Re: [exim] Excessive amount of SPAM

Top Page
Delete this message
Reply to this message
Author: Peter Bowyer
Date:  
To: exim users
Subject: Re: [exim] Excessive amount of SPAM
On 24/05/06, Walt Reed <exim@???> wrote:
> On Wed, May 24, 2006 at 03:36:40PM -0500, Jess Mooers said:
> > Installed according to these specs
> >       http://maxo.captainnet.net/ecm2/index.html

> >
> > Technical Specs
> > -----------------
> > XServe G5 Cluster Node
> > Mac OS 10.4
> >
> > ASSP 1.2.1 - Running on Port 25
> > Exim-MTA 4.62 - Running on Port 2525
> > Courier-Authlib 0.58
> > Courier-IMAP 4.1.0
> > ClamAV_0.88.2
> > SpamAssassin Startup
> > GMP_4.1.4
> > DBI_1.48
> > DBD_Mysql-3.0002_5
> > ECM2Admin (11-25-05)
> >
> > I have followed the above url instructions with the exception of putting ASSP in front of Exim. I have ASSP trained to detect [SPAM] and prepend the subject as such.
> >
> > I have the following DNSBLs setup in Exim
> >  deny     message        = DNSBL listed at $dnslist_domain\n$dnslist_text
> >           dnslists       = sbl-xbl.spamhaus.org : \
> >                            relays.ordb.org : \
> >                            dnsbl.njabl.org : \
> >                            list.dsbl.org : \
> >                            bl.spamcop.net : \
> >                            dnsbl.ahbl.org : \
> >                            cn-kr.blackholes.us : \
> >                            dynablock.njabl.org

> >
> > I am still getting a ton of [SPAM] through. ASSP is detecting most of it as spam, so I know that is working. With my old mailserver you could specify server wide spam rules, like if the subject contains a certain word, then deny the message. Does anyone know how to do this with Exim so that they are not delivered or if it is even possible at all?
>
> In the exim manual:
>
> See section 11.9, Expansion variables, and look at $header_
> See also section 39.5, the DATA ACL's, and 39.20, "condition".
>
> Be aware: Once ASSP has accepted the message and forwarded it to exim,
> you should NOT NOT NOT bounce the spam as it results in collateral
> damage. It is MUCH better to reject the spam outright - this means that
> it should be rejected by ASSP.
>
> Frankly, everything that assp does, exim can do, so it seems silly to
> put it out front and then have exim do all the same stuff AGAIN.


Assuming I've understood ASSP correctly, the DNSBL tests you've got in
Exim are redundant - every connection Exim sees is from the ASSP
proxy, so it's too late to do any connection-time blocking in Exim
(something Exim is very good at).

Peter

--
Peter Bowyer
Email: peter@???