On 25 February 2002, CM said:
> Tried to set up spam assassin as a system-wide filter and my CPU went
> through the roof.
Were you using the spamassassin script or the spamc/spamd pair?
> This is in a production environment and likely too many
> connections are being made directly to server...unless somebody knows
> something I don't (which is likely). I would like to use Spam Assassin to
> filter based on .forward files for specific domains. I have all my users
> segregated into different directories like so...
>
> /usr/home/domain/spool
> /usr/home/domain/spool
> /usr/home/domain/spool
>
> Suppose I wanted to set up a '.forward filter' for domain 2?
> Can Spam assassin be set up to only filter using .forward and if so how?
Are these shell users with login accounts? If so, .forward might be a
reasonable mechanism. If not, it probably isn't. You might be better
off implementing a per-address filter mechanism as documented in the
spec (section 50.1 of the latest Exim 3 spec).
Also, nobody says you have to use Exim's filtering language to get at
SpamAssassin. My current modus operandi is to have a "spamcheck"
transport that pipes all messages for certain users through SA, and
re-routes them accordingly. (Specifically, if they are spam, they're
filed in /var/mail/spam.$local_part; otherwise they are sent on to the
original recipient.) In my transports section I have this:
# Pipe message through my spamcheck script, which uses spamc
# to determine if the message is spam. If so, it's saved
# to /var/mail/spam.$local_part. Otherwise, it reinvokes
# exim to send the message on to its intended recipient.
spamcheck:
driver = pipe
command = "/etc/exim/spamcheck $local_part $domain"
path = "/usr/bin:/usr/sbin:/bin:/usr/local/bin"
#ignore_status
log_output
return_output
return_path_add
envelope_to_add
delivery_date_add
There's a corresponding director, of course:
# Mail for any local-part listed in /etc/exim/spamcheck_users is
# piped through my spamcheck script, which uses SpamAssassin to
# assess spamminess and routes messages accordingly.
spamcheck:
driver = smartuser
transport = spamcheck
# Translated, this reads:
# if !(defined X-Spam-Flag) and
# !($received_protocol eq "spamc") then
# run this director
condition = "${if and { {!def:h_X-Spam-Flag:} \
{!eq {$received_protocol}{spamc}} } \
{1}{0}}"
local_parts = lsearch;/etc/exim/spamcheck_users
user = ${lookup{$local_part} lsearch {/etc/exim/spamcheck_users} {$value}}
group = mail
# No point sending mail back to the spammer, or a legit sender,
# if my spamcheck script dies.
errors_to = postmaster
/etc/exim/spamcheck_users just maps local parts to usernames; it
determines 1) which local parts have their mail spam-scanned, and 2)
which Unix user spamc runs as to do the scanning. This is necessary
because the spamcheck director is first, before system_aliases, so we
don't yet "know" that local parts 'greg' and 'gward' both refer to the
Unix user 'gward'.
The downside of this scheme is that it relies on a 220+ line Python
script to do the heavy lifting. I've had some ideas of how to do all
this in exim.conf, but haven't implemented anything yet. Anyways, I can
email the script to anyone who wants it -- ISTR that this list doesn't
like attachments.
Greg
--
Greg Ward - software developer gward@???
MEMS Exchange http://www.mems-exchange.org
