Hello.
I'm having problems building a new mail server around exim. I am
restricted in some of the choices I can make due to outside factors, and
it's making spam catching really hard.
It is entirely possible that I'm over-complicating this, so if anyone
can tell me how I could make it simpler whilst still achieving the same,
I'm open to opinions (although I still want to use exim, of course).
Probably the easiest is if I describe exactly what I _want_ to happen
and then explain what parts I can't do (sorry, it might be a long
post... :)
1. Incoming SMTP mail is checked for a valid to address. If one is
found, the mail is accepted. (This, of course, works without any messing
around). [Our mail arrives through a relay, so I can't reject spam at
SMTP time because it will kill our own server]
2. The mail is virus checked. If it's dirty, the mail server informs
some people, then the mail gets /dev/nulled.
3. The mail is scanned for spam. Below threshold 1 (required_hits I
guess) it is delivered normally.
Above threshold 1, but below threshold 2, it has spam report attached
and is then delivered to user.
Above threshold 2 but below a threshold 3, it gets stored in another
place ("Check_Me"), and a notification goes to postmaster.
Above threshold 3, the mail is chucked into yet another place, and no
notifications are generated. ("Throw_me_away_evenually")
4. Users can sort incoming mails into "Spam" and "NotSpam" boxes as
appropriate (ie things not marked as spam which are, things which are
marked but aren't spam, and things marked as spam which are spam), and
periodically I'll run these sorted mails through sa-learn to update the
Bayes database.
5. "Check_Me" mails are looked at from time to time by the admin, who
consigns them to "Spam" or "NotSpam". Things in "NotSpam" might involve
manually whitelisting some senders. After Having sorted this stuff and
edited rules as appropriate, I then put it back in the queue, and it'll
get checked as before; it should now pass, and get delivered normally.
The "Spam" mails get thrown at sa-learn as appropriate.
To achieve all this, I'm using the latest versions of exim and exiscan
(with ACLs), clamav and spamassassin, all of which I put together thanks
to the excellent resources on Tim Jackson's web site which has (so far)
kept me sane :)
I did experiment with sa-exim, but I need AV so I (think I) need exiscan
anyway, and as far as I could see, sa-exim didn't have as many knobs as
ACLs.
I don't think it makes any difference at this stage, but I'm running it
all on a RedHat 9 system. Oh, the user's home directories (where the
maildirs are) are mounted from elsewhere over NFS.
Now, I have two problems which I really don't know where to go with:
A. How do I make the mail do different things at all these different
spam thresholds?
I thought it might be solvable with ACLs in the form:
warn message = Above threshold 1 ($spam_score)
spam = nobody:true
condition = ${if > {$spam_score_int}{50}{1}{0}}
warn message = Above threshold 2 ($spam_score)
spam = nobody:true
condition = ${if > {$spam_score_int}{80}{1}{0}}
warn message = Above threshold 3 ($spam_score)
spam = nobody:true
condition = ${if > {$spam_score_int}{100}{1}{0}}
which (I think) will _detect_ whether the message is above each
threshold, but I have no idea how to make this do anything to the mail.
Perhaps I should be using system filters, but I'm not clear on what to
do with the messages - which brings me neatly to:
B. How do I deal with mails which I want to quarantine?
I want to store them in a format that is easy to resubmit to exim. This
means that putting them in a maildir folder somewhere doesn't work
ideally (incidentally, I'm using maildir for all the local deliveries).
As far as I can tell, messages in exim's queue are in the form of ID-H
and ID-D files in the 'input' folder. It would be ideal if I could just
move those -H and -D files to another folder, and possibly put the
complete email (including the spam report) in there with them (called
'ID-report', for example). Then, I can look at the mails and decide what
to keep, and all I need do to resubmit it is move those two files back
into exim's 'input' directory.
So what am I missing? I get the feeling that I just need one little
piece of knowledge and it'll all fit together, but fairly busy searching
of the exim docs and this list's archive haven't yet given me the clue I
need - this could be because I don't basically know what I want to look
for.
Any and all thoughts deeply appreciated.
Thanks
Paul.