On Mar 15, 2004, at 19:48, Andy Firman wrote:
> Got it all working thanks. Found out that exim4 runs as
> Debian-exim user so that was a little puzzling to me for a while.
Yep. I do not like this non-unix-compliant username, but oh well.
> warn message = X-Spam-Score: $spam_score ($spam_bar)
> condition = ${if <{$message_size}{80k}{1}{0}}
> spam = Debian-exim:true
Be careful about running SpamAssassin with the Exim user account.
Basically, a flaw in one may affect the operation of the other.
The other implication is that SpamAssassin (and by inference, Razor and
Pyzor) will use directories in ~Debian-exim
(/var/spool/exim4/.spamassassin, /var/spool/exim4/.razor,
/var/spool/exim4/.pyzor) for its configuration/statistics/data files.
>> | accept
>> | spam = mail
>> | delay = 20s
>> | control = fakereject
>> | logwrite = :main: Classified as spam (score
>> $spam_score)
>> | logwrite = :reject: SPAM: $spam_report
>> |
>> | # accept otherwise
>> | accept
>> | logwrite = :main: Classified as ham (score
>> $spam_score)
>> |
>> | # --- END EXISCAN configuration ---
>> +--------------------------------------------------------------
>
> Can you explain what that last part of your config actually does?
> The delay, fakereject, and logging things I don't understand.
If the 'spam' ACL condition succeeds (i.e. the message is spam), then:
- stall the calling party for 20 seconds (let them waste a little bit
of time - if everyone did this, then they would spend much longer time
reaching their 20 million "customers"). [*]
- respond with a "550-FAKEREJECT ...." failure (see
/usr/share/doc/exim4-daemon-heavy/exiscan-acl-spec.txt.gz), while
really accepting the mail.
- Write a one-line message in /var/log/exim4/mainlog, and the
"$spam_report" text into /var/log/exim4/rejectlog.
Otherwise (the message is non-spam), then:
- Accept it, and write a one-liner to that effect (w/SA score
included) in /var/log/exim4/mainlog.
[*] More sophisticated "teergrubing" beyond the reach of Exiscan-ACL,
but is available via e.g. SA-Exim. Unfortunately, it may not be worth
the effort, because in my experience, most spamware will disconnect
after 10-30 seconds of having delivered the message, whether they
receive a response or not.
