Re: [exim] Exim and Spamassasin: few questions

Top Page

Reply to this message
Author: Magnus Holmgren
Date:  
To: exim-users
Subject: Re: [exim] Exim and Spamassasin: few questions
On Friday 09 March 2007 09:36, Marek Zawadzki wrote:
> I have Exim4 set on Debian Sarge and now I'd like to add spam protection
> with Spamassasin. Users are getting their mail via pop.
> If any of the functionality mentioned below is Exim-specific please advice.
>
> Functionally, I'd like all messages marked as spam to be forwarded to one
> account, where an employee could review them manually,


This is normally best done with a system filter. See the filter specification
and chapter 43 of the main specification. Because a message can have multiple
recipients, of which zero or more appear in the To and Cc fields, care must
be taken to preserve the recipient list.

Example:

if $h_X-Spam-Flag: contains "YES" then
    headers add "X-Original-Recipients: $recipients"
    deliver "spamreview@???"
endif


I'm assuming that you scan the mail at SMTP time, probably using a centralised
configuration and bayes database, and that you reject high-scoring spam.
Otherwise the task of reviewing spam will probably be overwhelming. I'm also
assuming that what you want to do is legal.

> forward good
> messages to 'notspam@' account that would add them to a whitelist and then
> resend to the final recipient.


Now, this can be tricky. First you need to add checks in the ACLs to make sure
that only authorised employees can access that address. Those employees must
use well-behaved software (not Outlook), which preserves all headers, to
forward the mail to the "notspam" address. It's easiest if it has a redirect
feature, like KMail has. If you forward the mail as an attachment you need an
external program that can extract the attached mail.

Assuming the easy method, you should be able to use a router like this:

nospam_router:
driver = redirect
local_parts = nospam
headers_remove = X-Original-Recipients : X-Spam-Flag
data = $h_X-Original-Recipients:, |sa-learn --ham
pipe_transport = address_pipe
user = <the user sa-learn has to run as to get the learning right>

Now you're talking about a whitelist, which might mean that you want to pipe
the message to spamc -C revoke, spamc -L ham, spamassassin -k,
spamassassin -W, and/or a script of your own instead.

Now, here are some suggestions for other solutions that might be better:

One alternative would be to store probable spam in a directory in BSMTP
format. Write a web interface that lets the reviewer view the mail (it has to
understand BSMTP), and if clean pass it to exim -bS as well as to
SpamAssassin as above (removing the BSMTP commands).

The most common recommendation is using IMAP, letting the users drag
miscategorised mail to special folders and periodically running scripts that
feed SpamassAssin. It has the advantage that the mail is almost guaranteed to
be kept intact.

> Additionally, I'd like to have 'spam@' address, where users could forward
> bad messages not marked as spam by the system and thus improve the the
> learning process.


This can be problematic without IMAP. With respect to Exim it's easier - just
limit access to trusted users and route mail to the "spam" address to
sa-learn --spam. But now all the users have to use a good mail client and be
trained to forward the spam correctly. Alternatively it's possible to report
spam directly to SpamAssassin over the network, but that requires a capable
mail client (such as KMail) and the protocol still has no support for user
authentication.

-- 
Magnus Holmgren        holmgren@???
                       (No Cc of list mail needed, thanks)


"Exim is better at being younger, whereas sendmail is better for
Scrabble (50 point bonus for clearing your rack)" -- Dave Evans