Re: [exim] per user spamassassin setup

Góra strony
Delete this message
Reply to this message
Autor: W B Hacker
Data:  
Dla: exim users
Temat: Re: [exim] per user spamassassin setup
Dave Lugo wrote:
> On Thu, 19 Oct 2006, SeattleServer.com wrote:
>
>>>Is there a way to have exim call spamassassin with the user to whom
>>>the e-mail is sent?
>>
>>Not unless your defer after every recipient in the RCPT ACL so that exim sees
>>a new copy of the message (and thus a new instance of the DATA ACL) for each
>>recipient. I really doubt you want that.
>>
>
>
> I currently do just that on a handful of vanity domains. In a low-volume
> situation, it works perfectly fine.
>
>
>>Run it through SA in the data ACL regardless. Add a header to the message if
>>you want and/or set an ACL variable with the result. Then decide whether to
>>accept or reject or filter it per-recipient in the router or whatever exim
>>hands the mail off to (maildrop, for instance). You can use the ACL variable
>>in the routers.
>>
>
>
> (I've been thinking of that as well, as the next project on my hobby
> stuff)
>
> Another way to do it...
>
> I've been considering accepting multiple rcpt_to, and setting up
> some sort of recursive loop in the DATA acl to churn through each
> rcpt's SA prefs.
>
> . If all the recipients' configs say 'accept', it's 250'd.
>
> . If all the recipients' configs say 'reject', it's 5xx'd.
>
>  . If some of the recipients' configs say 'reject', 5xx it,
>    AND give a detailed rejection message along the lines of:

>
> (adjust as needed for multiline responses)
>
> 550  One or more recipient addresses were unable to accept
>      this message.
>      REJECTED: user@???, joe@???
>      ACCEPTED: frank@???

>
>
> My possibly flawed thinking runs along the lines of:
>
>   . real mailing lists use VERP, and don't do multiple rcpt_to
>   . stuff to multiple rcpts like this usually person-to-person,
>     and they might notice the rejection

>
>
> Has anyone tried something like this?
>


Sure. Since 2006.

Works very well most of the time simply because:

- many *of our* arrivals are single-recipient anyway (over 98% here), and Exim
has an expansion variable that can tell you when not.

- multiple arrivals are nearly always delivered one domain per connection, and
a domain *may* have same/similar rules for all staff. Our busiest one DOES have.

- an AWL check for 'well known correspondents' has been recently added to
prevent rejection, even if they *might* later fail the scanning.

Accordingly a bulk-rejection for some-other-user's thresholds is seldom seen
*here*.

CAVEAT ONE:

Expect certain posters on this list to heave the odd brickbat at you if/as/when
the message you return is not to their preconceptions...

;-)

CAVEAT TWO: Our method WOULD be a major problem *elsewhere*, even with less
contentious return messages.

- Not everyone runs domain-wide preference settings.

- Not everyone has a preponderance of single-recipient traffic.


As to going further, Exim can be made more flexible, but the REAL 'Catch 22' is
the way smtp itself is sequenced:

- the MTA cannot scan a message it does not HAVE

- 'Recpt To' is only a conversation whom is to receive/not a potential message,
not yet the actual handover of said message.

- 'Recpt To' is also the last opportunity to 'cleanly' reject on a
'per-recipient' basis.


Bill