On Aug 27, 2014, at 10:00 AM, Eric Shubert <e...@shubes.net> wrote:

> On 08/25/2014 05:48 PM, Charles Sprickman wrote:
>>> >I block the spam before it enters the system using simscan.
>> Thanks - not an option here since I need to allow users to opt in or out, 
>> etc.
> The simcontrol file allows you to customize settings per email address. I 
> presume that this would be the initial (forward) address, since the true 
> destination wouldn't be available yet at that point.

The issue with that is we already have a bunch of stuff in webmail and internal 
web apps that deal with per-user settings and such (including some neat 
postscreen things for when I finish standing Postfix up in front of the primary 
mxer), so switching scanning is not really an option.

All alias/forward traffic seems to find its way to qmail via vdelivermail 
piping it to qmail-inject, so I put a wrapper in place of qmail-inject last 
night and that’s looking good.  It’s just a shell script, and it’s a bit hokey, 
but the volume on forwards/aliases is about 5% of our total volume.

Basically it makes a few decisions:

• Is the calling UID 89?  If not, throw the message to real qmail-inject 
• If it is UID 89, is this offsite or local final delivery?  If local, throw 
message to qmail-inject
• If it is UID 89 and offsite, pipe through spamc to temporary file, look at 
exit status of spamc. If it’s spam, discard, exit 0.  If it’s not spam, read 
the file into qmail-inject

So far so good.  It’s really hackish though.


> -- 
> -Eric 'shubes'


Reply via email to