Re: [exim] Denying spam and keeping a copy for me

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Ian FREISLICH
Dátum:  
Címzett: John Oxley
CC: exim-users
Tárgy: Re: [exim] Denying spam and keeping a copy for me
John Oxley wrote:
> Exim 4.51 with Spam Assassin.
>
> I am denying spam in the DATA acl with 
>    deny  message     = This message scored $spam_score points.  Congratulations!
>       condition   = ${if <{$message_size}{80k}{1}{0}}
>       spam        = spamd:true
>       condition   = ${if >{$spam_score_int}{80}{1}{0}}

>
> When a message gets denied, how can I catch that message for inspection
> to check that it actually is SPAM? Is it an Exim thing or a
> SpamAssassin thing?


Do a fakereject, and catch the "rejected mail" later in your routers
section. I like to split SMTP time deny based on a high score and
other processing based on lower scores. I set
SpamAssassin::local.cf::required_hits=30 and do something similar
to the folowing modified a bit to fit your request. So, this example
would reject at 30 and above but pretend to reject for lowor scores.

  deny     condition    = ${if <{$message_size}{80k} {yes}{no}}
          !hosts        = net-iplsearch;/etc/exim/exclude.spamfilter.nets
           spam         = $primary_hostname/defer_ok
           message      = This message rated as spam
           log_message  = SPAM message $spam_score


  warn     condition    = ${if >{$spam_score_int}{80} {yes}{no}}
           control    = fakereject/This message rated as spam


In your routers, before local delivery (or wherever you want to
catch the spam before delivery):

spambucket:
driver = accept
domains = +our_domains
no_verify
condition = ${if >{$spam_score_int}{80} {yes}{no}}
transport = spambucket

Then in your transports:

spambucket:
driver = appendfile
user = exim
directory = /var/mail/spambucket/$domain/
create_directory
maildir_format
directory_mode = 0770

I would be tempted to make your spamscore threshold a define, so
that you only need to remember to modify it in one place so that
consistency is maintained.

Ian

--
Ian Freislich