hi all,
this is more of a why-one-vs-the-other question, rather than a which/what ...
i've been happily getting to know the various/numerous filter functions avail
to me in the wild-n-woolly world of exim. yes, i know. lots to choose from.
for content scanning on my current implementation, i'm using SpamAssassin
v3.2.0-r232569 with Exim 4.53RC1's Exiscan (do we still call it Exiscan now
that it's 'built in'?). works like a charm.
iiuc, SA's "modus operandi" is to scan complete messages, and execute various
tests until a certain threshhold is reached ... not the least expensive
process one can imagine.
in the CGPro world where i've migrated from a couple of time, there's the
concept of "RFC822 filters" wherein one can define a random collection of
"banned" header &/or body lines that cause an immediate rejection/drop of the
message at the point/time of detection.
this rejection/detection happens before the SA cycle -- sparing the related CPU.
not knowing the relative efficiency of Exim/Exiscan/SA, is it 'worth' doing
similar filtering in, i'd imagine, the acl_smtp_connect ACL? even if there's no
tremendous gain, is there any particular down-side to doing it?
ideally, i'd like to define two lists, say:
headers.banned
containing, e.g., a random assorment of header spec'ns, ala:
"X-Mailer: *Bobs Message Poster*",
"Subject: *ADV:*",
"From: *@*.com.dk*",
"From: *@blurg.com*",
"Return-Path: *@blah*",
...
and,
content.banned
containing, e.g., a random assorment of "bad" body strings
options for searching for any particular header_type content seem pretty clear,
tho the 'random assortment' part of the req't has got me thinking that an
external local_scan function may be called for (perl? python? dunno yet ...)
what are folks doin abt this sort of thing 'out there'? if anyone's got a
relevant discussion thread URL handy, that would be helpful too!
thx!
richard
