Re: [exim] Spamtrap routers and stuff

Inizio della pagina
Delete this message
Reply to this message
Autore: Kjetil Kjernsmo
Data:  
To: exim-users
Oggetto: Re: [exim] Spamtrap routers and stuff
On søndag 12 juni 2005, 16:10, Marc Sherman wrote:
> > But my knowledge of Exim still feels insufficient to actually write
> > it in a way Exim understands...Any examples that do something
> > similar?
>
> Well, it's kind of similar to the "scanning profile" example in the
> wiki:
> http://www.exim.org/eximwiki/ExiscanExamples#head-4943f32361fdfe0858e
>115140c9349d3d6a14540


Hmmm, what I don't understand with this approach is what if the first
RCPT TO is a legit address, won't then the message be accepted for this
address, since we don't know yet that a spamtrap is in any subsequent
RCPT TO...

I have been doing progress on the other things, and have a working setup
except for this problem.

I have this RCPT ACL:
# Set a variable to check on later
warn    message = X-Spamtrap: $local_part hit
        local_parts = lsearch;/etc/exim4/spamtraps
        set acl_c0 = spamtraps


# Point 2) :

discard local_parts = lsearch;/etc/exim4/spamtraps
        senders = :


This DATA ACL:
deny message = Heh. You hit my spamtrap with a big message. 
     condition = ${if eq{$acl_c0}{spamtraps}{1}{0}}
     condition = ${if >{$message_size}{64k}{1}{0}}


accept condition = ${if eq{$acl_c0}{spamtraps}{1}{0}}

This router:
spamtrap_director:
driver = accept
condition = ${if eq{$acl_c0}{spamtraps}{1}{0}}
transport = spamtrapdelivery

and finally this transport:
spamtrapdelivery:
        driver = appendfile
        file = /var/junk/spamtraps


I'll probably ask some more about this final transport and piping
directly to SA one day, but one thing at a time... :-)

Does the above look OK?

Well, one idea I had....: I'm setting a acl_c0 for the connection, and
that'll get set once for all if there is a single spamtrap address...
Then, if I set a an acl_m0 on legit addresses, I could deny if both
acl_c0 and acl_m0 was set. I may be reiterating things I have allready
been told, or I may not have understood anything I've read, of
course... :-) And since I wouldn't want to maintain a list of legit
addresses, I don't quite now how to achieve this, but... Am I on a
right track, or...?

BTW, I promise to put this up in the Wiki when I'm done with it, if you
want it there, so that people won't pester you about this again... :-)

Cheers,

Kjetil
-- 
Kjetil Kjernsmo
Programmer/Astrophysicist/Skeptic/Ski-orienteer/Orienteer/Mountaineer
kjetil@???  webmaster@???  editor@???
Homepage: http://www.kjetil.kjernsmo.net/        OpenPGP KeyID: 6A6A0BBC