[Exim] amavis / spamassassin - another neat trick....

Top Pagina
Delete this message
Reply to this message
Auteur: Chris Knipe
Datum:  
Aan: exim-users
Nieuwe Onderwerpen: [Exim] Sorry, not directly Exim related, but interesting SPAM related news.
Onderwerp: [Exim] amavis / spamassassin - another neat trick....
Lo all,

Not that complicated thing to do, but something I also think may be worth
the while for allot of admins and the poor load levels on smtp servers...

Like most people, I used to run spamassassin & amavis under to separate
directors, the result was always that I had a extra "Received: from" header
in my emails. Whilst maybe not the biggest of issued, I felt that it was
unnecessary, seeing that 1) exim process all your mail THREE times, 2) it
messes up your mail counts for stats such as eximstats, and 3) it could
possibly lead to possible system attacks, because account names and the like
are revealed in the Received: line...

After suffering a sever hard drive crash at the end of last weekend, and
having to spend all my time restoring backups / recovering data, and
unfortunately, reinstalling certain parts of my system (such as exim), I
figured instead of doing things as they where, why not optimise :) That's
exactly what I did, and it's working like a charm.

The basic logic behind this after looking closely at the given amavisd and
spamassassin examples, is that spamassassin just like amavisd, reads the
messages from STDIN. Spammassin simply reads the message, process it, and
pipes it back to exim in BSMTP format (Hence, the need to configure BSMTP in
the transport). Immediately, a light bulb when on *KA-CHING!*. Why can't
we simply pipe the message from spamassassin to amavis, instead of back to
exim, and then back out a *third* time to amavisd....

The end result, is a wonderfully optimised system, doing two steps in one
process. Like they say in Afrikaans, my dutchie native language, "Twee flee
met een klap!" Net so!

The process is simple. Forget anything about spamassassin in exim. Sure,
you need to install it on the system, and it needs to be working!!! Install
amavis like you normally would. You use the same transports, the same
directors, and the same routers. The conditions are also exactly the same
as you would set them up for amavis - NOTHING about spamassassin goes into
exim's config :-) You don't need it. Spamassassin is a filter, not a
transport, which is the whole catch.

Your next step, is to include the spamassass filter, into the amavis
transport, currently, I use:

amavis:
driver = pipe
command = /usr/local/sbin/amavis -f ${sender_address} -d ${pipe_addresses}
transport_filter = /usr/bin/spamc
home_directory = "/tmp"
current_directory = "/var/spool/amavisd"
user = vscan
group = exim
return_path_add = false
log_output = true
return_fail_output = true
prefix =
suffix =

Things to mention about this.... This transport is 100% exactly the same as
the ones provided in the README.exim file. The only difference, is that I
have added spamassassin, as a transport, and I am *not* formatting the
messages into BSMTP format. If you do that, your mail users will end up
with their email in BSMTP format in their mailboxes when they pop the
mail... However, this may be a good possibility to explore further, and
allow mail queues to offline remote sites in BSMTP format via POP3.... But
that's a experiment for another day....

The end result:
Received: from vscan by netsonic.megalan.co.za with scanned-ok (Exim 3.36
#1)
id 17ggJq-00008W-46
for c.knipe@???; Mon, 19 Aug 2002 08:47:18 +0200
Received: from net-001-254.int.megalan.co.za ([192.168.1.254] helo=genocide)
by netsonic.megalan.co.za with asmtp (Exim 3.36 #1)
id 17ggII-00007F-46
for c.knipe@???; Mon, 19 Aug 2002 08:45:42 +0200
Message-ID: <002101c2474c$109daa50$fe01a8c0@genocide>
<SNIP>
X-Spam-Status: No, hits=-2.8 required=7.0
tests=EXCUSE_16,FROM_AND_TO_SAME
version=2.31
X-Spam-Level:
X-Virus-Scanned: by MegaLAN Corporate Networking Services


Quick, neat, and the mail is only processed twice, instead of the normal
three times as required by the examples.

Someone should hopefully find this useful.... I most certainly do :-)

--
me