Re: [Exim] 4.30-6.amwoody.1 + spamassassin problem

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Tor Slettnes
日付:  
To: Andy Firman
CC: exim-users
題目: Re: [Exim] 4.30-6.amwoody.1 + spamassassin problem
On Mar 15, 2004, at 19:48, Andy Firman wrote:
> Got it all working thanks. Found out that exim4 runs as
> Debian-exim user so that was a little puzzling to me for a while.


Yep. I do not like this non-unix-compliant username, but oh well.

>    warn message = X-Spam-Score: $spam_score ($spam_bar)
>      condition = ${if <{$message_size}{80k}{1}{0}}
>      spam = Debian-exim:true


Be careful about running SpamAssassin with the Exim user account.
Basically, a flaw in one may affect the operation of the other.

The other implication is that SpamAssassin (and by inference, Razor and
Pyzor) will use directories in ~Debian-exim
(/var/spool/exim4/.spamassassin, /var/spool/exim4/.razor,
/var/spool/exim4/.pyzor) for its configuration/statistics/data files.

>>      |    accept
>>      |        spam       = mail
>>      |        delay      = 20s
>>      |        control    = fakereject
>>      |        logwrite   = :main: Classified as spam (score
>> $spam_score)
>>      |        logwrite   = :reject: SPAM: $spam_report
>>      |
>>      |    # accept otherwise
>>      |    accept
>>      |        logwrite   = :main: Classified as ham (score
>> $spam_score)
>>      |
>>      |    # --- END EXISCAN configuration ---
>>      +--------------------------------------------------------------

>
> Can you explain what that last part of your config actually does?
> The delay, fakereject, and logging things I don't understand.


If the 'spam' ACL condition succeeds (i.e. the message is spam), then:
- stall the calling party for 20 seconds (let them waste a little bit
of time - if everyone did this, then they would spend much longer time
reaching their 20 million "customers"). [*]
- respond with a "550-FAKEREJECT ...." failure (see
/usr/share/doc/exim4-daemon-heavy/exiscan-acl-spec.txt.gz), while
really accepting the mail.
- Write a one-line message in /var/log/exim4/mainlog, and the
"$spam_report" text into /var/log/exim4/rejectlog.

Otherwise (the message is non-spam), then:
- Accept it, and write a one-liner to that effect (w/SA score
included) in /var/log/exim4/mainlog.


[*] More sophisticated "teergrubing" beyond the reach of Exiscan-ACL,
but is available via e.g. SA-Exim. Unfortunately, it may not be worth
the effort, because in my experience, most spamware will disconnect
after 10-30 seconds of having delivered the message, whether they
receive a response or not.