On Aug 27, 2014, at 10:00 AM, Eric Shubert <e...@shubes.net> wrote: > On 08/25/2014 05:48 PM, Charles Sprickman wrote: >>> >I block the spam before it enters the system using simscan. >> Thanks - not an option here since I need to allow users to opt in or out, >> etc. > > The simcontrol file allows you to customize settings per email address. I > presume that this would be the initial (forward) address, since the true > destination wouldn't be available yet at that point.
The issue with that is we already have a bunch of stuff in webmail and internal web apps that deal with per-user settings and such (including some neat postscreen things for when I finish standing Postfix up in front of the primary mxer), so switching scanning is not really an option. All alias/forward traffic seems to find its way to qmail via vdelivermail piping it to qmail-inject, so I put a wrapper in place of qmail-inject last night and that’s looking good. It’s just a shell script, and it’s a bit hokey, but the volume on forwards/aliases is about 5% of our total volume. Basically it makes a few decisions: • Is the calling UID 89? If not, throw the message to real qmail-inject immediately • If it is UID 89, is this offsite or local final delivery? If local, throw message to qmail-inject • If it is UID 89 and offsite, pipe through spamc to temporary file, look at exit status of spamc. If it’s spam, discard, exit 0. If it’s not spam, read the file into qmail-inject So far so good. It’s really hackish though. Charles > > -- > -Eric 'shubes' > > > > !DSPAM:53fdfe8556446577118687!