Re: [Exim] Final Peer Review Sought: "Spam Filtering for MXs…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Sam Michaels
Date:  
À: Tor Slettnes
CC: Exim User's Mailing List
Sujet: Re: [Exim] Final Peer Review Sought: "Spam Filtering for MXs" HOWTO
I put this on my production server for a large organization which gets
hit far too much by spammers and the like. Some changes I made:

--1--
In the generic exim conf you said to add:

pipeline_advertise_hosts = :

...when it should be pipelining_advertise_hosts. I believe someone
mentioned this on the list already.

--2--
I commented out all the DNS blacklists...I don't trust them.

--3--
I replaced your SPF code using spfquery with the exiscan-ACL built in SPF:

# Sender Policy Framework
   warn
     spf = fail:neutral
     set acl_m0 = $sender_host_address ($sender_helo_name) is not \
                  authorized to deliver mail for <$sender_address>.
     set acl_m1 = SPF check failed ($spf_result).


--4--
Commented out the greylistd code

--5--
In the data ACL, I added the SPF header after you add a missing Message-ID:

# Always add SPF-Received header
   warn
     message             = $spf_received


--6--
After that I added my X-Scan-Signature code to skip the rest of the
tests if we already did it on this or another trusted system:

# Accept if the message contains our cryptographic header
   accept condition = ${if eq {${hmac{md5}\
                                         {SECRET}\
                     {$body_linecount}}}\
                     {$h_X-Scan-Signature:} {1}{0}}


--7--
After you check for MESSAGE_SIZE_SPAM_MAX I added my malware check from
exiscan-ACL:

# Reject virus infested messages.
   deny
     message = This message contains a virus ($malware_name)
     malware = *


--8--
I have a hardcoded system wide limit of 5.0 for SpamAssassin...so I
commented out all the SA code and used my old one:

# Reject spam messages with score over 5, using an extra condition.
   deny
     message = Message rejected as spam ($spam_score / 5.0)
     spam = nobody:true
     condition = ${if >{$spam_score_int}{50}{1}{0}}


--9--
Directly before the final accept I add my cryptographic header:

# Add the cryptographic header.
   warn
     message = X-Scan-Signature: ${hmac{md5}\
                 {SECRET}\
             {$body_linecount}}


Seems to be working great so far. I see a ton of "unexpected
disconnection while reading SMTP command..." from DSL and cable hosts.
Thanks for a good doc.

Sam