Autor: Adam Henry Data: Dla: exim-users Temat: [Exim] spamassassin whitelist
--
My question may fall into the domain of the SA mail list, but I would
be pleased if I could get as much insight into this problem as I can
before posting to the other group.
I am using Debian Woody, Exim 3.35-1, and Spamassassin 2.20-1woody.
I have heard an interest that people who implement SA have to give their
users a mechanism to opt-out of spamassassin's protective measures.
However, it seems that SA ignores the addresses entered by the RCPT
TO: SMTP commands, and relies solely on header information. This is a
problem, since some of the spam these white-listed users get has forged
To: headers.
I can think of several options to solve this problem. Please don't
feel a need to comment on the SA-specific solutions, but I would enjoy
hearing what you all think about the solutions pertaining to Exim and
SMTP mail in general.
Using a spamcheck_director, I am able to specify a 'domains =' list which
will provide whitelist/blacklist functionality on a per-domain basis.
I'm thinking that there is a way to do the same thing on a per-address
basis with the 'condition =' command, but have not found clear-cut
documentation about this complicated command. Where can I find more
information about how to set a file up, much in the spirit of 'domains
=', which can be checked for certain addresses?
The second option I see, and maybe a little more drastic, is to do a
little header rewriting. Since I do not want to just refuse mail if
the To: address doesn't agree with the RCPT TO: address, would there be
much harm in rewriting to To: to reflect the value given at the RCPT TO:
command? This would let SA do its job more effectively, but I am worried
that I'm not thinking of a scenario in which mail delivery would suffer.
The other option, of course, is to figure a way to make SA check the
RCPT TO: header instead of To:. Conceptually, is this the wrong way to
approach the problem?
Again, thank you all for your time and thoughts. I'm digging
spamassassin, but the shock some users get when filtering is happening
for the first time in 6 years is sometimes too great.
hank
--
[ Content of type application/pgp-signature deleted ]
--