Re: [exim] we all agree, let's drop that spam

トップ ページ
このメッセージを削除
このメッセージに返信
著者: W B Hacker
日付:  
To: exim users
題目: Re: [exim] we all agree, let's drop that spam
Peter Bowyer wrote:
> 2008/11/21 WJCarpenter <bill-exim@???>:
>> We use SpamAssassin for spam-scoring, and all local recipients have a
>> threshold score, above which a message automatically gets filed into a
>> spam folder.
>>
>> We are planning to implement a different threshold score, above which a
>> message gets rejected at SMTP time. For the case of multi-recipient
>> messages, the SA score must exceed the maximum of all of the recipient
>> reject thresholds for us to reject the message. (A recipient that we
>> don't host is considered to have a threshold of some impossibly high
>> number since we have no way of knowing their preferences.)
>>
>> Our plan is to do all these lookups and arithmetic using $recipients in
>> the DATA ACL after SA scanning.
>>
>> Does anyone see any problems with this approach? TIA
>
> The principle is good. You might find the implementation easier if you
> calculate the high-water-mark reject score in the RCPT acl and pass it
> through to the DATA acl in an acl_m variable.
>
> Peter
>
>


As a long-term experiment, (12 months + ) we did basically that:

- as we 'cycled' thru each new recipient in acl_smtp_rcpt, we
re-calculated the min/max thresholds for 'most generous' and 'least
generous' within that 'batch' of recipients.

Once into acl_smtp_data:

- if the most-generous (least paranoid) would reject, we rejected all.

- if the most-generous would NOT reject, but the least-generous WOULD,
we issued a fake-reject with the message:

'...has been delivered, but may not be read because of [Spam score ___]'

...and sorted those into various levels of 'Suspect' IMAP folders....

At the end of the day, it didn't help *us* much, as thresholds within
our relatively small per-domain groups tended to be fairly close between
players.

What has worked better is to accept only one recipient at a time.

Yes, it 'breaks' the standard. But 95% + of our arrivals are 'singleton'
anyway, so barely noticed by either end.

Until XEXDATA or such is adopted, it is the most straightforward method
available.

CAVEAT - we aren't an ISP. Just SME bespoke systems provider. What
works for an office with 5 to 15 folks won't work for 105 to 15,000.

Jm2CW

Bill