[exim] relative 'expense' of Exiscan/SpamAssassin vs. local_…

Top Page
Delete this message
Reply to this message
Author: OpenMacNews
Date:  
To: exim-users
Subject: [exim] relative 'expense' of Exiscan/SpamAssassin vs. local_scan for simple header/body triggers?
hi all,

this is more of a why-one-vs-the-other question, rather than a which/what ...

i've been happily getting to know the various/numerous filter functions avail
to me in the wild-n-woolly world of exim. yes, i know. lots to choose from.

for content scanning on my current implementation, i'm using SpamAssassin
v3.2.0-r232569 with Exim 4.53RC1's Exiscan (do we still call it Exiscan now
that it's 'built in'?). works like a charm.

iiuc, SA's "modus operandi" is to scan complete messages, and execute various
tests until a certain threshhold is reached ... not the least expensive
process one can imagine.

in the CGPro world where i've migrated from a couple of time, there's the
concept of "RFC822 filters" wherein one can define a random collection of
"banned" header &/or body lines that cause an immediate rejection/drop of the
message at the point/time of detection.

this rejection/detection happens before the SA cycle -- sparing the related CPU.

not knowing the relative efficiency of Exim/Exiscan/SA, is it 'worth' doing
similar filtering in, i'd imagine, the acl_smtp_connect ACL? even if there's no
tremendous gain, is there any particular down-side to doing it?

ideally, i'd like to define two lists, say:

    headers.banned
        containing, e.g., a random assorment of header spec'ns, ala:
            "X-Mailer: *Bobs Message Poster*",
            "Subject: *ADV:*",
            "From: *@*.com.dk*",
            "From: *@blurg.com*",
            "Return-Path: *@blah*",
            ...


and,

    content.banned
        containing, e.g., a random assorment of "bad" body strings



options for searching for any particular header_type content seem pretty clear,
tho the 'random assortment' part of the req't has got me thinking that an
external local_scan function may be called for (perl? python? dunno yet ...)

what are folks doin abt this sort of thing 'out there'? if anyone's got a
relevant discussion thread URL handy, that would be helpful too!

thx!

richard