> [
mailto:exim-users-bounces@exim.org] On Behalf Of Tony Finch
> To: Gregg Berkholtz
> Cc: exim-users@???
> Subject: Re: [exim] av_scanner blacklist
>
> On Wed, 10 Aug 2005, Gregg Berkholtz wrote:
> >> > Is there a way to do this from within Exim, or am I better
> advised to
> > throw together a script which, via cron, parses my rejectlog every
> > minute and builds a blacklist?
>
> In order to do this Exim has to be able to update a database.
> The only way it can do this in a general way is using one of
> the SQL lookup types. You could also do something similar to
> what you want using the ratelimit feature in 4.52.
Tony is right in general but I have an idea that is in
my plans and should work quite easily without a formal
database.
I am running the Python greylistd (daemon) with Exim and
using it to check the greylist (which also adds unfound
entries to the greylist.)
The greylistd also has a whitelist and a blacklist,
however, and with an add or check command those lists
could also be checked or values added to them.
This approach is not "better" than the database, and it
would represent roughly the same amount of administrative
overhead if you had to set either one up from scratch.
But, if someone wants to use greylisting anyway then it
could be a good choice. (I am using many Exim ACLs
indicating suspisious email to drive the greylisting,
even high score SpamAssassin, rather than greylisting
everything. The results so far have led me to fall in
love with greylisting -- as one of many anti-spam layers
of defense.
Of course, conversely, if one already has the database
setup then it's probably easier to go that way -- and
there is also greylist code for MySQL (and example ACls
for exim).
Exim can pretty much talk to any socket based program,
and even run a command (if the volume isn't too high
for repeated process creation to be usuable.)
--
Herb Martin