Re: [exim] URI Blacklists in Exim

Stanislaw Halik wrote:

> On Sat, Apr 29, 2006, Marc Perkel wrote:
>
>>Spamassassin has the ability to look up links withing messages to see if
>>domains are blacklisted. And it works very well. But - in order to
>>reduce system load I'm trying to do as many tests as possible before I
>>get to SA.
>
>
>>So - I was wondering if anythone as any code that will do the kind of
>>URI lookups that SA has in an ACL?
>
>
> Embedded perl sounds just about right.
>
> -- sh
>

Perhaps. But, as SA itself written in perl, and as it has had a
lot of work done on it, it might be less work, and 'good enough'
to set up two separate instances of SA, then:

- strip 'the light one' to the lightweight tests as the above,
and perhaps a few more (only) [1]

- strip 'the heavy one' so as to exclude the tests already made,
then call it only 'if/as/when' a message justifies it.

Haven't done it this way, as I expect ClamAV to catch the worst
of such URI, and clamd seems to use far fewer resources than SA.

JFWIW..

Bill


[1] Our SA has no RBL checking, Bayes, auto white/black, and
such. Few RBL's checks are needed if one checks for correct smtp
syntax, does forward/reverse lookup, rDNS, first *then* RBL
checks in Exim *IF* the connection has survived that far.

- so we are on the same song-sheet, anyway. Very low SA load
here already.

NB: When we delay deny for protocol violations and proceed to
RBL checks before taking a decision, we also find that nearly
every RBL hit could also have been rejected for forward/reverse
lookup / rDNS failure, HELO mis-match, etc. - so those Exim
tools can save even many of the RBL checks when enforced even
'lossely'.