Re: [exim] XCLIENT supported by exim?

Top Pagina
Delete this message
Reply to this message
Auteur: Heiko Schlichting
Datum:  
Aan: exim-users
Onderwerp: Re: [exim] XCLIENT supported by exim?
Hello,

> And similar, you don't find an out-of-the-box spamfilter that has zero
> false positives and a high detection rate for ISPs like eXpurgate (thats
> the name of our solution).


We use eXpurgate and Kaspersky AntiVirus in combination with Exim too. For
us it was the easiest solution to set up eXpurgate in spamd mode (--spamd),
having exim on port 25 and inserting an eXpurgate header via spamd protocol
in the data ACL (as with SpamAssassin).

After that you have all the usual options from rejecting the message to
delivering into separate spam folders per user depending on the header. You
can even run real SpamAssassin and add 10.0 points to the score if
eXpurgate classifies the mail as "Spam" or "Dangerous" and 2.0 points if it
is "Bulk" or "Suspect".

If my favoured spamd mode of eXpurgate is not an option for you, set up
exim on port 25, insert an "X-Originating-IP: $sender_host_address" header
and forward each mail into eXpurgate listening on a different port. This
makes a chain of exim -> eXpurgate -> exim but you can always evaluate the
X-Originating-IP: header to get the IP address of the sending host. This
has the advantage that you can run a greylisting solution in front of
eXpurgate.

If you really do this, you should considering the following patch to exim
which allows eXpurgate to access the IP of the sending host out of the
X-Originating-IP header via spamd protocol version 1.3. Do not use the
"--spamccompat" option of eXpurgate in this case.

--- spam.c.org  2007-05-14 20:56:25.000000000 +0200
+++ spam.c      2008-01-10 17:39:16.000000000 +0100
@@ -200,9 +200,11 @@
   /* now we are connected to spamd on spamd_sock */
   (void)string_format(spamd_buffer,
            sizeof(spamd_buffer),
-           "REPORT SPAMC/1.2\r\nUser: %s\r\nContent-length: %ld\r\n\r\n",
+           "REPORT SPAMC/1.3\r\nUser: %s\r\nContent-length: %ld\r\nSender: %s\r\nIP: %s\r\n\r\n",
            user_name,
-           mbox_size);
+           mbox_size,
+           sender_address,
+           expand_string("${if def:header_x-originating-ip: {$header_x-originating-ip:}{0.0.0.0}}"));


/* send our request */
if (send(spamd_sock, spamd_buffer, Ustrlen(spamd_buffer), 0) < 0) {


Heiko

Heiko Schlichting        | Freie Universität Berlin
heiko@???       | Zentraleinrichtung für Datenverarbeitung (ZEDAT)
Telefon +49 30 838-54327 | Fabeckstraße 32
Telefax +49 30 838454327 | 14195 Berlin