Later googled revealed > https://forums.cpanel.net/threads/stop-the-exim-temporary.208812/). > > Thanks in advance > > Regards > Brent > > When spam is locally generated on the server itself, it gets very tricky. However, if this server has rspamd, you could use that to control spam (both inbound and outbound). -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft." -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/