RE: [Exim] Protect again spam

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\MBjoern.Arne.Ramann at <-
MMMBrian K. West at ->
Delete this message
Reply to this message
Author: Oliver Egginger
Date:  
To: exim-users
CC: Smith, A.D., Bjoern.Arne.Ramann
Subject: RE: [Exim] Protect again spam
I like to hear what other people think about this point:

Smith, A.D. wrote:
> Doesn't the condition:
> {!def:h_X-Spam-Flag:}
> create a hole whereby a spammer using a X-Spam-Flag: Nooooo

The Spam-flag is only set for positive spam tests, I hope strongly.
So spammers could tag their spam for us, but they can't tag it as
being clean.
All the same they can hinder SpamAssassin to run.

I picked this (maybe problematic) condition from
http://dman.ddts.net/~dman/config_docs/exim4_spamassassin.html

dman says:
"this is safe because the only flag that is skipped is a positive flag;"

This is maybe a wrong estimation, cause the exim documentation says for
def:h_<header_name> on page 79:
"This condition is true if a message is being processed and the name
header exists in the message."

So it is also true for "X-Spam-Flag: Nooooo",
but a (procmail) filter normaly scans for "X-Spam-Flag: YES".

I mull over the question, whether the X-Spam-Flag: is really only
set for spam messages.
In this case we could ignore anything that follows "X-Spam-Flag:"
in our filters and the condition would work.

- oliver


Am Mit, 2003-05-21 um 10.38 schrieb Smith, A.D.:
> Doesn't the condition:
> {!def:h_X-Spam-Flag:}
> create a hole whereby a spammer using a X-Spam-Flag: Nooooo
> header, could send as much unchecked spam through your mail system as they want (isn't it better to just stick with the IP checking?)
>
> Alex
>
> -----Original Message-----
> From: Oliver Egginger [mailto:Oliver.Egginger@dvz.fh-giessen.de]
> Sent: Wednesday, May 21, 2003 9:11 AM
> To: Bjoern.Arne.Ramann@???
> Cc: exim-users@???
> Subject: Re: [Exim] Protect again spam
>
>
> Hi there,
>
> download the spamassassin package.
> See
> http://au.spamassassin.org/downloads.html
>
> Define a router in your Exim configuration file.
> For Exim 4 it could look like this:
>
> # Spam Assassin
> spamcheck_router:
>   no_verify
>   check_local_user
>   # When to scan a message :
>   #   -   it isn't already flagged as spam
>   #   -   it isn't already scanned
>   #   -   comes from ABC.DEF.GHI.JKL or MNO.PQR.STU.VWX
>   #   -   .spamcheck exists for this user
>   condition = \
>   "${if and { {!def:h_X-Spam-Flag:} \
>               {!eq {$received_protocol}{spam-scanned}} \
>               {or { {eq {$sender_host_address}{ABC.DEF.GHI.JKL}} \
>                     {eq {$sender_host_address}{MNO.PQR.STU.VWX}} \
>                   }\
>               }\
>             }\
>             {1}{0}\
>     }"
>   require_files = $home/.spamcheck
>   driver = accept
>   transport = spamcheck

>
>
> This router has two advantages (for us):
>
> 1. You can define the sender host addresses from which you will
> scan the spam.
> In my example there are ABC.DEF.GHI.JKL and MNO.PQR.STU.VWX (you have to
> substiute this by your real IP-Adresses).
>
> 2. The spamcheck router only runs in dependency of the existence of the
> .spamcheck file.
> So your users can decide whether or not they wont to use Spamassassin.
> Thats important for protection of privacy in germany.
>
> If you don't need this you can simplify the router, for example:
>
> # Spam Assassin
> spamcheck_router:
>   no_verify
>   check_local_user
>   # When to scan a message :
>   #   -   it isn't already flagged as spam
>   #   -   it isn't already scanned
>   condition = \
>   "${if and { {!def:h_X-Spam-Flag:} \
>               {!eq {$received_protocol}{spam-scanned}} \
>             }\
>             {1}{0}\
>     }"
>   driver = accept
>   transport = spamcheck

>
>
> In the end you will need a spamcheck transport.
> This one works well for us:
>
> # Spam Assassin
> spamcheck:
>     driver = pipe
>     command =  /usr/exim/bin/exim -oMr spam-scanned -bS
>     use_bsmtp = true
>     transport_filter = /usr/bin/spamc
>     home_directory = "/tmp"
>     current_directory = "/tmp"
>     # must use a privileged user to set $received_protocol on the way
>     # back in!
>     user = mail
>     group = mail
>     log_output = true
>     return_fail_output = true
>     return_path_add = false
>     message_prefix =
>     message_suffix =

>
>
> Put the router and the transport on the right places in your exim conf
> and send the daemon a HUP signal.
> Thats all.
>
> - oliver
>
>
> Am Die, 2003-05-20 um 22.56 schrieb Bjoern.Arne.Ramann@???:
> > Hello together,
> >
> > i am looking for a way to protect against spam.
> >
> > We have some mail-realy systems, based on exim. To block
> spam, we use now
> > filter-rules based on "subjecs" and some other fields.
> >
> > This works in some kinds, but is not really (in our config) effictive.
> >
> > Are there other ways to protec again spam?? I think that
> > commercial-solutions will be OK when they work together with Exim.
> >
> >
> > Reguards
> > bjoern
> >
> >
> >
> > --
> >
> > ## List details at
> http://www.exim.org/mailman/listinfo/exim-users Exim details at
> http://www.exim.org/ ##
>
> --
> Oliver Egginger <Oliver.Egginger@???>
> Giessen-Friedberg University of Applied Sciences
> Wiesenstrasse 14
> 35390 Giessen
> Tel. +49 641 309-1283
> Fax +49 641 309-1288
>
>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
--
Oliver Egginger <Oliver.Egginger@???>
Fachochschule Giessen-Friedberg



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-RE: [Exim] exim -bh errorsRe: [Exim] mixed logs...->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)