Re: [Exim] Spam Assassin.

Top Page
Delete this message
Reply to this message
Author: Greg Ward
Date:  
To: exim-users
Subject: Re: [Exim] Spam Assassin.
On 25 February 2002, CM said:
> Tried to set up spam assassin as a system-wide filter and my CPU went
> through the roof.


Were you using the spamassassin script or the spamc/spamd pair?

> This is in a production environment and likely too many
> connections are being made directly to server...unless somebody knows
> something I don't (which is likely). I would like to use Spam Assassin to
> filter based on .forward files for specific domains. I have all my users
> segregated into different directories like so...
>
> /usr/home/domain/spool
> /usr/home/domain/spool
> /usr/home/domain/spool
>
> Suppose I wanted to set up a '.forward filter' for domain 2?
> Can Spam assassin be set up to only filter using .forward and if so how?


Are these shell users with login accounts? If so, .forward might be a
reasonable mechanism. If not, it probably isn't. You might be better
off implementing a per-address filter mechanism as documented in the
spec (section 50.1 of the latest Exim 3 spec).

Also, nobody says you have to use Exim's filtering language to get at
SpamAssassin. My current modus operandi is to have a "spamcheck"
transport that pipes all messages for certain users through SA, and
re-routes them accordingly. (Specifically, if they are spam, they're
filed in /var/mail/spam.$local_part; otherwise they are sent on to the
original recipient.) In my transports section I have this:

  # Pipe message through my spamcheck script, which uses spamc
  # to determine if the message is spam.  If so, it's saved
  # to /var/mail/spam.$local_part.  Otherwise, it reinvokes
  # exim to send the message on to its intended recipient.
  spamcheck:
    driver = pipe
    command = "/etc/exim/spamcheck $local_part $domain"
    path = "/usr/bin:/usr/sbin:/bin:/usr/local/bin"
    #ignore_status
    log_output
    return_output
    return_path_add
    envelope_to_add
    delivery_date_add


There's a corresponding director, of course:

  # Mail for any local-part listed in /etc/exim/spamcheck_users is
  # piped through my spamcheck script, which uses SpamAssassin to
  # assess spamminess and routes messages accordingly.
  spamcheck:
    driver = smartuser
    transport = spamcheck


    # Translated, this reads:
    #   if !(defined X-Spam-Flag) and
    #      !($received_protocol eq "spamc") then
    #      run this director
    condition = "${if and { {!def:h_X-Spam-Flag:} \
                            {!eq {$received_protocol}{spamc}} } \
                      {1}{0}}"
    local_parts = lsearch;/etc/exim/spamcheck_users
    user = ${lookup{$local_part} lsearch {/etc/exim/spamcheck_users} {$value}}
    group = mail


    # No point sending mail back to the spammer, or a legit sender,
    # if my spamcheck script dies.
    errors_to = postmaster


/etc/exim/spamcheck_users just maps local parts to usernames; it
determines 1) which local parts have their mail spam-scanned, and 2)
which Unix user spamc runs as to do the scanning. This is necessary
because the spamcheck director is first, before system_aliases, so we
don't yet "know" that local parts 'greg' and 'gward' both refer to the
Unix user 'gward'.

The downside of this scheme is that it relies on a 220+ line Python
script to do the heavy lifting. I've had some ideas of how to do all
this in exim.conf, but haven't implemented anything yet. Anyways, I can
email the script to anyone who wants it -- ISTR that this list doesn't
like attachments.

        Greg
--
Greg Ward - software developer                gward@???
MEMS Exchange                            http://www.mems-exchange.org