Re: [exim] spam acl condition syntax

Top Pagina
Delete this message
Reply to this message
Auteur: W B Hacker
Datum:  
Aan: exim users
Onderwerp: Re: [exim] spam acl condition syntax
Magnus Holmgren wrote:

> On Friday 13 October 2006 11:02, Stuart Gall took the opportunity to say:
>
>>BUT then is says
>>The username allows you to use per-domain or per-user antispam
>>profiles. The right-hand side is expanded before being used, so you
>>can put lookups or conditions there. When the right-hand side
>>evaluates to “0” or “false”, no scanning is done and the condition
>>fails immediately
>>
>>But it does not explain how to do this
>>
>>Moreover I suspect that it is not really possible, per domain or user
>>anything is a problem in the data acl
>
>
> This is a problem inherent in the SMTP protocol. One solution is to defer all
> recipients subsequent to the first one, unless they have the same spam
> settings/profile. Another one is to use a site-wide profile when there are
> more than one recipient or the recipient is a group address. In some cases if
> you host several domains it might be useful to have per-domain profiles and
> accept any number of recipients as long as they belong to the same domain. A
> more advanced solution might involve passing $recipients to a perl subroutine
> responsible for deciding which profile to use.
>
>


It should probably be addressed with 'built-in' features - after all, SA scans
'em one-at-a-time, is *capable* of responding to each individual recipient's
profile, and the Exim router/transports manage to deliver each message where it
needs to go, so it is not as if Exim were *oblivious* to differentiation by sem
means.

All that is needed is to be able to 'cycle' within DATA on a 'for each
<potential delivery> basis - never mind whether the smtp protocol itself has
handshakes for that (tho a 'delay' may help...).

The recent addition of acl_smtp_predata is an example of segmentation within a
classically 'monolithic' smtp phase.

That approach could perhaps be extended.

While waiting ... I s'pose the reason it works as well as it does for us is that:

A) 80-90% of our 'rejections' are based on far-end *server* characteristics (or
lack therof...), or on verification of recipients, not on (rarely even invoked)
SA scores.

B) Our greatest use of 'message' handshakes are in the acl_smtp_predata section,
then in the header, size, MIME, ClamAV checking. All well before we even
consider waking up spamd.

When it comes to the SA scoring area, we either accept unremarked or appear to
do so, then 'blackhole' unremarked. No moral reqirement to tell a spammer
*anything* and we simply deliver the rest.

So - for us, anyway, about the worst thing we see is a message being given a
'Suspect' subject predicate or being 'quarantined' based on the settings of some
other user (thoroughly tested, BTW).

The 'blackhole' settings are seldom that different within a given domain.

Bill