RE: [Exim] Virus | Spam tagging

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Alan J. Flavell
Date:  
À: SH Solutions
CC: 'Exim users list'
Sujet: RE: [Exim] Virus | Spam tagging
On Sun, 22 Feb 2004, SH Solutions wrote:

> > I can't comment on that from practical experience,

[..]

> Do you have clamav set up?


See above! As it happens, we're using Sophos Sweep via exiscan.

exiscan_av_scanner = cmdline
exiscan_av_scanner_path = /local0/sophos/bin/sweep

Sophos happens to be licensed for campus-wide use, so the choice of AV
software was pretty-much made for us. YMMV!

Now, about Spamassassin:

> > The way that we have it set up, if spamd fails - which it does
> > occasionally, though not often - then the mail is accepted without
> > being spam-rated.

[..]

> Could you post that part of your configuration?


Just exiscan connected to spamd in the regular way, a la:

exiscan_spamd_address = 127.0.0.1 783

> Thats just the point I am looking for - I dont know how to bypass the spam
> detection if spamd is offline.


I'm not aware that it's anything one needs to configure, I think it's
the natural behaviour of the exiscan code when the spamd cannot be
contacted.

> Is it possible to shift spam and virus detection behind the data phase?


You mean _after_ the content has been accepted from the sending MTA?
We wouldn't consider doing that... (although there's a few back-stops
in the system filter, but they do nothing more than to freeze a few
dubious items for postmaster inspection).

> First of all I do not want to reject any mail


Well, if you're sure that's what you want, I suppose it might be OK,
but I'm afraid I've no experience to offer you on that. Considering
the absolute avalanche of rubbish that's offered to our mailer, hour
by hour, with only a minority of items being bona fide mail, the last
thing I would want to consider is not rejecting anything.

> and second, I need to be able to select and deselect that scans
> depending on the receipients address. This seems simply impossible
> at data phase.


We use selective defer, as has been described previously on the list.

good luck