Re: [exim] spam configuration not working well

Top Page
Delete this message
Reply to this message
Author: Renaud Allard
Date:  
To: Markus Kadelke
CC: exim-users
Subject: Re: [exim] spam configuration not working well


Markus Kadelke wrote:
> Dear all,
>

SNIP
>
> 1. Mails get checked even in a session where the user authenticated itself.

Are you sure they are authenticated against exim, not just on your
webmail? Could you show us logs of the authentication?

> 2. Mails with >30K are being checked.
> 3. In case Mails are over threshold they are beeing checked twice
> (Headers are added twice).
> 4. I keep receiving Mails that are correctly tagged as [*SPAM*] in the
> subject and exceed spam_score_int by far, e.g. with a score of 210. But
> they are not rejected but delivered to my local inbox. Most of the SPAM
> mails are correctly rejected. I have no idea why. Sample header of a
> mail that should have been rejected:
>

I fail to see why you are still using amavisd. If you use amavisd, you
have to accept mails to deliver them to amavis, so mails will not be
rejected but bounced to the probably faked sender, thus creating
collateral spam.

Simple ACL rules should permit you to check for spam and deny it at SMTP 
time without the overhead of amavis.
like this for example:
    #put Headers
         warn
         !hosts          = +relay_from_hosts
         condition       = ${if <={$message_size}{256k}{1}{0}}
         spam            = nobody:true
         add_header      = X-Spam-Score: $spam_score ($spam_bar)
         log_message     = Spam-score: $spam_score


    #put even more Headers
         warn
         !hosts          = +relay_from_hosts
         condition       = ${if <={$message_size}{256k}{1}{0}}
         spam            = nobody:true
         add_header      = X-Spam-Report: $spam_report


         #Deny spam
         drop
         !hosts          = +relay_from_hosts
         condition       = ${if <={$message_size}{256k}{1}{0}}
         message         = Message rejected due to spam score: 
$spam_score\n$spam_report
         log_message     = $sender_host_address (for $acl_m3) has spam 
score: $spam_score
         spam            = nobody:true
         condition       = ${if >{$spam_score_int}{70}{1}{0}}
         delay           = 60s