Re: [exim] Exim and Spamassasin

Top Page

Reply to this message
Author: Mike Cardwell
Date:  
To: Exim Users List
Subject: Re: [exim] Exim and Spamassasin
Magnus Holmgren wrote:

>> There's a handful of different things you can do with spam once you've
>> identified it; some are better than others. Exim can be configured to
>> implement all of them, so you have to decide which you want to do
>> according to your own local policy:
>> [...]
>
> One more:
>
> - Reject the spam in the SMTP conversation, but deliver it to the quarantine
> as well (fakereject). This may be an option in the range between "almost
> certainly spam" (i.e. really reject) and "maybe spam" (mark and deliver or
> quarantine). But it may also be completely useless as you get more junk in
> the quarantine while the sender is confused (either the rejection message
> says the mail was quarantine - will it be read or not, and when? - or it
> doesn't mention it - then the sender is surprised when a reply arrives while
> he is trying to resubmit the message.


I used to place all of my rejections as early on as possible in the
ACLs. Then I realised that the only thing this saves on is bandwidth and
time, and if you have it spare you may as well do this:

Shift all of your rejections until the last possible moment (with the
exception of maybe verify=recipient), ie to the data acl.

Then change all of the rejections to use fakreject instead.

Then store anything "rejected" in:

/var/spool/mail/quarantine/rejected/${sg{$tod_log}{^(\\S+).*}{\$1}}/${domain}/${local_part}/Maildir/

Eg:

/var/spool/mail/quarantine/rejected/2007-07-19/lists.grepular.com/exim-users/Maildir/

Delete folders at the /var/spool/mail/quarantine/rejected/2007-07-19/
level when they get over x days old. This means you can grab a copy of
an email if a user comes to you and says: "Someone emailed me last night
and I've still not got it. They said they got some sort of bounce message"

This also gives you a nice pool of spam you can analyse.


Oh yes, there's one other benefit of shifting the rejections into the
data acl. If you do a sender verification callout in the data acl, or
even predata acl you can avoid the whole case of two mail servers doing
callouts at each other at the same time and getting stuck.

Mike