On Aug 27, 2014, at 10:00 AM, Eric Shubert <e...@shubes.net> wrote:
> On 08/25/2014 05:48 PM, Charles Sprickman wrote:
>>> >I block the spam before it enters the system using simscan.
>> Thanks - not an option here since I need to allow users to opt in or out,
> The simcontrol file allows you to customize settings per email address. I
> presume that this would be the initial (forward) address, since the true
> destination wouldn't be available yet at that point.
The issue with that is we already have a bunch of stuff in webmail and internal
web apps that deal with per-user settings and such (including some neat
postscreen things for when I finish standing Postfix up in front of the primary
mxer), so switching scanning is not really an option.
All alias/forward traffic seems to find its way to qmail via vdelivermail
piping it to qmail-inject, so I put a wrapper in place of qmail-inject last
night and that’s looking good. It’s just a shell script, and it’s a bit hokey,
but the volume on forwards/aliases is about 5% of our total volume.
Basically it makes a few decisions:
• Is the calling UID 89? If not, throw the message to real qmail-inject
• If it is UID 89, is this offsite or local final delivery? If local, throw
message to qmail-inject
• If it is UID 89 and offsite, pipe through spamc to temporary file, look at
exit status of spamc. If it’s spam, discard, exit 0. If it’s not spam, read
the file into qmail-inject
So far so good. It’s really hackish though.
> -Eric 'shubes'