I like to hear what other people think about this point:
Smith, A.D. wrote:
> Doesn't the condition:
> {!def:h_X-Spam-Flag:}
> create a hole whereby a spammer using a X-Spam-Flag: Nooooo
The Spam-flag is only set for positive spam tests, I hope strongly.
So spammers could tag their spam for us, but they can't tag it as
being clean.
All the same they can hinder SpamAssassin to run.
I picked this (maybe problematic) condition from
http://dman.ddts.net/~dman/config_docs/exim4_spamassassin.html
dman says:
"this is safe because the only flag that is skipped is a positive flag;"
This is maybe a wrong estimation, cause the exim documentation says for
def:h_<header_name> on page 79:
"This condition is true if a message is being processed and the name
header exists in the message."
So it is also true for "X-Spam-Flag: Nooooo",
but a (procmail) filter normaly scans for "X-Spam-Flag: YES".
I mull over the question, whether the X-Spam-Flag: is really only
set for spam messages.
In this case we could ignore anything that follows "X-Spam-Flag:"
in our filters and the condition would work.
- oliver
Am Mit, 2003-05-21 um 10.38 schrieb Smith, A.D.:
> Doesn't the condition:
> {!def:h_X-Spam-Flag:}
> create a hole whereby a spammer using a X-Spam-Flag: Nooooo
> header, could send as much unchecked spam through your mail system as they want (isn't it better to just stick with the IP checking?)
>
> Alex
>
> -----Original Message-----
> From: Oliver Egginger [mailto:Oliver.Egginger@dvz.fh-giessen.de]
> Sent: Wednesday, May 21, 2003 9:11 AM
> To: Bjoern.Arne.Ramann@???
> Cc: exim-users@???
> Subject: Re: [Exim] Protect again spam
>
>
> Hi there,
>
> download the spamassassin package.
> See
> http://au.spamassassin.org/downloads.html
>
> Define a router in your Exim configuration file.
> For Exim 4 it could look like this:
>
> # Spam Assassin
> spamcheck_router:
> no_verify
> check_local_user
> # When to scan a message :
> # - it isn't already flagged as spam
> # - it isn't already scanned
> # - comes from ABC.DEF.GHI.JKL or MNO.PQR.STU.VWX
> # - .spamcheck exists for this user
> condition = \
> "${if and { {!def:h_X-Spam-Flag:} \
> {!eq {$received_protocol}{spam-scanned}} \
> {or { {eq {$sender_host_address}{ABC.DEF.GHI.JKL}} \
> {eq {$sender_host_address}{MNO.PQR.STU.VWX}} \
> }\
> }\
> }\
> {1}{0}\
> }"
> require_files = $home/.spamcheck
> driver = accept
> transport = spamcheck
>
>
> This router has two advantages (for us):
>
> 1. You can define the sender host addresses from which you will
> scan the spam.
> In my example there are ABC.DEF.GHI.JKL and MNO.PQR.STU.VWX (you have to
> substiute this by your real IP-Adresses).
>
> 2. The spamcheck router only runs in dependency of the existence of the
> .spamcheck file.
> So your users can decide whether or not they wont to use Spamassassin.
> Thats important for protection of privacy in germany.
>
> If you don't need this you can simplify the router, for example:
>
> # Spam Assassin
> spamcheck_router:
> no_verify
> check_local_user
> # When to scan a message :
> # - it isn't already flagged as spam
> # - it isn't already scanned
> condition = \
> "${if and { {!def:h_X-Spam-Flag:} \
> {!eq {$received_protocol}{spam-scanned}} \
> }\
> {1}{0}\
> }"
> driver = accept
> transport = spamcheck
>
>
> In the end you will need a spamcheck transport.
> This one works well for us:
>
> # Spam Assassin
> spamcheck:
> driver = pipe
> command = /usr/exim/bin/exim -oMr spam-scanned -bS
> use_bsmtp = true
> transport_filter = /usr/bin/spamc
> home_directory = "/tmp"
> current_directory = "/tmp"
> # must use a privileged user to set $received_protocol on the way
> # back in!
> user = mail
> group = mail
> log_output = true
> return_fail_output = true
> return_path_add = false
> message_prefix =
> message_suffix =
>
>
> Put the router and the transport on the right places in your exim conf
> and send the daemon a HUP signal.
> Thats all.
>
> - oliver
>
>
> Am Die, 2003-05-20 um 22.56 schrieb Bjoern.Arne.Ramann@???:
> > Hello together,
> >
> > i am looking for a way to protect against spam.
> >
> > We have some mail-realy systems, based on exim. To block
> spam, we use now
> > filter-rules based on "subjecs" and some other fields.
> >
> > This works in some kinds, but is not really (in our config) effictive.
> >
> > Are there other ways to protec again spam?? I think that
> > commercial-solutions will be OK when they work together with Exim.
> >
> >
> > Reguards
> > bjoern
> >
> >
> >
> > --
> >
> > ## List details at
> http://www.exim.org/mailman/listinfo/exim-users Exim details at
> http://www.exim.org/ ##
>
> --
> Oliver Egginger <Oliver.Egginger@???>
> Giessen-Friedberg University of Applied Sciences
> Wiesenstrasse 14
> 35390 Giessen
> Tel. +49 641 309-1283
> Fax +49 641 309-1288
>
>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
--
Oliver Egginger <Oliver.Egginger@???>
Fachochschule Giessen-Friedberg