Re: [Exim] Spam detection

Top Page
Delete this message
Reply to this message
Author: Eric Renfro
Date:  
To: exim-users
Subject: Re: [Exim] Spam detection
On Sunday 20 October 2002 09:09 am, Jason Robertson wrote:
> With Exim4, has anyone build a spam detecting agent that actually will
> now decode the mime messages that spammers are now using?
>
> I do have some PHP Scripts for exim 3.x, that do list the queue, and
> allow removing and such of messages, this file is used through a ssh
> tunnel. As well you will have to fix the META lines below, there is
> two one at the beginning of index.php, and one at the end of exim.php.


Well, someone from this list asked me how I did my approach. So here's the
basic run-down:

DIRECTORS:

spamcheck_router:
no_verify
# When to scan a message
# - it isn't already flagged as spam
# - it isn't already scanned
condition = "${if and { {!def:h_X-Spam-Flag:} {!eq
{$received_protocol}{spam-scanned}}} {1}{0}}"
driver = accept
transport = spamcheck
user = mail

spam_filter:
user = mail
driver = redirect
domains = +local_domains
file = /etc/exim/spam_filter.exim
no_verify
allow_filter
allow_freeze
allow_fail
file_transport = black_hole

TRANSPORTS:

spamcheck:
driver = pipe
command = /usr/sbin/exim -oMr spam-scanned -bS
use_bsmtp = true
transport_filter = /usr/bin/spamc -u $local_part
home_directory = "/tmp"
current_directory = "/tmp"
# must use a privileged user to set $received_protocol on the way back in!
user = mail
group = mail
#log_output = true
log_output = false
return_fail_output = true
return_path_add = false
message_prefix =
message_suffix =

black_hole:
driver = appendfile
file = /dev/null


The mentioned spam_filter.exim contains:

if ( $header_X-Spam-Level: contains "***************" )
then
        save /dev/null
        logfile /var/log/exim/spam-filter.log 0644
       logwrite "[$tod_log] ${lc:$sender_address} [$sender_host_address] ->
${lc:$original_local_part}@${lc:$original_domain}: spam mail expunged"
        seen finish
endif



And last but not least, I personally use SpamAssassin with SQL-stored
userprefs, instead of flatfile ~/.spamassassin/user_prefs, and so I start
spamd like:

spamd -u mail -q -x

With PostgreSQL I had to use a slightly different DSN line to connect it to a
database, which if anyone wants to know that it's here as:

user_scores_dsn                 DBI:Pg:dbname=dbmail;host=localhost




This is only one of the components of my exim + exiscan + spamassassin +
mailman + dbmail + postgresql + sophos setup.
This has been my development MTA for a month now, and it appears to be working
quite well, all but one thing.

That one thing includes my question:
The only problem with the way O run spamc on email, is it BSMTP's it back to
the local server, running it around once again, around the queue. exiscan
scans the email for viruses twice as a result, too. it's almost double
logging it also.
If anyone know how I could clean this up, I'd appreciate any advice anyone
has. I'd like to, during the spam_check router itself, to parse the mail
through spamassassin right then, and continue on to the rest of the routers
without hitting a delivery transport until after it's done tossing and
filtering.

Eric Renfro