Re: [exim] spam acl condition syntax

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MIan Eiloart at <-
MIan Eiloart at ->
Delete this message
Reply to this message
Author: W B Hacker
Date:  
To: exim users
Subject: Re: [exim] spam acl condition syntax
Ian Eiloart wrote:
>
> --On 13 October 2006 19:33:15 +0800 W B Hacker <wbh@???> wrote:
>
>
>>B) Our greatest use of 'message' handshakes are in the acl_smtp_predata
>>section, then in the header, size, MIME, ClamAV checking. All well
>>before we even consider waking up spamd.
>
>
> Are you sure about the ClamAV thing? Predata?
>

AR:
...in the acl_smtp_predata section, *then in* ....

IATR:

...in the acl_smtp_predata section, *then next* in ...

>
>>When it comes to the SA scoring area, we either accept unremarked or
>>appear to do so, then 'blackhole' unremarked. No moral reqirement to
>>tell a spammer *anything* and we simply deliver the rest.
>
>
> No, but there's a moral requirement to reject rather than blackhole false
> positives.

What some call 'false' positives. i.e. - missing PTR record, use of a dynamic IP
for a mail server, dictionery send to non-existent users, DO get a message.

We also provide a message for rejection on LBL & RBL hits.

Though I do not consider there to be anything 'false' about that sort of
rejection, we do 'whitelist' pretty extensively. Just opened up a 'hole' for
wannadoo.co.uk yesterday, and two *xtra.co.nz mx IP's as well, as we have one
correspondent on each.

We cannot effectively reject on either verify = sender or HELO mismatch - too
many major ISP's playing silly-buggers with those.

Rejection/blackhole on SA? 'bout the only accounts with settings strict enouhg
to do that instead of quarantine are test accounts.

Ex:

- System default is spamint 1000 (i.e. 100 SA points).
- A primary client has the same, but lowered 'quarantine' threshold.

Mine is 20 (2 SA points) on one account, 40 (SA 4.0) on another.

WTH *one* test account even digs out the several header fingerprints of Redmond
and rejects anything composed on a WinBox...

;-)

> There's also a potential legal liability issue.

With X.400 maybe.

;-)

But smtp is a 'no guarantees possible' best-efforts protocol.

Anyway - user choice, so no different than someone's junk filter or manual
decision to delete unread (or read).

Thanks,

Bill


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] spam acl condition syntax[exim] Exim Segfaults->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)