Re: [exim] spam defer

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: exim-users
Ημερομηνία:  
Προς: Exim-users
Αντικείμενο: Re: [exim] spam defer
Clive McDowell schrieb:

> I'll jump in here since I asked a similar question yesterday (pay attention to the list Ronan!). The SA check is the last in the
> list of acl data checks. All helo sanity, rbls, virus checks etc. take place first. We seem to have a strange problem with our
> SA server between midnight and ~3.00am when it appears to stop responding to connection requests. We haven't got to the bottom
> of what is happening on the SA server but on a general point (in our situation) it would be best to defer messages if the SA
> server is down rather than passing them unchecked. Our current acl is -
>
>   warn    message       = X-Spam-Score: $spam_bar ($spam_score)\n\
>                           X-Spam-Score-Int: $spam_score_int
>           condition     = ${if <{$message_size}{80k}{1}{0}}
>           spam          = nobody:true

>
> What do we have to change to defer a message if we cannot pick up a spam score?


Hi Clive,

you have to implement a tri-state logic, so you can differentiate
between ham, spam and a message that wasn't scanned due to SA outages.

You can achieve this with something like this:

   # Scan message content for spam characteristics. We only scan mails
   # that are not larger than MESSAGE_SIZE_SPAM_MAX. Defer if the content
   # scanner is not running.
   warn
     condition   = ${if > {$message_size}{MESSAGE_SIZE_SPAM_MAX} \
                       {true}{false}}
     set acl_m2  = ee_not_spam_scanned
     set acl_m9  = 0
   warn
     condition   = ${if > {$message_size}{MESSAGE_SIZE_SPAM_MAX} \
                       {false}{true}}
     set acl_m9  = 1
     spam        = nobody:true
     set acl_m9  = 0
     set acl_m3  = ${eval:$acl_m3 + $spam_score_int}
   defer
     condition   = $acl_m9


   # Deny if the spam score reaches the spam threshold.
   deny
     condition   = ${if >= {$acl_m3}{SPAM_THRESHOLD} \
                       {true}{false}}
     set acl_m2  = ee_threshold_data



About the behaviour you see: Ask yourself, what happens in this
timeframe, when connections to SA timeout. Probably SA is busy, as I
don't expect that you get more spam in this timeframe than in any other.
For example, are you training your bayes database in this timeframe?
Questions like this one should put you on the right track.


HTH,
Patrick Eisenacher