Re: [Exim] Setting up SpamAssassin & Tarpitting on exim 4.22

Top Page
Delete this message
Reply to this message
Author: Jez Hancock
Date:  
To: exim-users
Subject: Re: [Exim] Setting up SpamAssassin & Tarpitting on exim 4.22
On Tue, Aug 26, 2003 at 07:30:22PM -0600, Dan Egli wrote:
> OK. I've gotten to the point where the spam is driving myself and my users
> up the wall. I've heard a lot of good things about SpamAssassin so I
> figured I'd install it. While reading about it I found some info on
> Tarpitting (i.e. holding the spammer's connection open so as to help
> prevent the spread of their emails), but nowhere have I found any complete
> "how-to" that describes installing SpamAssassin on a system-wide level
> into Exim 4.22 (or ANY exim version for that matter).

I have a simple setup where Exim uses the exiscan ACL patch to call SA
at DATA time, rejecting messages with an SA score of over 12:

acl_check_data:
<snip>
    # spam stuff:
    # put headers in all messages (no matter if spam or not)
    warn  message = X-Spam-Score: $spam_score ($spam_bar)
        condition = ${if <{$message_size}{80k}{1}{0}}
        spam = nobody:true


    warn  message = X-Spam-Report: $spam_report
        condition = ${if <{$message_size}{80k}{1}{0}}
        spam = nobody:true


    # reject spam at high scores (> 12)
    deny   message = Message scored $spam_score > 12
        spam = nobody:true
        condition = ${if >{$spam_score_int}{120}{1}{0}}
        #delay = TEERGRUBE


    # add second subject line with *SPAM* marker when message
    # is over threshold
    warn log_message = spam:$spam_score:6
        condition = ${if <{$message_size}{80k}{1}{0}}
        condition = ${if >{$spam_score_int}{60}{1}{0}}
        spam = nobody:true


    accept


This is pretty much as per the ACL instructions included with the
exiscan acl patch. There's an option on FreeBSD to install Exim with
the exiscan patch, so I just went for that. The exiscan site is:

http://duncanthrax.net/exiscan/

As for teergrubing I temporarily gave up on holding onto SMTP
connections for extended periods because I found I had to increase the
max SMTP connections I could hold open at one point to about 200.
Further, because I also use MySQL for routing, an unacceptable number of MySQL
connections were being kept open as well. If I could work out how to
close the connection to MySQL before initiating the 'delay' I might
consider teergrubing again.

I started off with the TEERGRUBE macros set to '1h' just to see the
connections being held, but soon stopped this practise as legitimate
mail was being temporarily denied because I'd run out of available SMTP
connections!

--
Jez

http://www.munk.nu/