Re: [Exim] permanent failure for spam

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M+\Ron McKeating at <-
MMMRichard Lithvall at ->
Delete this message
Reply to this message
Author: Willie Viljoen
Date:  
To: Ron McKeating, Phil Chambers
CC: Exim-Users \(E-mail\)
Subject: Re: [Exim] permanent failure for spam
Here's a possible solution, I'm way too lazy to type up a sample
implementation though.

Set up a second server to process mail leaving your network (I know,
overhead, but it will help you balance load too if you use it properly)

Now set up the server that recieves your mail to use the second server as a
smarthost for remote SMTP to addresses not in your local block, in other
words, send all outgoing SMTP through the second server. Use which ever
scanning method you please to mark messages with spamish scores by adding
X-Spam-* headers to them as soon as they are recieved.

On the second (outgoing) mail server, implement a system filter. Ideally,
you want the filter to work by the following these very simple (but
effecrive) rules, in this order:

If the sender is in your domain, pass immediately.
If the message is tagged as spam in the header, discard it, without a bounce
or an error.
Pass all messages at this point.

This way, mail classified as spam can still be saved on the university
servers, but will not be forwarded back onto the open internet.

Hope this helps.
Will

----- Original Message -----
From: "Ron McKeating" <R.J.Mckeating@???>
To: "Phil Chambers" <P.A.Chambers@???>
Cc: "Exim-Users (E-mail)" <exim-users@???>
Sent: Wednesday, November 05, 2003 11:51 PM
Subject: Re: [Exim] permanent failure for spam


> On Wed, 2003-11-05 at 17:34, Phil Chambers wrote:
> > > Ron McKeating wrote:
> > > > Now it seems that btinternet are doing spam filtering at the smtp
> > > > transaction and if it identifies a spam it breaks the connection
with a
> > > > defer. Is this normal? we are thinking of setting up exiscan to do
this
> > > > to emails with big spam scores but we were planning to do a deny, eg
a
> > > > 550 permanent error. The way bt are doing it, the email sits in our
> > > > queue for 8 days and we constantly re-attempt to deliver it.
> >
> > I am curious to know if the messages are spam. If they are then perhaps
you deserve
> > to have messages clogging up your queue. If not, then it looks as if
BT's
> > spam-checking is up the creek and it might be worth contacting their
postmaster to
> > let them know.
> >
> > Phil.
>
> Yes Phil they are indeed all spam. We scan all incoming emails with
> spamassassin, and do detect huge amounts. See our mailrouter spam
> detection stats at http://mrtg.lboro.ac.uk/mail/bill-spam.html.
>
> But we mark all email that scores over 6 with a spam header, then users
> have a file called .specialfilter (which they set up via a web page
> interface we designed for spam filter choices) which will have one of 3
> choices in it, deliver all my email and do not touch it, hide all spam
> tagged email in a directory called SPAM in user home and delete any over
> 21 days old (this is the default, users cannot see it but we can trace
> lost emails if they ask) and finally drop spam tagged email into a
> folder called filtered_SPAM which the user can see as a mail folder.
>
> We do go to a lot of trouble to detect spam and give our users the
> option to be protected from it. But if users are forwarding their email
> to home what can we do about that ? The forwarding happens before local
> delivery and even if the user has username-noforward in their .forward
> file as well as the other address they want delivered to, we can only
> act on the local copy of the email being delivered to us.
>
> On the other hand, we are kindly putting in a spam header for btinternet
> to work with before we forward it :-)
>
> I would be quite keen to hear if anybody has a neat solution so that an
> email marked as possible spam is not forwarded. The trouble is we have
> to give our users the choice, if they do not want their email spam
> filtered then we cannot do it, they pay our wages and we work for them.
> If our academic staff in social science are doing research into child
> porn, or our chemistry department into pharmacuticals we could end up
> blocking an awful lot of valid email.
>
> As a University we have 4000 staff and 18000 students, it would be very
> difficult to have one rule for all.
>
> So Phil in a word yes, they were all 130 of them spams, and if you think
> I should burn at the stake, while ravenous crows peck out my eyes
> (surely only ravens could be ravenous?) then so be it. If any great
> email master for whom the spam force is strong wants to pass me their
> wisdom I will be happy to listen.
>
> Ron
> > ---------------------------------------
> > Phil Chambers (postmaster@???)
> > University of Exeter
> >
> >
> > --
> >
> > ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
details at http://www.exim.org/ ##
> >
>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
details at http://www.exim.org/ ##
>
>
>



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] ldap auth and subtree searchingRe: [Exim] Encoding the name of EXIM_USER instead of its user-id in the exim-binary.->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)