Re: [Exim] Compile options - SMP and min processes

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Tim Jackson
Date:  
À: exim-users
Sujet: Re: [Exim] Compile options - SMP and min processes
On Tue, 16 Mar 2004 21:22:01 -0800 SSugg wrote:

> Third, is there a way to change the order things happen? First I want to
> confirm that the email is for one of our users, then see if it is spam.
> We have thousands of messages that come in, get spam checked (wasting
> DNS lookups and bandwidth), get virus checked, and then checked to see
> if the user actually exists before trashing the message. The first and
> last need to get reversed so we can kill the message before wasting more
> resources on it.


All these steps are configured in your ACLs (mainly the RCPT ACL). Inside
each ACL, the steps are read through in order, top-to-bottom, so the order
that you do various checks is up to you. You are right in noting that, at
least in the default config file, the suggested place for DNSBL lookups is
*before* recipient verification, which may be sub-optimal in terms of
resource usage if you have a local user list, although on the other hand,
some people prefer not to give any information about the validity or
non-validity of users to people listed on DNSBLs, so would rather do the
DNS lookup first and swallow the cost.

However, depending on how you're doing it, virus scanning is typically
done *after* recipient checking, because (at least if you use Exiscan)
it's done in the DATA ACL, so any bad recipients shouldn't get that far so
long as you make sure they are knocked on the head at RCPT time.

So, to get around the DNSBL/recipient verification problem, just rearrange
the rules in your RCPT ACL. You may need to reverse the sense of some of
the rules (e.g. convert an "accept good recipients" to "reject bad
recipients") but it's not too difficult. Just read up on the ACL section
in the manual and make sure you're comfortable with how things work.

Tim