Re: [exim] SPAM Filtering - Losing the war!

Top Page
Delete this message
Reply to this message
Author: Vitaly A Zakharov
Date:  
To: Oliver Egginger
CC: exim-users
Subject: Re: [exim] SPAM Filtering - Losing the war!
Oliver Egginger пишет:
>> Use of this "intelligent" behavior of MTA we can handle mail
>> transactions more accuracy. This is very simple and efficient way.
>
> We use a similar approach. I wouldn't call it "simple". I wouldn't call
> it "\"intelligent\"". It's simply hard work. We combine asn, hostname,
> rbl and helo tests, dns adress verifikation and several other sanity
> checks in the pre data phase. Nevertheless, a lot of spam and malware
> pass through. Only a (full featured) spamassassin in conjunction with
> clamAV is able to clean it up.


Yor just not understand the basic terms of my post. Or, maybe, my English so bad, that it is hard to understand what I
write. :-)

I never say "Do not use bayesian filters!".
I never say "Do not use antivirus!"

As about "intelligence":
Three of four check is not "intelligence behavior", but ~20 tests + greylisting + challengelisting + blacklisting +
whitelisting and using the MTA logic to manipulate of all of this is really intelligence.

> Nevertheless, a lot of spam and malware
> pass through.


Try to use a well-known construction, just above virus checking in Exim configuration:

acl_check_mime:

   warn    decode         = default
   drop    message        = Blacklisted file extension detected.
           condition      = ${if match{${lc:$mime_filename}}{\N(\.cpl|\.pif|\.bat|\.scr|\.lnk|\.com|\.hta)$\N}{1}{0}}


accept

You would be surprised, the volume of viruses will decrease about a half.