[Exim] Looking at Exim for anti-spam filtering

Pàgina inicial
Delete this message
Reply to this message
Autor: Lorens Kockum
Data:  
A: exim-users
CC: 
Assumpte: [Exim] Looking at Exim for anti-spam filtering
I have a list of things I want from an MTA. Qmail, Postfix, and
sendmail cannot do everything I want.

I'm looking at exim (prompted by Tabor J. Wells who saw my
moaning on spam-l about qmail and postfix being insuffient for
my needs).

I have some difficulties with the docs; when I get to the point
when I reject a mail, I often do not know at what point in the
SMTP transaction this is done, and that is what interests me.

Basically what I want is

1) user-controllable aliases, like in qmail. I want a part of
the local-domain to be interpreted by a script. I think this
is feasible with exim, at least in a roundabout way, at worst I
give the whole local-part to a script that does the delivery.

2) per-domain, per-user, and per-alias incoming mail filtering on
remote IP, MAIL FROM, RCPT TO, which would reject before DATA
(hmmm... size and things like that in an ESMTP session would
probably be good too, though I wouldn't have the use for it
myself)

3) per-domain, per-user, and per-alias incoming mail filtering on
message DATA, which would reject after the <CRLF>.<CRLF> (Does
this happen often enough for one to be able to expect X.Random
MTA to handle it correctly? There might be a problem in that
the only permitted error codes are for transaction error and
storage exceeded, but well. I can uphold that storage space on
my system is 0 for spam :-)) If multiple RCPT, then reject
after DATA if all the RCPTs reject in the same way!

Basically what I want is to be able to execute code after RCPT
and after the message DATA, which would specify the action to be
taken.

If that code is user-controllable, perfect, otherwise the code
I write would parse the local-part and maybe call yet another
program (if necessary all users who can filter are trusted
users).

Example:

For one specific domain, the following procedure is used:

At RCPT:

      if the RCPT is postmaster or abuse, the RCPT is accepted.


      if the originating IP is in the RBL or the DUL, the mail
      is rejected with a permanent error.


      if the RCPT matches a certain regexp A, and the MAIL FROM
      matches another regexp, the RCPT TO is rejected with a
      permanent error.


      if the RCPT matches a certain regexp B, and the same SMTP
      session has already made other RCPTs also matching B, the
      RCPT TO is rejected, and all subsequent RCPTs and the DATA
      are rejected.


      if the RCPT matches a certain regexp C, and the same SMTP
      session has already made other RCPTs matching a regexp D,
      that RCPT TO is rejected with a temporary error.


      Otherwise, the RCPT is accepted.


After the <CR><LF>.<CR><LF> terminating the DATA:

      For each RCPT, execute appropriate code.  This code can
      for example filter on the message content, check ORBS,
      etc.  If all the RCPTs return the same negative completion
      error, then that is returned *in the SMTP transaction*,
      as 554 for example. (If some RCPTs accept it and some
      don't at this stage, then I will send individual bounces.
      I can imagine replying with a temporary error that is
      remembered the next time, and then using temporary errors
      to distinguish different RCPTs like in the paragraph with
      regexps C and D, but well).


For other domains, other procedures.

Is this feasible with Exim? With a bit of hacking maybe? Or
just some of it?

HAND.
--
#include <std_disclaim.h>                          Lorens Kockum