Re: [exim] Excessive amount of SPAM

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Jess Mooers
Datum:  
To: exim users
Betreff: Re: [exim] Excessive amount of SPAM
Peter Bowyer <peter@???> wrote on Wednesday, May 24, 2006:

>On 24/05/06, Walt Reed <exim@???> wrote:
>> On Wed, May 24, 2006 at 03:36:40PM -0500, Jess Mooers said:
>> > Installed according to these specs
>> >       http://maxo.captainnet.net/ecm2/index.html

>> >
>> > Technical Specs
>> > -----------------
>> > XServe G5 Cluster Node
>> > Mac OS 10.4
>> >
>> > ASSP 1.2.1 - Running on Port 25
>> > Exim-MTA 4.62 - Running on Port 2525
>> > Courier-Authlib 0.58
>> > Courier-IMAP 4.1.0
>> > ClamAV_0.88.2
>> > SpamAssassin Startup
>> > GMP_4.1.4
>> > DBI_1.48
>> > DBD_Mysql-3.0002_5
>> > ECM2Admin (11-25-05)
>> >
>> > I have followed the above url instructions with the exception of putting ASSP in front of
>Exim. I have ASSP trained to detect [SPAM] and prepend the subject as such.
>> >
>> > I have the following DNSBLs setup in Exim
>> >  deny     message        = DNSBL listed at $dnslist_domain\n$dnslist_text
>> >           dnslists       = sbl-xbl.spamhaus.org : \
>> >                            relays.ordb.org : \
>> >                            dnsbl.njabl.org : \
>> >                            list.dsbl.org : \
>> >                            bl.spamcop.net : \
>> >                            dnsbl.ahbl.org : \
>> >                            cn-kr.blackholes.us : \
>> >                            dynablock.njabl.org

>> >
>> > I am still getting a ton of [SPAM] through. ASSP is detecting most of it as spam, so I
>know that is working. With my old mailserver you could specify server wide spam rules, like
>if the subject contains a certain word, then deny the message. Does anyone know how to do
>this with Exim so that they are not delivered or if it is even possible at all?
>>
>> In the exim manual:
>>
>> See section 11.9, Expansion variables, and look at $header_
>> See also section 39.5, the DATA ACL's, and 39.20, "condition".
>>
>> Be aware: Once ASSP has accepted the message and forwarded it to exim,
>> you should NOT NOT NOT bounce the spam as it results in collateral
>> damage. It is MUCH better to reject the spam outright - this means that
>> it should be rejected by ASSP.
>>
>> Frankly, everything that assp does, exim can do, so it seems silly to
>> put it out front and then have exim do all the same stuff AGAIN.
>
>Assuming I've understood ASSP correctly, the DNSBL tests you've got in
>Exim are redundant - every connection Exim sees is from the ASSP
>proxy, so it's too late to do any connection-time blocking in Exim
>(something Exim is very good at).
>
>Peter
>
>--
>Peter Bowyer
>Email: peter@???
>


So it sounds like you guys are suggesting that I just use Exim without ASSP, but many of these messages are going to get past the dnsbls.

So what do you do with all of those messages? How do you detect what is spam beyond the dnsbl and how do you handle them so that they are not delivered?

Thanks for the help. I do appreciate it. It looks like this is a very active community, which is great.

Regards, Jess Mooers
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Landmann InterActive
1423 S. Park St., Madison, WI 53715
W 608-257-1558
www.landmanninteractive.com