I'm using exim 3.35 as it comes stock with Debian woody. I've set up a small
box which is used to work as a relay for a couple of small domains and it's
solely purpose is to filter the mail for viruses and spam mails. I'm using
MailScanner with default solution: One exim instance for a pure local
delivery, M. is picking up the mails, scanning them and hands the mails
back to the second instance which is solely used for delivering via SMTP to
the main mailservers of the domains.
I've been asked to provide some statistical details about the mails and the
filtering but have not come to an appropriate solution with exim. Exim's
mainlog provides me just with very few informations. My most favourite
solution is to see something using the expansion variables:
in a single file with a small prefix and suffix to have a block record type
for each message.
I found out that a using "message_filter" as a system wide filter would work
quite well, but only for the outgoing instance (I don't know why it's not
working on the incoming instance, probl. because no router is used?).
Although this creates an entry for every delivery attempt, i.e. multiple
entries for multiple deliveries because e.g. of a down mailserver must be
sorted out.
I read about shadow transports, but this works only for local transports,
not for the remote smtp stuff. Would this be appropriate for the incoming
instance to log the messages?
It is also quite imporatant to me that it is not too extensive in respect to
CPU power. Although the number of domains is 1-digit some mailing lists on
them are generating quite a huge number of mails which I don't want to pull
down the machine.